70-646 Exam
Surprising mcitp 70-646 pdf
Ucertify offers essentially the most competitive Microsoft 70-646 exam training materials for the candidates. Most of them get passed the particular real examination in the first attempt some of them got a great over 95% tag. As the result, they got a new top-flight job from the competitive IT field. If you want to be one of these people, please join in our training team and you will succeed soon. Your high passing ratio is the best proof for each of our hard function. You can eradicate your worries. We guarantee your own achievement for the first try. And you can examine the high quality of each of our Microsoft Microsoft exam and then make your decision whether as well as not to acquire.
2021 Oct server 2008 exam 70-646:
Q121. - (Topic 1)
Your company has a main office and a branch office. Your network contains a single Active Directory domain.
An Active Directory site exists for each office. All domain controllers run Windows Server 2008 R2. You plan to modify the DNS infrastructure. You need to plan the new DNS infrastructure to meet the following requirements:
•Ensure that the DNS service is available even if a single server fails
•Encrypt the synchronization data that is sent between DNS servers
•Support dynamic updates to all DNS servers
What should you include in your plan?
A. Install the DNS Server server role on two servers. Create a primary zone on the DNS server in the main office. Create a secondary zone on the DNS server in the branch office.
B. Install the DNS Server server role on a domain controller in the main office and on a domain controller in the branch office. Configure DNS to use Active Directory integrated zones.
C. Install the DNS Server server role on a domain controller in the main office and on a Readonly Domain Controller (RODC) in the branch office. Configure DNS to use Active Directory integrated zones.
D. Install the DNS Server server role on two servers. Create a primary zone and a GlobalNames zone on the DNS server in the main office. Create a GlobalNames zone on the DNS server in the branch office.
Answer: B
Explanation:
http://searchwindowsserver.techtarget.com/tip/DNS-Primer-Tips-for-understanding-Active-Directory-integratedzone-design-and-configuration
http://technet.microsoft.com/en-us/library/cc772101.aspx
In an ADI primary zone, rather than keeping the old zone file on a disk, the DNS records are stored in the AD, and Active Directory replication is used rather than the old problematic zone transfer. If all DNS servers were to die or become inaccessible, you could simply install DNS on any domain controller (DC) in the domain. The records would be automatically populated and your DNS server would be up without the messy import/export tasks of standard DNS zone files.
Windows 2000 and 2003 allow you to put a standard secondary zone (read only) on a member server and use one of the ADI primary servers as the master.
When you decide which replication scope to choose, consider that the broader the
replication scope, the greater the network traffic caused by replication. For example, if you decide to have AD DS–integrated DNS zone data replicated to all DNS servers in the forest, this will produce greater network traffic than replicating the DNS zone data to all DNS servers in a single AD DS domain in that forest.
AD DS-integrated DNS zone data that is stored in an application directory partition is not replicated to the global catalog for the forest. The domain controller that contains the global catalog can also host application directory partitions, but it will not replicate this data to its global catalog.
AD DS-integrated DNS zone data that is stored in a domain partition is replicated to all domain controllers in its AD DS domain, and a portion of this data is stored in the global catalog. This setting is used to support Windows 2000.
If an application directory partition's replication scope replicates across AD DS sites, replication will occur with the same intersite replication schedule as is used for domain partition data.
By default, the Net Logon service registers domain controller locator (Locator) DNS resource records for the application directory partitions that are hosted on a domain controller in the same manner as it registers domain controller locator (Locator) DNS resource records for the domain partition that is hosted on a domain controller.
Close integration with other Windows services, including AD DS, WINS (if enabled), and DHCP (including DHCPv6) ensures that Windows 2008 DNS is dynamic and requires little or no manual configuration. Windows 2008 DNS is fully compliant with the dynamic update protocol defined in RFC 2136. Computers running the DNS Client service register their host names and IPv4 and IPv6 addresses (although not link-local IPv6 addresses) dynamically. You can configure the DNS Server and DNS Client services to perform secure dynamic updates. This ensures that only authenticated users with the appropriate rights can update resource records on the DNS server. Figure 2-22 shows a zone being configured to allow only secure dynamic updates.
Figure 2-22Allowing only secure dynamic updates MORE INFODynamic update protocol For more information about the dynamic update protocol, see http://www.ietf.org/rfc/rfc2136.txt and http://www.ietf.org/rfc/rfc3007 NOTE Secure dynamic updates Secure dynamic updates are only available for zones that are integrated with AD DS.
Q122. - (Topic 1)
Your network contains a standalone root certification authority (CA). You have a server named Server1 that runs Windows Server 2008 R2. You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol (SSTP) on Server1.
You need to recommend a solution that allows external partner computers to access internal network resources by using SSTP.
What should you recommend?
A. Enable Network Access Protection (NAP) on the network.
B. Deploy the Root CA certificate to the external computers.
C. Implement the Remote Desktop Connection Broker role service.
D. Configure the firewall to allow inbound traffic on TCP Port 1723.
Answer: B
Explanation:
Lesson 1: Configuring Active Directory Certificate Services
Certificate Authorities are becoming as integral to an organization’s network infrastructure as domain controllers, DNS, and DHCP servers. You should spend at least as much time planning the deployment of Certificate Services in your organization’s Active Directory environment as you spend planning the deployment of these other infrastructure servers. In this lesson, you will learn how certificate templates impact the issuance of digital certificates, how to configure certificates to be automatically assigned to users, and how to configure supporting technologies such as Online Responders and credential roaming. Learning how to use these technologies will smooth the integration of certificates into your organization’s Windows Server 2008 environment.
After this lesson, you will be able to:
Install and manage Active Directory Certificate Services. Configure autoenrollment for certificates. Configure credential roaming. Configure an Online Responder for Certificate Services.
Estimated lesson time: 40 minutes Types of Certificate Authority When planning the deployment of Certificate Services in your network environment, you must decide which type of Certificate Authority best meets your organizational requirements. There are four types of Certificate Authority (CA):
Enterprise Root Enterprise Subordinate Standalone Root Standalone Subordinate The type of CA you deploy depends on how certificates will be used in your environment and the state of the existing environment. You have to choose between an Enterprise or a Standalone CA during the installation of the Certificate Services role, as shown in Figure 10-1. You cannot switch between any of the CA types after the CA has been deployed.
Figure 10-1Selecting an Enterprise or Standalone CA Enterprise CAs require access to Active Directory. This type of CA uses Group Policy to propagate the certificate trust lists to users and computers throughout the domain and publish certificate revocation lists to Active Directory. Enterprise CAs issue certificates from certificate templates, which allow the following functionality: Enterprise CAs enforce credential checks on users during the certificate enrollment process. Each certificate template has a set of security permissions that determine whether a particular user is authorized to receive certificates generated from that template.
Certificate names are automatically generated from information stored within Active Directory. The method by which this is done is determined by certificate template configuration.
Autoenrollment can be used to issue certificates from Enterprise CAs, vastly simplifying the certificate distribution process. Autoenrollment is configured through applying certificate template permissions. In essence, Enterprise CAs are fully integrated into a Windows Server 2008 environment. This type of CA makes the issuing and management of certificates for Active Directory clients as simple as possible. Standalone CAs do not require Active Directory. When certificate requests are submitted to Standalone CAs, the requestor must provide all relevant identifying information and manually specify the type of certificate needed. This process occurs automatically with an Enterprise CA. By default, Standalone CA requests require administrator approval. Administrator intervention is necessary because there is no automated method of verifying a requestor’s credentials. Standalone CAs do not use certificate templates, limiting the ability for administrators to customize certificates for specific organizational needs. You can deploy Standalone CAs on computers that are members of the domain. When installed by a user that is a member of the Domain Admins group, or one who has been delegated similar rights, the Standalone CA’s information will be added to the Trusted Root Certificate Authorities certificate store for all users and computers in the domain. The CA will also be able to publish its certificate revocation list to Active Directory. Whether you install a Root or Subordinate CA depends on whether there is an existing certificate infrastructure. Root CAs are the most trusted type of CA in an organization’s public key infrastructure (PKI) hierarchy. Root CAs sit at the top of the hierarchy as the ultimate point of trust and hence must be as secure as possible. In many environments, a Root CA is only used to issue signing certificates to Subordinate CAs. When not used for this purpose, Root CAs are kept offline in secure environments as a method of reducing the chance that they might be compromised. If a Root CA is compromised, all certificates within an organization’s PKI infrastructure should be considered compromised. Digital certificates are ultimately statements of trust. If you cannot trust the ultimate authority from which that trust is derived, it follows that you should not trust any of the certificates downstream from that ultimate authority. Subordinate CAs are the network infrastructure servers that you should deploy to issue the everyday certificates needed by computers, users, and services. An organization can have many Subordinate CAs, each of which is issued a signing certificate by the Root CA. In the event that one Subordinate CA is compromised, trust of that CA can be revoked from the Root CA. Only the certificates that were issued by that CA will be considered untrustworthy. You can replace the compromised Subordinate CA without having to replace the entire organization’s certificate infrastructure. Subordinate CAs can be replaced, but a compromised Enterprise Root CA usually means you have to redeploy the Active Directory forest from scratch. If a Standalone Root CA is compromised, it also necessitates the replacement of an organization’s PKI infrastructure.
Q123. - (Topic 7)
You need to recommend a solution to minimize the amount of time it takes for users in the Boston office to log on to their client computers.
What should you include in the recommendation?
A. access based enumeration (ABE)
B. folder redirection
C. the Active Directory site link cost
D. universal group membership caching
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc732275.aspx Folder Redirection User settings and user files are typically stored in the local user profile, under the Users folder. The files in local user profiles can be accessed only from the current computer, which makes it difficult for users who use more than one computer to work with their data and synchronize settings between multiple computers. Two technologies exist to address this problem: Roaming Profiles and Folder Redirection. Both technologies have their advantages, and they can be used separately or together to create a seamless user experience from one computer to another. They also provide additional options for administrators managing user data. When a user logs in their profile is loaded as part of the login process. the My Documents folder is part of the user profiel, by redirecting this folder to a file server it means that it does not needed to be loaded at login thus reducing the login time. while having the added benifit of enabling the company to back up these files.
Q124. - (Topic 10)
You need to recommend a VPN solution for the new sales office. The solution must support the company's planned changes. What should you include in the recommendation?
A. Internet Key Exchange version 2 (IKEv2)
B. Layer 2 Tunneling Protocol (L2TP)
C. PointtoPoint Tunneling Protocol (PPTP)
D. Secure Socket Tunneling Protocol (SSTP)
Answer: D
Explanation:
http://support.microsoft.com/kb/947032 SSTP is a new kind of Virtual Private Networking (VPN) tunnel that is available in the Routing and Remote Access Server role in Windows Server 2008. SSTP allows for Point-to-Point Protocol (PPP) packets to be encapsulated over HTTP. This allows for a VPN connection to be more easily established through a firewall or through a Network Address Translation (NAT) device. Also, this allows for a VPN connection to be established through an HTTP proxy device.
The information is this article is more likely to apply to a small-sized or medium-sized
organization. For these kinds of organizations, it is common to have one public IP address
that is assigned to the external interface of a NAT router or of a gateway device. This
article describes the following scenario:
You have a Windows Server 2008-based Secure Socket Tunneling Protocol (SSTP)-based
VPN server.
The server is assigned a private IP address.
The server is located on an internal network behind a NAT device.
Q125. - (Topic 1)
Your network consists of a single Active Directory domain. The domain contains a server that runs Windows Server 2008 R2 and that has the Remote Desktop Services server role installed.
The server has six custom Applications installed. The custom Applications are configured as RemoteApps.
You notice that when a user runs one of the Applications, other users report that the server seems slow and that some Applications become unresponsive.
You need to ensure that active user sessions receive equal access to system resources.
What should you do?
A. Implement Remote Desktop Web Access.
B. Implement Remote Desktop Connection Broker.
C. Configure Performance Monitor.
D. Implement Windows System Resource Manager.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc771218%28WS.10%29.aspx http://technet.microsoft.com/en-us/library/cc732553%28WS.10%29.aspx Terminal Services and Windows System Resource Manager
Windows. System Resource Manager (WSRM) on Windows Server. 2008 allows you to control how CPU and memory resources are allocated to applications, services, and processes on the computer. Managing resources in this way improves system performance and reduces the chance that applications, services, or processes will take CPU or memory resources away from one another and slow down the performance of the computer. Managing resources also creates a more consistent and predictable experience for users of applications and services running on the computer.
You can use WSRM to manage multiple applications on a single computer or users on a computer on which Terminal Services is installed. Resource-Allocation Policies WSRM uses resource-allocation policies to determine how computer resources, such as CPU and memory, are allocated to processes running on the computer. There are two resource-allocation policies that are specifically designed for computers running Terminal Services. The two Terminal Services-specific resource-allocation policies are:
Equal_Per_User Equal_Per_Session
Renew testking 70-646 pdf:
Q126. - (Topic 1)
Your company has several branch offices.
Your network consists of a single Active Directory domain. Each branch office contains domain controllers and member servers. The domain controllers run Windows Server 2003 SP2. The member servers run Windows Server 2008 R2.
Physical security of the servers at the branch offices is a concern.
You plan to implement Windows BitLocker Drive Encryption (BitLocker) on the member servers.
You need to ensure that you can access the BitLocker volume if the BitLocker keys are corrupted on the member servers. The recovery information must be stored in a central location.
What should you do?
A. Upgrade all domain controllers to Windows Server 2008 R2. Use Group Policy to configure Public Key Policies.
B. Upgrade all domain controllers to Windows Server 2008 R2. Use Group Policy to enable Trusted Platform Module (TPM) backups to Active Directory.
C. Upgrade the domain controller that has the schema master role to Windows Server 2008 R2. Use Group Policy to enable a Data Recovery Agent (DRA).
D. Upgrade the domain controller that has the primary domain controller (PDC) emulator role to Windows Server 2008 R2. Use Group Policy to enable a Data Recovery Agent (DRA).
Answer: B
Explanation:
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration: Planning BitLocker Deployment Windows BitLocker and Drive Encryption (BitLocker) is a feature that debuted in Windows Vista Enterprise and Ultimate Editions and is available in all versions of Windows Server 2008. BitLocker serves two purposes: protecting server data through full volume encryption and providing an integrity-checking mechanism to ensure that the boot environment has not been tampered with. Encrypting the entire operating system and data volumes means that not only are the operating system and data protected, but so are paging files, applications, and application configuration data. In the event that a server is stolen or a hard disk drive removed from a server by third parties for their own nefarious purposes, BitLocker ensures that these third parties cannot recover any useful data. The drawback is that if the BitLocker keys for a server are lost and the boot environment is compromised, the data stored on that server will be unrecoverable.
To support integrity checking, BitLocker requires a computer to have a chip capable of supporting the Trusted Platform Module (TPM) 1.2 or later standard. A computer must also have a BIOS that supports the TPM standard. When BitLocker is implemented in these conditions and in the event that the condition of a startup component has changed, BitLocker-protected volumes are locked and cannot be unlocked unless the person doing the unlocking has the correct digital keys. Protected startup components include the BIOS, Master Boot Record, Boot Sector, Boot Manager, and Windows Loader.
From a systems administration perspective, it is important to disable BitLocker during maintenance periods when any of these components are being altered. For example, you must disable BitLocker during a BIOS upgrade. If you do not, the next time the computer starts, BitLocker will lock the volumes and you will need to initiate the recovery process. The recovery process involves entering a 48-character password that is generated and saved to a specified location when running the BitLocker setup wizard. This password should be stored securely because without it the recovery process cannot occur. You can also configure BitLocker to save recovery data directly to Active Directory; this is the recommended management method in enterprise environments.
You can also implement BitLocker without a TPM chip. When implemented in this manner there is no startup integrity check. A key is stored on a removable USB memory device, which must be present and supported by the computer’s BIOS each time the computer starts up. After the computer has successfully started, the removable USB memory device can be removed and should then be stored in a secure location. Configuring a computer running Windows Server 2008 to use a removable USB memory device as a BitLocker startup key is covered in the second practice at the end of this lesson.
BitLocker Group Policies
BitLocker group policies are located under the Computer Configuration\Policies\ Administrative Templates\Windows Components\BitLocker Drive Encryption node of a Windows Server 2008 Group Policy object. In the event that the computers you want to deploy BitLocker on do not have TPM chips, you can use the Control Panel Setup: Enable Advanced Startup Options policy, which is shown in Figure 1-7. When this policy is enabled and configured, you can implement BitLocker without a TPM being present. You can also configure this policy to require that a startup code be entered if a TPM chip is present, providing another layer of security.
Figure 1-7Allowing BitLocker without the TPM chip Other BitLocker policies include:
Turn On BitLocker Backup To Active Directory Domain Services When this policy is enabled, a computer’s recovery key is stored in Active Directory and can be recovered by an authorized administrator. Control Panel Setup: Configure Recovery Folder When enabled, this policy sets the default folder to which computer recovery keys can be stored.
Q127. - (Topic 4)
You need to recommend a management solution for the corporate Web sites that meets
the museum's security policy. What should you include in the recommendation?
A. Internet Information Services (IIS) Manager
B. Remote Desktop Services (RDS)
C. Remote Server Administration Tools (RSAT)
D. Windows PowerShell 2.0
Answer: D
Explanation:
RSAT isnt right because that will give them access to other tools they do not need. the admins are not required login in so that takes care of RDS because that means they MUST log on interactively, that leaves IIS and Powershell. PowerShell meets the requirements of the security policy, IIs wont
Q128. - (Topic 1)
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. There are five Windows Server 2003 SP2 servers that have the Terminal Server component installed. A firewall server runs Microsoft Internet Security and Acceleration (ISA) Server 2006.
You plan to give remote users access to the Remote Desktop Services servers.
You need to create a remote access strategy for the Remote Desktop Services servers that meets the following requirements:
•Restricts access to specific Remote Desktop Services servers
•Encrypts all connections to the Remote Desktop Services servers
•Minimizes the number of open ports on the firewall server
What should you do?
A. Implement SSL bridging on the ISA Server. Require authentication on all inbound connections to the ISA Server.
B. Implement port forwarding on the ISA Server. Require authentication on all inbound connections to the ISA Server.
C. Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the Windows Server 2008 R2 server, implement the Remote Desktop Gateway (RD Gateway) role service, and configure a Remote Desktop resource authorization policy (RD RAP).
D. Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the Windows Server 2008 R2 server, implement the Remote Desktop Gateway (RD Gateway) role service, and configure a Remote Desktop connection authorization policy (RD CAP).
Answer: C
Explanation:
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration: Terminal Services Gateway TS Gateway allows Internet clients secure, encrypted access to Terminal Servers behind your organization’s firewall without having to deploy a Virtual Private Network (VPN) solution. This means that you can have users interacting with their corporate desktop or applications from the comfort of their homes without the problems that occur when VPNs are configured to run over multiple Network Address Translation (NAT) gateways and the firewalls of multiple vendors. TS Gateway works using RDP over Secure Hypertext Transfer Protocol (HTTPS), which is the same protocol used by Microsoft Office Outlook 2007 to access corporate Exchange Server 2007 Client Access Servers over the Internet. TS Gateway Servers can be configured with connection authorization policies and resource authorization policies as a way of differentiating access to Terminal Servers and network resources. Connection authorization policies allow access based on a set of conditions specified by the administrator; resource authorization policies grant access to specific Terminal Server resources based on user account properties.
Resource Authorization Policies
Terminal Services resource authorization policies (TS-RAPs) are used to determine the specific resources on an organization’s network that an incoming TS Gateway client can connect to. When you create a TS-RAP you specify a group of computers that you want to grant access to and the group of users that you will allow this access to. For example, you could create a group of computers called AccountsComputers that will be accessible to members of the Accountants user group. To be granted access to internal resources, a remote user must meet the conditions of at least one TS-CAP and at least one TS-RAP.
Q129. - (Topic 7)
You need to recommend which role services must be deployed to support the company's planned changes.
Which two role services should you recommend? (Each correct answer presents part of the solution. Choose two.)
A. Health Registration Authority (HRA)
B. Host Credential Authorization Protocol (HCAP)
C. Network Policy Server (NPS)
D. Routing and Remote Access service (RRAS)
Answer: C,D
Explanation:
Network Policy Server NPS is the Microsoft implementation of a Remote Authentication Dial-In User Service (RADIUS) server and proxy. You can use NPS to centrally manage network access through a variety of network access servers, including 802.1X authenticating switches and wireless access points, VPN servers, and dial-up servers. In addition, NPS is configurable as a Network Access Protection (NAP) policy server.
Routing and Remote Access
Using Routing and Remote Access, you can deploy Point-to-Point Tunneling Protocol (PPTP), Secure Socket Tunneling Protocol (SSTP), or Later Two Tunneling Protocol (L2TP) with Internet Protocol security (IPsec) VPN connections to provide end users with remote access to your organization's network. You can also create a site-to-site VPN connection between two servers at different locations.
Health Registration Authority (HRA)
HRA is a Network Access Protection (NAP) component that issues health certificates to clients that pass the health policy verification that is performed by NPS using the client statement of health (SoH). HRA is used only with the NAP IPsec enforcement method.
Host Credential Authorization Protocol (HCAP)
HCAP allows you to integrate your Microsoft NAP solution with Cisco Network Access Control Server. When you deploy HCAP with NPS and NAP, NPS can perform client health evaluation and the authorization of Cisco 802.1X access clients.
Topic 8, A. Datum
Scenario
...
COMPANY OVERVIEW
A. Datum Corporation is a manufacturing company that has a main office and two branch offices. The main office is located in Denver. The branch offices are located in New York and Montreal. The main office has 10,000 users. Each branch office has approximately 200 users.
PLANNED CHANGES
A. Datum plans to deploy a new intranet site named Site1 in the main office. Two servers that run a Server Core installation of Windows Server 2008 R2 are requisitioned for the deployment of Site1.
You plan to deploy a domain controller in each office.
You have a new server named Backup1. All servers will be backed up remotely by using Windows Server Backup on Backup1.
BUSINESS GOALS
A. Datum has the following business goals: Changes to the environment must minimize costs. Changes to the environment must optimize the use of new hardware. The costs to manage the network infrastructure and the servers must be minimized.
EXISTING ENVIRONMENT
All servers run Windows Server 2008 R2. All client computers run Windows 7 Enterprise. The network contains a Web server named Web1. Web1 is located in the perimeter network and is accessible from the internal network and the Internet. Web1 runs a Server Core installation of Windows Server 2008 R2 Standard.
Existing Active Directory/Directory Services
The network contains a single Active Directory domain named adatum.com.
The main office has two domain controllers.
Existing Network Infrastructure
Each office has a file server.
The main office connects to each branch office by using a WAN link. Users in the branch offices frequently access the file server in the main office.
Current Administration Model
All domain administrators work in the main office and remotely manage the servers by using their Windows 7 computers.
A group named Branch Admins has the rights to manage all of the client computers in the branch offices.
You have several ADMX files that contain custom Application settings.
REQUIREMENTS Security Requirements
The BranchAdmins group members must be able to install updates and drivers on the
domain controllers in the branch offices.
Passwords must not be stored by using reversible encryption.
All authentication traffic on the network must be encrypted.
Application Requirements
A new Application named WebApp2 must be deployed on Web1. The WebApp2 deployment must meet the following requirements:
.....
Users must be authenticated to access WebApp2.
WebApp2 must support Web browsers from various vendors.
WebApp2 must be accessible to internal users and Internet users.
A failure of WebApp2 must not cause other Web Applications to fail.
Internet users must be required to configure the minimum number of changes on
their client computers to access WebApp2.
Site1 must be configured to meet the following requirements:
....
Site1 must support the most user connections possible.
Site1 must be backed up every day by a remote server,
If a single Web server fails, users must be able to access Site1.
If a single Web server fails, users must not receive an error message when they
access Site1.
Technical Requirements
You must ensure that domain administrators can access the ADMX files from any client computer that they use to manage Group Policies.
You must ensure that the domain administrators are notified by e-mail each time a user copies video files to the file servers.
Q130. - (Topic 1)
You are designing a monitoring solution to log performance on member servers that run Windows Server 2008 R2.
The monitoring solution must meet the following requirements for members of the Operations team:
. Create and modify Data Collector Sets.
. Display log file data and real-time performance data in Performance Monitor.
You need to design a monitoring solution that meets the requirements.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Add members of the Operations team to the Performance Monitor Users group. Assign the Act as part of the operating system user right to the Performance Monitor Users group
B. Add members of the Operations team to the Performance Log Users group
C. Add members of the Operations team to the Administrators group
D. Add members of the Operations team to the Power Users group. Assign the Act as part of the operating system user right to the Power Users group
Answer: B
Explanation:
A Data Collector Set is the building block of performance monitoring and reporting in Windows Performance Monitor. It organizes multiple data collection points into a single component that can be used to review or log performance. A Data Collector Set can be created and then recorded individually, grouped with other Data Collector Set and incorporated into logs, viewed in Performance Monitor, configured to generate alerts when thresholds are reached, or used by other non-Microsoft applications. It can be associated with rules of scheduling for data collection at specific times. Windows Management
Interface (WMI) tasks can be configured to run upon the completion of Data Collector Set
collection.
Data Collector Sets can contain the following types of data collectors:
Performance counters
Event trace data
System configuration information (registry key values)
You can create a Data Collector Set from a template, from an existing set of Data
Collectors in a Performance
Monitor view, or by selecting individual Data Collectors and setting each individual option in
the Data Collector
Set properties.
http://technet.microsoft.com/en-us/library/cc722148
You can create a Data Collector Set from counters in the current Performance Monitor
display. Membership in the local Performance Log Users or Administrators group, or
equivalent, is the minimum required to complete this procedure.