|
New Collection: thanks to itcertkeys U MUST VISIT THIS SITE THANKS BUDDY
|
Question 1. You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers in the ABC.com network run Windows Server 2008. The ABC.com network has a file server named ABC-SR07 that hosts a shared folder named ABCDocs. Several Microsoft Word documents are stored in the ABCDocs share. You want to enable document version history on these documents. You also want the documents in the ABCDocs share to be accessed through a Web page. Which of the following roles or services would you install on ABC-SR07 to achieve the desired results cost effectively? A. FTP Server role. B. Application Server role. C. Microsoft Windows SharePoint Services (WSS) 3.0. D. File and Print Services role. E. Microsoft Office SharePoint Server (MOSS) 2007. F. SMTP Server role. Answer: C Explanation: To achieve the desired results without requiring any additional cost, you need to use Microsoft Windows SharePoint Services (WSS) 3.0. Reference: Microsoft Windows SharePoint Services 3.0 and the Mobile Workplace http://download.microsoft.com/download/b/b/6/bb6672dd-252c-4a21-89de- 78cfc8e0b69e/WSS%20Mobile%20Workplace.doc Question 2. You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com with a single site named SiteA. All servers in the ABC.com network run Windows Server 2008. You reorganize the Active Directory infrastructure to include a second site named SiteB with its own domain controller. How would you configured the firewall to allow replication between SiteA and SiteB? A. Enable IPSec traffic to pass through the firewall. B. Enable RPC traffic to pass through the firewall. C. Enable SMTP traffic to pass through the firewall. D. Enable NNTP traffic to pass through the firewall. E. Enable FTP traffic to pass through the firewall. Answer: B Explanation: You should permit RPC traffic through the firewall to enable the domain controllers to replicate between the two sites because the Active Directory relies on remote procedure call (RPC) for replication between domain controllers. You can open the firewall wide to permit RPC's native dynamic behavior. Reference: Active Directory Replication over Firewalls http://technet.microsoft.com/en-us/library/bb727063.aspx Question 3. You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers in the ABC.com network run Windows Server 2008. ABC.com runs a critical application that accesses data that is stored in a Microsoft SQL Server 2005 database server named ABC-DB02. Which of the following options would you choose to ensure that the database is always available? A. Two Windows Server 2008 servers running MS SQL Server 2005 Standard Edition in a Network Load Balancing (NLB) cluster. B. Two Windows Server 2008 servers running MS SQL Server 2005 Enterprise Edition in a Network Load Balancing (NLB) cluster C. Two Windows Server 2008 servers running MS SQL Server 2005 Standard Edition in a Failover cluster. D. Two Windows Server 2008 servers running MS SQL Server 2005 Enterprise Edition in a failover cluster. Answer: D Explanation: To ensure the high availability of the data store, you need to use a Windows Server 2008 failover cluster with shared storage. Failover clustering can help you build redundancy into your network and eliminate single points of failure. Administrators have better control and can achieve better performance with storage than was possible in previous releases. Failover clusters now support GUID partition table (GPT) disks that can have capacities of larger than 2 terabytes, for increased disk size and robustness. Administrators can now modify resource dependencies while resources are online, which means they can make an additional disk available without interrupting access to the application that will use it. And administrators can run tools in Maintenance Mode to check, fix, back up, or restore disks more easily and with less disruption to the cluster You should not use Network Load Balancing (NLB) because it only allows you to distribute TCP/IP requests to multiple systems in order to optimize resource utilization, decrease computing time, and ensure system availability. Reference: High Availability http://www.microsoft.com/windowsserver2008/en/us/high-availability.aspx Question 4. You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers in the ABC.com network run Windows Server 2008. ABC.com has its headquarters in Chicago and sub-divisions in Boston, Atlanta, Miami and Dallas. All domain controllers are currently installed in the Chicago. You need to have new domain controllers installed in the Boston, Atlanta, Miami and Dallas subdivisions. ABC.com issues a security policy for the new domain controllers that states the following: •Unauthorized user must not be able to access the Active Directory database. •Unauthorized user must not be able to boot a domain controller from an alternate boot disk. Which of the following options would you choose to implement the security policy? A. Modify the permissions of the ntds.dat file. B. Configure a read-only domain controller (RODC) in the Boston, Atlanta, Miami and Dallas. C. Disable replication of the Sysvol folder on the new domain controllers. D. Configure Windows BitLocker Drive Encryption (BitLocker) on the new domain controllers. E. Disable the Global Catalog role on the new domain controllers. F. Configure EFS encryption on the new domain controllers. Answer: D Explanation: To configure domain controller at each branch office to ensure that no unauthorized user should be allowed to copy the Active Directory database from a branch office domain controller by starting the server from an alternate startup disk, you need to use Windows BitLocker Drive Encryption (BitLocker) BitLocker allows you to encrypt all data stored on the Windows operating system volume and use the security of using a Trusted Platform Module (TPM) that helps protect user data and to ensure that a computer running Windows Vista or Server 2008 have not been tampered with while the system was offline. In addition, BitLocker offers the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable USB device, such as a flash drive, that contains a startup key. This process will ensure that users can only access all files on the servers if they have the PIN. You cannot use an alternate startup disk to boot the server. Reference: BitLocker Drive Encryption Technical Overview http://technet2.microsoft.com/windowsserver2008/en/library/a2ba17e6-153b-4269-bc46- 6866df4b253c1033.mspx?mfr=true Question 5. You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com that runs at the domain functional level of Windows Server 2008. Which of the following options can be used for tracking any modification to Active Directory Objections? A. Configure a Group Policy to run the Security Configuration Wizard on all computers in the ABC network. B. Configure the Default Domain Controllers Group Policy to audit Directory Services. C. Configure the Default Domain Group Policy to audit Directory Services. D. Enable auditing of the ntds.dat file in the Default Domain Group Policy. E. Enable auditing of the ntds.dat file in the Default Domain Group Policy. Answer: B Explanation: To implement an audit and compliance policy and ensure that all changes made to Active Directory objects are recorded, you need to configure a Directory Services Auditing policy in the Default Domain Controller Policy In Windows Server 2008, you can enable Audit Directory Service Access policy to log events in the Security event log whenever certain operations are performed on objects stored in Active Directory. Enabling the global audit policy, Audit directory service access, enables all directory service policy subcategories. You can set this global audit policy in the Default Domain Controllers Group Policy (under Security Settings\Local Policies\Audit Policy). Reference: Windows Server 2008 Auditing AD DS Changes Step-by-Step Guide http://technet2.microsoft.com/windowsserver2008/en/library/a9c25483-89e2-4202-881cea8e02b4b2a51033.mspx?mfr=true Question 6. You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers in the ABC.com network run Windows Server 2003. You want to install a read-only domain controller (RODC) without upgrading the existing domain controllers Windows Server 2008. What action should you take? (Each correct option will form a part of the answer. Select TWO.) A. Raise the forest functional level to Windows 2000. B. Raise the forest functional level to Windows 2003. C. Raise the forest functional level to Windows 2008. D. Raise the domain functional level to Windows Server 2000 E. Raise the domain functional level to Windows Server 2003 F. Raise the domain functional level to Windows Server 2008 Answer: B, E Explanation: To create an Active Directory forest and domain functional levels to support Read-only domain controllers (RODC) and Windows Server 2003 domain controllers, you need to create both the forest and domain functional levels of Windows Server 2003. This is because only when you use both the forest and domain functional levels of Windows Server 2003, you will be able to support Read-only domain controllers (RODC) and Windows Server 2003 domain controllers. Reference: Appendix of Functional Level Features http://technet2.microsoft.com/windowsserver2008/en/library/34678199-98f1-465f-9156- c600f723b31f1033.mspx?mfr=true Question 7. You work as an enterprise administrator at ABC.com. The ABC.com network has a forest named and ABC.com that runs at the forest functional level of Windows Server 2003. ABC.com has a subsidiary company named TestLabs, Inc. The TestLabs, Inc. network has a forest named and testlabs.com that runs at the forest functional level of Windows Server 2003. All domain controllers on both the ABC.com network and the TestLabs, Inc. network run Windows Server 2008. ABC.com users do not have access to network resources in TestLabs, Inc. TestLabs, Inc. has a file server named TESTLABS-SR07. ABC.com users must be able to access shared folders on TESTLABS-SR07. However, ABC.com users must not be able to access any other network resources in TestLabs, Inc. Which of the following options would you choose to accomplish this task? (Each correct option will form a part of the answer. Select TWO.) A. By raising the forest functional level of ABC.com and testlabs.com to Windows Server 2008. B. By raising the domain functional level of all domains in ABC.com and testlabs.com to Windows Server 2008. C. By creating a forest trust between ABC.com and testlabs.com. D. By setting the Allowed to Authenticate for TESTLABS-SR07. E. By setting the Allowed to Authenticate right on the computer object for the testlabs.com infrastructure operations master object. Answer: C, D Explanation: To ensure that the users in ABC-south.com are denied access to all the resources ABC north.com except the resources on ABC-SR07, you need to create a forest trust between ABC-south.com and ABC-north.com so that resources can be shared between both the forests. You can however set the trust authentication setting to selective authentication so that only selected authentication is allowed. Next you need to set the Allowed to Authenticate right on the computer object for ABC-SR07 so that each user must be explicitly granted the Allowed to Authenticate permission to access resources on ABC-SR07. You should not set the Allowed to Authenticate right on the computer object for the ABC-north.com infrastructure operations master object because Allowed to Authenticate right is set for the users in a trusted Windows Server 2003 domain or forest to be able to access resources in a trusting Windows Server 2003 domain or forest, where the trust authentication setting has been set to selective authentication, each user must be explicitly granted the ‘Allowed to Authenticate’ permission on the security descriptor of the computer objects (resource computers) that reside in the trusting domain or forest. Reference: Grant the Allowed to Authenticate permission on computers in the trusting domain or forest http://technet2.microsoft.com/windowsserver/en/library/b4d96434-0fde-4370-bd29- 39e4b3cc7da81033.mspx?mfr=true Question 8. You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers in the ABC.com network run Windows Server 2008. ABC.com has its headquarters in Chicago and branch offices in Boston. The Boston office is connected to the Chicago by a WAN link. The Chicago office has a DNS Sever named ABC-SR04 that is configured as a single DNS zone. The Boston office has two servers named ABC-SR07 and ABC-SR08. ABC-SR08 hosts shared folders that are only accessed by ABC.com users in the Boston office. You work in the Chicago office while a network administrator named Rory Allen works in the Boston office. ABC.com wants you to ensure that users at the Boston office can log on to the ABC.com domain and can connect to the shared folders on ABC-SR08 even when the WAN link is down. You must allow Rory Allen to configure the servers in the Boston office without allowing him to modify the Active Directory configuration. Which actions should you take to accomplish this task? (Each correct option will form a part of the answer. Choose THREE.) A. By promoting ABC-SR07 to a domain controller. B. By promoting ABC-SR07 to a read-only domain controller (RODC). C. By installing USMT role on ABC-SR07. D. By installing ADMT role on ABC-SR07. E. By installing DNS role on ABC-SR07. F. By adding Rory Allen to the Domain Admins group. G. By creating an organizational unit (OU) for the Boston office. H. By assigning administrative rights to Rory Allen. Answer: B, E, H Explanation: To ensure that the users in the branch office are able to log on to the domain even if the WAN link fails, you need to promote the member server to a read-only domain controller (RODC) because the RODC works as a domain controller and allows log in to the domains except allowing modifications and changes to the Active directory domain. Delegating administrative rights to the local branch office administrator after promoting a member server to a RODC will make sure that branch office administrator is not allowed to initiate any changes to Active Directory but should be allowed to make configuration changes to the servers in the branch office. Configuring the DNS role to the member server, will ensure that the users are allowed to access file shares on the local server in the absence of the WAN link. Without name resolution and the other services that are provided by DNS servers, client access to remote host computers would be prohibitively difficult. DNS servers need to be configured because in intranets computer users rarely know the IP addresses of computers on their local area network (LAN). Reference: DNS Server Role: Read-only domain controller support/ Who will be interested in this server role? http://technet2.microsoft.com/windowsserver2008/en/library/533a1cfc-5173-4248-914c- 433bd018f66d1033.mspx?mfr=true Question 9. You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com and a workgroup named ABCGROUP. All servers in the ABC.com network run Windows Server 2008 and all the client computers run Windows Vista. The ABC.com network has unmanaged network switches and has two servers named ABC-SR07 and ABC-SR08. ABC-SR07 is configured with the Active Directory Domain Services (AD DS), the Active Directory Certificate Services (AD CS) and the Dynamic Host Configuration Protocol (DHCP) service while ABC-SR08 is configured with the Routing and Remote Access Service (RRAS), the Network Policy Service (NPS) and Health Registration Authority (HRA). You notice that the latest Microsoft updates have not been applied to all client computers that are part of the ABCGROUP workgroup. You are concerned that ABC.com users are accessing the local area network (LAN) from these client computers. You want to implement Network Access Protection (NAP) to secure the network by preventing client computers that are not members of the ABC.com network or do not have the latest Microsoft updates from accessing any network servers that are members of the ABC.com domain. Which of the following option would you choose? A. TCP/IP B. 802.1z C. PPTP D. DHCP E. L2TP F. IPsec Answer: F Explanation: To ensure that only the computers that have the latest Microsoft updates installed should be able to connect to servers in the domain and that only the computers that are joined to the domain should be able to connect to servers in the domain, you need to use the IPSec NAP enforcement method. IPsec domain and server isolation methods are used to prevent unmanaged computers from accessing network resources. This method enforces health policies when a client computer attempts to communicate with another computer using IPsec. Reference: Protecting a Network from Unmanaged Clients / Solutions http://www.microsoft.com/technet/security/midsizebusiness/topics/serversecurity/unmanagedclients.mspx Reference: Network Access Protection (NAP) Deployment Planning / Choosing Enforcement Methods http://blogs.technet.com/nap/archive/2007/07/28/network-access-protection-deploymentplanning. aspx Question 10. You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers in the ABC.com network run Windows Server 2008. The ABC.com network has two web servers named ABC-SR07 and ABC-SR08. ABC.com wants to hosts the company's e-commerce Web site named sales.ABC.com on the two web servers. You receive instructions from the CEO to ensure that the Web site is available even when one of the Web servers is offline. The CEO also wants the session state of the web site to be available should one of the web servers be offline. Additionally, you must be able to support the Web site on up to six Web servers with each Web server having a dedicated IP address. What action should you take? A. Configure a two-failover cluster on ABC-SR07 and ABC-SR08. B. Configure multiple ports for the sales.ABC.com web site. C. Configure Network Load Balancing on ABC-SR07 and ABC-SR08. D. Configure the sales.ABC.com web site on each server with the site content on a network share. E. Configure multiple host headers for the sales.ABC.com website. F. Configure multiple IP addresses for the sales.ABC.com website. Answer: C Explanation: To ensure that the users of the website would be able to access the Web site if a single server fails. The website should be scalable to as many as seven Web servers and the web servers should be able to store session-state information for all users. It should also provide support for multiple dedicated IP addresses for each Web server. The Network Load Balancing (NLB) feature in Windows Server 2008 enhances the availability and scalability of Internet server applications such as those used on Web, FTP, firewall, proxy, virtual private network (VPN), and other mission-critical servers. NLB provides high availability of a website by detecting and recovering from a cluster host that fails or goes offline. You should not use failover clustering in this scenario because failover clustering requires shared storage which is not mentioned in this question. Reference: Overview of Network Load Balancing http://technet2.microsoft.com/windowsserver2008/en/library/11dfa41c-f49e-4ee5-8664- 8b81f6fb8af31033.mspx?mfr=true
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.