a_self test-70-646
TRANSCRIPT
A 12, A 16, A 20
A_ Planning for Server Deployment
A 1_ You are a network administrator for an aerospace equipment manufacturing company. Your company has a single Active Directory domain. You have deployed Windows Server 2008 on all servers in your domain. You plan to implement a public key infrastructure (PKI) to implement strong security while exchanging information across the Internet and all extranets, intranets, and applications.
You are using an Enterprise Edition certification authority on Windows Server 2008. You have installed the following certification authority (CA) role services on your Windows Server 2008 servers:
You have two enterprise subordinate CAs to issue certificates to domain users and domain computers.
You have a single stand-alone subordinate CA to issue certificates to contractors who are not part of the domain.
You need to install the Online Certificate Status Protocol (OCSP) role service on the certificate server. What must you install before installing the OCSP role service?
Microsoft Simple Certificate Enrollment Protocol (MSCEP) role service
Internet Information Services (IIS) role services
Active Server Pages (ASP)
Certification Authority Web Enrollment (CAWE) role service
A 2_ You are the network administrator for a company that has recently purchased 20 new client computers. You want to deploy images of Windows Vista to the new computers. You install Window Deployment Services (WDS) on the same server that has the DHCP server. You have created a Windows Vista image for the computers. The image has been uploaded to the WDS server.
Your DHCP server and WDS server are located on a different subnet than the clients that need images. The router between the two subnets is RFC 1542 compliant. What must you configure to deploy the images to the computers? (Choose two. Each correct answer is part of the solution.)
Configure the WDS server to not listen on UDP port 67
Configure the WDS server to listen on UDP port 67
Add Option 60 to the DHCP scope
Block the Trivial File Transfer Protocol (TFTP) port on the WDS server
Block UDP port 4011 on the WDS server
A 3_ You are the administrator for your company, which has a main office in Atlanta. All of your company's servers run Windows Server 2008 and all clients run Windows Vista. You have branch offices in Charlotte, Jacksonville, and Birmingham.
You want to share files between multiple locations. You want to ensure that users for all locations can access the proper files. In some instances you may also have engineers in two locations that need to modify the same files at the same time on different servers.
Which solution will meet these requirements?
Use a domain-based DFS
Use a stand-alone DFS
Use SharePoint Services
Use Windows System Resource ManagerA 4_ Your company manufactures and produces banners and signs. The company plans to deploy images to multiple computers. You have created an image for the computers. The image has been uploaded to the Window Deployment Services (WDS) server. Your DHCP server is located on a different subnet than the WDS server. The router between the two subnets is RFC 1542 compliant.
What must you configure to deploy the images to the computers? (Choose two. Each correct answer is part of the solution.)
Block the Trivial File Transfer Protocol (TFTP) port on the router
Block the Trivial File Transfer Protocol (TFTP) port on the WDS server
Block UDP port 4011 on the WDS server
Configure IP Help Tables to forward DHCP broadcasts on UDP port 67 by client computers directly to both the DHCP server and the Windows Deployment Services PXE server.
Add DHCP Options 66 and 67 to the DHCP Server
A 5_ You are a network administrator for your company. You have deployed Windows Server 2008 on all servers in your company. You are creating a Secure Socket Tunneling Protocol (SSTP)-based Virtual Private Network (VPN) connection.
Which certificates are required to establish the VPN tunnel? (Choose two. Each correct answer presents part of the solution.)
Computer certificates on the VPN client
Computer certificates on the VPN server
Computer certificates on both the VPN client and VPN server
Root CA certificate on the VPN client
Root CA certificate on the VPN server
A 6_ You are a server administrator for your organization. Your organization has a mixed environment that includes Windows Server 2008 domain controllers and UNIX-based computers. You have deployed File Services server role on a Windows Server 2008 computer named WS_FS.
Your organization uses business-critical software that runs on the UNIX-based computers. You need to ensure that the UNIX-based computers can access data from the Windows-based servers.
What should you do?
Install File Server Resource Manager
Install Services for Network File System
Configure DFS Replication
Configure DFS Namespace
A 7_ You are a server administrator for your organization. Your organization has a main office in Sydney and a branch office in Melbourne. You have deployed Windows Server 2008 on all servers in both offices. You also used Server Manager to install BitLocker on a Windows Server 2008 server in the branch office to encrypt data that will be used by various applications.
Your organization wants you to manage the BitLocker encryption from the main office rather than traveling to the branch office. How can you enable this functionality without enabling BitLocker encryption on any servers at the main office?
run the ServerManagerCmd -install BitLocker command
run the ServerManagerCmd -resultPath <result.xml> command
run the ServerManagerCmd -install RSAT-BitLocker command
run the Scwcmd command
A 8_ You are a server administrator for a shipping company with a main office in Florida and branch offices in Texas and Arkansas. You have deployed Windows Server 2008 and Windows Server Core on the domain controllers, and all client computers use Windows Vista Service Pack 1 (SP1). You work in the main office.
You previously configured a Windows Server Core domain controller in a branch office with the DNS Server role. Recently you changed the IP address range on a DHCP server in the same branch office. You need to change the reverse lookup zone on the Windows Server Core running the DNS server role to reflect the changes in the IP address range of the DHCP server. Also, you want to enable secure dynamic updates on the reverse lookup zone. This must be done remotely from the main office.
What should you do?
Install Remote Server Administration Tools on a Windows Vista SP1 workstation.
Install Remote Server Administration Tools on the Windows Server Core installation.
Run the dnscmd command on a Windows Vista workstation.
Run ServerManagerCmd -q on the Windows Server Core installation.
A 9_ You are the domain administrator for your organization. You have deployed Windows Server 2008 on all servers in your organization. You need to implement Printer Location Tracking (PLT) in your organization to provide self-assistance to users with questions about the location of their local printer.
Which of the following do you need to enable PLT in your domain? (Choose all that apply.)
Ensure IIS is installed
Configure a GPO to enable the location tracking feature for all devices
Obtain location settings for all printers
Obtain location settings for all servers
Create a simple naming convention to represent printer locations
Ensure SSTP is configured
A 10_ You are a network administrator for your organization. You have deployed the Windows Server 2008 operating system on all servers in your organization. You need to allow Virtual Private Network (VPN) connections from Windows Server 2008 over HTTPS. Your solution should allow user authentication only after the SSL session is established.Which protocol should you use?
Point-to-Point Tunneling Protocol (PPTP)
Secure Socket Tunneling Protocol (SSTP)
Layer Two Tunneling Protocol with Internet Protocol security (L2TP/IPsec)
User Datagram Protocol (UDP)
A 11_ You are the network administrator for a company that manufactures automobile parts. Users in your warehouse office have been issued certificates for signing e-mail, encrypting and decrypting documents, and user authentication from a subordinate enterprise certificate authority that runs Windows Server 2008. These users are constantly logging on at different computers in the warehouse. All client computers in the warehouse run the Windows Vista operating system, and all of the servers run the Windows Server 2008 operating system. You need to ensure that your users can do the following:
Use stored user names and passwords from any workstation in the domain. Access their public key infrastructure (PKI) private keys and certificates from any workstation
in the domain.
What should you do to meet these requirements?
Enable roaming profiles
Configure credential roaming
Create a Group Policy Object (GPO) to enable folder redirection
Create a Group Policy Object (GPO) to enable Protected Mode on Internet Explorer
A 12_ You are the network administrator for Nutex Corporation. Users in your main office have been issued certificates from a subordinate enterprise certificate authority (CA) that runs Windows Server 2008 for the purposes of signing e-mail, encrypting and decrypting documents, and user authentication. You want to enable credential roaming for all users because they must be constantly logging on at different computers in the office. All client computers in the main office run the Windows Vista operating system. All the servers in the main office run the Windows Server 2008 operating system.
What must you do to enable credential roaming? (Move each required step from the Choices area on the left to the Correct Order area on the right, and arrange them in the correct order. It may not be necessary to use all the steps provided.)
Choice :
Link the GPO to the domain
Use the GPMC to create a new GPO
Add the Credential Roaming template under subordinate
Enable X.509 Certificate and Key Roaming settings
Upgrade the forest level to Windows Server 2008
A 13_ Your company has a single Active Directory domain. All domain controllers and servers run Windows Server 2008. All client computers have been recently upgraded to Windows Vista.
You have four 32-bit applications running on separate servers. You have two 64-bit applications running on separate servers. You want to consolidate the different applications on as few servers as possible.
What should you do?
Install Hyper-V on a server with an x86-based processor. Create separate virtual servers for each application.Install Hyper-V on a server with an x64-based processor. Create a separate virtual server for the 32-bit applications and a separate virtual server for the 64-bit applications.Install Hyper-V on a server with an x64-based processor, and create separate virtual servers for each 64-bit application. Install Hyper-V on a server with an x86-based processor, and create separate virtual servers for each 32-bit application.Install Terminal Services on a server with an x86-based processor. Install all applications on the terminal server
A 14_ You are a server administrator for your organization. Your organization has a single Active Directory domain that contains multiple Windows Server 2008 domain controllers. All file servers run Windows Server 2003 or Windows Server 2008, and all client computers use Windows XP Professional or Windows Vista. Your organization has shared folders located on physically separate Windows Server 2008 servers by connecting them to one or more namespaces.
You must provide for the continual availability of the shared folders. You want to ensure the following:
If a share is not available on one file server, then a DFS referral is sent to another file server The DFS root is fault tolerant
Your solution incurs minimal expense and hardware configuration changes
What should you do?
Create a stand-alone namespace on a Windows Server 2008 server and install the File Services role.Create a domain-based namespace on a Windows Server 2008 Server and install the File Services role.Create a stand-alone namespace on a Windows Server 2008 server and install Active Directory Federation Services (AD FS).Create a stand-alone namespace on a Windows Server 2008 server and install Active Directory Rights Management Services (AD RMS)
A 15_ You are an administrator for a company with manufacturing plants in six cities. You plan to deploy new application servers to the six locations that run Windows Server 2008. Some of the computers have a 32-bit processor with an x86-based architecture; the other computers have a 64-bit processor with x64-based architecture.
You create an image of Windows Server 2008 on a Windows Deployment Services (WDS) server. After the image is deployed on the new computer, the computer will be sent to the appropriate plant.
You are able to deploy the images to the servers with the x64-based architecture, but not to the servers that have the x86-based architecture. What should you do to fix the problem?
Install WDS on a 64-bit server.
Create an x86-based image of the Windows Server 2008 application server.
Block UDP port 4011 on the WDS server.
Enable the appropriate TFTP port for the x64-based image.
A 16_ You are a server administrator for your organization. You have deployed Windows Server 2008 on all servers in your organization. You are implementing Printer Location Tracking (PLT) in your organization. Arrange the steps to implement PLT in your organization.
Drag the applicable steps from the Task pane and arrange them in the correct order in the Action Area. (Choose all that apply. Not every option may be required.)
Choices :
Log on as a user on the server sharing the printer and restart the spooler service
Run the gpupdate command from the command prompt
Enter location settings for computers and servers
Set locations for your subnets in AD Sited and Services
Enter location Settings for printers
Create a GPO. Enable the Pre-populate printer search location text settings
Planning for Server Deployment
A 17_ You are a network administrator for Nutex Corporation. You have deployed Windows Server 2008 on all servers in your organization. You are installing Windows BitLocker Drive Encryption (BitLocker) using the ServerManagerCmd.exe command on a Windows Server 2008 server to provide the operating system security and protection from unauthorized access. After the installation procedure is complete, you need to verify that the BitLocker feature was installed successfully.
Which command-line parameter should you use with ServerManagerCmd command to display the entire list of features installed on a Windows Server 2008 server computer?
-i
-p
-q
-v
A 18_ You are the server administrator for your organization. You have deployed Windows Server 2008 and Windows Server 2003 on all domain controllers in your organization, and all client computers run either Windows XP Service Pack 2 (SP2) and Windows Vista SP1.
You have several Windows Server 2008 file servers in different physical locations in your organization. You need to recommend a solution that will enable users to access file shares on these servers. Your solution should also ensure that users can access all data on a file server, even if any of the file servers goes offline, without requiring any new hardware be installed in the network.
What should you do? (Choose two. Each correct answer is a part of the solution.)
Configure a domain DFS root
Configure a stand-alone DFS root
Configure multiple targets for DFS referral
Install the AD FS server role on a Windows Server 2008 server
A 19_ Your company has a single Active Directory domain. All of the domain controllers run Windows Server 2008, and all of the client computers have been recently upgraded to Windows Vista.
All user accounts have roaming profiles. Your company wants to allow users to use their certificates on multiple computers. You want to ensure that the current version of any certificate is being used.
What must you do?
Replace the roaming profiles with mandatory roaming profiles, and enable credential roaming.
Replace the roaming profiles with mandatory roaming profiles, and add a recovery agent for each user on each computer.
Replace the roaming profiles with Folder Redirection, and enable credential roaming.
Replace the roaming profiles with Folder Redirection, and add a recovery agent for each user on each computer.
A 20_ You are the systems administrator for your organization. Your organization has recently acquired a partner company, which has a single Active Directory domain. All domain controllers in the partner company run Windows Server 2008.
You perform a migration for the Active Directory domains in the partner company to your organization. After migrating the partner company's user account objects, you determine the following issues:
Users cannot log on to their accounts after migration. Users cannot access network resources after migration.
You decide to roll back the migration to the original domain. You need to create a rollback plan to roll back to the pre-migration environment. Move the steps from the Choices area on the left to the Correct Order area on the right, and arrange them in the correct order. (It may not be necessary to use all the steps provided.)
Choice :
Change the domain membership for the server or workstation to the source domain
Enable the user accounts in the source domain
Notify the users to log on to the source domain
Notify the users to log off from the target domain
Verify that users are able to access resources
Log on as a user on the target domain and verify that you can access the resource
Verify that the logon scripts and user profiles for users work as configured in the source domain
Planning for Server Deployment
A 21_ You are a network administrator for your organization. Your organization has outsourced its financial services to a vendor who must have access to the confidential sales information from your organization.
You are required to configure a Public Key Infrastructure (PKI) to ensure that only authenticated users have access to organizational resources. You plan to ensure the following rules in your organization:
Use certificates to authenticate requests to Active Directory for users inside the organization. Use certificates to authenticate external vendors accessing the organization's resources.
Use certificate templates to create specific certificates for organization users.
All certificates issued to users inside the organization must be approved automatically.
The root Certificate Authority (CA) must remain offline.
What must you configure? (Choose three. Each correct answer is part of the solution.)
Configure the root CA to be a stand-alone CA
Configure the root CA to be an enterprise CA
Configure a subordinate enterprise CA to authenticate the vendors
Configure a subordinate enterprise CA to authenticate the users
Configure a subordinate stand-alone CA to authenticate the vendors
Configure a subordinate stand-alone CA to authenticate the users
A 22_ You are the administrator of a company that distributes office products. The company has a single Active Directory Domain. All the domain controllers run Windows Server 2008. You have several branch offices. You want to install a read-only domain controller (RODC) in a branch office using installation media that does not contain any cached secrets.
What tool, command, and/or commands must you use to create the installation media according to these requirements?
Use ntdsutil.exe and the move db to command.
Use ntdsutil.exe and the ifm command.
Use ntbackup and /SNAP command.
Use ntbackup and /RS command
A 23_ You are a network administrator in a tri-state news organization. Your organization has a single Active Directory domain. You have recently installed Windows Server 2008 on a domain controller named Long_Serv and Windows Server Core on a domain controller named Long_Core, both in the Active Directory domain. You have installed the DNS Server and Active Directory Domain Services (AD DS) server roles on Long_Core. Because Long_Core is located in another studio in the building complex, you need to remotely manage the Windows Server Core server using graphics user interface (GUI) tools.
What should you use?
Use the Computer Management snap-in on Long_Core.
Use the Computer Management snap-in on Long_Serv.
Install the Remote Server Administration Tools feature on Long_Core.
Use Windows Remote Shell on Long_Serv.
A 24_ You are an employee for a company with 100 stores across Canada, the United States (US), and the United Kingdom (UK). You plan to send new computers to various stores in the UK. You plan to install Windows Vista on the new computers. Some of the computers have a 32-bit processor with an x86-based architecture, but the rest of the computers have a 64-bit processor with a x64-based architecture. You install Windows Deployment Services (WDS) on a new 32-bit server that runs Windows Server 2008.
What must you do to deploy Windows Vista to the new computers?
Create a single image of Windows Vista for all new computers.
Create a 32-bit image of Windows Vista and a 64-bit image of Windows Vista.
Install WDS on a 64-bit server and create a single image of Windows Vista for all new computers.
Install WDS on a 64-bit server and create a 32-bit image of Windows Vista and a 64-bit image of Windows Vista.
A 25_ Your company has a single Active Directory domain. All client computers run Windows Vista, and all servers run Windows Server 2008.
You have several applications that run on different servers. You want to consolidate the servers to lower the total cost of ownership (TCO). You also want flexibility, reliability, scalability, and security. Your solution should freely integrate 32-bit and 64-bit workloads in the same environment.
What should you do?
Install Hyper-V on a Windows Server 2008 computer with an x86-based processor.
Create a server cluster for the applications on the server.
Create a Network Load Balancing Cluster for the applications.
Install Hyper-V on a Windows Server 2008 computer with an x64-based processor, and use Microsoft Application Virtualization.
A 26_ You are a server administrator for your company. All client computers run Windows Vista, and all file servers run Windows Server 2008. Your domain controllers run both Windows Server 2003 and Windows Server 2008. You have installed the File Services and Print Services server roles on a Windows Server 2008 computer named WIN_SRV. You want to enable support for access-based enumeration for a domain namespace on WIN_SRV to allow users to view only those files and folders which they have permission to access.
What should you do? (Choose all that apply. Each correct answer is part of the solution.)
Create a domain-based namespace on WIN_SRV.
Create a domain-based namespace on a server running Windows 2000 Server mode.
Upgrade all domain controllers to Windows Server 2008.
Raise the domain functional level to Windows Server 2008.
Raise the forest functional level to Windows Server 2008.
A 27_ You are an administrator for Verigon Corporation. The company has a single Active Directory domain. All domain controllers run Windows Server 2008, and all servers run Windows Server 2003.
Your company has purchased 50 new computers. You want to deploy a similarly configured operating system on all 50 computers. You want to configure a Windows Server 2003 computer named Srv1 as the server that will deploy images of Windows Vista to the new computers. Srv1 has a RAID 5 disk
subsystem of 2 TB. You want to ensure that services are separated on the servers and domain controllers.
What must you configure to deploy images to the new computers?
Install Remote Installation Services (RIS) on Srv1.
Install the Windows Automated Installation Kit (AIK) on Srv1.
Install the Windows Deployment Services (WDS) on a Windows Server 2008 domain controller.
Create a Group Policy Object (GPO) to assign the Windows Vista software to the new computers.
A 28_ You are the administrator of a company that manufactures aerospace components. Your company has a single Active Directory forest that has a tree with three domains. All servers run Windows Server 2003 or Windows Server 2008 and all client computers use Windows XP Professional and Windows Vista. All servers in the root domain are running Windows Server 2008.
You have several file servers in different locations that your users need to access. All of your users actively use the file servers to store and share files. You want to do the following:
Create quotas for a soft and hard space limit on the data volumes of all file servers Generate storage reports to identify duplicate files and dormant files
Incur minimal costs for hardware or operating system upgrades
What should you configure?
Upgrade all file servers to Windows Server 2008 and install a domain DFS root.
Install a domain DFS root and use the existing servers in the tree.
Upgrade all file servers to Windows Server 2008 and install FSRM on a server in the root domain.
Install FSRM on a server in the root domain and use the existing servers in the tree.
Upgrade all file servers to Windows Server 2008 and install AD FS on a server in the root domain.
Install AD FS on a server in the root domain and use the existing servers in the tree.
A 29_ Your company has a single Active Directory domain. The domain controllers are a mixture of Windows 2000 Server, Windows Server 2003, and Windows Server 2008 computers. All client computers are a mixture of Windows XP Professional and Windows Vista. You have a public key infrastructure (PKI) established for the domain.
You want to implement autoenrollment of certificates and credential roaming for the users in the domain. You want to keep software and hardware upgrades to a minimum.
What should you configure? (Choose two. Each correct answer presents part of the solution.)
Replace all Windows 2000 Server domain controllers with Windows Server 2008 domain controllers.
Replace all Windows XP Professional computers with Windows Vista computers.
Replace all Windows 2000 Server Server and Windows Server 2003 domain controllers with Windows Server 2008 domain controllers.Apply the latest service pack to all Windows 2000 Server and Windows Server 2003 domain controllers.
Apply the latest service pack to all Windows XP Professional computers.
B_ Planning for Server Mangament
B 1_ You are a server administrator for your organization. Your organization has single Active Directory domain. You have deployed Windows Server 2008 on all domain controllers in your organization. You have recently installed a read-only domain controller (RODC). You need to configure the Password Replication Policy for your RODC.
What should you use?
dsmgmt.exe
Repadmin
Active Directory Users and Computers snap-in
Active Directory Sites and Services snap-in
B 2_ You are a server administrator for your organization. You have deployed Windows Server 2008 on all domain controllers and installed Active Directory Domain Services (AD DS) and Active Directory Federation Services (AD FS) on a Windows Server 2008 server, named AD_Srv. You are installing the DNS server role on another Windows Server 2008 server.
You need to grant a user permission to run Dnscmd.exe to view and modify the DNS server configuration.
What should you do?
Add the user to the Performance Log Users group
Add the user to the Server Operators group
Add the user to the Account Operators group
Add the user to Network Configuration Operators group
B 3_ You are a server administrator for Nutex Corporation. Your organization's network has Windows Server 2003 and Windows Server 2008 domain controllers. You have installed Windows Vista with Service Pack 1 (SP1) on all client computers.
You create a Group Policy called AccountsPasswords that provides password policy restrictions and account lockout restrictions for all users in the domain. You want to save the information in the
AccountsPasswords Group Policy and import it into a sister company's forest.
What should you do to save the information?
Run gpmc.msc, expand the nutex.com container, click the Default Domain Controller container, right-click AccountsPasswords, and select Backup. Run gpmc.msc, click the nutex.com container, right-click AccountsPasswords, and select Backup. Run gpedit.msc, expand the nutex.com container, expand Domains, expand nutex.com, click the Starter GPOs container, right-click AccountsPasswords, and select Backup. Run gpmc.msc, expand the nutex.com container, expand Domains, expand nutex.com, click the Group Policy Objects container, right-click AccountsPasswords, and select Backup.
B 4_ You are a server administrator for the Verigon Corporation. Your company has Windows Server 2008 domain controllers. You perform a backup of Group Policy Objects (GPOs) at regular intervals.
Another system administrator has made some changes to GPOs on a Windows Server 2008 domain controller. You need to revert these changes and restore all GPOs to the previous state for which latest backup is available.
What should you do to achieve the objective?
Run gpmc.msc, expand verigon.com, right-click Group Policy Objects, and select Backup All.
Run gpmc.msc, expand verigon.com, right-click Group Policy Objects, and select Manage Backup.
Run gpmc.msc, expand verigon.com, right-click Starter GPOs, and select Manage Backup.
Run gpmc.msc, right-click verigon.com, and select Restore from Backup.
B 5_ You are the administrator for the Verigon Corporation. Your Active Directory structure is displayed in the exhibit. (Click the Exhibit(s) button to view the Active Directory structure.)
You want to delegate permissions for user Samuel Jones to be able to create delete and manage accounts in the domain. You also want user Jeremy Hernandez to be able to create, delete and manage user accounts in the Finance and Accounting Organizational Units (OUs).
What should you configure do? (Choose two. Each correct answer presents part of the solution.)
Add Samuel Jones' account to the Server Operators group.
Add Jeremy Hernandez's account to the Server Operators group.
Add Samuel Jones' account to the Account Operators group.
Add Jeremy Hernandez's account to the Account Operators group.
Delegate the Reset Create, delete and manage user accounts task to Jeremy Hernandez for the domain.
Delegate the Reset Create, delete and manage user accounts task to Jeremy Hernandez for the Finance and Accounting OUs.
B 6_ You are the network administrator for your company. The company's logical network design consists of a single Active Directory forest with two domains: nutex.com and verigon.com. Each domain is in different locations that are configured as separate Active Directory sites. Each site supports approximately 700 users. Each site is supported by four Windows Server 2008 domain controllers. Both domains operate at the Windows Server 2003 domain functional level. All client computers run Windows XP Professional or Windows Vista.
Organizational units (OUs) are created for departments in each domain as shown in the exhibit. (Click the Exhibit(s) button to view the Active Directory structure.)
Departments for which OUs are created include sales (Sales), human resources (HR), accounting (Acct), marketing (Mktg), research (Res), manufacturing (Manu), and IT administration (IT). User accounts and computer accounts for each department are located in the associated OU. Group Policy objects (GPOs) are linked at the site, domain, and OU levels.
A GPO is used to deploy a time management application to users throughout the organization. You create a new GPO to assign Microsoft Excel to accounting users. All accounting users are located in Site1. The new GPO is linked to the Acct OU container.
Help desk personnel report that users in the accounting department have complained that they are not receiving the Excel application when they log on to their computers. You log on to a computer in the accounting department with a department user account and run Gpresult to confirm that the GPO linked to the Acct OU is being applied. You verify that the GPO is properly configured.
You must determine the source of the problem. You want to troubleshoot Group Policy application by using Resultant Set of Policies (RSoP). You must determine the proper location and mode to run the utility.
What should you do? (Choose two. Each correct answer presents part of the solution.)
Run RSoP in Logging mode.
Run RSoP in Planning mode.
Run RSoP at the site level.
Run RSoP at the domain level.
Run RSoP at the OU level.
Run RSoP to target the Accounting users and Accounting computers
B 7_ You are the enterprise administrator for your company. Your company has a single forest with three domains. (Click the Exhibit(s) button to view the Active Directory structure.)
In each domain there are three Organizational Units (OUs), named Employees, Workstations, and Servers. Within the Employees OU, you have global groups that contain personnel for various job tasks, such as the Marketing, Sales, and Administration groups. You want several technical support people from domain.com, child1.domain.com, and child2.domain.com to be able to manage the membership list of the Marketing, Sales, and Administration groups within all three domains.
What should you configure? (Choose four. Each correct answer presents part of the solution.)
Create a global group named TechSupportPersonnel in domain.com.
Create a universal group named TechSupportPersonnel in domain.com.
Create a global group named SupportPeople in each domain. Add the technical support people who should manage the membership lists into the global group.
Add SupportPeople from each domain to TechSupportPersonnel.
Add the TechSupportPersonnel group as members of the Marketing, Sales, and Administration groups in all three domains.Use the Delegation of Control Wizard to assign the Create, delete and manage user accounts task to the TechSupportPersonnel group at the Employees OU.Use the Delegation of Control Wizard to assign the Modify the membership of a group task to the TechSupportPersonnel group at the Employees OU.
B 8_ You are a network administrator for an organization that has a single Active Directory domain and Windows Server 2008 domain controllers. A group of users in your organization is complaining about the network performance. You decide to delegate the issue to another administrator. You need to enable another server administrator to remotely monitor only the performance counters on domain controllers in the domain, but not alerts.
What should you do?
Add the server administrator to the Performance Log Users group
Add the server administrator to the Server Operators group
Add the server administrator to the Account Operators group
Add the server administrator to the Performance Monitor Users group
Add the server administrator to the Network Configuration Operators group
B 9_ You are a server administrator in your organization. The domain controllers in your organization run Windows Server 2003 and Windows Server 2008. You have installed Active Directory Certification Services, Active Directory Federation Services, and Active Directory Domain Services on a Windows Server 2008 server.
Your organization wants to deploy a read-only domain controller (RODC) to provide authentication with domain controllers over a Wide Area Network (WAN). You have updated the permissions on all the Domain Name System (DNS) application directory partitions in the forest to accomplish the task.
What else should you configure to deploy an RODC?
Set the forest functional level to Windows Server 2008.
Set the domain functional level to Windows Server 2003.
Set the domain functional level to Windows Server 2008.
Run the adprep /rodcprep command.
B 10_ You are the administrator for the Nutex Corporation, which has a single Active Directory domain. Nutex manufactures soft drinks for worldwide distribution. All servers run Windows Server 2008, and all client computers have been upgraded to Windows Vista.
You want to ensure that the My Documents folder and the Application Data folder for all Engineers and Marketing users working on the new soft drink project are redirected to the central file server. You create a global group called ColaProjectEmployees that contains all Engineering and Marketing users who are working on the new soft drink project.
What should you do next? (Choose three. Each correct answer presents part of the solution.)
Create a Group Policy object named GPO1 to enable folder redirection to the shared folder. Create a Group Policy object named GPO1 to specify a roaming profile to be stored on a shared folder.
Add the ColaProjectEmployees group to the Security Filtering section of GPO1.
Edit GPO1 to specify Advanced redirection. Specify the ColaProjectEmployees group to \\FileServer1\Share.
Link GPO1 to the domain.
B 11_ You are the administrator for the Nutex Corporation. You have linked several Group Policy objects (GPOs) to the domain. You have several GPOs linked to the Accounting OU.
Jack, a user in the Accounting department, reports that the SoftwareDeployment GPO did not apply to him. Jack's user account is in the Accounting OU, and the SoftwareDeployment GPO is linked at the Accounting OU. You query other users in the Accounting department. Jill, who also has a user account in the Accounting OU, reports the SoftwareDeployment GPO successfully applied for her.
Which command can you use to help troubleshoot the problem?
gpupdate /Target:User nutex\jack
gpupdate /Sync:nutex\jack
gpresult /H c:\GPOresults.xml /U nutex\jack /S server5
gpresult /U nutex\jack /S server5 /R
B 12_ You are a server administrator for your organization. You have installed Windows Server 2008 domain controllers in a single Active Directory domain in your organization. You have configured the Windows Server 2008 computers to allow the installation of any device, provided that the device driver is staged in the driver store or that the user has administrative permissions.
You need to prevent the installation of all devices except those specifically permitted by other policy settings. You need to enable a policy setting to prevent the installation of all devices unless they are specifically permitted.
What should you do?
Enable the Prevent installation of removable devices policy setting.
Enable the Prevent installation of devices not described by other policy settings policy setting.
Enable the Prevent installation of devices that match any of these device IDs policy setting.
Enable the Prevent installation of devices using drivers that match these device setup classes, policy setting.
B 13_ You are the administrator of the Nutex Corporation. All your servers run Windows Server 2008 or Windows Server 2003. All desktop computers and laptop computers run Windows XP Professional.
Your company has a sales force that is divided up into three different departments: Inside, Outside, and Government. Each department has their own Organizational Unit (OU). (Click Exhibit(s) button to view the Active Directory structure.)
Your supervisor has created several Group Policy objects (GPOs). GPO3 renames the Administrator and Guest accounts on computers. GPO2 sets the desktop settings for users. GPO1 assigns a sales application to the Inside and Outside OUs. Government sales people should not have this application.
Several of the Government sales people notice that Administrator account is displaying in Computer Management. What should you do to fix the problem?
Remove the Block Inheritance setting on the Government OU.
Configure the Enforced setting on GPO3.
Configure the Enforced setting on GPO1.
Create a global group for the Government sales people. Add the global group to the Security Filtering section of GPO3.
B 14_ You are a server administrator for your organization. You have deployed Windows Server 2008 on all domain controllers in your organization. You have configured a local computer policy to prevent the installation of removable devices in your organization, but you notice that this policy setting does not let the administrative users update drivers for existing removable devices.
You need to ensure that users in the Administrators group can install drivers for removable devices. You have opened the Device Installation Restrictions folder under Local Computer Policy\Computer Configuration\Administrative Templates\ System\ Device Installation in the Local Group Policy Object Editor.
What should you do?
Enable the Prevent installation of removable devices policy setting.
Disable the Prevent installation of removable devices policy setting.
Enable the Allow administrators to override Device Installation Restriction policies policy setting.Disable the Allow administrators to override Device Installation Restriction policies policy setting.
B 15_ You are the network administrator for your company. The company's logical network design consists of a single Active Directory domain. All servers run Windows Server 2008, and all client computers run Windows Vista.
Organizational units (OUs) were created for each department in the domain, as shown in the exhibit. (Click the Exhibit(s) button to view.) Multiple Group Policy objects (GPOs) were created and linked to each OU.
You are considering moving the APayables OU into the Acct OU. However, you are concerned that this action will result in conflicting Group Policy settings for users in the APayables OU. You want to identify any existing policies that may cause disruptions for these users before performing this operation.
What should you do? (Choose two. Each correct answer presents part of the solution.)
Analyze the logged policy results for users in the OU.
Simulate the policy settings for the Acct OU.
Simulate the policy settings for the APayables OU.
From the Acct OU, run Resultant Set of Policies (RSoP) in Logging mode.
From the Acct OU, run Resultant Set of Policies (RSoP) in Planning mode.
From the APayables OU, run Resultant Set of Policies (RSoP) in Logging mode.
From the APayables OU, run Resultant Set of Policies (RSoP) in Planning mode.
B 16_ You are the enterprise administrator for the Verigon Corporation based in Memphis, Tennessee. Your company has recently purchased the Nutex Corporation, based in Jonesboro, Arkansas. The Nutex Corporation has been integrated into the Verigon forest. All domain controllers in the nutex.com tree use Windows Server 2008. All domain controllers in the verigon.com tree use a combination of Windows Server 2008 and Windows Server 2003. All domains of verigon.com are
located in the Active Directory site of Memphis, and all domains of nutex.com are located in the Active Directory site of Jonesboro. (Click the Exhibit(s) button to view the Active Directory structure.)
You create a Group Policy object (GPO) named GPO1 that does the following:
Configures the Internet Explorer Settings. Configures Start Menu and Task Bar Settings.
You create a GPO named GPO2 that does the following: Renames the Guest account on the computer. Assigns software to the computer.
You want to apply GPO1 to all users in the verigon.com tree. You want to apply GPO2 to all computers in the nutex.com tree. What should you do?
Link the GPO1 to the verigon.com domain, and link the GPO2 to the nutex.com domain.
Link the GPO1 to the verigon.com domain, and link the GPO2 to the nutex.com domain. Set the Enforced setting on GPO1 and GPO2.
Link the GPO1 to the Memphis site, and link the GPO2 to the Jonesboro site.
Link the GPO1 and GPO2 to the forest. Limit GPO1 to only verigon.com, and limit GPO2 to nutex.com by adding only the Domain Users group of the domains in the respective trees to the respective GPOs.
B 17_ Your company manufactures motor parts for sports cars. The company has a newly installed Active Directory domain with branch offices in three cities. Each city is configured as an Active Directory site. All servers run Windows Server 2008, and all client computers run Windows Vista.
Each office has a file server with shared folders containing documents that are read and modified by engineers. Engineers from all locations must be able to modify the documents in the file server's shared folder from their local offices.
What must you do to meet these requirements? (Choose three. Each answer is part of the complete solution.)
Install Distributed File System Namespace and Distributed File System Replication.
Update the Active Directory schema.
Deploy a namespace and add a namespace server.
Add folders to the namespace.
Bridge all site links.
B 18_ You are the administrator for the Nutex Corporation. You have created three Group Policy objects (GPOs) and linked them to the Sales Organizational Unit (OU). (Click the Exhibit(s) button to view the Active Directory structure.)
The policies have the following functions:
User Environment Policy - Configures desktop settings, login scripts, and proxy server settings.
IE Settings Policy - Configures the browser home page and other Internet Explorer settings.
Folder Redirection Policy - Redirects the My Documents folder to the \\FileSrv\Users share.
You notice that the proxy server settings in the User Environment Policy are conflicting with the settings in the IE Settings Policy. You want to ensure that the settings in the IE Settings Policy are used.
What should you do to fix the problem?Set the Link Order setting to 3 for the IE Settings Policy.
Set the Link Order setting to 1 for the IE Settings Policy.
Set the Enforced setting on the User Environment Policy.
Remove the Authenticated Users group from the Security Filtering section of the User Environment Policy
B 19_ You are the administrator for a company that has a single Active Directory domain with three Active Directory sites in Atlanta, San Fransisco, and Quebec. All of the servers in the company run the Windows Server 2008 operating system on a 64-bit platform. All client computers run the Windows Vista operating system. Some of the client computers use a 32-bit processor and some use a 64-bit processor.
You want to ensure that computers in two of the sites, San Fransisco and Quebec, have a legacy 32-bit application installed on them. Employees in the two sites work on two different 10-hour shifts and thus share the computers. You plan to deploy the software to the two sites via a Group Policy package. You want to ensure if there is an update to the software package that it will apply to the computer before the user logs on. Finally, the application should install on the computers in Quebec even if the French language files are not up to date.
What must you configure? (Choose all that apply.)
Publish the software package.
Assign the software package.
Set the Ignore language when deploying this package setting on the package.
Set the Uninstall this application when it falls out of the scope of management setting on the package.Set the Make this 32-bit X86 application available to Win64 machines setting on the package.
Set the Include OLE class and product information setting on the package.
B 20_ You are the enterprise administrator for your company. Your company has a single forest with two trees that have three domains each. Each domain within the verigon.com tree contains three file servers named dc1, dc2, and dc3. (Click the Exhibit(s) button to view the Active Directory structure.)
You want a set of technical support people from verigon.com, east.verigon.com, west.verigon.com, nutex.com, east.nutex.com, and west.nutex.com to be able to do the following on the file servers in each domain:
Back up and restore data on each file server. Format the hard disk.
What should you do? (Choose all that apply. Each correct answer presents part of the solution.)
Create a global group called SrvAdmins in each domain of the verigon.com tree and in each domain of the nutex.com tree.Create a local group called SrvAdmins in each domain of the verigon.com tree and in each domain of the nutex.com tree.Create a universal group called NutexSrvAdmins that contains the SrvAdmins group in each domain of the nutex.com tree group. Create a universal group called VerigonSrvAdmins that contains the SrvAdmins group in each domain of the verigon.com tree group. Add the NutexSrvAdmins and VerigonSrvAdmins groups as members of the Server Operators group on dc1, dc2, and dc3 in each domain of the verigon.com tree.Add the NutexSrvAdmins and VerigonSrvAdmins groups as members of the Backup Operators group on dc1, dc2, and dc3 in each domain of the verigon.com tree.Add the NutexSrvAdmins and VerigonSrvAdmins groups as members of the Account Operators group on dc1, dc2, and dc3 in each domain of the verigon.com tree.
B 21_ Your company has purchased another company in Quebec, Canada. You integrate the new company into your Active Directory forest. You have upgraded all of the servers to Windows Server 2008. You have upgraded some workstations to Windows Vista, but the remaining workstations are running Windows 2000 Professional with Service Pack 3.
You want to have Group Policy objects (GPOs) applied to the workstations in the domain that have both the French and English language. How can you accomplish this? (Choose three. Each correct answer is part of the solution.)
Upgrade all workstations to Windows Vista
Create a central store on a domain controller
Create a \Policy folder underneath \%windir%\system32
Copy all ADM files to the central store
Copy all ADM files to the local workstation's Policy folder
Copy all language-specific ADML files to the central store
Copy all language-specific ADML files to the local workstation's Policy folder
B 22_ You are the administrator of a company network that has a single Active Directory domain. All domain controllers are a mixture of Windows Server 2003 and Windows Server 2008. All client computers are a mixture of Windows XP Professional and Windows Vista.
Your company has recently purchased the business of a competitor. You must evaluate and inventory what features and roles are installed on the newly purchased servers. In particular, the competitor had deployed several Windows Server 2008 Server Core Edition servers. Which command would you run to determine which roles and features are installed on the Server Core servers?
winrs -r:<ServerName> cmd
oclist
ocsetup.exe /log:Query.xml
odeploy.exe /logfile:file.log
B 23_ You are the server administrator for your organization. You have deployed Windows Server 2008 on all servers in your organization, which has a single forest and a single Active Directory domain. A Windows Server 2008 server named WIN_GC is configured as a global catalog server in your organization.
You plan to deploy a new computer to be the first read-only domain controller (RODC) in the domain, which will host read-only partitions of the Active Directory database.
What should be your first step to install an RODC on a Windows Server 2008 computer?
Run the dcpromo / adv command
Log on to the server as a member of the Domain Admins group.
Log on to the server as a member of the Server Operators group.
Run the adprep /domainprep /gpprep command in all domains in the forest
Run the adprep /domainprep command in all domains in the forest
B 24_ You are a server administrator for your organization, which has offices in Germany, Brazil, and the United States. Your organization has Windows Server 2008 domain controllers and client computers which run Windows Vista. You have recently deployed a new Windows Server 2008 domain controller in your organization.
Since your organization is multi-lingual, you want to display Group Policy settings in multiple languages on this Windows Server 2008 domain controller.
Which files do you require? (Choose two. Each choice presents part of the solution.)
.ADMX
.ADM
.ADML
.POL
.BAML
B 25_ You are a server administrator for your company that prepares tax returns for individuals and corporations. Your company has a single Active Directory domain, and you have deployed Windows Server 2008 domain controllers in your organization.
You plan to deploy a software application on laptops for the users in the IndividualTax Organizational Unit (OU). Shortcuts for the application should appear on the desktop or in the Start menu for these laptops. If the user is promoted and the user's account is moved to the CorporateTax OU, the application should remove itself from the laptop.
What should you do? (Choose three. Each correct answer is part of a single solution.)
Create a package in a Group Policy in \Computer Configuration\Software Settings\Software Installation and link the policy at the IndividualTax OU.Create a package in a Group Policy in \User Configuration\Software Settings\Software Installation and link the policy at the IndividualTax OU.
Publish the package.
Assign the package.
Configure the package to Uninstall this application when it falls out of scope of management.
Configure the package to Install this application at logon.
B 26_ You are the administrator of your company's single Active Directory domain. Your company has a central office headquarters and two branch offices. There is an organizational unit (OU) for each office. The headquarters office also has three OUs for the IT, Warehouse, and the Development departments, named IT, Warehouse, and Development, respectively. (Click the Exhibit(s) button to view the Active Directory structure.)
You have created a Group Policy object (GPO) that sets user login scripts for users. You want this GPO to apply to all users in the domain except the users in the Warehouse OU.
What should you do?
Link the GPO to the domain, and apply the Block inheritance setting at the Warehouse OU.
Create a global group for all of the Warehouse user accounts. Add the global group to the Security Filtering section of the GPO.
Link the GPO to the Branch1, HQ, and Branch2 OUs only.
Create a global group for all the Warehouse user accounts. Under the Delegation tab, grant the Read permission to the global group for the GPO.
B 27_ You are the administrator for the GlobeComm Corporation. You have recently migrated from a multi-domain Windows 2000 Server environment to a single domain Windows Server 2008 environment. All client computers have been upgraded from Windows 2000 Professional to Windows XP Professional or Windows Vista.
You plan to make some changes to the users' environment. You create a shared network folder on a file server to store users' data. You want to ensure the following:
When a user logs on to various computers on the network, the user's documents are always available.
Contents of the user's My Documents folder do not have to be copied between the client computer and the server each time the user logs on or off.
What should you configure?Create a Group Policy object to enable folder redirection to the shared folder.
Create a Group Policy object to specify the user's home directory to the shared folder.
Create a saved LDAP query of the user accounts. Export the results to a tab-delimited file, modify the home directory in the file, and use the LDIFDE utility to import the file into Active Directory.Create a saved LDAP query of the user accounts. Export the results to a tab-delimited file, enable folder redirection in the file, and use the LDIFDE utility to import the file into Active Directory.
B 28_ You are the administrator of your company. Your company has a single Active Directory domain. All domain controllers are a mixture of Windows Server 2003 and Windows Server 2008. All client computers are a mixture of Windows XP Professional and Windows Vista. Several file servers are Windows Server 2008 Server Core servers.
You need to install a DHCP server on a Windows Server 2008 Server Core installation. Which command can you use?
Oclist | install "DHCPServer"
winrs /install:DHCP /Server:local
ServerManagerCmd.exe -install DHCPServer
odeploy.exe -install DHCPServer
start /w ocsetup DHCPServer
B 29_ You are the administrator for your company's Active Directory domain. You have the task of creating, deleting, and managing all the user accounts on the domain. You want to give a select set of users the ability to create computer and contact objects in all Organizational Units (OUs) in the domain. These are the only permissions that should be granted to the users. You create a global group for the users named SupportHelp.
What else must you configure to ensure that SupportHelp can create computer objects and contact objects?
Delegate the Create, delete and manage user accounts task to SupportHelp at each OU in the domain.
Add SupportHelp to the Account Operators group.
Use the Delegation of Control Wizard to delegate control of Computer Objects and Contact Objects at each OU in the domain.
Add SupportHelp to the Server Operators group.
B 30_ Your company has a single Active Directory domain with branch offices in three cities. Each city is configured as an Active Directory site. All servers run Windows Server 2008, and all client computers run Windows Vista.
Each office has a file server with shared folders. You want users in each office to be able to access and update the data in each file server's shared folder on a local server in each office. You also want to prevent a server that was offline for a long time from overwriting fresh data when it comes back online with stale data.
Your solution should minimize hardware expenses. What should you configure?
Implement Distributed File System (DFS) Namespaces and DFS Replication.
Implement Cluster Continuous Replication (CCR).
Implement a Network Load Balancing cluster.
Implement a single copy cluster (SCC).
B 31_ You are a server administrator for your organization. You have deployed Windows Server 2008 on all domain controllers. Your organization has a main office and a branch office in different cities. You have deployed a read-only domain controller (RODC) in the branch office.
There is no local administrator role defined on the RODC server after Active Directory Domain Services (AD DS) installation. You need to add a user in the branch office to the administrator role on an RODC server to allow the user to configure Administrator Role Separation for RODC.
What command should you run?
Ldp.exe
Adsiedit.msc
dsmgmt.exe
repadmin /add
C_ Monitoring and Maintaining Servers
C 1_ You are a network administrator of GlobeComm, a company that develops software for the tax accounting industry. Your organization has Windows Server 2008 domain controllers and Windows
Vista client computers. You need to recommend a solution to ensure that an installed WSUS server applies updates only on the developers' portable computers, and not on any other computers in the GlobeComm domain. Your solution should enable WSUS to assign the developers' portable computers to a computer group automatically.
What should you do?
Create a computer group using the WSUS Management console.
Create a computer group using the Group Policy Management console (GPMC).
Enable server-side targeting.
Enable client-side targeting.
C 2_ You are the administrator of your company's application servers. One application server is used by a group of four users in a department. Recently you have noticed that the four users are opening many processes on the server, and that the processor load on the server is exceeding 70%.
You want to give equal access to the users and ensure minimum resource availability, while also ensuring that the processor load is not too great.
What should you configure?
Implement Windows System Resource Manager (WSRM) and configure an Equal_Per_Process resource allocation policy.
Implement WSRM and configure an Equal_Per_User resource allocation policy.
Implement WSRM and configure an Equal_Per_Session resource allocation policy.
Use Windows Remote Management. Configure the service in a GPO. Add the users into the Security Filtering of the GPO.Use Windows Remote Management. Configure the service in a GPO. Add the users' computers into the Security Filtering of the GPO.
C 3_ You are a server administrator for your organization. You have deployed Windows Server 2008 domain controllers in the Active Directory domain. You have deployed Windows XP Service Pack 2 (SP2) and Windows Vista SP1 on client computers in your organization.
There is a computer that runs Windows Vista SP1 in the Sales group that is used by most of the sales executives. Users in the Sales group store sensitive information on the operating system volume of this computer. You must recommend a solution to ensure that the sensitive information stored on this computer is safe from unauthorized access. Your solution should also protect system files.
What should you do?
Implement Internet Protocol Security (IPsec).
Implement encrypting file system (EFS).
Implement BitLocker drive encryption.
Implement transparent data encryption (TDE).
C 4_ You are a server administrator for your organization. You have deployed Windows Server 2008 on all domain controllers and Windows Vista on all client computers. You also deployed Windows Server Update Services (WSUS) 3.0 on a Windows Server 2008 domain controller in your organization.
You have set up a test lab with three computers, and created a computer group named Lab on the WSUS server for the lab computers. The hardware configuration on the lab computers matches the client computers in the network. You have installed legacy software applications on the lab computers that are also installed on the client computers in the network.
You need to ensure that all updates will be immediately tested on the Lab computer group before they can be deployed on client computers in the organization's network. Your solution should require the least amount of administrative effort.
Which option on the WSUS Administration console should you select for the Lab group?
Select the Approved for Install option in the Approve Updates dialog box.
Select the Deadline option in the Approve Updates dialog box.
Choose the Critical Updates from the Updates dialog box.
Choose the Security Updates from the Updates dialog box.
C 5_ You are the network administrator for the Verigon Corporation. Users must access a Web-based time attendant system to enter the hours that they worked on a project. Some users work from home and some work from the office.
You must ensure that all remote users that connect to the corporate LAN via a VPN have the latest security updates from the WSUS server. A Group Policy that is linked to the domain specifies the Window Update server as wsus.verigon.com. The following is a partial list of servers that you have on the network:
You implement Network Access Protection (NAP) and configure a Network Protection Server named
nps.verigon.com to provide centralized health policy configuration and evaluation of NAP client health state. You configure a Windows Security Health Validator. You enable the Quarantine Clients that do not have all available security updates installed setting and the Automatic updating setting. You configure a Remediation Server group for the clients that do not meet the health policy.
Which IP addresses should be included in the Remediation Server group? (Choose all that apply. Each correct answer is part of the solution.)
10.0.0.5
10.0.0.7
10.0.0.2
10.0.0.15
C 6_ You are the administrator of a company that manufacturers engine parts for racing cars and boats. Your company has a single Active Directory domain. All servers run Windows Server 2008, and all desktop computers run Windows Vista.
The company has decided to implement Network Access Protection (NAP) to ensure that all clients meet the health and security policies set forth by the company. You install the following roles:
Network Policy Server Routing and Remote Access Server
DHCP Server
You must ensure that all traveling employees have the latest anti-spyware updates and security patches. The traveling employees have portable computers that run Windows Vista, Windows XP Professional, and Windows 2000 Professional. Financial resources are constrained, so you do not want to spend any unnecessary funds.
What should you recommend to ensure that these employees meet the health validation standards before connecting to the network via a VPN?
Upgrade or replace all old portable computers with those that run Windows Vista.
Upgrade or replace all Windows 2000 Professional portable computers with Windows Vista.
Upgrade or replace all Windows 2000 Professional portable computers with Windows Vista, and install Service Pack 3 on all Windows XP Professional computers.Install Service Pack 6 on all Windows 2000 Professional portable computers, and install Service Pack 3 on all Windows XP Professional computers.
C 7_ You are a network administrator for your organization. You have recently upgraded computers in your organization to Windows Server 2008 servers and Windows Vista client computers. You are using a legacy application on a Windows Server 2008 server named 2K8SRV-AS. The legacy application, when executed, creates image files on the server that require a large amount of space.
Almost 15 users from the Development group access this legacy application on a daily basis. The
server response time is slow when all users in the Development group access the legacy application at the same time.
Which performance counter should you verify to determine the cause of the problem?
Memory: Available Bytes
Processor: % Processor time
Processor: % User time
Physical Disk: Avg. Disk Queue Length
C 8_ You are the administrator for your network. All servers in your domain run Windows Server 2008, and all desktop and portable computers run Windows Vista.
You have implemented a Network Policy Server to authorize connections to your network. You want to configure a Network Access Protection (NAP) policy to specify that wireless portable computers can only connect to the network during business hours. Also, these computers must have a valid NAP statement of health (SoH).
Which conditions must you place in the policy? (Choose three. Each correct answer is part of the solution.)
NAS Port Type
Client IPv4 Address
Service Type
Date and Time Restrictions
Identity Type
C 9_ You are a server administrator for your organization. You have deployed Windows Server 2008 domain controllers and Windows Vista client computers in your organization.You are planning to implement Network Access Protection (NAP) in your organization to protect the computers on the network from unauthorized access.
Which component should you install and configure on a NAP-capable client to ensure that the client computer can verify its health status to the Network Policy server (NPS)?
Statement of health response (SoHR)
Statement of health (SoH)
System health validator (SHV)
Health policies
C 10_ You are the network administrator for the Verigon Company. The company's network has a single domain with a main office and four branch offices. All domain controllers and servers run Windows Server 2008, and the functional level of the domain is Windows Server 2008. Each location is a separate Active Directory site.
You have configured a Group Policy object (GPO) that starts the Windows Event Collector service on all computers. You link the GPO to the domain. The Windows Remote Management (WinRM) service is running on all Windows Server 2008 file servers and Web servers. You would like to collect all replication errors from the domain controllers in all sites and view them on a file server in the main office.
What should you do?
On all domain controllers, start the WinRM service and configure its start mode to Automatic.On all domain controllers, start the Windows Error Reporting service and configure its start mode to Automatic.On the server in the main office, start the WSRM service and configure its start mode to Automatic.
On all domain controllers, start the WSRM service and configure its start mode to Automatic.
C 11_ You are a server administrator for your organization. Your organization provides on-site training services to partner companies. You have deployed Windows Server 2008 on domain controllers and Windows Vista on client computers in your organization.
On-site trainers use a portable computer to provide training within the organization. They use the same portable computers to access internal network resources. You plan to deploy a Network Access Protection (NAP) platform to impose health requirements for these computers.
You need to prepare a NAP server in your organization for NAP deployment. What do you need? (Choose all that apply.)
Statement of health (SoH)
Statement of health response (SoHR)
System health validator (SHV)
Health policies
NAP enforcement client (NAP EC)
C 12_ You are a network administrator for an organization that provides consulting services to its partner companies. Your organization has Windows Server 2008 domain controllers and Windows Vista client computers.
Zachary is the Manager for the Human Resources Department. You need to recommend a solution to ensure that his personal files are protected from other users who access his computer using their own
user accounts. Your solution should not require any special hardware.
What should you do?
Create an Internet Protocol Security (IPsec) policy.
Enable Encrypting File System (EFS) on Zachary's computer.
Enable BitLocker drive encryption on Zachary's computer.
Enable transparent data encryption (TDE) on Zachary's computer.
Enable transparent data encryption (TDE) on all computers in the organization.
C 13_ You are a network administrator for your organization, which has a main office and one branch office. The branch office does not have Internet access; only the main office has Internet access. Users in the branch office must access their e-mail using a WAN link to the main office.
Your organization is using Windows Server 2008 domain controllers, Windows Vista client computers, and an Exchange Server 2007 messaging system. You have deployed Windows Server Update Services (WSUS) 3.0 on Windows Server 2008 domain controllers in the main office as well as in the branch office. The WSUS server at the main office is named WSUS-ADMIN, and the one at branch office is named WSUS-BRANCH.
You have added computers to both the computer group on WSUS-ADMIN and the computer group on WSUS-BRANCH. You have also configured the WSUS-ADMIN server to receive and store all updates from Microsoft. You need to recommend a solution for updating the WSUS-BRANCH server to provide updates to branch office computers. Your solution should use the least administrative effort.
What should you do?
Export the update files and metadata from WSUS-ADMIN to a DVD, and then import the content from the DVD to WSUS-BRANCH.
Configure WSUS-BRANCH as a replica server.
Configure WSUS-BRANCH as a downstream server.
Configure WSUS-BRANCH as an upstream server.
C 14_ You are the administrator for a company that has a single domain with forty Windows 2008 Servers and 200 Windows Vista client machines.
You notice that a proprietary application takes up a large amount of memory on the Windows Vista client computers. In certain instances, the application consumes all of the client workstation's memory. You cannot deploy an upgrade for the application for two weeks. Until the new application is ready to deploy, you want to use Reliability and Performance Monitor to create a performance alert on each computer that will monitor and terminate the memory consumption when it exceeds a set level. You will use Microsoft System Center Operations Manager 2007 to manage multiple
computers.
What should you configure in your performance alert? (Choose two. Each correct answer is part of the solution.)
Monitor the Memory\Pages/Sec counter. Set an alert when the counter is above 20 for 10 seconds.Monitor the Memory\Pages/Sec counter. Set an alert when the counter is below 20 for 10 seconds.Monitor the Memory\Pages/Sec counter. Set an alert when the counter is above 20 for 45 seconds.
When the alert is triggered, run TSKILL to stop the application.
When the alert is triggered, run SHUTDOWN /R to stop the application
C 15_ You are the administrator for the GlobeComm Corporation. Your company has recently implemented a schedule that allows employees to work from home part of the time.
All employees connect from home through a VPN. You must ensure that all employee home computers are in compliance with health standards and have the latest security patches. What should you implement?
Implement a Network Policy Server (NPS).
Implement an IPSec tunnel from the employee's computer to the VPN server.
Implement an SSTP tunnel from the employee's computer to the VPN server.
Implement an ISA server.
C 16_ You are the enterprise administrator for a company that manufactures airplane engines and parts. You have a single Active Directory domain with several office locations. All of your servers use Windows Server 2008. All of the desktop computers and mobile computers in the network use Windows Vista. The main office and all of the other locations have a Windows Server Update Services (WSUS) server. Your company employs salespeople who move from location to location. These salespeople also connect to the company locations from customer sites.
You want to ensure that all computers that attach to the network have the latest anti-virus software updates, anti-spam software updates, and security updates. Which server roles must you have installed in each location to ensure this? (Choose three. Each correct answer presents part of the solution.)
Routing and Remote Access
Certificate Server
Internet Information Server (IIS)
Dynamic Host Configuration Protocol (DHCP) Server service
Read-Only Domain Controller (RODC)
Network Policy Server (NPS)
C 17_ You are the administrator for a company that manufactures plastics. You have a central office that contains 5,000 computers. You have established a SQL Server 2005 failover cluster and installed three WSUS servers called WSUS1, WSUS2, and WSUS3. You want to ensure that client computers are able to receive updates and security patches even if one or more of the WSUS servers go offline.
What should you do? (Choose four. Each correct answer presents part of the solution.)
Configure three WSUS servers to be front-end servers, and configure the SQL Server 2005 server to be a back-end server.
Configure RAID-1 disk subsystems on WSUS1, WSUS2 and WSUS3.
Create a single file location to store updates for the WSUS servers on a DFS share.
Create a file location locally for each WSUS server to store updates on the RAID-1 disk subsystem.
Configure the WSUS servers to be in an NLB cluster.
In a Group Policy, configure the Specify intranet Microsoft update service location setting for the client computers as WSUS1, WSUS2, and WSUS3.In a Group Policy, configure the Specify intranet Microsoft update service location setting for the client computers as the virtual address of the NLB cluster.
C 18_ You are the network administrator for the Nutex Company. Nutex's network has a single domain with several locations. All domain controllers and servers run Windows Server 2008. All clients run Windows Vista. The functional level of the domain is Windows Server 2008.
You have noticed that the same problem occurs on multiple Windows Server 2008 servers. You need to analyze log data from more than one server for troubleshooting. You want to consolidate events from each server into a single log and sort it by time stamp to get a better idea of what may be causing the problem.
You want a file server in main office, called Srv1, to collect all errors from all servers in the main office and in other locations. What should you do? (Choose two. Each correct answer presents part of the solution.)
On all servers, start the Windows Remote Management (WinRM) service and configure its start mode to Automatic.On all servers, start the Windows Error Reporting service and configure its start mode to Automatic.On SRV1, start the Windows Event Collector service and configure its start mode to Automatic.
On SRV1, open Windows Reliability and Performance Monitor and start the Reliability Monitor.
On all servers, open Windows Reliability and Performance Monitor and start the Reliability Monitor.
C 19_ You are the network administrator for your organization. Your organization's network has a single Active Directory domain. You have deployed Windows Server 2008 domain controllers and Windows Vista client computers in your organization.
You have installed the Terminal Services and Application Server role services on a Windows Server 2008 server named WS08-TAS. You notice that the performance of WS08-TAS is noticeably slower when remote users are accessing the server or when multiple applications are opened on the server.
The Reliability and Performance Monitor shows the following information:
Processor: %Processor Time - 85 Memory: Pages/Sec - 9 System: Processor Queue Length - 1 Paging File: % Usage - 50 Paging File\: Usage Peak - 50 PhysicalDisk: % Disk Time - 45 PhysicalDisk: Avg. Disk Queue Length - 1
What should you do to improve system performance? Upgrade the processor.
Upgrade the disk subsystem to RAID1.
Increase the amount of RAM.
Upgrade disk subsystem to RAID5.
C 20_ You are a server administrator in your company. Your company has a single Active Directory domain that includes Windows Server 2003 and Windows Server 2008 domain controllers. The client computers in your organization run Windows Vista Service Pack 1 (SP1) or Windows XP.
You are planning to implement Network Access Protection (NAP) in your organization to protect your network from unauthorized access.
What should you do? (Choose all compatible operating systems that apply.)
Upgrade the Windows XP computers to Windows Vista.
Upgrade the Windows XP computers to Windows XP SP2.
Upgrade the Windows XP computers to Windows XP SP2 RC2.
Upgrade the Windows XP computers to Windows XP SP3.
Upgrade the Windows Server 2003 domain controllers to Windows Server 2008 domain controllers.
C 21_ You are the administrator of your company's application servers. One application server is used by a group of users in the accounting department. Processes on the server are causing the processor load to exceed 70%. Some processes are taking up more resources than other processes. Most users open the same number of processes on the server.
You want to give equal access to each process and maintain minimum resource availability while ensuring that the processor load is not too great. What should you configure?
Implement Windows System Resource Manager (WSRM) and configure an Equal_Per_Process resource allocation policy.
Implement WSRM and configure an Equal_Per_User resource allocation policy.
Implement WSRM and configure an Equal_Per_Session resource allocation policy.
Use Windows Remote Management. Configure the service in a GPO. Add the users into the Security Filtering of the GPO.Use Windows Remote Management. Configure the service in a GPO. Add the users' computers into the Security Filtering of the GPO.
C 22_ You are the network administrator for your company. The company's network consists of Windows Server 2008 and Windows Vista computers. The company has a main office and a branch office. The main office contains a Windows Server Update Services (WSUS) server.
You install WSUS 3.0 on one of the Windows Server 2008 computers in the branch office. You want to create a computer group to target the portable computers in the branch office to receive specific updates. However, when you go to the Computers page of the WSUS Administration console to create the group, groups have already been created. You are unable to create new groups.
What did you do wrong?
You installed the incorrect version of WSUS.
You installed the WSUS server as a replica in the branch office.
You lack the appropriate permissions to perform the procedure.
You installed the WSUS server as a downstream server
C 23_ You are the administrator for the Verigon Corporation. Your company has purchased another company, the Nutex Corporation. Verigon and Nutex have separate Active Directory forests.
The server5.nutex.com application server must exchange data with the server7.verigon.com database server. The data transfer must be secure. Users in the Nutex domain must be able to communicate with server5.nutex.com. Users in the Verigon domain must communicate with server7.verigon.com.
You use the Windows Firewall with Advance Security to create a connection rule. What must you configure? (Choose two. Each correct answer presents part of the solution.)
Tunnel Rule with Kerberos authentication
Server-to-Server rule with Kerberos authentication
Server-to-Server rule with PreShared Key authentication
Request authentication for inbound and outbound connections
Require authentication for inbound and outbound connections
C 24_ You are a server administrator for your organization. You have deployed Windows Server 2008 on the domain controllers. The client computers in your organization run Windows XP Service Pack 3 (SP3) or Windows Vista SP1. You have deployed Active Directory Domain Services (AD DS) and Active Directory Certificate Services (AD CS) on a Windows Server 2008 domain controller.
You are setting up AD DS auditing. You need to enable and view all four directory service policy subcategories on a Windows Server 2008 domain controller.
What should you do?
Enable the global Audit directory service access audit policy, and run GPedit.msc to view the audit policy subcategories.Enable the Audit object access audit policy, and run GPedit.msc to view the audit policy subcategories.Enable the Directory Service Changes audit policy subcategory, and run Auditpol.exe to view the audit policy subcategories.Enable the Directory Service Access audit policy subcategory, and run Auditpol.exe to view the audit policy subcategories.
C 25_ You are the network administrator for your company's Atlanta office. Your company has a branch office in Miami. The company has deployed Windows Server 2008 on domain controllers and Windows Vista on client computers. In the Miami office, Windows Server Update Services (WSUS) 3.0 has been installed on a Windows Server 2008 domain controller.
You network experienced an application failure of the entire site in the Atlanta office caused by the installation of an untested update. You decide to implement a test lab containing a representation of all computer types in the Atlanta office. Your goal is for these computers to receive updates first, and for the other computers in the Atlanta site to receive the updates after testing.
Which of the following approaches would achieve this goal in the most efficient manner with the least amount of administrative effort? (Choose all that apply.)
Use client-side targeting to populate a group with the test lab computers.
Use server-side targeting to populate a group with the test lab computers.
Create a replica server of the Miami WSUS server in the Atlanta office.
Create the Miami WSUS server as a downstream server of the Atlanta office.
Only approve updates for the All Computers group after testing them on the test lab computers.
Only approve updates for the test lab computers after testing them on the All Computers group.
C 26_ You are the administrator for a company that manufactures automobiles. All servers in your domain run Windows Server 2008, and all computers run Windows Vista. For guest use, you have a set of desktop computers in the lobby of your building and a desktop computer on a desk near the elevator on each floor of the building.
Employees and guests use the same version of Windows Vista. You want to ensure that these computers comply with health and security compliance policies before getting an IP address to connect to the network. You have installed a Network Policy Server. Which condition should you include in your Network Access Policy (NAP) to ensure the computers meet health and standard compliance policies?
Create a Machine Groups condition
Create an MS-Service Class condition
Create an Operating System condition
Create a Client IPv4 Address condition and specify the subnet of the guest computers
C 27_ You are the network administrator for your company. The company's network consists of Windows Server 2008 domain controllers and Windows Vista client computers. You have installed Windows Server Update Services (WSUS) 3.0 on a Windows Server 2008 domain controller named MS_WSUS.
Your organization also has a branch office. You are configuring another Windows Server 2008 machine, named BR_WSUS, as a WSUS server in the branch office. You need to recommend a solution to ensure that a WSUS server in the branch office will automatically pull the configuration information from the MS_WSUS server installed in the main office every time there is an update.
What should you do?
Export the update metadata and content from MS_WSUS to a DVD, and then import the content from the DVD to BR_WSUS. On MS_WSUS, select BR_WSUS as the source server on the Choose Upstream Server page of the WSUS Administration console, and click Next. On BR_WSUS, select MS_WSUS as the source server on the Choose Upstream Server page of the WSUS Administration console, and click Next.On BR_WSUS, configure the Microsoft Update server as the source server on the Choose Upstream Server page of the WSUS Administration console, and click Next.
C 28_ Your company has a main office and two branch offices. All offices have connections to the Internet. The two branch offices have a low-bandwidth link to the main office, but a high-bandwidth link to the Internet.
You are in responsible for managing updates and security patches for computers in your company. You want to centrally manage which updates get installed on each computer in all offices.
What should you do? (Choose all that apply. Each correct answer presents part of the solution.)
Install WSUS servers in each branch location only.
Install a central WSUS server in the main office and a downstream WSUS server in each branch office.Configure downstream servers to obtain information on which updates to download from a central WSUS server.
Configure downstream servers to pull updates from the Microsoft Update Web site.
Configure downstream servers to pull updates from a central WSUS server.
Configure clients to pull updates from the WSUS server in their location.
Configure clients to pull updates from the WSUS server in the main office.
C 29_ You are a server administrator for your organization, where you deployed Windows Server 2008 on the domain controllers and Windows Vista on the client computers. You have deployed Active Directory Domain Services (AD DS) and Active Directory Certificate Services (AD CS) on a Windows Server 2008 domain controller. You are setting up AD DS auditing to audit changes to objects in AD DS.
Which audit subcategory should you enable to audit such changes without enabling other policy subcategories?
Directory Service Access
Directory Service Changes
Directory Service Replication
Detailed Directory Service Replication
D_ Planning Application and Data Provisioning
D 1_ You are a server manager for your company. Your organization has a single Active Directory domain that contains Windows Server 2008 domain controllers. You have installed Windows Vista Service Pack 1 (SP1) on the client computers in your organization.
You have deployed a third-party anti-virus software on all computers in your organization. You need to ensure that all client computers in your organization receive updates for the anti-virus software as soon as the software updates are released. You have implemented Windows Server Update Services (WSUS) 3.0 to download updates from the Microsoft Update Web site.
What should you use with WSUS to scan and apply updates on client computers?
Courier Sender Manager
System Center Configuration Manager 2007
System Manager Server
Windows Installer 2.0
D 2_ You are the administrator for the Verigon Corporation. You want to allow users who work from home or on the road to access computers on the Active Directory domain securely over using Remote Desktop Protocol (RDP). You install a Windows Server 2008 computer in a screened subnet with Terminal Services and the TS Gateway role service installed. (Click the Exhibit(s) button to view the network structure.)
You want to ensure that the TS Gateway server performance is optimized. What else must you do to configure all remote office workers to securely connect to the computers on the Verigon domain through a TS Gateway? (Choose six. Each answer presents part of the solution.)
Open port 3389 on the external firewall.
Open port 3389 on the internal firewall.
Open port 443 on the external firewall.
Open port 443 on the internal firewall.
Open port 80 on the internal firewall.
Obtain and configure a certificate for the TS Gateway server.
Create a Terminal Services resource authorization policy (TS RAP).
Create a Terminal Services connection authorization policy (TS CAP).
Limit the maximum number of simultaneous connections though the TS Gateway server.
D 3_ You are a server manager for your organization. Your organization has a single Active Directory domain that contains Windows Server 2008 domain controllers and Windows Vista client computers.
You have recently installed Microsoft System Center Configuration Manager 2007 on a Windows Server 2008 server. You plan to use Configuration Manager 2007 to apply software updates to client computers in your organization.
What must you do to apply software updates on client computers?
Install Windows Installer 2.0.
Configure the software Distribution component settings.
Install Windows Server Update Services (WSUS) 3.0.
Configure a distribution point.
D 4_ You are the server administrator for your organization. You have deployed Windows Server 2008 domain controllers and Windows Vista client computers in an Active Directory domain. You have deployed the Terminal Services role on a Windows Server 2008 domain controller named WS-TS. You have installed a legacy application on WS-TS. You need to recommend a solution to ensure that users can access legacy application installed on WS-TS using their client computers.
What should you do?
Create a Windows Installer (.msi) package for the legacy application.
Create an .rdp file for the legacy application.
Add the legacy application to the RemoteApp programs list on WS-TS.
Configure the TS Web Access feature on WS-TS.
D 5_ You are the administrator for your company. Your company has a single Active Directory domain. All the servers run Windows Server 2008, and all the clients run Windows Vista or Windows XP with Service Pack 2.
You have a Web site running on server called Web1. You want to have an application accessed remotely via a link to the program on the Web site of Web1 by using the Terminal Services Web Access features in Windows Server 2008 Terminal Services. The application should appear as if it is running local on the user's machine. What should you do? (Choose three. Each correct answer presents part of the solution.)
Install the Terminal Server and TS Web Access roles on Web1.
Install the Terminal Server and TS Session Broker roles on Web1.
Ensure that the Windows Process Activation Service feature of the Web Server (IIS) role is installed on Web1.
Install the Web Server (IIS) role and Windows Deployment Services on Web1.
Use the TS RemoteApp Manager MMC snap-in to add a program the RemoteApp program's list.
Upgrade all Windows XP client computers to Windows Vista.
D 6_ You are a server administrator for your organization. You have recently upgraded the domain controllers to Windows Server 2008 in the Active Directory domain. All client computers run Windows Vista.
You install the File Services role on a Windows Server 2008 domain controller named W2K8-FS. You share a folder that contains several important reports on W2K8-FS. You configure files and programs in the shared folder on W2K8-FS to be available even if the server goes down. Users still complain that they cannot access files stored in the shared folder when the server is not available.
What should you do?
Click the Enable Offline Files button in the General tab of the Offline Files window on W2K8-FS.Click the Enable Offline Files button in the General tab of the Offline Files window on the client computers.Select the Enable Offline Files check box in the Offline Files tab in the Folder Options window on the client computers.
Select the Enable Offline Files check box in the Offline Files tab in the Folder Options window on W2K8-FS
D 7_ You are the administrator for the Nutex Corporation. You have configured a TS Gateway server to allow users to work from home and securely connect to internal computers via Remote Desktop Protocol (RDP). You have configured a Terminal Services communication authorization policy (TS CAP) and a Terminal Services resource authorization policy (TS RAP). All of the desktop computers run Windows Vista, and all of the servers run Windows Server 2008. All computers on the domain have static IP addresses.
A user in the office, Michelle Smith, sometimes connects via Remote Desktop to another computer on the network by using its IP address. When Michelle tries to connect to the computer from her home through the TS Gateway server, she cannot access the target computer. She can successfully connect to the target computer from her home using the target computer's computer name.
What could you do to fix the problem?
Reconfigure the TS CAP.
Add the computer to a TS-Gateway-managed computer group by computer name and then by IP address.
Add A records in DNS.
Add PTR records in DNS.
D 8_ You are the administrator for your company. You have a Windows Server 2008 server with the IIS role installed. There is an ASP.NET application running on the Web site that is used by all employees in the company.
You notice that the performance of the Web site slows down at peak times during the day. You want to ensure that you have improved performance during peak times of the day and that the potential for denial of service attacks is reduced. What should you configure? (Choose two. Each correct answer is part of the solution.)
Ensure that the HTTP Keep - Alives setting is disabled.
Ensure that the HTTP Keep - Alives setting is enabled.
Configure the Connection Time-out setting to 90 seconds.
Configure the Connection Time-out setting to 180 seconds.
Configure the Maximum Number of Tracing files setting to 50.
Configure the Maximum Number of Tracing files setting to 100.
D 9_ You are the domain administrator for Nutex Corporation. All servers in your organization run Windows Server 2008, and all client computers run Windows Vista. A terminal server with the TS Gateway role is installed on a screened subnet. You want to ensure that engineers in the
ColaProjectEmployees group can securely connect via Remote Desktop Protocol (RDP) to computers on the internal network when they are working from home. You configure a Terminal Services Connection Authorization Policy (TS CAP) and a Resource Authorization Policy (TS RAP). (Click the Exhibit(s) button to view the policies.)
David, a member of the ColaProjectEmployees group, connects remotely to some internal computers with smart card authentication, and to others with password authentication. David reports to you that he cannot connect to the cola75 computer with either smart card authentication or password authentication.
What should you do? (Choose two.)
Ensure that the ColaProjectEmployees group is added to the User Groups tab on the TS RAP.
Ensure that the Domain Users group is added to the User Groups tab on the TS RAP.
Add the cola75 computer to the ColaProjectComputers group.
Configure David's account to use smart card authentication only.
Configure the cola75 computer to use password authentication only.
Configure smart card authentication only in the TS CAP
D 10_ You are the administrator for your company. Your parent company has upgraded the domain. All servers run Windows Server 2008, all desktop clients run Windows Vista, and all portable client computers run Windows XP Professional. You have configured a domain-based Distributed File System (DFS) namespace. The functional level of your domain is Windows Server 2008.
Several salespeople complain that their portable computers take an excessively long time to synchronize their offline files when they return to the office. What should you do to fix the problem while incurring the least possible expense?
Ensure that Service Pack 2 is installed on the portable computers.
Upgrade or replace all portable computers with Windows Vista.
Ensure the Volume Shadowing is enabled on the file servers.
Ensure that the File Replication Service is used.
D 11_ You are a server administrator for your organization. You have recently upgraded the domain controllers to Windows Server 2008 in the Active Directory domain. All client computers run Windows XP Service Pack 2 (SP2).
You install the Terminal Services and File Services roles on a Windows Server 2008 domain controller named W2K8-TFS. On that domain controller, you have shared a folder that contains several important reports. You take the server offline for maintenance once a week. Users complain that they cannot access files stored in the shared folder during the maintenance window.
You need to recommend a solution to ensure that users can access shared files and folders on the server, even if the server is taken offline for maintenance.
What should you do?
Click Edit in the Security tab to change access permissions for the shared folder.
Click Permissions in the Advanced Sharing window to change access permissions for the shared folder.
Click Advanced in the General tab to change advanced settings for the shared folder.
Click Caching in the Advanced Sharing window to change settings for the shared folder.
D 12_ You are a network administrator for an organization. Your organization has a single Active Directory domain that contains Windows Server 2008 domain controllers. You have deployed the Terminal Services role on a Windows Server 2008 domain controller named SRV-TS. You have installed a legacy application on SRV-TS. You want to ensure that remote users can access the legacy application through TS RemoteApp.
You need to recommend a solution to create a shortcut icon for the RemoteApp program in the Start menu for client computers. What should you do?
Create an .rdp file, and specify the location for the program's shortcut icon on the Specify Package Settings page.Create an .msi file, and specify the location for the program's shortcut icon on the Specify Package Settings page.Create an .rdp file, and specify the location for the program's shortcut icon on the Configure Distribution Package page.Create an .msi file, and specify the location for the program's shortcut icon on the Configure Distribution Package page.
D 13_ You are a server administrator for your organization. Your organization has a single Active Directory domain that includes Windows Server 2008 domain controllers. You have deployed Windows Vista on client computers. You have shared folders on a Windows Server 2008 Server Core computer.
John is a new employee in your organization and needs to add documents to the shared folder in the c:\documents directory. The Domain Users group has been granted the Allow - Change permission to the share.
Which command should you use to assign the appropriate permissions to John?
Icacls c:\documents /R John
Icacls c:\documents /R John:w
Icacls c:\documents /G John
Icacls c:\documents /G John:w
D 14_ You are a network administrator for Nutex Corporation. You have deployed Windows Server 2008 domain controllers and Windows Vista Service Pack 1 (SP1) client computers in your organization. You have installed several server applications on a Windows Server 2008 named WS08-HP.
You are using Windows System Resource Manager (WSRM) to control CPU utilization for applications on WS08-HP. You notice that a line of business (LOB) application named nutex.exe is consuming excessive CPU. All other applications are being administered for CPU and memory usage using custom and built-in policies of WSRM.
What should you do to control CPU usage for nutex.exe?
Create a built-in resource allocation policy.
Create a custom resource allocation policy.
Remove the application from the user-defined exclusion list.
Add the application to the user-defined exclusion list.
D 15_ You are a network administrator in an organization. You have deployed Windows Server 2008 on domain controllers and Windows Vista Service Pack 1 (SP1) on client computers. You have installed the Terminal Services role and the File Server role on a Windows Server 2008 computer named WS08-SEV. You have also installed Windows System Resource Manager (WSRM) on WS08-SEV to ensure that each user and each session is allocated an equal share of CPU and memory. Finally, you have configured an accounting database for WSRM to store accounting information.
You notice that the accounting database is reaching its storage limit. You need to defragment the accounting database to reduce the disk space.
What should you do first to defragment the accounting database for WSRM?
esentutl /d
net stop wsrm
net start wsrm
defrag.exe
D 16_ You are the administrator of a company that produces parts for the aerospace industry. You have a single domain. All servers use Windows Server 2003 or Windows Server 2008. Most of your client computers run Windows Vista, but a few still run Windows XP Professional. You have a Distributed File System (DFS) namespace to help distribute shares throughout the domain.
Several of the Windows XP clients receive the following error message:"Reconnecting to the network causes a synchronization to occur. In order to
begin synchronizing, all your files and folders must be closed."
You investigate the problem and do not find anything wrong with the bandwidth between the clients and the servers. You want to prevent the problem from occurring. What should you do? (Choose two. Each correct answer presents part of the solution.)
Upgrade all Windows XP clients to Service Pack 2.
Ensure that all Windows XP clients have the RDP client 6.x installed.
Upgrade or replace all Windows XP clients with Windows Vista.
Ensure that all Windows Server 2003 file servers have Service Pack 2.
Upgrade all servers to Windows Server 2008.
D 17_ You are a network administrator for your company. You have recently upgraded the domain controllers to Windows Server 2008 and the client computers to Windows Vista in the company's network. You have installed the Terminal Services role on a Windows Server 2008 server named WS08-TS. You need to recommend a solution to ensure that users connecting to WS08-TS get an equal share of memory resources from WS08-TS.
What should you do? (Choose two. Each correct answer presents part of the solution.)
Click Features in the Server Manager console.
Click Roles in the Server Manager console.
Click the Add Features link, and install Windows System Resource Manager (WSRM).
Click the Add Features link, and install Connection Manager Administration Kit.
Click the Add Roles link, and install the Application Server role service.
Click the Add Roles link, and install the UDDI Services role service.
D 18_ You are the server administrator for your organization. Your organization has multiple Active Directory domains that include Windows Server 2008 domain controllers. You have deployed Windows Vista on all client computers. Your organization has multiple Windows Server 2008 servers configured with the File Services role.
You need to recommend a solution to ensure that multiple shared folders located on different file servers appear as a single shared folder to users in the organization.
What should you do?
Enable offline caching.
Implement Distributed File System (DFS) replication.
Implement a DFS namespace.
Implement volume shadowing.
D 19_ You are the administrator of your company's single Active Directory domain. You want to consolidate several line-of-business (LOB) applications on a single terminal server named TS1.
You want to ensure that users are able to access the LOB applications through Internet Explorer. The users should interact with the program that is running on the terminal server as if it were running locally.
What must you install on TS1?
Terminal Services Session Broker service
TS Web Access service
TS Gateway Service
Network Policy and Access Service
D 20_ You are a network administrator for your organization. Your organization has a single Active Directory domain that contains Windows Server 2008 domain controllers. You have deployed the Terminal Services role and the Web Server (IIS) role on a Windows Server 2008 domain controller named SRV-TWS.
You need to recommend a solution to ensure that remote users can run legacy applications available in the RemoteApp list on SRV-TWS. You have created a remote desktop protocol (.rdp) file to enable remote users to access the legacy applications in the RemoteApp programs list.
What should you use to distribute the .rdp file to remote users? (Choose all that apply.)
Windows Server Update Services (WSUS)
File share
Software Metering feature in Configuration Manager
Collections feature in Configuration Manager
Terminal Services Session Broker
D 21_ You are the administrator for your company's single Active Directory domain. All servers in your company run Windows Server 2008, and all clients run Windows Vista. You want to virtualize different applications so that they are never installed on client computers and are dynamically delivered on demand.
What must you install?
Microsoft Application Virtualization for Terminal Services
Hyper-V
Microsoft Virtual Server
Microsoft Virtual PC
D 22_ You are the server administrator for your organization. You have deployed Windows Server 2008 domain controllers in your Active Directory domain. The client computers in your organization run Windows XP Service Pack 2 (SP2) or Windows Vista SP1.
The Sales group is using a line-of-business application. You have recently implemented Microsoft System Configuration Manager 2007. Your organization needs the line-of-business application installed on computers in the Sales group.
Which feature of Configuration Manager 2007 should you use?
Software Metering
Software Distribution
Software Updates
Collections
D 23_ You are the administrator of the Nutex Corporation. Nutex has just purchased its rival, the Verigon Corporation. Verigon has several line-of-business (LOB) applications on a variety of Windows operating system versions and configurations.
You plan to integrate Verigon as a subdomain in the Nutex Active Directory tree. All of the Verigon servers run either Windows Server 2003 or Windows Server 2008. All client computers run either Windows 2000 Professional with Service Pack 6 or Windows XP with Service Pack 2.
You need to reduce the costs associated with Verigon's client computers and Verigon's LOB applications. You decide to reduce the number of servers that run the LOB applications.
What should you do? (Choose all that apply. Each correct answer presents part of the solution.)
Install the LOB applications on a Windows Server 2008 terminal server.
Make the applications available through TS RemoteApp.
Configure the Telnet service to be Automatic on the Terminal Service.
Make the applications available through the Terminal Services Session Broker service.
Upgrade the Windows 2000 Professional Computers to Windows Vista.
Upgrade all client computers to Windows Vista.
Install the Remote Desktop Client 6.x on all client computers.
D 24_ You are the administrator for your company which imports goods from Ireland to the United States. You have several branch offices located in the United States, configured as separate sites. All
clients run Windows Vista. The domain controllers are a combination of Windows Server 2003 and Windows Server 2008 servers. The file servers all run Windows Server 2003.
You have multiple shares on file servers at different locations which are connected via a domain-based namespace. You notice an occasional problem when a server that was taken offline for maintenance overwrites fresh data when it comes back online. What can you do to prevent stale data from appearing?
Upgrade all servers to Windows Server 2008, and use volume shadowing.
Disable offline caching on the client computers.
Upgrade all servers to Windows Server 2008, and use DFS replication.
Upgrade all servers to Windows Server 2008, and use File Server Resource Manager
D 25_ You are the administrator of your company's domain. You have users that need access to the Software share. The software share allows all users to read files. The SoftwareTesters group should have permission to add files to the folder. (Click the Exhibit(s) button to view the permissions.)
When Michelle Smith of the SoftwareTesters group attempts to copy a file to the Software share, she receives an error.
What could be the problem?
Michelle has an explicit permission of Deny - Change on the share.
The SoftwareTesters group has an explict permission of Allow - Modify to the folder.
The Domain Users group has an explicit permission of Allow - Read to the folder.
The Everyone group has an explicit permission of Allow - Read on the share.
D 26_ You are the administrator for your company. The company has a single Active Directory domain with three branch offices in separate locations. In one of the branch offices, there is limited local IT support and limited bandwidth.
You want to deploy multiple versions of an application, but you do not want these multiple versions to conflict with any version already installed locally. What should you do?
Use the Terminal Services Session Broker.
Use Terminal Servers RemoteApp.
Enable Remote Assistance on all client computers in the branch offices.
Install and use the TS Licensing role.
E_ Planning for Business Continuity and Hight Availability
E 1_ Your company consists of two offices in different cities. The offices are connected through a private WAN link. All servers in both offices run Windows Server 2008 and are assigned static IP addresses.
You are planning a DHCP infrastructure for the network. There are several thousand client computers in each office. All client computers must be configured as DHCP clients. The DHCP infrastructure must be fault tolerant. Failure of any one component should not disrupt DHCP services. You must implement a solution that requires the minimum number of computers and that will minimize the volume of TCP/IP configuration traffic on the WAN connection.
What should you do?
In each office, install two DHCP servers, and configure them as a server cluster.
In each office, install one DHCP server with two scopes.
Install a DHCP server with two scopes in one office, and install a DHCP relay agent in the other office.In one office, install two DHCP servers, and configure them as a server cluster. In the other office, install two DHCP relay agents, and configure them as a server cluster
E 2_ You are a network administrator for an organization that provides training to IT professionals. You have to deliver a class that requires you to load several virtual machines running Windows Server 2008 on a single computer. Your computer must support at least 48 GB of memory. None of the virtual hard drives will be larger than 4 GB.
Which editions of Windows Server 2008 can you install to achieve the objective? (Choose two.)
Windows Server 2008 Standard edition on a 64-bit computer
Windows Server 2008 Standard edition on a 32-bit computer
Windows Server 2008 Datacenter edition on a 64-bit computer
Windows Server 2008 Enterprise edition on a 64-bit computer
E 3_ You are the administrator for a single Active Directory domain. You have to upgrade all client computers to Windows Vista. All servers in the network run either Windows Server 2003 or Windows Server 2008. You want to create a storage design infrastructure that can use block-based storage over an existing IP network infrastructure.
What should you implement?
Implement iSCSI.
Implement Fiber Channel.
Implement Virtual Disk Service.
Implement Serial ATA.
E 4_ You are the network administrator for the Verigon Corporation. All your domain controllers run Windows Server 2008.
You want to create multiple snapshots of the Active Directory Domain Services (AD DS). You want to be able to choose which snapshot to use to restore deleted data with the Active Directory database mounting tool.
What should you use to create different snapshots of the AD DS?
ntdsutil snapshot
ntbackup /snap
ldp.exe
dsmod.exe
E 5_ You are the administrator for your company's domain. All your servers run Windows Server 2008, and all your clients run Windows Vista. You plan to create a failover cluster with iSCSI disks. You are using third-party software to configure the iSCSI target.
What should use to test whether your system, storage, and network configuration is suitable for a cluster?
Install the Cluster Validation Tool.
Run nlb.exe.
Run wlbs.exe.
Run verclsid.exe.
E 6_ You are the administrator for your company's Active Directory domain. All of your domain controllers run Windows Server 2008. All your file servers are a mixture of Windows Server 2003 and Windows Server 2008. You have several Exchange 2007 Servers and SQL Server 2005 servers. You clients are a mixture of Windows XP Professional with Service Pack 2 and Windows Vista Business edition.
You want to ensure that you will be able to do the following:
Provide protection from network outages and hardware failures. Provide backups of all servers on the network.
What should you use?File Resource Manager
System Center Data Protection Manager (DPM) 2007
Windows System Resource Manager (WSRM)
SyncToy 1.4
E 7_ You are the server administrator for your organization. Your organization has a single Active Directory domain where you have deployed Windows Server 2008 domain controllers. You have installed Windows SharePoint Services (WSS) and Windows Server Update Services (WSUS) on a Windows Server 2008 domain controller named W2K8-WS.
Which feature should you install or enable to collect information for these service roles?
Install the failover clustering feature.
Install the Windows Internal Database feature.
Install the Removable Storage Manager (RSM) feature.
Install the Storage Manager for Storage Area Networks (SAN) feature.
Enable the network adapter in multicast mode.
E 8_ You are the administrator of your company's single Active Directory domain. You want to improve the performance and fault tolerance of your current file system.
You upgrade all file servers to Windows Server 2008. Your company has purchased several Network Attached Storage devices. You want to have a Storage Area Network (SAN) solution that has data redundancy and data security and can run over the current IP network.
Which type of solution should you implement? (Choose all that apply.)
Implement a Fiber Channel RAID-0 disk subsystem
Implement a Fiber Channel RAID-1 disk subsystem
Implement an iSCSI RAID-0 disk subsystem
Implement an iSCSI RAID-1 disk subsystem
Implement IPsec on the network
Implement SMB signing on clients and servers
E 9_ You are a server administrator for your organization. Your organization has a single Active Directory domain that includes only Windows Server 2008 domain controllers.
Your organization manages confidential data. You need to perform a full backup of domain controllers in your organization to ensure that full server recovery can be done in event of domain controller failures.
Which command should you use while scheduling a backup?
Wbadmin start sysrecovery -version:<MM/DD/YYYY-HH:MM>
Wbadmin get disks
Dsamain.exe enable backup -addtarget:DiskIdentifier
Ntdsutil.exe get disks
E 10_ You are the administrator for your company's domain. You want to set up a Web site that is available for customers to order products. Customers should be able to browse the inventory and search all products in the inventory database.
The inventory database is kept on a SQL Server 2005 server. You want to ensure that customers can order products even when the database server fails. You also want to ensure that performance of the Web site does not deteriorate as demand increases. What should you do? (Choose two. Each correct answer presents part of the solution.)
Install multiple IIS servers as front-end servers, and configure them in a NLB cluster.
Install multiple IIS servers, and configure them in a cluster.
Install multiple SQL Server 2005 servers, and configure them in a server cluster.
Install multiple SQL Server 2005 servers as front-end servers, and configure them in a NLB cluster.
Install IIS on a server. and configure a Web garden.
E 11_ You are the administrator for the www.globecomm.com domain. You have an application server named App1 that runs Windows Server 2008. App1 has the file server role installed. You have enabled shadow copies for all volumes and installed the Windows Server Backup Features.
A backup is configured to back up all the server volumes each day. You have recently downloaded security updates that copied newer .DLL files to App1. Soon after this, users report errors with the application running on App1. You want to return to the previous versions of the .DLL files until the application vendor resolves the problem. What should you do to solve the problem?
Use shadow copies to retrieve the previous versions of the .DLL files.
Use wbadmin to retrieve the .DLL files.
Use ntbackup.exe to retrieve the .DLL files.
Use Xcopy to copy the previous versions of the .DLL files from the shadow copy.
E 12_ You are the administrator for your company's Active Directory domain. You have a file server that contains confidential data. The hardware on the server will soon be upgraded. The file server runs Windows Server 2008 and has two volumes: the Windows operating system volume and the Data volume. You want to ensure that the data stored on the Data volume is secure since the Data volume is currently stored on a portable hard drive. You want to ensure that if the server or the drive is stolen from the company premises, the confidential data cannot be retrieved.
What should you do?
Encrypt the Data volume with BitLocker.
Use Encrypting File System (EFS) to encrypt the data on the Data volume.
Run cipher *.* /I /H /S from the root of the Data volume.
Run certuil *.* /hashfile from the root of the Data volume
E 13_ You are the network administrator for a company that is an Original Equipment Manufacturer (OEM). The company has a main office and three branch offices. The company's network consists of a single Active Directory domain. The branch offices have static IP addresses.
The current DHCP addressing solution for the company uses a split scope between two DHCP servers in the main office. (Click the Exhibit(s) button to view the DHCP address solution.)
You want to use leased addresses in all your branch offices and eliminate the 80/20 split scope for the main office. You want to have a leased scope for each subnet in the main office and branch offices. You need to recommend a DHCP addressing solution for all offices that does not use the 80/20 split scopes. Your recommendation must meet the following requirements:
Minimizes network traffic between offices. Allows clients in each office to automatically obtain IP addresses even if a single DHCP server
fails
What method will you recommend?
Configure the DHCP Server service on a failover cluster.
Configure the DHCP Server service on a network load balancing cluster.
Configure a DHCP relay agent in the main office.
Configure a standby DHCP server in each office
E 14_ You are the administrator of your company's single Active Directory domain. The domain controllers run Windows Server 2008. The file servers are a mixture of Windows Server 2003 and Windows Server 2008.
Recently you were not able to recover deleted and different versions of files for the Accounting department. You want to recover deleted files or different versions of files from multiple points in time on a group of eight file servers in your accounting department. You also want to be able to review different versions of tax department records from the different file servers if a file is changed.
What should you configure?
System Center Data Protection Manager (DPM) 2007.
Windows System Resource Manager (WSRM).
Implement domain-based DFS namespace.
Implement standalone DFS namespace.
E 15_ You are the administrator of a company that sells tickets for sporting events. You have several clients that need access to Terminal Services. You need to provide a solution to provide load balancing and to distribute the session load between servers.
What must you install on the terminal server?
Install the TS Web Access role service.
Install the TS Session Broker role service.
Install the TS Licensing role.
Install Windows System Resource Manager 2007 (WSRM).
E 16_ You are the administrator for a single Active Directory domain. All servers in the domain run Windows Server 2008, and all clients run Windows Vista. You have many clients that use Terminal Services. You want to create a Terminal Services Farm that provides some fault tolerance in the event that a server is unavailable. To achieve this, you do the following:
Install several Terminal Services (TS) servers. Install the TS Session Broker Role Service.
Populate the Session Broker Computers Local Group.
Join the terminal servers to the Session Broker group, and configure them to participate in the load balancing.
You want to provide load balancing for the application with the capability to detect offline servers for initial connectivity. You also want to minimize expenses.
What should you configure next?Configure Network Load Balancing (NLB) between the terminal servers
Configure DNS round robin and Session Broker Load Balancing (SBLB)
Configure Network Load Balancing (NLB) and Session Broker Load Balancing (SBLB)
Configure a hardware load balancer
E 17_ You are the administrator for a company that manufactures industrial chemicals. All servers in the single domain run Windows Server 2008, and all clients run Windows Vista. You want to create a Terminal Services Farm that provides fault tolerance in the event that a server is unavailable. What must you configure to provide load balancing? (Choose all that apply.)
Install the TS Session Broker role service.
Install the TS Licensing role.
Install Windows System Resource Manager 2007 (WSRM).
Populate the Session Broker Computers Local Group.
Populate the TS Web Access Computers Group.
Populate the TS Web Access Administrators group.
Manage the terminal servers with WSRM and configure them to participate in the load balancing.
Add the DNS entries for the terminal servers.
E 18_ You are the administrator for the Nutex Corporation. The company's domain is a single Active Directory domain. All domain controllers run either Windows Server 2003 or Windows Server 2008, and all file servers run Windows Server 2008. All client computers run either Windows XP Professional with Service Pack 2 or Windows Vista.
You want to install System Center Data Protection Manager (DPM) 2007 to ensure rapid and reliable data recovery. What must you do?
Install the DPM 2007 on a Windows Server 2008 domain controller.
Ensure that Service Pack 2 is installed on any Windows Server 2003 server before installing DPM 2007 on the server.Upgrade all Windows Server 2003 domain controllers to Windows Server 2008. Raise the functional level of the domain to Windows Server 2008.
Configure an NTFS volume of 1 GB or less on each protected computer.
E 19_ You are the administrator of a company that manufactures consumer pharmaceutical products. You have a head office in Austin, Texas, and several branch offices across the southeastern United States. The company has a single Active Directory domain, and each branch office is configured as a separate site. All of your servers run Windows Server 2008. All of your desktop computers run Windows XP Professional. All laptop computers run Windows Vista.You have many employees that visit different offices in the company. You want to make sure that all clients have the latest patches and security updates. You have a domain-based DFS and DFS replicas in each location. To ensure the availability of the WSUS servers, you move the patch content files off each WSUS server to a DFS share that is commonly available to other WSUS servers. What else must you do to ensure that your WSUS infrastructure is highly available? (Choose all that apply.)
Create a single DNS entry that points to the IP address of each WSUS server.
Configure the DNS entry as the Windows Update Server in Group Policy, and link the policy to each site.Configure the DNS entry along with http : //update.microsoft.com as the Windows Update Server in Group Policy, and link the policy to each site.
Create a Network Load Balancing cluster for the file servers that contain shares for DFS.
Disable netmask ordering on the DNS server.
E 20_ You are the server administrator for your organization. You have deployed Windows Server 2008 on all servers in your organization.
You want to provide fault tolerance on a Windows Server 2008 computer named SQL_SRV1 that contains a SQL server instance. You want to ensure that the SQL instance can continue if a single physical disk fails. You have installed six physical hard drives on SQL_SRV1 : Disk 0 500 GB
Disk 1 500 GB Disk 2 600 GB Disk 3 600 GB Disk 4 600 GB Disk 5 600 GB You mirror the operating and system files for Windows Server 2008 on a RAID-1 volume containing Disk0 and Disk1 . What should you do to provide fault tolerance and performance for the SQL Server instance?
Create a RAID-0 volume containing Disk2, Disk3, Disk4 and Disk5. Place the database files on this volume. Place the transaction logs on the RAID-1 volume of Disk0 and Disk1.Create a RAID-5 volume containing Disk2, Disk3, Disk4 and Disk5 Place the database files and transaction logs on the volume.Create a RAID-0 volume containing Disk2, Disk3, Disk4 and Disk5. Place the transaction logs and database files on the volume.Create a RAID-1 volume with Disk2 and Disk3. Place the database files on this RAID-1 volume. Create a RAID-1 volume with Disk4 and Disk5. Place the transaction log files on this volume.
E 21_ You are the administrator for the Verigon Corporation. Your company has three Active Directory domains with two branch locations which are configured as separate Active Directory sites. All servers run Windows Server 2008. You employ several people who travel to different branch offices. Each of these employee's portable computers is configured in the MobileMachine Organizational Unit (OU) belonging to the employee's home domain.
Each domain has a GPO that configures local clients to get updates from the local WSUS server. You have a DFS domain-based namespace with DFS servers in each location that contain replicas. (Click the Exhibit(s) button to see the Active Directory structure.)
You want to ensure that your roaming clients are configured to get patches and security updates from the local Windows Server Update Services (WSUS) of the location they are currently in, not the WSUS server in their original location. You also want to ensure that the WSUS servers are highly available.
What should you configure? (Choose all that apply.)
Configure an A (host) DNS record for a single fully-qualified domain name that points to the IP addresses of wsus1.verigon.com, wsus2.bhm.verigon.com, and wsus3.chl.verigon.com. Configure a SRV DNS record for a single fully-qualified domain name that points to the IP addresses of wsus1.verigon.com, wsus2.bhm.verigon.com, and wsus3.chl.verigon.com. Configure a single GPO that sets the Windows Update server to the single fully-qualified domain name and link it to each domain.Configure a single GPO that sets the Windows Update server to be wsus1.verigon.com, wsus2.bhm.verigon.com, and wsus3.chl.verigon.com.Set the patch content files for wsus1.verigon.com, wsus2.bhm.verigon.com, and wsus3.chl.verigon.com to use DFS Shares.
Set the patch content files for wsus1.verigon.com, wsus2.bhm.verigon.com, and wsus3.chl.verigon.com to use Volume Shadowing.
E 22_ You are the server administrator for your organization. Your organization has a single Active Directory domain that contains Windows Server 2003 domain controllers. You want to deploy a Windows Server 2008 domain controller in your organization to provide high availability. You plan to install the Hyper-V and Windows Clustering features on Windows Server 2008.
Which edition of Windows Server 2008 should you deploy?
Windows Server 2008 Standard edition
Windows Server 2008 Web edition
Windows Server 2008 Datacenter edition
Windows Server 2008 Itanium edition
E 23_ You are a server administrator for your organization. Your organization has a single Active Directory domain where you have deployed Windows Server 2008 domain controllers.
You are configuring failover clustering for database servers on two Windows Server 2008 servers named W2K8-FCs and W2K8-FC1. You have configured W2K8-FCs and W2K8-FC1 as clustered servers for failover clustering. You need to validate the Active Directory configuration for W2K8-FCs and W2K8-FC1.
What should you do?
Perform a network test using the Validate a Configuration wizard.
Perform an inventory test using the Validate a Configuration wizard.
Perform a storage test using the Validate a Configuration wizard.
Perform a system configuration test using the Validate a Configuration wizard.
Add a second network adapter, and run the Network Load Balancing (NLB) administration tools
Set the network adapter to use multicast mode, and run the Network Load Balancing (NLB) administration tools
E 24_ You are a network administrator for your organization. Your company has an Active Directory forest that runs at the Windows Server 2008 functional level.
You plan to implement RAID 5 on a Windows Server 2008 server named W2K8_SR. There are four disk drives installed on W2K8_SR: DSK-0, DSK-1, DSK-2, and DSK-3. DSK-0, DSK-1, DSK-2, and DSK-3 have 10 GB, 15 GB, 15 GB, and 20 GB of available disk space, respectively. You have stored the operating system and the boot files on DSK-0.
What should you do to implement a volume on W2K8_SR that can support a single drive failure?
Create a striped volume using DSK-1, DSK-2, and DSK-3.
Create a striped volume using DSK-0, DSK-1, and DSK-2.
Create a stripe set with parity using DSK-0, DSK-1, and DSK-2.
Create a stripe set with parity using DSK-1, DSK-2, and DSK-3.
E 25_ You are the administrator for your company' network. You implement a disk storage system on your network that uses block-based storage on a Storage Area Network (SAN) over the existing IP network. The storage system performs well and does not require any special hardware.
After upgrading several servers to Windows Server 2008, you notice some communication failures with the storage system. What must you load on the Windows Server 2008 server to fix the problem?
The latest version of the initiator from the manufacturer of Fiber Channel
The latest version of the Microsoft iSCSI initiator
The latest initiator for the Virtual Disk Service
The latest version of the initiator from the manufacturer to implement Serial ATA
E 26_ You are the administrator for the Nutex Corporation's single Active Directory domain. All the servers in the domain run Windows Server 2008. All client computers run either Windows Vista or Windows XP.
You have a group of file servers in the Accounting Organizational Unit (OU) that contain secure data. You configure the operating system volume on each file server to be encrypted by using BitLocker. You encrypt confidential data on the Data volume with Encrypted File System (EFS). You create backups of the Data volume and store them on another volume, called Backup.
How do you ensure that designated users in the Accounting OU are able to restore the encrypted files to the servers?
Create a global group for the designated users, and add them to the Account Operators group on the servers.Create a global group for the designated users, and add them to the Backup Operators group on the servers.Create a global group for the designated users, and grant them the Create all child objects permission on the servers in the Accounting OU.Create a global group for the designated users, and grant them the Take Ownership permission in the root of the Data volume.
E 27_ You are the administrator of your company's network. All the servers in your domain run Windows Server 2008, and all your clients run Windows Vista. You have added computers in the warehouse for the workers who work the morning and evening shifts. After installing the computers, you receive several requests from warehouse workers to restore files to the server that were accidently changed by the previous shift. You want to allow these workers to retrieve the changed
files without administrative intervention and assign the least permissions possible for them to do so.
What should you do? (Choose two. Each correct answer is part of a single solution.)
Create a global group called WarehouseWorkers that contains all users in the warehouse.
Create a Group Policy that adds WarehouseWorkers to the HelpServices group.
Create a Group Policy that adds WarehouseWorkers to the Power Users group.
Ensure that shadow copies are enabled on the servers.
Ensure that a shadow copy is created every four hours.
E 28_ You are a server administrator of your organization. You have deployed a Windows Server 2008 domain controller in your organization. Another server administrator in your organization has mistakenly deleted an organizational unit (OU) containing users from the Sales group. You need to restore the domain controller.
What should you do before you start the authoritative restore procedure?
Run the wbadmin start systemstaterecovery <otheroptions> -authsysvol command.
Perform a nonauthoritative restore.
Perform a restoration from backup media.
Perform a full server backup.
E 29_ You are a server administrator for your organization. Your organization has a single Active Directory domain that contains only Windows Server 2008 domain controllers.
A Windows Server 2008 domain controller named W2K8-SRV has crashed, and you need to perform a full server recovery.
What should you do?
Perform a nonauthoritative restore of AD DS.
Perform an authoritative restore of AD DS.
Run Dsamain.exe to perform a full server recovery of W2K8-SRV.
Run Ntdsutil.exe to perform a full server recovery of W2K8-SRV.
E 30_ You are the administrator of a company with a single Active Directory domain. All your servers run Windows Server 2008, and all your clients run Windows Vista.
You have employees from different locations who must find parts and part descriptions for customers. You have a Web server that employees can interface with and use their Web browsers to generate a query. The Web server sends the query request to a SQL Server 2005 database server that is in a
two-node cluster configuration.
You want to ensure that users can retrieve information from the SQL server even when the Web server fails. What must you configure?
Install the IIS server role on several servers, and configure the servers into a Microsoft server cluster (MSCS).Install the IIS server role on several servers, and configure the servers into a Network Load Balancing (NLB) cluster.Install the IIS server role and TS Session Broker role on several servers, and configure the servers to use the Session Broker service.Install the IIS server role, and use Windows System Resource Manager 2007 (WSRM) to manage traffic.