QUESTION 121
Your network consists of one Active Directory domain that contains servers that run Windows Server 2008 R2. The relevant servers are configured as shown in the following table. (Click the Exhibit)
All client computers are members of the domain and run Windows 7. All users have accounts in the domain. You need to recommend a solution that enables all client computers to automatically request and install computer certificates. What should you recommend?
A. On Server2, implement the Network Device Enrollment Service.
B. On Server2, implement certification authority Web enrollment support.
C. On Server1, enable auto-enrollment in the User Configuration section of the Default Domain Policy.
D. On Server1, enable auto-enrollment in the Computer Settings section of the Default Domain Policy.
Answer: D
Explanation:
To enable all client computers to automatically request and install computer certificates, you need to enable the Autoenrollment Settings Policy under Public Key Policies on Server1 in the User Configuration section of the Default Domain. Autoenrollment automatically downloads root certificates and cross-certificates from the Active Directory whenever a change is detected in the directory, or when a different domain controller is contacted. If a third party root certificate or cross- certificate is deleted from the local machine store, Autoenrollment will not download the certificates again until a change occurs in Active Directory, or a new domain controller is contacted.
Reference: Certificate Autoenrollment in Windows XP / Configuring Group Policy http://technet.microsoft.com/en-us/library/cc732311.aspx
QUESTION 122
You work as an IT professional in an international company which is named Contoso. Your major job is to translate business goals into technology decisions and plan mid-range to long-term strategies. And you are experienced in network infrastructure, security policy and business continuity. In your company, you are responsible for infrastructure design and global configuration changes. There is one Active Directory domain and three Network Information Services (NIS) domains in your network. Windows Server 2008 is run by all domain controllers. All NIS domain servers run UNIX-based operating systems. Since you are the technical support, the company CIO assigns a task to you. You are asked to plan the integration of the Active Directory domain and the NIS domains. Your solution must meet the following requirements:
– Cut down the costs required to implement the solution to the least.
– Cut down the number of additional Windows servers required.
– Provide centralized administration of Active Directory domain objects and NIS domain objects.
What should be included in your plan?
A. The subsystem for UNIX-based applications should be installed.
B. Install Active Directory Federation Services (AD FS) should be installed.
C. The Server for Network Information Services role service should be added.
D. A Microsoft Identity Lifecycle Manager (ILM) 2007 server should be implemented.
Answer: C
QUESTION 123
Your network consists of one Active Directory domain. The domain contains two servers named Server1 and Server2. All servers run Windows Server 2008 R2. Server1 can be accessed only from the internal network. Server2 can be accessed from the internal network and from the Internet, Server1 runs Microsoft SQL Server 2008. All client computers are members of the domain and run Windows 7. All client computers run an application that connects to Server1 by using ActiveX Data Objects (ADO). You need to enable remote users to run the application from the Internet. The solution must meet the following requirements:
– The SQL Server connection method used by the client application must not be changed.
– Remote users must be able to access the application through an HTTP or HTTPS connection.
What should you do on Server2?
A. Install the RPC over HTTP Proxy feature. Configure a proxy connection to Server1.
B. Install the Remote Desktop Gateway (RD Gateway) role service.
Configure an ADO connection to Server1.
C. Install the Web Server (IIS) server role.
Configure a Web service that connects to SQL Server on Server1.
D. Install the Network Policy and Access Services (NPAS) server role.
Enable Secure Socket Tunneling Protocol (SSTP) connections.
Answer: D
QUESTION 124
Your company has a main office and 10 branch offices. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2 and are located in the main office. You plan to deploy one Windows Server 2008 R2 domain controller in each branch office. You are concerned that the branch offices will fail to provide adequate security for the new domain controllers. You need to recommend a security solution to meet the following requirements:
– Prevent any unauthorized user from accessing user passwords when the server is running.
– Prevent any unauthorized user from accessing user passwords either locally or over the network on each branch office domain controller.
Which configuration should you recommend for each branch office domain controller?
A. Enable an IPsec policy.
B. Enable Windows Firewall.
C. Enable the read-only domain controller (RODC) option.
D. Enable Windows BitLocker Drive Encryption (BitLocker).
Answer: C
QUESTION 125
Your network consists of one domain. The domain contains a server that runs Windows Server 2008 R2. The server is configured as a Routing and Remote Access Services (RRAS) server. Your company has portable computers and desktop computers that run Windows 7. Users use company-issued portable computers to connect to the network remotely through a virtual private network (VPN) connection to the RRAS server. The desktop computers are seldom turned on and only connect to the network locally. You need to plan a security solution for the network to meet the following requirements:
– Notifications must be sent to desktop computers when new updates are available for download.
– Only computers that have the most up-to-date updates installed must be allowed to connect to the network remotely.
What should you include in your plan?
A. Implement Network Access Protection (NAP) on the internal network and the perimeter network.
B. Implement a Remote Authentication Dial-In User Server (RADIUS) on the perimeter network.
C. Install a Windows Server Update Services (WSUS) server on the perimeter network.
Create a Group Policy object (GPO) linked to the domain. Enable WSUS settings in the GPO.
D. Install a Windows Server Update Services (WSUS) server on the internal network.
Create a Group Policy object (GPO) linked to the domain. Enable WSUS settings in the GPO.
Answer: A
QUESTION 126
You work as an IT professional in an international company which is named Contoso. Your major job is to translate business goals into technology decisions and plan mid-range to long-term strategies. And you are experienced in network infrastructure, security policy and business continuity. In your company, you are responsible for infrastructure design and global configuration changes. One Active Directory domain is contained by your network. There are Three hundred client computers and 1,000 client computers. Windows XP Service Pack 2 (SP2) is run by the three hundred client computers and Windows Vista is run by 1,000 client computers. You want to have Terminal Services deployed on new servers, and Windows Server 2008 will be run by new servers. Since you are the technical support, you are required to design the deployment of Terminal Services RemoteApp (TS RemoteApp). Which option should be included in your design?
A. A Group Policy object (GPO) should be Created and linked to the Active Directory domain.
And then, the GPO should be changed to enable access through Terminal Services Gateway (TS Gateway).
B. On the Terminal Servers, all user accounts should be added to the Remote Desktop Users local group.
C. On all computers which Windows XP is run, the Remote Desktop Connection 6.0 client update should
be installed.
D. In the Active Directory domain, all user accounts should be added to the Remote Desktop Users built-in
local group.
Answer: C
QUESTION 127
You work as an IT professional in an international company which is named Contoso. Your major job is to translate business goals into technology decisions and plan mid-range to long-term strategies. And you are experienced in network infrastructure, security policy and business continuity. In your company, you are responsible for infrastructure design and global configuration changes. A server which runs Windows Server 2008 is installed by you. And it is installed as the first domain controller in an Active Directory forest. Since you are the technical support, you are required to install another server as a read-only domain controller (RODC). To achieve the goal, which action should be performed first?
A. To achieve the goal, adprep /rodcprep should be run.
B. To achieve the goal, adprep /domainprep /gpprep should be run.
C. To achieve the goal, the functional level of the forest should be raised to Windows Server 2003.
D. To achieve the goal, the functional level of the domain should be raised to Windows Server 2008.
Answer: C
QUESTION 128
You work as an IT professional in an international company which is named Contoso. Your major job is to translate business goals into technology decisions and plan mid-range to long-term strategies. And you are experienced in network infrastructure, security policy and business continuity. In your company, you are responsible for infrastructure design and global configuration changes. There is one Active Directory domain in your network. Servers that run Windows Server 2008 R2 are contained in this domain. The following table bellow shows the configuration of the relevant servers:
The exhibit shows the relevant portion of the network. (Click the Exhibit button.)
Server3 hosts a secure web site. You want remote users to access the secure Web site by using a Secure Socket Layer (SSL) connection through the Internet. A server certificate issued by Server2 is installed on Server3. Since you are the technical support, you are asked to recommend a solution that will enable the distribution of certificates to the remote users. Your solution must meet the following requirements:
– The certification authority must be automatically trusted.
– Remote users connecting to Server3 must use client certificates issued by Server4.
– A minimum amount of TCP/ IP ports must be opened on the firewall that connects the perimeter network and the internal network.
Which certification authority should you recommend installing on Server4?
A. Standalone root
B. Enterprise root
C. Standalone subordinate
D. Enterprise subordinate
Answer: C
QUESTION 129
Your company has one main office named Main1 and one branch office named Branch1. The offices are connected by a single wide area network (WAN) link. The network consists of one Active Directory domain that contains servers that run Windows Server 2008 R2. The relevant servers are configured as shown in the following table.
You create an organizational unit (OU) named Main1-computers that contains all computer accounts in Main1. You create an OU named Branch1-computers that contains all computer accounts in Branch1. A Group Policy object (GPO) named GPO1 is linked to the domain. You plan to use GPO1 to install applications on computers in both offices. The D:\Software folder on Server1 contains the source files for the applications. The folder is shared as \\Server1\Software. The D:\Software folder on Server2 is shared as \\Server2\Software. DFS Replication is configured to replicate the contents of \\Server1\Software to \\Server2\Software. You need to prepare the environment to enable computers in both offices to allow the installation of applications if a WAN link fails. What should you do?
A. Configure the software distribution packages on GPO1 to use D:\Software as the source folder for
application installation.
B. Create a DFS Namespace named \\Contoso.com\DFSroot\Software.
Configure \\Server1\Software and \\Server2\Software as folder targets of the DFS Namespace.
C. A DFS Namespace named \\Server1\DFSroot\Software. \\Server1\Software and \\Server2\Software
should be configured as folder targets of the DFS Namespace.
D. A share object should be created in the Main1-computers OU that points to \\Server1\Software.
A Share object should be created in the Branch1-computers OU that points to \\Server2\software.
Answer: B
QUESTION 130
You want to perform maintenance task on a domain controller but you want the services of DNS and DHCP available. Servers must have the less down time possible. What should you do?
A. Run the ntdsutil.
B. Disable Netlogon service.
C. Stop the NTDS service.
D. Run the DC in the Directory Services Restore mode.
Answer: C
If you want to pass Microsoft 70-647 successfully, donot missing to read latest lead2pass Microsoft 70-647 practice exams.
If you can master all lead2pass questions you will able to pass 100% guaranteed.