QUESTION 31
Your company has one office in Montreal and one office in New York. Each office has 2,000 client computers configured as DHCP clients. DHCP relay is not supported on the network routers. The network consists of one Active Directory domain. You need to recommend a DHCP addressing solution for both offices. The solution must meet the following requirements:
– Minimize traffic between offices.
– Be available if a single server fails.
What should you recommend?
A. In each office, install a DHCP server that has two scopes.
B. In each office, install a DHCP instance on a two node failover cluster.
C. In the Montreal office, install a DHCP server. In the New York office, install a DHCP Relay Agent.
D. In the Montreal office, install a DHCP instance on a two node failover cluster. In the New York office,
install a DHCP Relay Agent.
Answer: B
Explanation:
To configure a DHCP addressing solution for both the offices that would minimize the traffic between the offices and is available in case any one of the DHCP server fails, you need to install a DHCP instance on a two node failover cluster in each office, the head office and the branch office. The two node failover cluster in each office will ensure that the DHCP server is always available even if one of the DHCP servers fails. Because DHCP relay is not supported on the network, both the offices need to have a separate DHCP failover clustering solution. Having two scopes of DHCP servers will not help because DHCP relay is not supported on the network. Installing a DHCP server and DHCP Relay Agent in the branch office and installing a DHCP instance on a two node failover cluster and in the branch office and a DHCP Relay Agent will not help because this solution would increase the traffic between the offices in case any one of the DHCP server fails. Reference: Step-by-Step Guide for Configuring Two-Node File Server Failover Cluster in Windows Server 2008
http://209.85.175.104/search?q=cache:9u-
snEWIUtgJ:download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea- 3fb9d1f37063/Step-by-Step%2520Guide%2520for%2520Configuring%2520a%2520Two- Node%2520File%2520Server%2520Failover%2520Cluster%2520in%2520Windows%2520ServHYPERL INK “http://209.85.175.104/search?q=cache:9u-
snEWIUtgJ:download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea-3fb9d1f37063/St” \l”_blank”er%25202008.doc+DHCP+instance+on+a+two+node+failover+cluster+server+2008&hl=en& ct=clnk&cd=1&gl=in
Reference: DHCP Relay Agent Overview
http://www.tech-faq.com/dhcp-relay-agent.shtml
QUESTION 32
Your network consists of one Active Directory forest. The functional level of the forest is Windows Server 2003. You upgrade all domain controllers from Windows Server 2003 SP2 to Windows Server 2008 R2. You plan to deploy the first read-only domain controller (RODC) in the forest. You need to prepare the network for the installation of the RODC. What should you do?
A. Run adprep /rodcprep on any computer in the forest.
B. Run adprep /forestprep on the schema operations master server.
C. Raise the forest functional level to Windows Server 2008 R2.
D. Raise the domain functional level to Windows Server 2008 R2.
Answer: A
Explanation:
To deploy the first RODC to the forest which operates at the functional level of Windows Server 2003, you need to Run adprep /rodcprep on any computer in the forest. Before you can install an RODC in a Windows 2000 Server or Windows Server 2003 forest, you must prepare the forest by running adprep /rodcprep. You can run adprep /rodcprep on any computer in the forest. You can run it multiple times if necessary.
Reference: Scenarios for Installing AD DS
http://207.46.196.114/windowsserver2008/en/library/708da9f7-aaad-4fa1-bccb-76ea8569da501033.mspx?mfr=true
QUESTION 33
Your network consists of one Active directory domain. The domain has 1,000 computers that run Windows XP and 1,000 computers that run Windows Vista. Your company has 10 departments. You have an organizational unit (OU) for each department. You have an OU named UsersComputers in each department OU. You create a logon script for computers that run Windows XP and a logon script for computers that run Windows Vista. You need to prepare the environment for the deployment of the logon scripts. The solution must meet the following requirements:
– Logon scripts must be applied based on the version of the Windows operating system.
– Logon scripts must be applied to users from all departments when logging on from any computer.
– The solution must use the minimum number of OUs and Group Policy objects (GPOs).
What should you do?
A. Create one GPO. Configure the logon scripts and policy refresh in the GPO. Link the GPO to the
domain and apply a Windows Management Instrumentation (WMI) filter.
B. Create one GPO. Configure the logon scripts and loopback processing in the GPO. Link the GPO
to the domain and apply a Windows Management Instrumentation (WMI) filter.
C. Create one GPO for each Windows operating system. Configure the logon scripts and loopback
processing in the GPOs. Link both GPOs to the domain and apply a Windows Management Instrumentation
(WMI) filter.
D. Create one GPO for each Windows operating system. Configure the logon script in the GPOs.
Create two new child OUs in the UsersComputers OU named WinXP and WinVista. Link each GPO to
the corresponding operating systems OU.
Answer: C
Explanation:
To deploy the logon scripts on the client computers based on the both the version of the Windows operating system, you need to create one GPO for each Windows operating system, link both GPOs to the domain and apply a Windows Management Instrumentation (WMI) filter. Because the network includes client computers that run two types of operating systems, both types of computers in the same OU might require different settings to achieve the same configuration. Therefore you need to create two GPOs, one to apply to computers that are running Windows XP, and one to apply to computers that are running Windows Vista. o ensure that GPOs only apply to the correct computers, you can add a Windows Management Instrumentation (WMI) filter to the GPO, which allows you to specify criteria that must be matched before the linked GPO is applied to a computer.
By letting you filter the computers to which the settings apply. Next you need to configure the logon scripts and loopback processing in the GPOs to apply GPOs that depend on the computer to which the user logs on.
Reference: Step 7: Creating WMI and Group Filters
http://technet2.microsoft.com/windowsserver2008/en/library/68308870-5d17-423a-bcb5- aa1108933cdf1033.mspx?mfr=true
Reference: Loopback processing of Group Policy
http://support.microsoft.com/?id=231287
QUESTION 34
Your network consists of one Active Directory domain. All servers run Windows Server 2008 R2. You plan to publish a Web site on two Web servers. You need to recommend a solution for the deployment of the two Web servers. The solution must provide the following requirements:
– Session-state information for all users
– Access to the Web site if a single server fails
– Scalability to as many as seven Web servers
– Support for multiple dedicated IP addresses for each Web server
What should you recommend?
A. Install failover clustering on each Web server.
B. Install Network Load Balancing on each Web server.
C. Assign multiple bindings in Internet Information Services (IIS) 7.0.
D. Create managed handler mappings in Internet Information Services (IIS) 7.0.
Answer: B
Explanation:
To ensure that the users of the website would be able to access the Web site if a single server fails. The website should be scalable to as many as seven Web servers and the web servers should be able to store session-state information for all users. It should also provide support for multiple dedicated IP addresses for each Web server. The Network Load Balancing (NLB) feature in Windows Server 2008 enhances the availability and scalability of Internet server applications such as those used on Web, FTP, firewall, proxy, virtual private network (VPN), and other mission-critical servers. NLB provides high availability of a website by detecting and recovering from a cluster host that fails or goes offline. You should not use failover clustering in this scenario because failover clustering does not provide scalability.
Reference: Overview of Network Load Balancing
http://technet2.microsoft.com/windowsserver2008/en/library/11dfa41c-f49e-4ee5-8664- 8b81f6fb8af31033.mspx?mfr=true
QUESTION 35
Your Company has one main office and one branch office. An Active Directory site exists for each office. The offices are connected across a wide area network (WAN) link. Servers in both offices run Windows Server 2008 R2. You need to plan a failover clustering solution for servers that run Microsoft SQL Server 2008. The solution must meet the following requirements:
– Withstand the failure of any single cluster node.
– Minimize the number of servers required to implement failover clustering.
What should you include in your plan?
A. Deploy one single cluster that contains one cluster node on each site.
B. Deploy one single cluster that contains two cluster nodes on each site.
C. Deploy two separate clusters that contain one cluster node on each site.
D. Deploy two separate clusters that contain two cluster nodes on each site.
Answer: A
Explanation:
To implement a failover clustering solution for servers that run Microsoft SQL Server 2005 using the minimum number of servers and to make sure that the cluster services are available in the event of a failure of any single cluster node, you need to install one single cluster that contains one cluster node on each site. When a cluster span across multiple sites, it is called Geographically dispersed cluster. Geographically dispersed clusters can form an important component in disaster preparation and recovery. In contrast to cold standby servers, the servers in a multi-site cluster provide automatic failover. This reduces the total service downtime in the case of a loss of a business-critical server and requires minimum number of servers.
Reference:
http://209.85.175.104/search?q=cache:xX3fqAnAueoJ:download.microsoft.com/download/3/B/5/3 B51A025-7522-4686-AA16-
8AE2E536034D/WS2008%2520Multi%2520Site%2520Clustering.doc+single+failover+cluster+that+co ntains+one+cluster+node+on+each+site+server+2008&hl=en&ct=clnk&cd=3&gl=in
QUESTION 36
Your network consists of one Active Directory domain that contains domain controllers that run Windows Server 2008. The intranet site contains confidential documents. You need to design an identity and access management policy for the documents to meet the following requirements:
– Record each time a document is accessed.
– Protect confidential documents on the intranet site.
– Place a time limit on access to documents, including documents sent outside the organization.
What should you include in your design?
A. On a domain controller, install and configure Active Directory Federation Services (AD FS).
B. On a domain controller, install and configure Active Directory Rights Management Services (AD RMS).
C. On all servers in the domain, ensure that the data volumes are configured to use NTFS file system and
Encrypting File System (EFS).
D. On all servers in the domain, ensure that the data volumes are configured to use NTFS file system and
Windows BitLocker Drive Encryption (BitLocker).
Answer: B
Explanation:
To place a time limit on access to documents and the documents that are sent outside the organization and record each time a document is accessed, you need to use Active Directory Rights Management Services (AD RMS). AD RMS helps you to prevent sensitive information–such as financial reports, product specifications, customer data, and confidential e-mail messages–from intentionally or accidentally getting into the wrong hands. You can use AD RMS on applications running on Windows or other operating systems to help safeguard sensitive information. Rights- protected documents of any kind can be set up for time-restricted access–and after that author- defined period of time has elapsed, the files can no longer be opened as the “use license” will have expired.
Reference: Active Directory Rights Management Services Overview http://technet2.microsoft.com/windowsserver2008/en/library/74272acc-0f2d-4dc2-876f- 15b156a0b4e01033.mspx?mfr=true
Reference: Windows Rights Management Services:
Protecting Electronic Content in Legal Organizations/ Flexible Information Protection http://209.85.175.104/search?q=cache:FqGkJVes_lIJ:download.microsoft.com/download/1/4/2/142 42f31-08ee-41a3-9057-HYPERLINK
“http://209.85.175.104/search?q=cache:FqGkJVes_lIJ:download.microsoft.com/download/1/4/2/14 242f31-08ee-41a3-9057-db054263512f/RM” \l
“_blank”db054263512f/RMS_LegalOrgs.doc+AD+RMS+place+a+time+limit+on+access+to+document s&hl=en&ct=clnk&cd=2&gl=in
QUESTION 37
Your company named Contoso, Ltd. and another company named Fabrikam, Inc. establish a partnership. The Contoso network consists of one Active Directory forest named contoso.com. The Fabrikam network consists of one Active Directory forest named fabrikam.com. Users from contoso.com plan to share files with users from fabrikam.com. You need to prepare the environment so that users from contoso.com can protect confidential files from being copied or forwarded to unauthorized users. What should you do?
A. Create a one-way forest trust from Contoso. Set the NTFS permissions to read-only for all confidential files.
B. Create a one-way forest trust from Fabrikam. Set the NTFS permissions to read-only for all confidential files.
C. Deploy Active Directory Federation Services (AD FS). Deploy Active Directory Rights Management Services
(AD RMS).
D. Deploy Active Directory Federation Services (AD FS). Publish the files by using Microsoft Windows SharePoint
Services (WSS).
Answer: C
Explanation:
To prepare an environment for the users of contoso.com so that the users from Contoso.com can protect their confidential files from being accessed by unauthorized users while they share their files, you need to deploy Active Directory Federation Services (AD FS) and Active Directory Rights Management Services (AD RMS) on the Contoso.com network You can use Active Directory Federation Services (ADFS) to enable efficient and secure online transactions between Partner organizations that are joined by federation trust relationships. AD RMS helps you to prevent sensitive information–such as financial reports, product specifications, customer data, and confidential e-mail messages–from intentionally or accidentally getting into the wrong hands. You can use AD RMS on applications running on Windows or other operating systems to help safeguard sensitive information. Rights-protected documents of any kind can be set up for time-restricted access–and after that author-defined period of time has elapsed, the files can no longer be opened as the “use license” will have expired.
The identity federation support role service is an optional role service in AD RMS that allows federated identities to consume rights-protected content by using Active Directory Federation Services
Reference: Active Directory Federation Services Role
http://technet2.microsoft.com/windowsserver2008/en/library/f5e12c1f-a3fa-453d-98ce- be29352afaca1033.mspx?mfr=true
Reference: Active Directory Rights Management Services Overview http://technet2.microsoft.com/windowsserver2008/en/library/74272acc-0f2d-4dc2-876f- 15b156a0b4e01033.mspx?mfr=true
QUESTION 38
Your network consists of one Active Directory domain that contains two servers that run Windows Server 2008 named Server1 and Server2. Server1 runs Active Directory Certificate Services (AD CS) and is configured as a certification authority (CA). Server2 runs Internet Information Services (IIS) and hosts a secure Web service. External users must subscribe in order to access the Web service. The Web service accepts subscriptions only from client computers that run Windows XP Service Pack 2 or Windows Vista. The relevant portion of the network is configured as shown in the following diagram.
You need to ensure that subscribers can successfully connect to the Web service on Server2 through HTTPS. Users must not receive any certificate-related errors. What should you do on Server2?
A. Install a server certificate issued by Server1.
B. Issue and install a self-signed server certificate.
C. Install a server certificate issued by a public CA.
D. Install the trusted root CA certificate issued by Server1.
Answer: C
Explanation:
To ensure that the subscribers can successfully connect to the Web service on Server2 through HTTPS without receiving any certificate errors, you need to install a server certificate issued by a public CA. This is because a web service needs, that is not internal application of the company needs to be accessed by the external users on the Internet server. Public Certificates are usually used where services needs to be accessed on the Internet as in the above case on Server2 that runs Internet Information Services (IIS) and hosts a secure Web service. The most common use of the certificates granted by a public (that is, external) CA on the Internet is probably by sites doing e- commerce. The certificates issued by Public CA are most commonly used by a site to identify itself to the public and provide secure communications during financial and other sensitive transactions. Certificates (or digital IDs) are used to verify the identity of a Web site and provide a secure communications channel for transactions that may contain sensitive information. Digital certificates can also be used by the news media or other sources of information to validate their identity, and therefore the integrity of the provided data.
Reference: Certificate Server / Public CA
http://www.windowsitlibrary.com/Content/405/17/1.html
QUESTION 39
Your network contains 200 Web servers that run Windows Server 2008. You need to plan the management of security settings for all servers on the network. The solution must meet the following requirements:
– Minimize administrative effort.
– Maintain identical security settings for all servers.
– Enable compliance audits of servers added to the network.
What should you do first?
A. On each server, configure a local security audit policy.
B. On one server, run the Security Configuration Wizard (SCW).
C. On one server, install and run the Microsoft Security Assessment Tool (MSAT).
D. On one server, install and run the Microsoft Baseline Security Analyzer (MBSA).
Answer: B
Explanation:
To maintain identical security settings for all servers and enable compliance audits of servers added to the network using minimum amount of administrative effort, you need to run Security Configuration Wizard (SCW) on any one of the server on the network. SCW allows you to create a policy on one system and then apply it to many systems. If you are building out a network with many systems, you should first define host classes that are all configured separately. Then you can create a policy using one of them as a prototype and easily apply the policy to all the others with little to no modifications.
Reference: Security Watch Using SCW on Windows Server 2008 Configuring Your Server with SCW
http://technet.microsoft.com/en-us/magazine/cc194400.aspx
QUESTION 40
Your network consists of one Active Directory forest that contains 20 domain trees. All DNS servers run Windows Server 2008 R2. The network is configured as an IPv4 network. Users connect to network applications in all domains by using a NetBIOS name. You plan to migrate to an IPv6- enabled only network. You need to recommend a solution to migrate the network to IPv6. The solution must not require any changes to client computers. What should you recommend?
A. On the DNS servers, configure GlobalNames zones.
B. On the DNS servers, add all domain zones to the ForestDNSZones partition.
C. On a new server, install and configure a Windows Server 2008 WINS server.
D. On a new server, install and configure a Windows Server 2003 WINS server.
Answer: A
Explanation:
To migrate the network from IPv4-enabled to an IPv6-enabled only network without affecting any client computer, you need to configure GlobalNames zones on the DNS servers running Windows Server 2008. To help customers migrate to DNS for all name resolution, the DNS Server role in Windows Server 2008 supports a special GlobalNames Zone (also known as GNZ) feature. The client and server name resolution depends on DNS. A DNS Client is able to resolve single-label names by appending an appropriate list of suffixes to the name. The correct DNS suffix depends on the domain membership of the client but can also be manually configured in the advanced TCP/IP properties for the computer. The problem occurs managing a suffix search list when there are many domains. For environments that require both many domains and single-label name resolution of corporate server resources, GNZ provides a more scalable solution. GNZ is designed to enable the resolution of the single-label, static, global names for servers using DNS. WINS cannot be used because it does not support IPv6 protocols and both are entering legacy mode for Windows Server 2008. ForestDNSZones partition cannot help to migrate a IPv4-enabled network to an IPv6-enabled only network
Reference: Understanding GlobalNames Zone in Windows Server 2008 http://www.petri.co.il/windows-DNS-globalnames-zone.htm
Reference: Using GlobalNames Zone in Windows Server 2008
http://www.petri.co.il/using-globalnames-zone-window-server-2008.htm
If you want to pass Microsoft 70-647 successfully, donot missing to read latest lead2pass Microsoft 70-647 exam questions.
If you can master all lead2pass questions you will able to pass 100% guaranteed.