Microsoft 70-646 ExamPro: Windows Server 2008 - Server Administrator

Total Question: 262 Last Updated: Aug 19,2019
  • Updated 70-646 Dumps
  • Based on Real 70-646 Exams Scenarios
  • Free 70-646 pdf Demo Available
  • Check out our 70-646 Dumps in a new PDF format
  • Instant 70-646 download
  • Guarantee 70-646 success in first attempt
Package Select:

Questions & Answers PDF

Practice Test Software

Practice Test + PDF 30% Discount

Price: $65.95 $29.99

Buy Now Free Trial
Home > 70-646

Latest Microsoft 70-646 VCE File (Topic 4)

21. Your network contains several branch offices. All servers run Windows Server 2008 R2.

Each branch office contains a domain controller and a file server.

The DHCP Server server role is installed on the branch office domain controllers. Each

office has a branch office administrator.

You need to delegate the administration of DHCP to meet the followingrequirements:

Allow branch office administrators to manage DHCP scopes for their own office

Prevent the branch office administrators from managing DHCP scopes in other

offices

Minimize administrative effort

What should you do?

A. In the Active Directorydomain, add the branch office administrators to the Server

Operators builtin local group.

B. In the Active Directory domain, add the branch office administrators to the Network

Configuration Operators builtin local group.

C. In each branch office, migratethe DHCP Server server role to the file server. On each

file server, add the branch office administrator to the DHCP Administrators local group.

D. In each branch office, migrate the DHCP Server server role to the file server. In the

Active Directory domain, add the branch office administrators to the DHCP Administrators

domain local group.

Answer: C

Explanation:

http://technet.microsoft.com/en-us/library/dd379494%28WS.10%29.aspx

http://technet.microsoft.com/en-us/library/dd379483%28WS.10%29.aspx

http://technet.microsoft.com/en-us/library/dd379535%28WS.10%29.aspx

http://technet.microsoft.com/en-us/library/cc737716%28WS.10%29.aspx

DHCP Administrators

Members of the DHCP Administrators group can view and modify any data at the DHCP

server. DHCP Administrators can create and delete scopes, add reservations, change

option values, create superscopes, or perform any other activity needed to administer the

DHCP server, including export or import of the DHCP server configuration and database.

DHCP Administrators perform these tasks using the Netsh commands for DHCP or the

DHCP console. For more information, see DHCP tools.

Members of the DHCP Administrators group do not have unlimited administrative rights.

For example, if a DHCP server is also configured asa DNS server, a member of the DHCP

Administrators group can view and modify the DHCP configuration but cannot modify DNS

server configuration on the same computer.

Because members of the DHCP Administrators group have rights on the local computer

only, DHCP Administrators cannot authorize or unauthorize DHCP servers in Active

Directory. Only members of the Domain Admins group can perform this task. If you want to

authorize or unauthorize a DHCP server in a child domain, you must have enterprise

administrator credentials for the parent domain. For more information about authorizing

DHCP servers in Active Directory, see Authorizing DHCP servers and Authorize a DHCP

server in Active Directory.

Using groups to administer DHCP servers in a domain

When you adda user or group to a DHCP Users or DHCP Administrators group on a DHCP

server, the rights of the DHCP group member do not apply to all of the DHCP servers in the

domain. The rights apply only to the DHCP service on the local computer.

 

22. Your companyhas a main office and two branch offices. Each office has a domain

controller and file servers. Your network consists of a single Active Directory domain. All

servers run Windows Server 2008 R2. You need to plan the deployment of Distributed File

System (DFS) to meet the following requirements:

·Ensure that users see only the folders to which they have access

·Ensure that users can access the data locally

·Minimize the bandwidth required to replicate data

What should you include in your plan?

A. Deploya stand-alone DFS namespace. Enable access-based enumeration and use DFS

Replication.

B. Deploy a stand-alone DFS namespace. Enable access-based enumeration and use File

Replication Service (FRS).

C. Deploy a domain-based DFS namespace and use DFS Replication. Modify each share

to be a hidden share.

D. Deploy a domain-based DFS namespace and use File Replication Service (FRS).

Modify each share to be a hidden share.

Answer: A

Explanation:

MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration:

Distributed File System (DFS) DFS is considerably enhanced in Windows Server 2008. It

consists of two technologies, DFS Namespaces and DFS Replication, that you can use

(together or independently) to provide fault-tolerant and flexible file sharing and replication

services.

DFS Namespaces lets you group shared folders on different servers (and in multiple sites)

into one or more logically structured namespaces. Users view each namespace as a single

shared folder with a series of subfolders. The underlying shared folders structure is hidden

from users, and this structure provides fault tolerance and the ability to automatically

connect users to local shared folders, when available, instead of routing them over wide

area network (WAN) connections.

DFS Replication provides a multimaster replication engine that lets you synchronize folders

on multiple servers across local or WAN connections. It uses the Remote

DifferentialCompression (RDC) protocol to update only those files that have changed since

the last replication. You can use DFS Replication in conjunction with DFS Namespaces or

by itself.

This lesson summarizes DFS only very briefly as part of your planning considerations.

Lesson 2 of this chapter discusses the topic in much more depth.

Exam TipPrevious Windows Server examinations have contained a high proportion of DFS

questions. There is no reason to believe 70-646 will be any different.]

You can also use Share And Storage Management to view and modify the properties of a

shared folder or volume, including the local NTFS permissions and the network access

permissions for that shared resource. To do this you again select the shared resource on

the Shares tab and select Properties in the Actions pane.

Figure 6-6 shows the Properties dialog box for the share folder Public. The Permissions tab

lets you specify share and NTFS permissions. Clicking Advanced lets you configure user

limits and caching and disable or enable access-based enumeration (ABE). ABE is enabled

by default and lets you hide files and folders from users who do not have access to them.

 

23. Your company has a main office and a branch office. Your network contains a single Active

Directory domain.

An Active Directory site exists for each office. All domain controllers run Windows Server

2008 R2. You plan to modify the DNS infrastructure. You need to plan the new DNS

infrastructure to meet the following requirements:

·Ensure that the DNS service is available even if a single server fails

·Encrypt the synchronization data that is sent between DNS servers

·Support dynamic updates to all DNS servers

Whatshould you include in your plan?

A. Install the DNS Server server role on two servers. Create a primary zone on the DNS

server in the main office. Create a secondary zone on the DNS server in the branch office.

B. Install the DNS Server server role on adomain controller in the main office and on

adomain controller in the branch office. Configure DNS to use Active Directory integrated

zones.

C. Install the DNS Server server role on a domain controller in the main office and on a

Readonly Domain Controller (RODC) in the branch office. Configure DNS to use Active

Directory integrated zones.

D. Install the DNS Server server role on two servers. Create a primary zone and a

GlobalNames zone on the DNS server in the main office. Create a GlobalNames zone on

theDNS server in the branch office.

Answer: B

Explanation:

http://searchwindowsserver.techtarget.com/tip/DNS-Primer-Tips-for-understanding-Active-

Directory-integratedzone-design-and-configuration

http://technet.microsoft.com/en-us/library/cc772101.aspx

Inan ADI primary zone, rather than keeping the old zone file on a disk, the DNS records are

stored in the AD, and Active Directory replication is used rather than the old problematic

zone transfer. If all DNS servers were to die or become inaccessible, youcould simply

install DNS on any domain controller (DC) in the domain. The records would be

automatically populated and your DNS server would be up without the messy import/export

tasks of standard DNS zone files.

Windows 2000 and 2003 allow you to put a standard secondary zone (read only) on a

member server and use one of the ADI primary servers as the master.

When you decide which replication scope to choose, consider that the broader the

replication scope, the greater the network traffic caused by replication. For example, if you

decide to have AD DS–integrated DNS zone data replicated to all DNS servers in the

forest, this will produce greater network traffic than replicating the DNS zone data to all

DNS servers in a single AD DS domain in that forest.

AD DS-integrated DNS zone data that is stored in an application directory partition is

notreplicated to the global catalog for the forest. The domain controller that contains the

global catalog can also host application directory partitions, but it willnot replicate this data

to its global catalog.

AD DS-integrated DNS zone data that is stored in a domain partition is replicated to all

domain controllers in its AD DS domain, and a portion of this data is stored in the global

catalog. This setting is used to support Windows 2000.

If an application directory partition's replication scope replicates across AD DS sites,

replication will occur with the same intersite replication schedule as is used for domain

partition data.

By default, the Net Logon service registers domain controller locator (Locator) DNS

resource records for the application directory partitions that are hosted on a domain

controller in the same manner as it registers domain controller locator (Locator) DNS

resource records for the domainpartition that is hosted on a domain controller.

Close integration with other Windows services, including AD DS, WINS (if enabled), and

DHCP (including DHCPv6) ensures that Windows 2008 DNS is dynamic and requires little

or no manual configuration. Windows 2008 DNS is fully compliant with the dynamic update

protocol defined in RFC 2136. Computers running the DNS Client service register their host

names and IPv4 and IPv6 addresses (although not link-local IPv6 addresses) dynamically.

You can configure the DNS Server and DNS Client services to perform secure dynamic updates. This ensures that only authenticated users with the appropriate rights can update

resource records on the DNS server. Figure 2-22 shows a zone being configured to allow

only secure dynamic updates.

Figure 2-22Allowing only secure dynamic updates

MORE INFODynamic update protocol

For more information about the dynamic update protocol, see

http://www.ietf.org/rfc/rfc2136.txt and http://www.ietf.org/rfc/rfc3007

NOTE Secure dynamic updates

Secure dynamic updates are only available for zones that are integrated with AD DS.

 

24. Your network consists of a single Active Directory domain. The network includes a branch

office named Branch1. Branch1 contains 50 member servers that run Windows Server

2008 R2. An organizational unit (OU) named Branch1Servers contains the computer

objects for the servers in Branch1. A global group named Branch1admins contains the user

accounts for theadministrators. Administrators maintain all member servers in Branch1.

You need to recommend a solution that allowsthe members of Branch1admins group to

perform the following tasks on the Branch1 member servers.

Stop and start services

Change registry settings

What should you recommend?

A. Add the Branch1admins group to the Power Users local group on each server

inBranch1.

B. Add the Branch1admins group to the Administrators local group on each server in

Branch1.

C. Assign the Branch1admins group change permissions to the Branch1Servers OU and to

all child objects.

D. Assign the Branch1admins group Full Control permissions on the Branch1Servers OU

and to all child objects.

Answer: B

Explanation:

Local admins have these rights.

Power Users do not

By default, members of the power users group have no more user rights or permissions

than a standard user account. The Power Users group in previous versions of Windows

was designed to give users specific administrator rights and permissions to perform

common system tasks. In this version of Windows, standard user accounts inherently have

the ability to perform most commonconfiguration tasks, such as changing time zones. For

legacy applications that require the same Power User rights and permissions that were

present in previous versions of Windows, administrators can apply a security template that

enables the Power Users group to assume the same rights and permissions that were

present in previous versions of Windows.

 

25. DRAG DROP

A company has client computers that run Windows 7 and Windows Vista. The company

has a single domain Active Directory Domain Services (AD DS) forest with domain

controllers that run Windows Server 2008 R2.

An Application must be installedon the windows 7 client computers when users log on to

the computers.

You need to design an Application deployment solution.

Which actions should you perform in sequence?

To answer, move the appropriate actions from the list of actions to the answer area and

arrange them in the correct order. (Use only actions that Apply.)

blob.png

Answer:

blob.png

Get More Information : 70-646 exam