10 tips on 70-646 cbt nuggets free download

70-646 Exam

10 tips on 70-646 cbt nuggets free download

We offer that you will certainly also absolutely pass the genuine exam without virtually any difficulties. 100% passing assure is not hollow words. However, if you really dont obtain through the Microsoft genuine certification exam, no matter what? purpose, we supply full money back in the paying fees. Zero questions asked!

2021 Oct exam 70-646 windows server 2008 server administrator:

Q51. - (Topic 9)

You need to ensure that Admin2 can administer Active Directory to meet the company's technical requirements. What should you do?

A. Add Admin2 to the Domain Admins global group.

B. Add Admin2 to the Backup Operators domain local group.

C. Delegate full control of all objects in graphicdesigninstitute.com to Admin2.

D. Delegate full control of all objects in the Domain Controllers organizational unit (OU) to Admin2.

Answer: A

Explanation:

You can enable Active Directory Recycle Bin only if the forest functional level of your environment is set to Windows Server 2008 R2. Membership in Domain Admins, or equivalent, is the minimum required to use AD recycle bin

Q52. - (Topic 2)

You need to recommend a server build for the Web servers.

Which server build should you recommend?

A. Class 1

B. Class 2

C. Class 3

D. Class 4

Answer: A

Q53. - (Topic 5)

You need to ensure that all servers meet the company's security requirements.

Which tool should you use?

A. Microsoft Baseline Security Analyzer (MBSA)

B. Microsoft Security Assessment Tool (MSAT)

C. Resultant Set of Policy (RSoP)

D. Security Configuration Wizard (SCW)

Answer: A

Explanation:

http://technet.microsoft.com/en-us/security/cc184924 Microsoft Baseline Security Analyzer Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.

Q54. - (Topic 6)

You need to recommend a disk configuration for the planned SQL Server deployment. The solution must ensure that the servers can fail over automatically.

What should you include in the recommendation?

A. GPT disks and basic disks

B. GPT disks and dynamic disks

C. MBR disks and basic disks

D. MBR disks and dynamic disks

Answer: A

Explanation:

Tnx SoK for the edditional material Server 2008 introduces support for GPT disks in cluster storage http://technet.microsoft.com/en-us/library/cc770625%28v=ws.10%29.aspx n Windows Server. 2008 Enterprise and Windows Server. 2008 Datacenter, the improvements to failover clusters (formerly known as server clusters) are aimed at simplifying clusters, making them more secure, and enhancing cluster stability. Cluster setup and management are easier. Security and networking in clusters have been improved, as has the way a failover cluster communicates with storage What new functionality does failover clustering provide? New validation feature. With this feature, you can check that your system, storage, and network configuration is suitable for a cluster. Support for GUID partition table (GPT) disks in cluster storage. GPT disks can have partitions larger than two terabytes and have built-in redundancy in the way partition information is stored, unlike master boot record (MBR) disks. http://technet.microsoft.com/en-us/library/cc770625%28WS.10%29.aspx Support for GPT disks in cluster storage GUID partition table (GPT) disks are supported in failover cluster storage. GPT disks provide increased disk size and robustness. Specifically, GPT disks can have partitions larger than two terabytes and have built-in redundancy in the way partition information is stored, unlike master boot record (MBR) disks. With failover clusters, you can use either type of disk. Why Basic disks over Dynamic? Only Basic discs can be used in a failover cluster http://technet.microsoft.com/en-us/library/cc733046.aspx

Topic 7, Lucerne Publishing

Scenario:

COMPANY OVERVIEW

Overview

Lucerne Publishing is a large publishing company that produces both traditional books and e-books.

Physical Location

The company has a main office and a branch office. The main office is located in New York. The branch office is located in San Francisco. The main office has a satellite office located in Boston. The company has 7,500 users.

EXISTING ENVIRONMENT

Active Directory Environment

The network contains an Active Directory forest. The forest contains a single domain named lucernepublishing.com.

Network Infrastructure

Client computers in the New York office and the San Francisco office run either Windows

Vista or Windows XP. All client computers in the Boston office run Windows 7.

The company has a finance department. All of the client computers in the finance

department run Windows XP. The finance department uses an Application named App1.

App1 only runs on Windows XP.

The relevant servers in the New York office are configured as shown in the following table.

The servers have the following configurations: Remote Desktop is enabled on all servers. The passwords for all service accounts are set to never expire. Server1 stores roaming user profiles for users in the Boston office. SQL1 and SQL2 are deployed in a two-node failover cluster named Clusterl. All servers have Pre-Boot Execution Environment (PXE)-compliant network adapters. The servers in the San Francisco office contain neither a recovery partition nor optical media drives. DFSl and DFS2 are members of the same DFS Replication group. The DFS namespace is configured to use Windows 2000 Server mode.

..... .

The Boston office has no servers. The Boston office connects to the New York office by using a dedicated hardware VPN device.

The finance department publishes monthly forecast reports that are stored in DFS.

REQUIREMENTS

Business Goals

Lucerne Publishing must minimize administrative costs, hardware costs, software costs, and development costs, whenever possible.

Planned Changes

All client computers will be upgraded to Windows 7.

A VPN server will be deployed in the main office. All VPN clients must have the latest Windows updates before they can access the internal network.

You plan to deploy a server that has the Remote Desktop Gateway (RD Gateway) role service installed.

Technical Requirements

Lucerne Publishing must meet the following technical requirements:

..... . . . .

Upgrade all client computers to Windows 7.

Minimize Group Policy-related replication traffic.

Ensure that App1 can be used from client computers that run Windows 7.

Ensure that users can use App1 when they are disconnected from the network.

Ensure that you can perform a bare metal recovery of the servers in the San

Francisco office.

Minimize the amount of time it takes users in the Boston office to log on to their

client computers.

Ensure that domain administrators can connect remotely to all computers in the

domain through RD Gateway.

Ensure that file server administrators can access DFS servers and file servers

through the RD Gateway.

Prevent file server administrators from accessing other servers through the RD

Gateway

Security Requirements

Lucerne Publishing must meet the following security requirements:

... . .

USB storage devices must not be used on any servers.

The passwords for all user accounts must be changed every 60 days.

Users must only be able to modify the financial forecast reports on DFSl. DFS2

must contain a read-only copy of the financial forecast reports.

All operating system drives on client computers that run Windows 7 must be

encrypted.

Only approved USB storaqe devices must be used on client computers that run

Windows 7.

Q55. - (Topic 4)

You need to recommend a solution for controlling access to the Internet. The solution must meet the museum's security policy.

What should you include in the recommendation?

A. File Server Resource Manager (FSRM) file screens and Group Policy objects (GPOs)

B. Microsoft Forefront Threat Management Gateway (TMG) 2010

C. Microsoft Forefront Unified Access Gateway (UAG) 2010

D. Windows Firewall with Advanced Security and Group Policy objects (GPOs)

Answer: B

Explanation:

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=14238

Forefront Threat Management Gateway 2010 allows employees to safely and productively

use the Internet without worrying about malware and other threats.

It provides multiple protection capabilities including URL filtering*, antimalware inspection*,

intrusion prevention, application- and network-layer firewall, and HTTP/HTTPS inspection –

that are integrated into a unified, easy to manage gateway, reducing the cost and

complexity of Web security.

http://www.isaserver.org/tutorials/Creating-Web-Access-Policy-Forefront-Threat-Management-Gateway-TMGBeta-1-Part1.html

Down to date mcp 70-646:

Q56. - (Topic 1)

Your network consists of a single Active Directory domain. All servers run Windows Server 2008 R2. You need to recommend a Group Policy deployment strategy.

Your strategy must support the following requirements:

. Domainlevel Group Policy objects (GPOs) must not be overwritten by organizational unit (OU) level GPOs. . OUlevel GPOs must not Apply to members of the Server Operators group.

What should you recommend?

A. Enable Block Inheritance for the domain, and then modify the permissions of all GPOs linked to OUs.

B. Enable Block Inheritance for the domain, and then enable Loopback Processing policy mode. Add the Server Operators group to the Restricted Groups list.

C. Set all domain level GPOs to Enforced, and then modify the permissions of the GPOs that are linked to OUs.

D. Set all domain level GPOs to Enforced, and then enable Loopback Processing policy mode. Add the Server Operators group to the Restricted Groups list.

Answer: C

Explanation:

http://www.petri.co.il/working_with_group_policy.htm http://technet.microsoft.com/en-us/library/bb742376.aspx

Linking a GPO to Multiple Sites, Domains, and OUs

This section demonstrates how you can link a GPO to more than one container (site, domain, or OU) in the Active Directory. Depending on the exact OU configuration, you can use other methods to achieve similar Group Policy effects; for example, you can use security group filtering or you can block inheritance. In some cases, however, those methods do not have the desired affects. Whenever you need to explicitly state which sites, domains, or OUs need the same set of policies, use the method outlined below:

To link a GPO to multiple sites, domains, and OUs

Open the saved MMC console GPWalkthrough, and then double-click the Active Directory User and Computers node.

Double-click the reskit.com domain, and double-click the Accounts OU.

Right-click the Headquarters OU, select Properties from the context menu, and then click the Group Policy tab.

In the Headquarters Properties dialog box, on the Group Policy tab, click New to create a new GPO named Linked Policies.

Select the Linked Policies GPO, and click the Edit button.

In the Group Policy snap-in, in the User Configuration node, under Administrative Templates node, click Control Panel, and then click Display.

On the details pane, click the Disable Changing Wallpaper policy, and then click Enabled in the Disable Changing Wallpaper dialog box and click OK.

Click Close to exit the Group Policy snap-in.

In the Headquarters Properties page, click Close.

Next you will link the Linked Policies GPO to another OU.

In the GPWalkthrough console, double-click the Active Directory User and Computers

node, double-click the reskit.com domain, and then double-click the Accounts OU.

Right-click the Production OU, click Properties on the context menu, and then click the

Group Policy tab on the Production Properties dialog box.

Click the Add button, or right-click the blank area of the Group Policy objects links list,

and select Add on the context menu.

In the Add a Group Policy Object Link dialog box, click the down arrow on the Look in

box, and select the Accounts.reskit.com OU.

Double-click the Headquarters.Accounts.reskit.com OU from the Domains, OUs, and

linked Group Policy objects list.

Click the Linked Policies GPO, and then click OK.

You have now linked a single GPO to two OUs. Changes made to the GPO in either

location result in a change for both OUs. You can test this by changing some policies in the

Linked Policies GPO, and then logging onto a client in each of the affected OUs,

Headquarters and Production.

Q57. - (Topic 8)

You need to recommend a solution for Group Policy that meets the company's technical requirements. What should you recommend?

A. Create a Central Store.

B. Enable folder redirection.

C. Modify the File Replication Service (FRS) settings for SYSVOL.

D. Configure SYSVOL to use Distributed File System (DFS) Replication.

Answer: A

Explanation:

http://technet.microsoft.com/en-us/library/cc709647%28WS.10%29.aspx Microsoft Windows Vista. and Windows Server 2008 introduce a new format for displaying registry-based policy settings. Registry-based policy settings (located under the Administrative Templates category in the Group Policy Object Editor) are defined using a standards-based, XML file format known as ADMX files. These new files replace ADM files, which used their own markup language. The Group Policy tools —Group Policy Object Editor and Group Policy Management Console—remain largely unchanged. In the majority of situations, you will not notice the presence of ADMX files during your day-to-day Group Policy administration tasks.

Q58. - (Topic 14)

You need to recommend a NAP enforcement method that meets the company's security requirements. Which method should you recommend?

A. 802.1X

B. DHCP

C. IPSec

D. VPN

Answer: A

Explanation:

Offices are both wired and wireless Network Access Protection You deploy Network Access Protection on your network as a method of ensuring that computers accessing important resources meet certain client health benchmarks. These benchmarks include (but are not limited to) having the most recent updates applied, having antivirus and anti-spyware software up to date, and having important security technologies such as Windows Firewall configured and functional. In this lesson, you will learn how to plan and deploy an appropriate network access protection infrastructure and enforcement method for your organization.

802.1X NAP Enforcement

802.1X enforcement makes use of authenticating Ethernet switches or IEEE 802.11 Wireless Access Points. These compliant switches and access points only grant unlimited network access to computers that meet the compliance requirement. Computers that do not meet the compliance requirement are limited in their communication by a restricted access profile. Restricted access profiles work by applying IP packet filters or VLAN (Virtual Local Area Network) identifiers. This means that hosts that have the restricted access profile are allowed only limited network communication. This limited network communication generally allows access to remediation servers. You will learn more about remediation servers later in this lesson.

An advantage of 802.1X enforcement is that the health status of clients is constantly assessed. Connected clients that become noncompliant will automatically be placed under the restricted access profile. Clients under the restricted access profile that become compliant will have that profile removed and will be able to communicate with other hosts on the network in an unrestricted manner. For example, suppose that a new antivirus update comes out. Clients that have not installed the update are put under a restricted access profile until the new update is installed. Once the new update is installed, the clients are returned to full network access. A Windows Server 2008 computer with the Network Policy Server role is necessary to support 802.1X NAP enforcement. It is also necessary to have switch and/or wireless access point hardware that is 801.1xcompliant. Client computers must be running Windows Vista, Windows Server 2008, or Windows XP Service Pack 3 because these operating systems include the EAPHost EC. MORE INFO 802.1X enforcement step-by-step For more detailed information on implementing 802.1X NAP enforcement, consult the following Step-by-Step guide on TechNet: http://go.microsoft.com/fwlink/?LinkId=86036.

Q59. - (Topic 1)

Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. There are five Windows Server 2003 SP2 servers that have the Terminal Server component installed. A firewall server runs Microsoft Internet Security and Acceleration (ISA) Server 2006.

You need to create a remote access strategy for the Remote Desktop Services servers that meets the following requirements:

Restricts access to specific users Minimizes the number of open ports on the firewall Encrypts all remote connections to the Remote Desktop Services servers

What should you do?

A. Implement SSL bridging on the ISA Server. Require authentication on all inbound

...

connections to the ISA Server.

B. Implement port forwarding on the ISA Server. Require authentication on all inbound connections to the ISA Server.

C. Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the Windows Server 2008 R2 server, implement the Remote Desktop Gateway (RD Gateway) role service, and configure a Remote Desktop resource authorization policy (RD RAP).

D. Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the Windows Server 2008 R2 server, implement the Remote Desktop Gateway (RD Gateway) role service, and configure a Remote Desktop connection authorization policy (RD CAP).

Answer: D

Explanation:

MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration: Terminal Services Gateway TS Gateway allows Internet clients secure, encrypted access to Terminal Servers behind your organization’s firewall without having to deploy a Virtual Private Network (VPN) solution. This means that you can have users interacting with their corporate desktop or applications from the comfort of their homes without the problems that occur when VPNs are configured to run over multiple Network Address Translation (NAT) gateways and the firewalls of multiple vendors. TS Gateway works using RDP over Secure Hypertext Transfer Protocol (HTTPS), which is the same protocol used by Microsoft Office Outlook 2007 to access corporate Exchange Server 2007 Client Access Servers over the Internet. TS Gateway Servers can be configured with connection authorization policies and resource authorization policies as a way of differentiating access to Terminal Servers and network resources. Connection authorization policies allow access based on a set of conditions specified by the administrator; resource authorization policies grant access to specific Terminal Server resources based on user account properties.

Connection Authorization Policies

Terminal Services connection authorization policies (TS-CAPs) specify which users are allowed to connect through the TS Gateway Server to resources located on your organization’s internal network. This is usually done by specifying a local group on the TS Gateway Server or a group within Active Directory. Groups can include user or computer accounts. You can also use TS-CAPs to specify whether remote clients use password or smart-card authentication to access internal network resources through the TS Gateway Server. You can use TS-CAPs in conjunction with NAP; this scenario is covered in more detail by the next lesson.

Q60. - (Topic 9)

You need to recommend a solution for configuring the Web servers. The solution must meet the company's technical requirements. What should you include in the recommendations?

A. Active Directory Lightweight Directory Services (AD LDS)

B. Failover Clustering

C. HTTP redirection

D. IIS Shared Configuration

Answer: D

Explanation:

http://technet.microsoft.com/en-us/library/cc731992%28WS.10%29.aspx The Shared Configuration feature enables you to do the following actions: Configure the Web server to use configuration files and encryption keys from a central location. Export the configuration files and encryption keys from your Web server to a central location that can be shared with other servers or used to store a backup copy of configuration files and encryption keys. This is useful when you have a Web farm and want each Web server in the farm to use the same configuration files and encryption keys.