70-646 Exam
Resources to 70-646 braindump
Act now and download your Microsoft 70-646 test today! Do not waste time for the worthless Microsoft 70-646 tutorials. Download Avant-garde Microsoft PRO: Windows Server 2008, Server Administrator exam with real questions and answers and begin to learn Microsoft 70-646 with a classic professional.
2021 Oct exam 70-646 answers:
Q161. - (Topic 18)
You are designing a Windows Server 2008 R2 deployment strategy for the Austin campus servers. Which deployment strategy should you recommend?
A. Enable an Auto-Add Policy in WDS.
B. Create a discover image in WDS.
C. Deploy the images by using multicast transmission in WDS.
D. Deploy the images by using unicast transmission in WDS.
Answer: C
Explanation:
QUESTION N: 10 You are planning the migration of client computers on the Northridge campus to Windows
7. Due to compatibility concerns, the Northridge campus servers will not be migrated to
Windows Server 2008 R2.
The Northridge campus uses customized options in the inters.adm and system.adm
administrative templates to handle key security restrictions.
You need to ensure that the security restrictions will be applied to the migrated client
computers. What should you recommend?
A. Copy the ADM files to
\\BODC01\C$\Windows\SYSVOL\domain\policies\PolicyDefinitions and apply them to the
Northridge GPOs.
B. Re-create the settings from the ADM files in the ADMX files on NODC01 and apply them
to the Northridge GPOs.
C. Copy the ADM files to \\NODC01\CS\Windows\inf and apply them to the Northridge
GPOs.
D. Re-create the settings from the ADM files in the ADMX files on BODC01 and apply them
to the Northridge GPOs.
Answer: D
Q162. - (Topic 1)
You need to recommend a security strategy for WebApp2 that meets the company's Application requirements. What should you include in the recommendation?
A. Basic authentication and connection security rules
B. Basic authentication and SSL
C. Digest authentication and connection security rules
D. Digest authentication and SSL
Answer: B
Q163. - (Topic 18)
You are designing a Windows Server 2008 R2 deployment strategy for the Minneapolis campus servers. Which deployment strategy should you recommend?
A. install from media.
B. Use a discover image in WDS.
C. Auto Add From Policy
D. Use multicast image deployment
Answer: D
Explanation:
Requirements - Bitlocker is needed on all disks in Minneapolis and installations must be done remotely it specifically says they use WDS for deployment. WDS is all about using images so would that not rule out media install? you can do media installs that are unattended but it requirese sending a DVD and corresponding USB key with an answer file to the site and it being inserted into the server. but GDI uses PXE enabled network cards so that would emply media is not used as images would be stored centrally.
I'm leaning toward Answer B because
http://technet.microsoft.com/en-us/library/dd637996%28v=ws.10%29.aspx
-"A client is on a different subnet and you do not have method of getting PXE to the client (for example, IP helper tables or Dynamic Host Control Protocol (DHCP))."
I'm gonna make a huge assumption that the Minneapolis servers are on a different subnet, which makes sense because they are all different campuses for a college Multicasting. Provides the ability to transmit install images using multicasting. This includes the ability to automatically disconnect slow clients and the ability to transfer images using multiple streams of varying speeds. To locate these settings, right-click the server in the MMC snap-in, click Properties, and click the Multicast tab.
Multicast allows organizations to use their network bandwidth more efficiently, allowing an operating system image to be transmitted over the network once to multiple installation clients. For example, if you are deploying 20 computers running Windows Server 2008 R2, you save significant bandwidth in transmitting one installation image across the network (approximately 1.5 GB of data) compared to transmitting all 20 (approximately 60 GB of data). Multicast deployment is supported only in network environments where the routers support multicast transmissions.
The site in question has 10 servers so Multicast would be a possibility
Q164. - (Topic 1)
Your network consists of a single Active Directory site that includes two network segments. The network segments connect by using a router that is RFC 1542 compliant.
You plan to use Windows Deployment Services (WDS) to deploy Windows Server 2008 R2 servers. All new servers support PreBoot Execution Environment (PXE).
You need to design a deployment strategy to meet the following requirements:
Support Windows Server?2008 R2
Deploy the servers by using WDS in both network segments
Minimize the number of servers used to support WDS
What should you include in your design?
...
A. Deploy one server. Install WDS and DHCP on the server. Configure the IP Helper tables on the router between the network segments.
B. Deploy two servers. Install WDS and DHCP on both servers. Place one server on each of the network segments. Configure both servers to support DHCP option 60.
C. Deploy two servers. Install WDS and DHCP on both servers. Place one server on each of the network segments. Configure both servers to support DHCP option 252.
D. Deploy two servers. Install WDS and DHCP on one server. Install DHCP on the other server. Place one server on each of the network segments. Configure both servers to support DHCP option 60.
Answer: A
Explanation:
http://support.microsoft.com/kb/926172
IP Helper table updates
The PXE network boot method uses DHCP packets for communication. The DHCP packets
serve a dual purpose. They are intended to help the client in obtaining an IP address lease
from a DHCP server and to locate a valid network boot server. If the booting client, the
DHCP server, and the network boot server are all located on the same network segment,
usually no additional configuration is necessary. The DHCP broadcasts from the client
reach both the DHCP server and the network boot server.
However, if either the DHCP server or the network boot server are on a different network
segment than the client, or if they are on the same network segment but the network is
controlled by a switch or a router, you may have to update the routing tables for the
networking equipment in order to make sure that DHCP traffic is directed correctly.
Such a process is known as performing IP Helper table updates. When you perform this
process, you must configure the networking equipment so that all DHCP broadcasts from
the client computer are directed to both a valid DHCP server and to a valid network boot
server.
Note: It is inefficient to rebroadcast the DHCP packets onto other network segments. It is
best to only forward the DHCP packets to the recipients that are listed in the IP Helper
table.
After the client computer has obtained an IP address, it contacts the network boot server
directly in order to obtain the name and the path of the network boot file to download.
Again, this process is handled by using DHCP packets.
Note: We recommend that you update the IP Helper tables in order to resolve scenarios in
which the client computers and the network boot server are not located on the same
network segment.
Q165. - (Topic 12)
You need to recommend a Group Policy strategy for the Remote Desktop servers.
What should you include in the recommendation?
A. block inheritance
B. loopback processing
C. security filtering
D. WMI filtering
Answer: B
Explanation:
http://support.microsoft.com/?id=231287 Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to. http://technet.microsoft.com/en-us/windowsserver/cc817587 Managing Terminal Services What is loopback processing? Group Policy loopback processing can be used to alter the application of GPOs to a user by including GPOs based on the location of the computer object. The typical way to use loopback processing is to apply GPOs that depend on the computer to which the user logs on.
Most up-to-date windows server 70-646:
Q166. - (Topic 16)
Users frequently search for documents from the Start menu or in Windows Explorer. You need to recommend a solution to minimize the amount of time it takes for users in the Legal department to locate tiles stored on the Legal share.
What should you include in the recommendation?
A. Configure Windows Search Service on the client computers in the Legal department and add the Legal share to the file server library.
B. Configure Windows Search Service on the file server and add the Legal share to the file server library.
C. Configure Windows Search Service on the file server and add the Legal share to the client computers in the legal department.
D. Configure Windows Search Service on the client computers in the Legal department and add the Legal share to the client library.
Answer: C
Explanation:
Windows search can speed up searching through file shares by using indexing
Q167. - (Topic 19)
You are planning for the IT integration of Tailspin Toys and Wingtip Toys. The company has decided on the following name resolution requirements:
. Name resolution for Internet-based resources must continue to operate by using
the same DNS servers as prior to the merger. . The existing connectivity between Tailspin Toys and Wingtip Toys must be used for all network communication. . The documented name resolution goals must be met.
You need to provide a name resolution solution that meets the requirements.
What should you recommend? (Choose all that Apply.)
A. On TT-DC01, TT-DC02, TT-DC03, and TT-DC04, add forwarders with the IP addresses of 172.16.10.10 and 172.16.10.11.
B. On TT-DC01, add a conditional forwarder for wingtiptoys.com, use 172.16.10.10 and
172.16.10.11 as the IP addresses, and then configure it to replicate to all DNS servers in the tailspintoys.com domain.
C. On TT-DC01, TT-DC02, TT-DC03, and TT-DC04, add a secondary DNS zone for wingtiptoys.com and specify 172.16.10.10 and 172.16.10.11 as the master DNS servers.
D. On WT-DC01 and WT-DC02, add a secondary DNS zone for tailspintoys.com and specify 10.10.10.10 and 10.10.10.11 as the master DNS servers.
E. On WT-DC01, WT-DC02, WT-DC03, and WT-DC04, add forwarders with the IP addresses of 10.10.10.10 and 10.10.10.11.
F. On WT-DC01, add a conditional forwarder for tailspintoys.com, use 10.10.10.10 and
10.10.10.11 as the IP addresses, and configure it to replicate to all DNS servers in the wingtiptoys.com domain.
Answer: B,F
Explanation:
Conditional forwarding is used to control where a DNS server forwards queries for a specific domain. A DNS server on one network can be configured to forward queries to a DNS server on another network without having to query DNS servers on the Internet. They can also be used to help companies resolve each other's namespace in a situation where companies collaborate a merger is underway.
Forwarders and Forwarding When a name server is queried in DNS, the way it responds depends on the type of query issued, which can be either iterative or recursive. In an iterative query, the client asks the name server for the best possible answer to its query. The name server checks its cache and the zones for which it is authoritative and returns the best possible answer to the client, which could be either a full answer like "here is the IP address of the host you are looking for" or a partial answer like "try this other name server instead, it might know the answer." In a recursive query, things work a little different for here the client demands either a full answer (the IP address of the target host) or an error message like "sorry, name not found." In Windows DNS, client machines always send recursive queries to name servers, and name servers usually send iterative queries to other name servers.
What Conditional Forwarding Does A conditional forwarder is one that handles name resolution only for a specific domain. For example, you could configure your name server to forward any requests for hosts in the domain google.com directly to a specific name server that is authoritative for the google.com domain. What this does is speed up the name resolution process by eliminating the need to go up to root to find this authoritative server. So in our question above we would create a conditional forwarder in Wingtiptoys.com for tailspintoys.com and then create a conditional forwarder in tailspintoys.com for windtiptoys.com. additionally in Server 2008 there is a separate node in DNS Manager to configure Conditional Forwarders, previously if you wanted to configure Forwarding for a certain DNS domain, and you wanted to do this on all DNS Servers, you had to do this for all the DNS servers separately. Forwarders can be configured centrally and can be configured as ‘Active Directory’ integrated What does this mean: well this means they are stored in Active Directory and you can configure a replication scope, in the same way you can with AD Integrated DNS Zones, they can be replicated using following scopes:
-
All DNS servers in this forest (through the ForestDNSZones Application Partition)
-
All DNS servers in this domain (through the DomainDNSZones Application Partition) -All Domain Controllers in this domain (for Windows 2000 compatibility), stored in the Domain Partition
-In a custom Application Partition of your liking, if you want to replicate only to certain Domain Controllers (that are probably your DNS servers)
Q168. - (Topic 10)
You need to recommend an IP addressing strategy for the client computers in the new sales office. What should you recommend implementing in the new sales office?
A. DHCP server roles
B. the DirectAccess feature
C. the Network Policy Server (NPS) role service
D. the Remote Access Service role service
Answer: D
Explanation:
The Routing and Remote Access service in Windows Server. 2008 supports remote user or site-to-site connectivity by using virtual private network (VPN) or dial-up connections. Routing and Remote Access consists of the following components: Remote Access The remote access feature provides VPN services so that users can access corporate networks over the Internet as if they were directly connected. Remote access also enables remote or mobile workers who use dial-up communication links to access corporate networks. Routing Routing and Remote Access is a full-featured software router and an open platform for routing and networking. It offers routing services to businesses in local area network (LAN) and wide area network (WAN) environments or over the Internet by using secure VPN connections. Routing is used for multiprotocol LAN-to-LAN, LAN-to-WAN, VPN, and network address translation (NAT) routing services.
Routing
A router is a device that manages the flow of data between network segments, or subnets. A router directs incoming and outgoing packets based on the information it holds about the state of its own network interfaces and a list of possible sources and destinations for network traffic. By projecting network traffic and routing needs based on the number and types of hardware devices and applications used in your environment, you can better decide whether to use a dedicated hardware router, a software-based router, or a combination of both. Generally, dedicated hardware routers handle heavier routing demands best, and less expensive software-based routers are sufficient to handle lighter routing loads.
A software-based routing solution, such as the Routing and Remote Access service in Windows Server. 2008, can be ideal on a small, segmented network with relatively light traffic between subnets. Conversely, enterprise network environments that have a large number of network segments and a wide range of performance requirements might need a variety of hardware-based routers to perform different roles throughout the network.
Remote access
By configuring Routing and Remote Access to act as a remote access server, you can connect remote or mobile workers to your organization's networks. Remote users can work as if their computers are physically connected to the network.
All services typically available to a LAN-connected user (including file and print sharing, Web server access, and messaging) are enabled by means of the remote access connection. For example, on a server running Routing and Remote Access, clients can use Windows Explorer to make drive connections and to connect to printers. Because drive letters and universal naming convention (UNC) names are fully supported by remote access, most commercial and custom applications work without modification.
A server running Routing and Remote Access provides two different types of remote access connectivity: Virtual private networking (VPN) VPN is the creation of secured, point-to-point connections across a private network or a public network such as the Internet. A VPN client uses special TCP/IP-based protocols called tunneling protocols to make a virtual call to a virtual port on a VPN server. The best example of virtual private networking is that of a VPN client that makes a VPN connection to a remote access server that is connected to the Internet. The remote access server answers the virtual call, authenticates the caller, and transfers data between the VPN client and the corporate network. In contrast to dial-up networking, VPN is always a logical, indirect connection between the VPN client and the VPN server over a public network, such as the Internet. To ensure privacy, you must encrypt data sent over the connection. Dial-up networking In dial-up networking, a remote access client makes a nonpermanent, dial-up connection to a physical port on a remote access server by using the service of a telecommunications provider, such as analog phone or ISDN. The best example of dial-up networking is that of a dial-up networking client that dials the phone number of one of the ports of a remote access server.
Dial-up networking over an analog phone or ISDN is a direct physical connection between the dial-up networking client and the dial-up networking server. You can encrypt data sent over the connection, but it is not required.
Q169. - (Topic 1)
You need to ensure that Admin1 can administer the Web servers to meet the company's technical requirements. To which group should you add Admin1?
A. the Administrators local group on each Web server
B. the Backup Operators domain local group
C. the Backup Operators local group on each Web server
D. the Domain Admins global group
Answer: B
Q170. - (Topic 1)
Your network consists of a single Active Directory domain. The network includes a branch office named Branch1. Branch1 contains a Read only Domain Controller (RODC) named Server1. A global group named Branch1admins contains the user accounts for administrators. Administrators manage the client computers and servers in Branch1.
You need to recommend a solution for delegating control of Server1.
Your solution must meet the following requirements:
. Allow the members of the Branch1admins group to administer Server1 including, change device drivers and install operating system updates by using Windows Update.
. Provide the Branch1admins group rights on Server1 only.
. Prevent Branch1admins group from modifying Active Directory objects.
What should you recommend?
A. Add the Branch1admins global group to the Server Operators builtin local group.
B. Add the members of the Branch1admins global group to the Administrators builtin local group of Server1.
C. Grant Full Control permission on the Server1 computer object in the domain to the Branch1admins group
D. Move the Server1 computer object to a new organizational unit (OU) named Branch1servers. Grant Full Control permission on the Branch1servers OU to the Branch1admins group.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc753223%28WS.10%29.aspx Administrator role separation Administrator role separation specifies that any domain user or security group can be delegated to be the local administrator of an RODC without granting that user or group any rights for the domain or other domain controllers. Accordingly, a delegated administrator can log on to an RODC to perform maintenance work, such as upgrading a driver, on the server. But the delegated administrator is not able to log on to any other domain controller or perform any other administrative task in the domain. In this way, a security group that comprises branch users, rather than members of the Domain Admins group, can be delegated the ability to effectively manage the RODC in the branch office, without compromising the security of the rest of the domain.