QUESTION 21
Your network consists of one Active Directory domain. The functional level of the domain is Windows Server 2008. The domain has 30 domain controllers. Twenty administrators manage the domain. You plan to implement an audit and compliance policy. You need to ensure that all changes made to Active Directory objects are recorded. What should you do?
A. On all domain controllers, run the Security Configuration Wizard (SCW).
B. In the Default Domain Controller Policy, configure a Directory Services Auditing policy.
C. In the Default Domain Controller Policy, configure and implement a file-level audit policy for the SYSVOL volume.
D. Create a Group Policy object (GPO) linked to the Domain Controllers OU. Configure the GPO to install the Microsoft Baseline Security Analyzer (MBSA).
Answer: B
QUESTION 22
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2003. You need to plan the forest and domain functional levels to support the following requirements:
– Read-only domain controllers (RODC)
– Windows Server 2003 domain controllers
Which functional levels should you include in your plan?
A. the forest functional level of Windows 2000 and the domain functional level of Windows Server 2003.
B. the forest functional level of Windows Server 2003 and the domain functional level of Windows Server 2003.
C. the forest functional level of Windows Server 2003 and the domain functional level of Windows Server 2008.
D. the forest functional level of Windows Server 2008 and the domain functional level of Windows Server 2008.
Answer: B
QUESTION 23
Your network contains servers that run Windows Server 2008 and client computers that run Windows Vista. All network routers support IPsec connections. Client computers and servers use IPsec to connect through network routers. You have two servers named Server1 and Server2. Server1 has Active Directory Certificate Services (AD CS) installed and is configured as a certification authority (CA). Server2 runs Internet Information Services (IIS). You need to recommend a certificate solution for the network routers. The solution must meet the following requirements:
– Use the Simple Certificate Enrollment Protocol (SCEP).
– Enable the routers to automatically request certificates.
What should you recommend implementing?
A. certification authority Web enrollment services on Server2
B. Network Device Enrollment Service on Server2
C. Online Responder service on Server1
D. subordinate CA on Server1
Answer: B
QUESTION 24
Your network consists of two Active Directory forests named Forest1 and Forest2. The functional level of both forests is Windows Server 2003. Both forests contain only domain controllers that run Windows Server 2008. You install a new server named Server1 in Forest2. You need to recommend an access solution that meets the following requirements:
*Users in Forest1 must have access to resources on Server1. *Users in Forest1 must be denied access to all other resources within Forest2.
What should you recommend?
A. Raise the forest functional level of Forest1 and Forest2 to Windows Server 2008.
B. Raise the domain functional level of all domains in both forests to Windows Server 2008.
C. Create a forest trust between Forest1 and Forest2. Set the Allowed to Authenticate right on the computer object for Server1.
D. Create a forest trust between Forest1 and Forest2. Set the Allowed to Authenticate right on the computer object for the Forest2 infrastructure operations master object.
Answer: C
Ensure You 100% Pass 70-647 Exam With Passleader New 70-647 Practice Tests — http://www.passleader.com/70-647.html
QUESTION 25
Your network contains a server that runs Windows Server 2008. Internal users of the network and external partners collaborate on work projects. You need to plan a collaboration solution for the internal users and the external partners to meet the following requirements:
– Enable environment access audits.
– Enable secure access to files based on permissions.
– Enable remote access to files by using a Web browser.
– Enable search of data stored in database and file servers.
What should you include in your plan?
A. Install and configure the Web Server role.
B. Install and configure the Application Server role.
C. Install and configure Microsoft Windows SharePoint Services (WSS) 3.0.
D. Install and configure Microsoft Office SharePoint Server (MOSS) 2007.
Answer: D
QUESTION 26
Your company has a main office and a new branch office. The network consists of one Active directory domain. The branch office contains two member servers that run Windows Server 2008 R2. One of the servers is configured as a file server that hosts shared folders. An administrator in the branch office is responsible for maintaining the servers. You have a single DNS zone that is hosted on a DNS server located in the main office. A wide area network (WAN) link between the branch office and the main office is unreliable. You need to recommend a network services solution for the new branch office. The solution must meet the following requirements:
– Users must be able to log on to the domain if a WAN link fails.
– Users must be able to access file shares on the local server if a WAN link fails.
– Branch office administrators must be prevented from initiating changes to Active Directory.
– Branch office administrators must be able to make configuration changes to the servers in the branch office.
What should you recommend?
A. Promote the member server to a domain controller and add the branch office administrators to the Domain Admins group.
B. Promote the member server to a read-only domain controller (RODC) and add the branch office administrators to the Domain Admins group.
C. Promote the member server to a read-only domain controller (RODC) and configure the DNS role. Delegate administrative rights to the local branch office administrator.
D. Promote the member server to a domain controller and configure the DNS role. Create an organizational unit (OU) for each branch office and delegate administrative rights to the local branch office administrator.
Answer: C
QUESTION 27
Your Company has one main office and 100 branch offices. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2. The wide area network (WAN) links from the branch offices to the main office are unreliable. A local administrator manages each branch office. Your company plans to add a new branch office. You create a new organizational unit (OU) that contains all the computer accounts for the new branch office. You configure a server in the main office to test all new software updates. You install Microsoft Windows Server Update Services (WSUS) 3.0. You need to implement an update management solution for the new branch office to meet the following requirements:
– Only approved updates must be installed in the branch office.
– Client computers must be able to download updates if a WAN link fails.
– Each branch office administrator must be able to approve updates before installation.
What should you do?
A. In each branch office, install a WSUS 3.0 server as a replica server and configure it to download updates from the main office. Configure all computers to receive updates from their local WSUS server.
B. In each branch office, install a WSUS 3.0 server as a child server and configure it to download updates from Microsoft Update. Configure all computers to receive updates from their local WSUS server.
C. In the main office, install a WSUS 3.0 server as a child server and configure it to download updates from Microsoft Update. Configure all computers to receive updates from the new WSUS server.
D. In the main office, install and configure a WSUS 3.0 server as a stand-alone server and configure it to download updates from Microsoft Update. Configure all computers to receive updates from the new WSUS server.
Answer: B
QUESTION 28
Your company has one main office and eight branch offices. Each branch office has one server and 20 client computers. The network consists of one Active Directory domain. All main office domain controllers run Windows Server 2008. All branch office servers are configured as domain controllers and run Windows Server 2003 Service Pack 1 (SP1). You need to implement a security solution for the branch offices to meet the following requirements: The number of user passwords stored on branch office domain controllers must be minimized. All files stored on the branch office domain controller must be protected in the event of an offline attack. What should you do?
A. Upgrade branch office domain controllers to Windows Server 2008. Enable Windows BitLocker Drive Encryption (BitLocker).
B. Replace branch office domain controllers with Windows Server 2008 read-only domain controllers (RODCs).Enable Windows BitLocker Drive Encryption (BitLocker).
C. Replace branch office domain controllers with Windows Server 2008 read-only domain controllers (RODCs).Enable Encrypting File System (EFS) for all server drives.
D. Add the branch office domain controller computer accounts to the read-only domain controllers (RODCs) group. Enable Encrypting File System (EFS) for all server drives.
Answer: B
QUESTION 29
Your network consists of one Active Directory domain and one IP subnet. All servers run Windows Server 2008 R2. All client computers run Windows 7. The servers are configured as shown in the following table. (Click the Exhibit)
All network switches used for client connections are unmanaged. Some users connect to the local area network (LAN) from client computers that are joined to a workgroup. Some client computers do not have the latest Microsoft updates installed. You need to recommend a Network Access Protection (NAP) solution to protect the network. The solution must meet the following requirements:
– Only computers that are joined to the domain must be able to connect to servers in the domain.
– Only computers that have the latest Microsoft updates installed must be able to connect to servers in the domain.
Which NAP enforcement method should you use?
A. 802.1 x
B. DHCP
C. IPsec
D. virtual private network (VPN)
Answer: C
QUESTION 30
Your network consists of one Active Directory forest. You have two servers named Server1 and Server2. Both servers run Windows Server 2008. All client computers run Windows Vista. Hardware on the servers is installed as shown in the following table. (Click the Exhibit)
Client computers use the Remote Desktop client to connect to Server1 and Server2. You need to recommend a solution to control the distribution of user requests made to Server1 and Server2. The solution must enable administrators to distribute the traffic based on the server hardware. What should you recommend?
A. Use DNS round-robin. Set the DoNotRoundRobinTypes registry entry to ptr srv ns.
B. Add the failover clustering feature. Configure Server1 as a passive node and Server2 as an active node.
C. Install Network Load Balancing. In Host Parameters, set Priority to 1 for Server2 and set Priority to 2 for Server1.
D. Use Terminal Services Session Broker (TS Session Broker) Load Balancing. Assign a weight value of 100 to Server1 and a weight value of 200 to Server2.
Answer: D
QUESTION 31
Your company has one office in Montreal and one office in New York. Each office has 2,000 client computers configured as DHCP clients. DHCP relay is not supported on the network routers. The network consists of one Active Directory domain. You need to recommend a DHCP addressing solution for both offices. The solution must meet the following requirements:
– Minimize traffic between offices.
– Be available if a single server fails.
What should you recommend?
A. In each office, install a DHCP server that has two scopes.
B. In each office, install a DHCP instance on a two node failover cluster.
C. In the Montreal office, install a DHCP server. In the New York office, install a DHCP Relay Agent.
D. In the Montreal office, install a DHCP instance on a two node failover cluster. In the New York office, install a DHCP Relay Agent.
Answer: B
QUESTION 32
Your network consists of one Active Directory forest. The functional level of the forest is Windows Server 2003. You upgrade all domain controllers from Windows Server 2003 SP2 to Windows Server 2008 R2. You plan to deploy the first read-only domain controller (RODC) in the forest. You need to prepare the network for the installation of the RODC. What should you do?
A. Run adprep /rodcprep on any computer in the forest.
B. Run adprep /forestprep on the schema operations master server.
C. Raise the forest functional level to Windows Server 2008 R2.
D. Raise the domain functional level to Windows Server 2008 R2.
Answer: A
QUESTION 33
Your network consists of one Active directory domain. The domain has 1,000 computers that run Windows XP and 1,000 computers that run Windows Vista. Your company has 10 departments. You have an organizational unit (OU) for each department. You have an OU named UsersComputers in each department OU. You create a logon script for computers that run Windows XP and a logon script for computers that run Windows Vista. You need to prepare the environment for the deployment of the logon scripts. The solution must meet the following requirements:
– Logon scripts must be applied based on the version of the Windows operating system.
– Logon scripts must be applied to users from all departments when logging on from any computer.
– The solution must use the minimum number of OUs and Group Policy objects (GPOs).
What should you do?
A. Create one GPO. Configure the logon scripts and policy refresh in the GPO. Link the GPO to the domain and apply a Windows Management Instrumentation (WMI) filter.
B. Create one GPO. Configure the logon scripts and loopback processing in the GPO. Link the GPO to the domain and apply a Windows Management Instrumentation (WMI) filter.
C. Create one GPO for each Windows operating system. Configure the logon scripts and loopback processing in the GPOs. Link both GPOs to the domain and apply a Windows Management Instrumentation (WMI) filter.
D. Create one GPO for each Windows operating system. Configure the logon script in the GPOs. Create two new child OUs in the UsersComputers OU named WinXP and WinVista. Link each GPO to the corresponding operating systems OU.
Answer: C
QUESTION 34
Your network consists of one Active Directory domain. All servers run Windows Server 2008 R2. You plan to publish a Web site on two Web servers. You need to recommend a solution for the deployment of the two Web servers. The solution must provide the following requirements:
– Session-state information for all users
– Access to the Web site if a single server fails
– Scalability to as many as seven Web servers
– Support for multiple dedicated IP addresses for each Web server
What should you recommend?
A. Install failover clustering on each Web server.
B. Install Network Load Balancing on each Web server.
C. Assign multiple bindings in Internet Information Services (IIS) 7.0.
D. Create managed handler mappings in Internet Information Services (IIS) 7.0.
Answer: B
Ensure You 100% Pass 70-647 Exam With Passleader New 70-647 Practice Tests — http://www.passleader.com/70-647.html
QUESTION 35
Your Company has one main office and one branch office. An Active Directory site exists for each office. The offices are connected across a wide area network (WAN) link. Servers in both offices run Windows Server 2008 R2. You need to plan a failover clustering solution for servers that run Microsoft SQL Server 2008. The solution must meet the following requirements:
– Withstand the failure of any single cluster node.
– Minimize the number of servers required to implement failover clustering.
What should you include in your plan?
A. Deploy one single cluster that contains one cluster node on each site.
B. Deploy one single cluster that contains two cluster nodes on each site.
C. Deploy two separate clusters that contain one cluster node on each site.
D. Deploy two separate clusters that contain two cluster nodes on each site.
Answer: A
QUESTION 36
Your network consists of one Active Directory domain that contains domain controllers that run Windows Server 2008. The intranet site contains confidential documents. You need to design an identity and access management policy for the documents to meet the following requirements:
– Record each time a document is accessed.
– Protect confidential documents on the intranet site.
– Place a time limit on access to documents, including documents sent outside the organization.
What should you include in your design?
A. On a domain controller, install and configure Active Directory Federation Services (AD FS).
B. On a domain controller, install and configure Active Directory Rights Management Services (AD RMS).
C. On all servers in the domain, ensure that the data volumes are configured to use NTFS file system and Encrypting File System (EFS).
D. On all servers in the domain, ensure that the data volumes are configured to use NTFS file system and Windows BitLocker Drive Encryption (BitLocker).
Answer: B
QUESTION 37
Your company named Contoso, Ltd. and another company named Fabrikam, Inc. establish a partnership. The Contoso network consists of one Active Directory forest named contoso.com. The Fabrikam network consists of one Active Directory forest named fabrikam.com. Users from contoso.com plan to share files with users from fabrikam.com. You need to prepare the environment so that users from contoso.com can protect confidential files from being copied or forwarded to unauthorized users. What should you do?
A. Create a one-way forest trust from Contoso. Set the NTFS permissions to read-only for all confidential files.
B. Create a one-way forest trust from Fabrikam. Set the NTFS permissions to read-only for all confidential files.
C. Deploy Active Directory Federation Services (AD FS). Deploy Active Directory Rights Management Services (AD RMS).
D. Deploy Active Directory Federation Services (AD FS). Publish the files by using Microsoft Windows SharePoint Services (WSS).
Answer: C
QUESTION 38
Your network consists of one Active Directory domain that contains two servers that run Windows Server 2008 named Server1 and Server2. Server1 runs Active Directory Certificate Services (AD CS) and is configured as a certification authority (CA). Server2 runs Internet Information Services (IIS) and hosts a secure Web service. External users must subscribe in order to access the Web service. The Web service accepts subscriptions only from client computers that run Windows XP Service Pack 2 or Windows Vista. The relevant portion of the network is configured as shown in the following diagram.
You need to ensure that subscribers can successfully connect to the Web service on Server2 through HTTPS. Users must not receive any certificate-related errors. What should you do on Server2?
A. Install a server certificate issued by Server1.
B. Issue and install a self-signed server certificate.
C. Install a server certificate issued by a public CA.
D. Install the trusted root CA certificate issued by Server1.
Answer: C
QUESTION 39
Your network contains 200 Web servers that run Windows Server 2008. You need to plan the management of security settings for all servers on the network. The solution must meet the following requirements:
– Minimize administrative effort.
– Maintain identical security settings for all servers.
– Enable compliance audits of servers added to the network.
What should you do first?
A. On each server, configure a local security audit policy.
B. On one server, run the Security Configuration Wizard (SCW).
C. On one server, install and run the Microsoft Security Assessment Tool (MSAT).
D. On one server, install and run the Microsoft Baseline Security Analyzer (MBSA).
Answer: B
QUESTION 40
Your network consists of one Active Directory forest that contains 20 domain trees. All DNS servers run Windows Server 2008 R2. The network is configured as an IPv4 network. Users connect to network applications in all domains by using a NetBIOS name. You plan to migrate to an IPv6- enabled only network. You need to recommend a solution to migrate the network to IPv6. The solution must not require any changes to client computers. What should you recommend?
A. On the DNS servers, configure GlobalNames zones.
B. On the DNS servers, add all domain zones to the ForestDNSZones partition.
C. On a new server, install and configure a Windows Server 2008 WINS server.
D. On a new server, install and configure a Windows Server 2003 WINS server.
Answer: A
Latest Passleader 70-647 Certification PDF Dumps With 100 % Guarantee Pass