70-646 Exam
Where to find 70-646 video tutorial
Exam Code: 70-646 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: PRO: Windows Server 2008, Server Administrator
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-646 Exam.
2021 Oct 70-646 video tutorial:
Q141. - (Topic 2)
You need to recommend a data management solution that meets the company's technical requirements. What should you include in the recommendation?
A. DFS Management
B. File Server Resource Manager (FSRM)
C. Share and Storage Management
D. Storage Explorer
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc753175.aspx Share and Storage Management provides a centralized location for you to manage two important server resources: Folders and volumes that are shared on the network Volumes in disks and storage subsystems Shared resources management
You can share the content of folders and volumes on your server over the network using
the Provision a Shared Folder Wizard, which is available in Share and Storage
Management. This wizard guides you through the necessary steps to share a folder or
volume and assign all applicable properties to it. With the wizard, you can:
Specify the folder or volume that you want to share or create a new folder to share.
Specify the network sharing protocol used to access the shared resource.
Change the local NTFS permissions for the folder or volume you will be sharing.
Specify the share access permissions, user limits, and offline access to files in the shared
resource.
Publish the shared resource to a Distributed File System (DFS) namespace.
If Services for Network File System (NFS) has been installed, specify NFS-based access
permissions for the shared resource.
If File Server Resource Manager is installed on your server, apply storage quotas to the
new shared resource, and create file screens to limit the type of files that can be stored in
it.
Using Share and Storage Management, you can also monitor and modify important
aspects of your new and existing shared resources. You can:
Stop the sharing of a folder or volume.
Change the local NTFS permissions for a folder or volume.
Change the share access permissions, offline availability, and other properties of a shared
resource.
See which users are currently accessing a folder or a file and disconnect a user if
necessary.
If Services for Network File System (NFS) has been installed, change the NFS-based
access permissions for a shared resource.
For more information about using Share and Storage Management to manage shared
resources, see Provisioning Shared Resources.
Storage management With Share and Storage Management, you can provision storage on
disks that are available on your server, or on storage subsystems that support Virtual Disk
Service (VDS). The Provision Storage Wizard guides you through the process of creating a
volume on an existing disk, or on a storage subsystem attached to your server. If the
volume is going to be created on a storage subsystem, the wizard will also guide you
through the process of creating a logical unit number (LUN) to host that volume. You also
have the option of only creating the LUN, and using Disk Management to create the volume
later.
Share and Storage Management also helps you monitor and manage the volumes that you
have created, as well as any other volumes that are available on your server. Using Share
and Storage Management you can:
Extend the size of a volume.
Format a volume.
Delete a volume.
Change volume properties like compression, security, offline availability and indexing.
Access disk tools for error checking, defragmentation, and backup.
Q142. - (Topic 1)
You need to recommend a Windows Server 2008 R2 server configuration that meets the following requirements:
. Supports the installation of Microsoft SQL Server 2008
. Provides redundancy for SQL services if a single server fails
What should you recommend?
A. Install a Server Core installation of Windows Server 2008 R2 Enterprise on two servers. Configure the servers in a failover cluster.
B. Install a full installation of Windows Server 2008 R2 Standard on two servers. Configure Network Load Balancing on the two servers.
C. Install a full installation of Windows Server 2008 R2 Enterprise on two servers. Configure Network Load Balancing on the two servers.
D. Install a full installation of Windows Server 2008 R2 Enterprise on two servers. Configure the servers in a failover cluster.
Answer: D Explanation:
Fail Over Clustering, which is available on the Enterprise edition (not on standard) will provide fail over as required.
Windows Server 2008 Enterprise Edition
Windows Server 2008 Enterprise Edition is the version of the operating system targeted at large businesses. Plan to deploy this version of Windows 2008 on servers that will run applications such as SQL Server 2008 Enterprise Edition and Exchange Server 2007. These products require the extra processing power and RAM that Enterprise Edition supports. When planning deployments, consider Windows Server 2008 Enterprise Edition in situations that require the following technologies unavailable in Windows Server 2008 Standard Edition:
Failover Clustering I-ail over clustering is a technology that allows another server to continue to service client requests in the event that the original server fails. Clustering is covered in more detail in Chapter 11. "Clustering and High Availability." You deploy failover clustering on mission-critical servers to ensure that important resources are available even if a server hosting those resources fails.
Q143. - (Topic 1)
Your network consists of a single Active Directory domain. All servers run Windows Server 2008 R2. You plan to publish a Web site on two Web servers.
You need to deploy an availability solution for your Web servers that meets the following requirements:
. Supports the addition of more Web servers without interrupting client connections . Ensures that the Web site is accessible even if a single server fails
What should you do?
A. Configure a failover cluster.
B. Configure a Web garden on each Web server.
C. Create a Network Load Balancing cluster.
D. Create two Application pools on each Web server.
Answer: C
Explanation:
Windows Web Server 2008
Windows Web Server 2008 is designed to function specifically as a Web applications server. Other roles, such as Windows Deployment Server and Active Directory Domain Services, are not supported on Windows Web Server 2008. You deploy this server role either on a screened subnet to support a Web site viewable to external hosts or as an intranet server. As appropriate given its stripped-down role, Windows Web Server 2008 does not support the high-powered hardware configurations that other editions of Windows Server 2008 do. Windows Web Server 2008 has the following properties: The 32-bit version (x86) supports a maximum of 4 GB of RAM and 4 processors in SMP configuration. The 64-bit version (x64) supports a maximum of 32 GB of RAM and 4 processors in SMP configuration. Supports Network Load Balancing clusters. You should plan to deploy Windows Web Server 2008 in the Server Core configuration, which minimizes its attack surface, something that is very important on a server that interacts with hosts external to your network environment. You should only plan to deploy the full version of Windows Web Server 2008 if your organization’s Web applications rely on features such as ASP.NET, because the .NET Framework is not included in a Server Core installation.
Configuring Windows Network Load Balancing
While DNS Round Robin is a simple way of distributing requests, Windows Server 2008 NLB is a much more robust form of providing high availability to applications. Using NLB, an administrator can configure multiple servers to operate as a single cluster and control the usage of the cluster in near real-time. NLB operates differently than DNS Round Robin in that NLB uses a virtual network adapter on each host. This virtual network adapter gets a single IP and media access control (MAC) address, which is shared among the hosts participating in the load-balancing cluster. Clients requesting services from an NLB cluster have their requests sent to the IP address of the virtual adapter, at which point it can be handled by any of the servers in the cluster.
NLB automatically reconfigures as nodes are added and removed from the cluster. An administrator can add and remove nodes through the NLB Manager interface or the command line. For example, an administrator might remove each node in turn to perform maintenance on the nodes individually and cause no disruption in service to the end user. Servers within NLB clusters are in constant communication with each other, determining which servers are available with a process known as heartbeats and convergence. The heartbeat consists of a server participating in an NLB cluster that sends out a message each second to its NLB-participating counterparts. When five (by default) consecutive heartbeats are missed, convergence begins. Convergence is the process by which the remaining hosts determine the state of the cluster. During convergence, the remaining hosts listen for heartbeats from the other servers to determine the host with the highest priority, which is then selected as the default host for the NLB cluster. Generally, two scenarios can trigger convergence. The first is the missed heartbeat scenario mentioned earlier; the second is removal or addition of a server to the cluster by an administrator. The heartbeat is reduced by one half during convergence. A less common reason for convergence is a change in the host configuration, such as a host priority.
Q144. - (Topic 5)
You need to recommend changes to the name resolution infrastructure that meet the company's technical requirements. What should you recommend?
A. Create a stub zone on all of the DNS servers in the branch offices.
B. Create a secondary zone on all of the DNS servers in the branch offices.
C. Move the DNS zone of the root domain to the ForestDnsZones Application directory partition.
D. Move the DNS zone of each branch office to the ForestDnsZones Application directory partition.
Answer: C
Explanation:
To reduce replication traffic and the amount of data stored in the global catalog, you can use application directory partitions for Active Directory–integrated DNS zones. http://technet.microsoft.com/en-us/library/cc772101.aspx
All domain controllers in a specified application directory partition
Replicates zone data according to the replication scope of the specified application directory partition. For a zone to be stored in the specified application directory partition, the DNS server hosting the zone must be enlisted in the specified application directory partition. Use this scope when you want zone data to be replicated to domain controllers in multiple domains but you do not want the data to replicate to the entire forest.
Q145. - (Topic 1)
Your network consists of a single Active Directory domain. The relevant portion of the Active Directory domain is configured as shown in the following diagram.
...
The Staff organizational unit (OU) contains all user accounts except for the managers' user accounts.
The Managers OU contains the managers' user accounts and the following global groups:
Sales
Finance
Engineering
You create a new Group Policy object (GPO) named GPO1, and then link it to the Employees OU.
Users from the Engineering global group report that they are unable to access the Run command on the Start menu. You discover that the GPO1 settings are causing the issue.
You need to ensure that the users from the Engineering global group are able to access the Run command on the Start menu.
What should you do?
A. Configure GPO1 to use the Enforce Policy option.
B. Configure Block Inheritance on the Managers OU.
C. Configure Group Policy filtering on GPO1 for the Engineering global group.
D. Create a new child OU named Engineering under the Employees OU. Move the Engineering global group to the new Engineering child OU.
Answer: C
Explanation:
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration No administrator likes exceptions, but we are required to implement them. Typically you might have configured security filtering, Windows Management Instrumentation (WMI) filters, block inheritance settings, no-override settings, loopback processing, and slow-link settings. You need to check that these settings are not affecting normal GPO processing.
Regenerate testking 70-646 pdf:
Q146. - (Topic 1)
A network includes servers that run Windows Server 2008 R2 with the Network Policy Server (NPS) server role installed. You are planning to deploy a remote network
administration solution.
The remote administration solution must meet the following requirements:
. Include fault tolerance. . Define the users who have remote access and the resources they can remotely access.
You need to design a remote administration solution that meets the requirements.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Deploy and configure multiple servers with the Remote Desktop Gateway server role. Create a central Remote Desktop Connection Authorization Policy (RD CAP) and a Resource Authorization Policy (RD RAP).
B. Deploy and configure multiple servers with the Remote Desktop Gateway server role. Create a local Remote Desktop Connection Authorization Policy (RD CAP) and a Resource Authorization Policy (RD RAP).
C. Deploy and configure one server with the Remote Desktop Web Access server role. Create a central Remote Desktop Connection Authorization Policy (RD CAP) and a Resource Authorization Policy (RD RAP).
D. Deploy and configure one server with the Remote Desktop Web Access server role. Create a local Remote Desktop Connection Authorization Policy (RD CAP) and a Resource Authorization Policy (RD RAP).
Answer: A
Explanation:
You can also configure RD Gateway to use Remote Desktop connection authorization policies (RD CAPs) that are stored on another server that runs the Network Policy Server (NPS) service. By doing this, you are using the server running NPS, formerly known as a Remote Authentication Dial-In User Service (RADIUS) server, to centralize the storage, management, and validation of RD CAPs. If you have already deployed a server running NPS for remote access scenarios such as VPN and dial-up networking, using the existing server running NPS for RD Gateway scenarios as well can enhance your deployment.
RAP Remote Desktop resource authorization policies (RD RAPs) allow you to specify the internal network resources (computers) that remote users can connect to through an RD Gateway server. Remote users connecting to the network through an RD Gateway server are granted access to computers on the internal network if they meet the conditions specified in at least one RD CAP and one RD RAP.
CAP Remote Desktop connection authorization policies (RD CAPs) allow you to specify who can connect to an RD Gateway server
Q147. - (Topic 1)
Your network consists of a single Active Directory domain. The domain contains three organizational units (OUs) named Test, Application, and Database.
You need to redesign the layout of the OUs to support the following requirements:
-Prevent Group Policy objects (GPOs) that are linked to the domain from applying to computers located in the
Applications OU
-Minimize the number of GPOs
-Minimize the number of Ous
What should you include in your design?
A. Create a Starter GPO.
B. Create a Windows Management Instrumentation (WMI) filter.
C. Delegate permissions on the Application OU.
D. Configure block inheritance on the Application OU.
Answer: D
Explanation:
Understanding Group Policy You already know that Group Policy settings contained in Group Policy objects (GPOs) can be linked to OUs, and that OUs can either inherit settings from parent OUs or block inheritance and obtain their specific settings from their own linked GPOs. You also know that some policies—specifically, security policies—can be set to “no override” so that they cannot be blocked or overwritten and force child OUs to inherit the settings from their parents.
Q148. - (Topic 1)
...
A company has Remote Desktop Services (RDS) servers that run Windows Server 2008 R2 and client computers that run Windows 7.
You are designing a non-production remote desktop infrastructure that you will use for evaluation purposes for 180 days. The remote desktop infrastructure must meet the following requirements:
Maximize the security of remote desktop connections.
Minimize changes to the company's firewall configuration.
Provide external users with a secure connection from the Windows 7 Remote
Desktop client to the RDS environment.
You need to design a temporary remote desktop infrastructure that meets the requirements.
Which services should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Remote Desktop Gateway, Remote Desktop Licensing, and Remote Desktop Session Host B. Remote Desktop Licensing, Remote Desktop Session Host, and Remote Desktop Web Access
C. Only Remote Desktop Gateway and Remote Desktop Session Host
D. Only Remote Desktop Session Host and Remote Desktop Web Access
Answer: C
Explanation:
Its true that the evaluation period for RD is only 120 days and your requirements are 180 days. Maybe the question is inaccurate and it actually states 120 days?
But if you read http://technet.microsoft.com/en-us/library/cc738962%28WS.10%29.aspx it says To allow ample time for you to deploy a Terminal Server license server, Terminal Server provides a licensing grace period, during which no license server is required. During this grace period, a terminal server can accept connections from unlicensed clients without contacting a license server. The grace period begins the first time the terminal server accepts a client connection. It ends after you deploy a license server and that license server issues its first permanent client access license (CAL), or after 120 days, whichever comes first. In order for a license server to issue permanent CALs, you must activate the license server and then purchase and install the appropriate number of permanent CALs. If a license server is not activated, it issues temporary licenses. These temporary licenses allow clients to connect to the terminal server for 90 days.
So is that the solution? If you feel licensing is required then A is your answer, if you don't then C is your answer. Remote Desktop Gateway (RD Gateway), formerly Terminal Services Gateway (TS Gateway), is a role service in the Remote Desktop Services server role included with Windows Server. 2008 R2 that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internetconnected device that can run the Remote Desktop Connection (RDC) client. The network resources can be Remote Desktop Session Host (RD Session Host) servers, RD Session Host servers running RemoteApp programs, or computers and virtual desktops with Remote Desktop enabled. RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users on the Internet and internal network resources
Why use Remote Desktop Gateway?
RD Gateway provides many benefits, including: RD Gateway enables remote users to connect to internal network resources over the Internet, by using an encrypted connection, without needing to configure virtual private network (VPN) connections. RD Gateway provides a comprehensive security configuration model that enables you to control access to specific internal network resources. RD Gateway provides a point-to-point RDP connection, rather than allowing remote users access to all internal network resources. RD Gateway enables most remote users to connect to internal network resources that are hosted behind firewalls in private networks and across network address translators (NATs). With RD Gateway, you do not need to perform additional configuration for the RD Gateway server or clients for this scenario. Prior to this release of Windows Server, security measures prevented remote users from connecting to internal network resources across firewalls and NATs. This is because port 3389, the port used for RDP connections, is typically blocked for network security purposes. RD Gateway transmits RDP traffic to port 443 instead, by using an HTTP Secure Sockets Layer/Transport Layer Security (SSL/TLS) tunnel. Because most corporations open port 443 to enable Internet connectivity, RD Gateway takes advantage of this network design to provide remote access connectivity across multiple firewalls. The Remote Desktop Gateway Manager enables you to configure authorization policies to define conditions that must be met for remote users to connect to internal network resources. For example, you can specify: Who can connect to internal network resources (in other words, the user groups who can connect). What network resources (computer groups) users can connect to. Whether client computers must be members of Active Directory security groups. Whether device redirection is allowed. Whether clients need to use smart card authentication or password authentication, or whether they can use either method. You can configure RD Gateway servers and Remote Desktop Services clients to use Network Access Protection (NAP) to further enhance security. NAP is a health policy creation, enforcement, and remediation technology that is included in Windows Server. 2008 R2, Windows Server. 2008, Windows. 7, Windows Vista., and Windows. XP Service Pack 3. With NAP, system administrators can enforce health requirements, which can include software requirements, security update requirements, required computer configurations, and other settings. . A Remote Desktop Session Host (RD Session Host) server is the server that hosts Windows-based programs or the full Windows desktop for Remote Desktop Services clients. Users can connect to an RD Session Host server to run programs, to save files, and to use network resources on that server. Users can access an RD Session Host server by using Remote Desktop Connection or by using RemoteApp. Remote Desktop Licensing http://technet.microsoft.com/en-us/library/hh553157%28v=ws.10%29 Operating System Grace Period Windows Server 2008 R2 120 days Windows Server 2008 120 days Windows Server 2003 R2 / Windows Server 2003 120 days Windows 2000 Server 90 days There has been some debate about licensing and some suggest you needed a license server. however take a look here: http://support.microsoft.com/kb/948472 Evaluating Windows Server 2008 software does not require product activation. Any edition of Windows Server 2008 may be installed without activation, and it may be evaluated for 60 days. Additionally, the 60-day evaluation period may be reset (re-armed) three times. This action extends the original 60-day evaluation period by up to 180 days for a total possible evaluation time of 240 days.
Q149. - (Topic 3)
You need to recommend a solution that enables User1 to perform the required actions on the Hyper-V server. What should you include in the recommendation?
A. Authorization Manager role assignment
B. Group Policy object (GPO) assignment on the VMs
C. Group Policy object (GPO) assignment on the Hyper-V server
D. local security groups on the VMs
Answer: A
Q150. - (Topic 19)
You need to recommend a solution to meet the following requirements:
. Meet the company auditing requirements. . Ensure that further administrative action is not required when new folders are added to the file server.
What should you recommend? (Choose all that Apply.)
A. Enable the Audit File System Group Policy setting for Success.
B. Enable the Audit object access Group Policy setting for Success.
C. Enable the Audit File System Group Policy setting for Failure.
D. Enable the Audit Handle Manipulation Group Policy setting for Success.
E. Enable the File system option of the Global Object Access Auditing Group Policy setting.
F. Enable the Audit Handle Manipulation Group Policy setting for Failure.
Answer: B,D,E
Explanation:
Security auditing allows you to track the effectiveness of your network defenses and identify attempts to circumvent them. There are a number of auditing enhancements in Windows Server 2008 R2 and Windows 7 that increase the level of detail in security auditing logs and simplify the deployment and management of auditing policies.
Auditing policy Before you implement auditing policy, you must decide which event categories you want to audit. The auditing settings that you choose for the event categories define your auditing policy. On member servers and workstations that are joined to a domain, auditing settings for the event categories are undefined by default. On domain controllers, auditing is turned on by default. By defining auditing settings for specific event categories, you can create an auditing policy that suits the security needs of your organization.
Audit Object Access This security setting determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified. If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when a user successfully accesses an object that has an appropriate SACL specified. Failure audits generate an audit entry when a user unsuccessfully attempts to access an object that has a SACL specified. To set this value to No auditing, in the Properties dialog box for this policy setting, select the Define these policy settings check box and clear the Success and Failure check boxes. Note that you can set a SACL on a file system object using the Security tab in that object's Properties dialog box. http://technet.microsoft.com/en-us/library/cc776774%28v=ws.10%29.aspx Audit Handle Manipulation Group Policy setting This policy setting determines whether the operating system generates audit events when a handle to an object is opened or closed. Only objects with configured SACLs generate these events, and only if the attempted handle operation matches the SACL. Event volume can be high, depending on how SACLs are configured. When used together with the Audit File System or Audit Registry policy settings, the Audit Handle Manipulation policy setting can provide an administrator with useful "reason for access," audit data detailing the precise permissions on which the audit event is based. For example, if a file is configured as a read-only resource but a user attempts to save changes to the file, the audit event will log not just the event itself but the permissions that were used, or attempted to be used, to save the file changes. Global Object Access Auditing Group Policy setting. Global Object Access Auditing. In Windows Server 2008 R2 and Windows 7, administrators can define computer-wide system access control lists (SACLs) for either the file system or registry. The specified SACL is then automatically applied to every single object of that type. This can be useful both for verifying that all critical files, folders, and registry settings on a computer are protected, and for identifying when an issue with a system resource occurs.