Microsoft 70-646 ExamPro: Windows Server 2008 - Server Administrator

Total Question: 262 Last Updated: Jul 13,2019
  • Updated 70-646 Dumps
  • Based on Real 70-646 Exams Scenarios
  • Free 70-646 pdf Demo Available
  • Check out our 70-646 Dumps in a new PDF format
  • Instant 70-646 download
  • Guarantee 70-646 success in first attempt
Package Select:

Questions & Answers PDF

Practice Test Software

Practice Test + PDF 30% Discount

Price: $65.95 $39.99

Buy Now Free Trial

Resources to 70-646 exam questions

Exact of 70-646 exam cost materials and free samples for Microsoft certification for IT examinee, Real Success Guaranteed with Updated 70-646 pdf dumps vce Materials. 100% PASS PRO: Windows Server 2008, Server Administrator exam Today!

2016 Aug ms 70-646:

Q91. - (Topic 2) 

You need to recommend a strategy for using managed service accounts on the Web servers. 

Which managed service accounts should you recommend? 

A. One account for all the web servers. 

B. One account for each web server. 

C. One account for the parent domain and one account for both child domains. 

D. One account for the parent domain and one account for each child domain. 

Answer: B 

Explanation: 

There are 5 web servers in total, 3 in the forest root domain and 1 in each child domain. 

Service Account Vulnerability 

The practice of configuring services to use domain accounts for authentication leads to potential security exposure. The degree of risk exposure is dependent on various factors, including: The number of servers that have services that are configured to use service accounts. The vulnerability profile of a network increases for every server that has domain account authenticated services that run on that server. The existence of each such server increases the odds that an attacker might compromise that server, which can be used to escalate privileges to other resources on a network. The scope of privileges for any given domain account that services use. The larger the scope of privileges that a service account has, the greater the number of resources that can be compromised by that account. Domain administrator level privileges are a particularly high risk, because the scope of vulnerability for such accounts includes any computer on the network, including the domain controllers. Because such accounts have administrative privileges to all member servers, the compromise of such an account would be severe and all computers and data in the domain would be suspect. The number of services configured to use domain accounts on any given server. Some services have unique vulnerabilities, which make them somewhat more susceptible to attacks. Attackers will usually attempt to exploit known vulnerabilities first. Use of a domain account by a vulnerable service presents an escalated risk to other systems, which could have otherwise been isolated to a single server. The number of domain accounts that are used to run services in a domain. Monitoring and managing the security of service accounts requires more diligence than ordinary user accounts, and each additional domain account in use by services only complicates administration of those accounts. Given that administrators and security administrators need to know where each service account is used to detect suspicious activity highlights the need to minimize the number of those accounts. The preceding factors lead to several possible vulnerability scenarios that can exist, each with a different level of potential security risk. The following diagram and table describe these scenarios. For these examples it is assumed that the service accounts are domain accounts and each account has at least one service on each server using it for authentication. The following information describes the domain accounts shown in the following figure. Account A has Administrator-equivalent privileges to more than one domain controller. Account B has administrator-equivalent privileges on all member servers. Account C has Administrator-equivalent privileges on servers 2 and 3. Account D has Administrator-equivalent privileges on servers 4 and 5. Account E has Administrator-equivalent privileges on a single member server only. 


Q92. - (Topic 18) 

You are planning a recovery strategy in the event that a file server is unable to boot into Windows. You need to ensure that file servers can be restored from backups. 

What should the recovery strategy include? 

A. Deploy backups by using WDS. 

B. Boot from the Windows Server 2008 R2 DVD into the Recovery Environment, then restore from file server backups by using WBAdmin. 

C. Reinstall Windows Server 2008 R2 from DVD, then restore from file server backups by using Windows Server Backup. 

D. Restore from file server backups by using NTBackup. 

Answer: A 

Explanation: 

Thanks to Testy for highlighting this one. NTBackup is not compatible with Server 2008 R2. Your requirements are for remote backup and remote restore. The network has WDS installed and uses PXE boot on the servers so WDS could be used to deploy a backup. Windows Recovery Environment (Windows RE) is an extensible recovery platform based on Windows Preinstallation Environment (Windows PE). When the computer fails to start, Windows automatically fails over into this environment, and the Startup Repair tool in Windows RE automates the diagnosis and repair of an unbootable Windows Vista installation. Furthermore, Windows RE is a starting point for various tools for manual system recovery. The primary audience of this technology includes original equipment manufacturers (OEMs), original device manufacturers (ODMs), and corporate IT professionals. Image-based Recovery from Windows RE In the event that the Windows installation cannot be repaired with Startup Repair or other manual repair steps, Windows RE can be used to launch an image-based recovery tool. User-created Recovery Image Windows Vista provides end users with the ability to create a backup image of their entire operating system. End users can do this by using the Backup tool. The system image can be stored on an external hard disk, on a hard disk partition other than those imaged, or on a DVD. To restore the computer by using this system image, users must launch the restore interface from the list of Windows RE manual tools. Factory-created Recovery Image To facilitate restoring a computer to its factory state, a recovery image can be placed on the Windows RE partition. This eliminates the need for a separate recovery media in most cases. If the Windows image format is used in the manufacturing process, the same operating system image can be used for recovery as well. A computer manufacturer can develop an application by using the Imaging APIs for Windows and the Windows image to restore the operating system volume. This application can be launched from the Windows RE user interface (UI) by using customizations provided by the ODM. 


Q93. - (Topic 1) 

Your network consists of a single Active Directory domain. All servers run Windows Server 2008 R2. You need to recommend a Group Policy deployment strategy. 

Your strategy must support the following requirements: 

. Domainlevel Group Policy objects (GPOs) must not be overwritten by organizational unit (OU) level GPOs. . OUlevel GPOs must not Apply to members of the Server Operators group. 

What should you recommend? 

A. Enable Block Inheritance for the domain, and then modify the permissions of all GPOs linked to OUs. 

B. Enable Block Inheritance for the domain, and then enable Loopback Processing policy mode. Add the Server Operators group to the Restricted Groups list. 

C. Set all domain level GPOs to Enforced, and then modify the permissions of the GPOs that are linked to OUs. 

D. Set all domain level GPOs to Enforced, and then enable Loopback Processing policy mode. Add the Server Operators group to the Restricted Groups list. 

Answer: C 

Explanation: 

http://www.petri.co.il/working_with_group_policy.htm http://technet.microsoft.com/en-us/library/bb742376.aspx 

Linking a GPO to Multiple Sites, Domains, and OUs 

This section demonstrates how you can link a GPO to more than one container (site, domain, or OU) in the Active Directory. Depending on the exact OU configuration, you can use other methods to achieve similar Group Policy effects; for example, you can use security group filtering or you can block inheritance. In some cases, however, those methods do not have the desired affects. Whenever you need to explicitly state which sites, domains, or OUs need the same set of policies, use the method outlined below: 

To link a GPO to multiple sites, domains, and OUs 

1.

 Open the saved MMC console GPWalkthrough, and then double-click the Active Directory User and Computers node. 

2.

 Double-click the reskit.com domain, and double-click the Accounts OU. 

3.

 Right-click the Headquarters OU, select Properties from the context menu, and then click the Group Policy tab. 

4.

 In the Headquarters Properties dialog box, on the Group Policy tab, click New to create a new GPO named Linked Policies. 

5.

 Select the Linked Policies GPO, and click the Edit button. 

6.

 In the Group Policy snap-in, in the User Configuration node, under Administrative Templates node, click Control Panel, and then click Display. 

7.

 On the details pane, click the Disable Changing Wallpaper policy, and then click Enabled in the Disable Changing Wallpaper dialog box and click OK. 

8.

 Click Close to exit the Group Policy snap-in. 

9.

 In the Headquarters Properties page, click Close. 

Next you will link the Linked Policies GPO to another OU. 

1.

 In the GPWalkthrough console, double-click the Active Directory User and Computers 

node, double-click the reskit.com domain, and then double-click the Accounts OU. 

2.

 Right-click the Production OU, click Properties on the context menu, and then click the 

Group Policy tab on the Production Properties dialog box. 

3.

 Click the Add button, or right-click the blank area of the Group Policy objects links list, 

and select Add on the context menu. 

4.

 In the Add a Group Policy Object Link dialog box, click the down arrow on the Look in 

box, and select the Accounts.reskit.com OU. 

5.

 Double-click the Headquarters.Accounts.reskit.com OU from the Domains, OUs, and 

linked Group Policy objects list. 

6.

 Click the Linked Policies GPO, and then click OK. 

You have now linked a single GPO to two OUs. Changes made to the GPO in either 

location result in a change for both OUs. You can test this by changing some policies in the 

Linked Policies GPO, and then logging onto a client in each of the affected OUs, 

Headquarters and Production. 


Q94. - (Topic 1) 

Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. 

You need to implement a Certificate Services solution that meets the following requirements: 

Automates the distribution of certificates for internal users Ensures that the network's certificate infrastructure is as secure as possible Gives external users access to resources that use certificate based authentication 

... 

What should you do? 

A. Deploy an online standalone root certification authority (CA). Deploy an offline standalone root CA. 

B. Deploy an offline enterprise root certification authority (CA). Deploy an offline enterprise subordinate CA. 

C. Deploy an offline standalone root certification authority (CA). Deploy an online enterprise subordinate CA. Deploy an online standalone subordinate CA. 

D. Deploy an online standalone root certification authority (CA). Deploy an online enterprise subordinate CA. Deploy an online standalone subordinate CA. 

Answer: C 

Explanation: 

Certification authority hierarchies 

The Microsoft public key infrastructure (PKI) supports a hierarchical certification authority (CA) model. A certification hierarchy provides scalability, ease of administration, and consistency with a growing number of commercial and other CA products. 

In its simplest form, a certification hierarchy consists of a single CA. However, in general, a hierarchy will contain multiple CAs with clearly defined parent-child relationships. In this model, the child subordinate certification authorities are certified by their parent CA-issued certificates, which bind a certification authority's public key to its identity. The CA at the top of a hierarchy is referred to as the root authority, or root CA. The child CAs of the root CAs are called subordinate certification authorities (CAs). 

A root certification authority (CA) is the top of a public key infrastructure (PKI) and generates a self-signed certificate. This means that the root CA is validating itself (self-validating). This root CA could then have subordinate CAs that effectively trust it. The subordinate CAs receive a certificate signed by the root CA, so the subordinate CAs can issue certificates that are validated by the root CA. This establishes a CA hierarchy and trust path. http://social.technet.microsoft.com/wiki/contents/articles/2900.offline-root-certification-authority-ca.aspx 

Certification authority hierarchies 

The Microsoft public key infrastructure (PKI) supports a hierarchical certification authority (CA) model. A certification hierarchy provides scalability, ease of administration, and consistency with a growing number of commercial and other CA products. In its simplest form, a certification hierarchy consists of a single CA. However, in general, a hierarchy will contain multiple CAs with clearly defined parent-child relationships. In this model, the child subordinate certification authorities are certified by their parent CA-issued certificates, which bind a certification authority's public key to its identity. The CA at the top of a hierarchy is referred to as the root authority, or root CA. The child CAs of the root CAs are called subordinate certification authorities (CAs). 

Authentication and Authorization 

Stand-alone CAs use local authentication for certificate requests, mainly through the Web enrollment interface. Stand-alone CAs provide an ideal service provider or commercial PKI provider platform for issuing certificates to users outside of an Active Directory environment where the user identity is separately verified and examined before the request is submitted to the CA. 

Offline and Online CAs 

Traditionally, the decision of whether to use either an online or offline CAs involves a compromise between availability and usability versus security. The more sensitive that the key material is and the higher the security requirements are, the less accessible the CA should be to users. 

Specifying CA Roles 

An ideal PKI hierarchy design divides the responsibility of the CAs. A topology that is designed with requirements that have been carefully considered provides the most flexible and scalable enterprise configuration. In general, CAs are organized in hierarchies. Single tier hierarchies might not provide adequate security compartmentalization, extensibility and flexibility. Hierarchies with more than three tiers might not provide additional value regarding security, extensibility and flexibility. 

The most important consideration is protecting the highest instance of trust as much as possible. Single-tier hierarchies are based on the need to compartmentalize risk and reduce the attack surface that is available to users who have malicious intent. A larger hierarchy is much more difficult to administer, with little security benefit. 

Depending on the organization's necessities, a PKI should consist of two or three logical levels that link several CAs in a hierarchy. Administrators who understand the design requirements for a three-level topology may also be able to build a two-level topology. A three-tier CA hierarchy consists of the following components: 

A root CA that is configured as a stand-alone CA without a network connection One or more intermediate CAs that are configured as stand-alone CAs without a network connection One or more issuing CAs that are configured as enterprise CAs that are connected to the network Also worth a look though it refers to windows 2003 http://technet.microsoft.com/en-us/library/cc779714%28WS.10%29.aspx 


Q95. - (Topic 1) 

Your network contains several Windows Server 2008 R2 servers that run Windows Server Update Services (WSUS). The WSUS servers distribute updates to all computers on the internal network. Remote users connect from their personal computers to the internal network by using a splittunnel VPN connection. 

You need to plan a strategy for patch management that deploys updates on the remote users' computers. 

Your strategy must meet the following requirements: 

. Minimize bandwidth use over the VPN connections . Require updates to be approved on the WSUS servers before they are installed on the client computers. 

What should you include in your plan? 

A. Create a Group Policy object (GPO) to perform clientside targeting. 

B. Create a computer group for the remote users' computers. Configure the remote users' computers to use the internal WSUS server. 

C. Create a custom connection by using the Connection Manager Administration Kit (CMAK). Deploy the custom connection to all of the remote users' computers. 

D. Deploy an additional WSUS server. Configure the remote users' computers to use the additional WSUS server. Configure the additional WSUS server to leave the updates on the Microsoft Update Web site. 

Answer: D 

Explanation: 

Performance and Bandwidth Optimization Branch offices with slow WAN connections to the central server but broadband connections to the Internet can be configured to get metadata from the central server and update content from the Microsoft Update Web site. 


70-646 exam guide

Up to date 70-646 video tutorial:

Q96. - (Topic 1) 

Your company has a main office and two branch offices. The main office is located in London. The branch offices are located in New York and Paris. 

Your network consists of an Active Directory forest that contains three domains named contoso.com, paris.contoso.com, and newyork.contoso.com. All domain controllers run Windows Server 2008 R2 and have the DNS Server server role installed. 

The domain controllers for contoso.com are located in the London office. The domain controllers for paris.contoso.com are located in the Paris office. The domain controllers for newyork.contoso.com are located in the New York office. 

A domain controller in the contoso.com domain has a standard primary DNS zone for contoso.com. A domain controller in the paris.contoso.com domain has a standard primary DNS zone for paris.contoso.com. A domain controller in the newyork.contoso.com domain has a standard primary DNS zone for newyork.contoso.com. 

You need to plan a name resolution strategy for the Paris office that meets the following requirements: 

. If a WAN link fails, clients must be able to resolve hostnames for contoso.com. . If a WAN link fails, clients must be able to resolve hostnames for newyork.contoso.com. . The DNS servers in Paris must be updated when new authoritative DNS servers are added to newyork.contoso.com. 

What should you include in your plan? 

A. Configure conditional forwarding for contoso.com. Configure conditional forwarding for newyork.contoso.com. 

B. Create a standard secondary zone for contoso.com. Create a standard secondary zone for newyork.contoso.com. 

C. Convert the standard zone into an Active Directoryintegrated zone. Add all DNS servers in the forest to the root hints list. 

D. Create an Active Directoryintegrated stub zone for contoso.com. Create an Active Directoryintegrated stub zone for newyork.contoso.com. 

Answer: B 

Explanation: 

http://technet.microsoft.com/en-us/library/cc771640.aspx http://technet.microsoft.com/en-us/library/cc771898.aspx 

Understanding Zone Delegation 

Applies To: Windows Server 2008, Windows Server 2008 R2 Domain Name System (DNS) provides the option of dividing up the namespace into one or more zones, which can then be stored, distributed, and replicated to other DNS servers. When you are deciding whether to divide your DNS namespace to make additional zones, consider the following reasons to use additional zones: 

.

 You want to delegate management of part of your DNS namespace to another location or department in your organization. 

.

 You want to divide one large zone into smaller zones to distribute traffic loads among multiple servers, improve DNS name resolution performance, or create a more-fault-tolerant DNS environment. 

.

 You want to extend the namespace by adding numerous subdomains at once, for example, to accommodate the opening of a new branch or site. 

Secondary zone 

When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone. This DNS server must have network access to the remote DNS server that supplies this server with updated information about the zone. Because a secondary zone is merely a copy of a primary zone that is hosted on another server, it cannot be stored in AD DS. 


Q97. - (Topic 6) 

You need to recommend a disk configuration for the planned SQL Server deployment. The solution must ensure that the servers can fail over automatically. 

What should you include in the recommendation? 

A. GPT disks and basic disks 

B. GPT disks and dynamic disks 

C. MBR disks and basic disks 

D. MBR disks and dynamic disks 

Answer: A 

Explanation: 

Tnx SoK for the edditional material Server 2008 introduces support for GPT disks in cluster storage http://technet.microsoft.com/en-us/library/cc770625%28v=ws.10%29.aspx n Windows Server. 2008 Enterprise and Windows Server. 2008 Datacenter, the improvements to failover clusters (formerly known as server clusters) are aimed at simplifying clusters, making them more secure, and enhancing cluster stability. Cluster setup and management are easier. Security and networking in clusters have been improved, as has the way a failover cluster communicates with storage What new functionality does failover clustering provide? New validation feature. With this feature, you can check that your system, storage, and network configuration is suitable for a cluster. Support for GUID partition table (GPT) disks in cluster storage. GPT disks can have partitions larger than two terabytes and have built-in redundancy in the way partition information is stored, unlike master boot record (MBR) disks. http://technet.microsoft.com/en-us/library/cc770625%28WS.10%29.aspx Support for GPT disks in cluster storage GUID partition table (GPT) disks are supported in failover cluster storage. GPT disks provide increased disk size and robustness. Specifically, GPT disks can have partitions larger than two terabytes and have built-in redundancy in the way partition information is stored, unlike master boot record (MBR) disks. With failover clusters, you can use either type of disk. Why Basic disks over Dynamic? Only Basic discs can be used in a failover cluster http://technet.microsoft.com/en-us/library/cc733046.aspx 

Topic 7, Lucerne Publishing 

Scenario: 

COMPANY OVERVIEW 

Overview 

Lucerne Publishing is a large publishing company that produces both traditional books and e-books. 

Physical Location 

The company has a main office and a branch office. The main office is located in New York. The branch office is located in San Francisco. The main office has a satellite office located in Boston. The company has 7,500 users. 

EXISTING ENVIRONMENT 

Active Directory Environment 

The network contains an Active Directory forest. The forest contains a single domain named lucernepublishing.com. 

Network Infrastructure 

Client computers in the New York office and the San Francisco office run either Windows 

Vista or Windows XP. All client computers in the Boston office run Windows 7. 

The company has a finance department. All of the client computers in the finance 

department run Windows XP. The finance department uses an Application named App1. 

App1 only runs on Windows XP. 

The relevant servers in the New York office are configured as shown in the following table. 

The servers have the following configurations: Remote Desktop is enabled on all servers. The passwords for all service accounts are set to never expire. Server1 stores roaming user profiles for users in the Boston office. SQL1 and SQL2 are deployed in a two-node failover cluster named Clusterl. All servers have Pre-Boot Execution Environment (PXE)-compliant network adapters. The servers in the San Francisco office contain neither a recovery partition nor optical media drives. DFSl and DFS2 are members of the same DFS Replication group. The DFS namespace is configured to use Windows 2000 Server mode. 

..... . 

The Boston office has no servers. The Boston office connects to the New York office by using a dedicated hardware VPN device. 

The finance department publishes monthly forecast reports that are stored in DFS. 

REQUIREMENTS 

Business Goals 

Lucerne Publishing must minimize administrative costs, hardware costs, software costs, and development costs, whenever possible. 

Planned Changes 

All client computers will be upgraded to Windows 7. 

A VPN server will be deployed in the main office. All VPN clients must have the latest Windows updates before they can access the internal network. 

You plan to deploy a server that has the Remote Desktop Gateway (RD Gateway) role service installed. 

Technical Requirements 

Lucerne Publishing must meet the following technical requirements: 

..... . . . . 

Upgrade all client computers to Windows 7. 

Minimize Group Policy-related replication traffic. 

Ensure that App1 can be used from client computers that run Windows 7. 

Ensure that users can use App1 when they are disconnected from the network. 

Ensure that you can perform a bare metal recovery of the servers in the San 

Francisco office. 

Minimize the amount of time it takes users in the Boston office to log on to their 

client computers. 

Ensure that domain administrators can connect remotely to all computers in the 

domain through RD Gateway. 

Ensure that file server administrators can access DFS servers and file servers 

through the RD Gateway. 

Prevent file server administrators from accessing other servers through the RD 

Gateway 

Security Requirements 

Lucerne Publishing must meet the following security requirements: 

... . . 

USB storage devices must not be used on any servers. 

The passwords for all user accounts must be changed every 60 days. 

Users must only be able to modify the financial forecast reports on DFSl. DFS2 

must contain a read-only copy of the financial forecast reports. 

All operating system drives on client computers that run Windows 7 must be 

encrypted. 

Only approved USB storaqe devices must be used on client computers that run 

Windows 7. 


Q98. - (Topic 19) 

Your network contains an Active Directory domain. You have a server that runs Windows Server 2008 R2 and has the Remote Desktop Services server role enabled. All client computers run Windows 7. 

You need to plan the deployment of a new line of business application to all client computers. 

The deployment must meet the following requirements: 

-

Users must access the application from an icon on their desktops. 

-

Users must have access to the application when they are not connected to the network. 

What should you do? 

A. Publish the application as a RemoteApp. 

B. Publish the application by using Remote Desktop Web Access (RD Web Access). 

C. Assign the application to the Remote Desktop Services server by using a Group Policy object (GPO). 

D. Assign the application to all client computers by using a Group Policy object (GPO). 

Answer: D 

Explanation: 

http://support.microsoft.com/kb/816102 

Assign a Package 

To assign a program to computers that are running Windows Server 2003, Windows 2000, or Microsoft Windows XP Professional, or to users who are logging on to one of these workstations: 

1.

 Start the Active Directory Users and Computers snap-in. To do this, click Start, point to Administrative Tools, and then click Active Directory Users and Computers. 

2.

 In the console tree, right-click your domain, and then click Properties. 

3.

 Click the Group Policy tab, select the group policy object that you want, and then click Edit. 

4.

 Under Computer Configuration, expand Software Settings. 

5.

 Right-click Software installation, point to New, and then click Package. 

6.

 In the Open dialog box, type the full Universal Naming Convention (UNC) path of the shared installer package that you want. For example, \\\\file server\\share\\file name.msi. Important Do not use the Browse button to access the location. Make sure that you use the UNC path to the shared installer package. 

7.

 Click Open. 

8.

 Click Assigned, and then click OK. The package is listed in the right pane of the Group Policy window. 

9.

 Close the Group Policy snap-in, click OK, and then quit the Active Directory Users and Computers snap-in. 

10.

 When the client computer starts, the managed software package is automatically installed. 


Q99. - (Topic 1) 

... 

A company has client computers that run Windows 7. Each client computer is deployed with Microsoft Office 2010 pre-installed. 

The company is adding three line-of-business-Applications that require access to Office functionality. None of the line-of-business Applications can co-exist with the others on the same client computer. 

You are designing a solution that must meet the following requirements: 

Allow the use of all the line-of-business Applications on each client computer. 

Maintain a central inventory of all Applications. 

Centralize the process of deploying, streaming, updating and reporting on all 

Applications. 

You need to recommend a solution that meets the requirements. 

Which technologies should you recommend to achieve the indicated goals? 

To answer, select the appropriate technologies. Select all that apply. 

A. Group Policy deployment 

B. Microsoft Application Virtualization (App-V) 

C. Microsoft Enterprise Desktop Virtualization (MED-V) 

D. Microsoft System Center Configuration Manager 2007 R2 

E. Microsoft System Center Operations Manager 2007 R2 

F. Windows Server Update Services (WSUS) 

Answer: B,D 

Explanation: B: Microsoft Application Virtualization (App-V) also helps enterprises handle application compatibility issues, but it addresses challenges differently than MED-V does. Specifically, App-V lets you resolve conflicts that arise between different applications or different versions of the same application. 

D: 

*

 App-V integrates with System Center Configuration Manager, so you can manage virtual and physical applications, along with hardware and software inventory, operating system and patch deployment, and more. 

*

 Configuration Manager 2007 Software Update Management simplifies the complex task of delivering and managing updates to IT systems across the enterprise. IT administrators can quickly deliver updates of Microsoft products, third-party applications, custom in-house line-of-business applications, hardware drivers, and system BIOS to a variety of devices–including desktops, laptops, servers, and mobile devices. 

*

 Configuration Manager 2007 allows you to perform tasks such as: Deploying operating systems Deploying software applications Deploying software updates Metering software usage Assessing variation from desired configurations Taking hardware and software inventory Remotely administering computers Incorrect: 

Not C: The key benefit of MED-V is that it helps enterprises deal with incompatibility 

between applications and the operating system. Not E: Operations Manager 2007 R2 helps reduce the cost of datacenter management with end-to-end monitoring and management of Microsoft, UNIX, and Linux servers and workloads, while assuring delivery of IT services to expected and agreed levels. Not F: Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system. 


Q100. - (Topic 1) 

Your company has a main office and three branch offices. The network consists of a single Active Directory domain. Each office contains an Active Directory domain controller. 

You need to create a DNS infrastructure for the network that meets the following requirements: 

. The DNS infrastructure must allow the client computers in each office to register DNS names within their respective offices. 

. The client computers must be able to resolve names for hosts in all offices. 

What should you do? 

A. Create an Active Directory-integrated zone at the main office site. 

B. Create a standard primary zone at the main office site and at each branch office site. 

C. Create a standard primary zone at the main office site. Create a secondary zone at each branch office site. 

D. Create a standard primary zone at the main office site. Create an Active Directory-integrated stub zone at each branch office site. 

Answer: A 

Explanation: 

http://searchwindowsserver.techtarget.com/tip/DNS-Primer-Tips-for-understanding-Active-Directory-integratedzone-design-and-configuration http://technet.microsoft.com/en-us/library/cc772101.aspx In an ADI primary zone, rather than keeping the old zone file on a disk, the DNS records are stored in the AD, and Active Directory replication is used rather than the old problematic zone transfer. If all DNS servers were to die or become inaccessible, you could simply install DNS on any domain controller (DC) in the domain. The records would be automatically populated and your DNS server would be up without the messy import/export tasks of standard DNS zone files. Windows 2000 and 2003 allow you to put a standard secondary zone (read only) on a member server and use one of the ADI primary servers as the master. 

When you decide which replication scope to choose, consider that the broader the replication scope, the greater the network traffic caused by replication. For example, if you decide to have AD DS-integrated DNS zone data replicated to all DNS servers in the forest, this will produce greater network traffic than replicating the DNS zone data to all DNS servers in a single AD DS domain in that forest. 

AD DS-integrated DNS zone data that is stored in an application directory partition is not replicated to the global catalog for the forest. The domain controller that contains the global catalog can also host application directory partitions, but it will not replicate this data to its global catalog. 

AD DS-integrated DNS zone data that is stored in a domain partition is replicated to all domain controllers in its AD DS domain, and a portion of this data is stored in the global catalog. This setting is used to support Windows 2000. 

If an application directory partition's replication scope replicates across AD DS sites, replication will occur with the same intersite replication schedule as is used for domain partition data. 

By default, the Net Logon service registers domain controller locator (Locator) DNS resource records for the application directory partitions that are hosted on a domain controller in the same manner as it registers domain controller locator (Locator) DNS resource records for the domain partition that is hosted on a domain controller. 


Related 70-646 Articles