Microsoft 70-646 ExamPro: Windows Server 2008 - Server Administrator

Total Question: 262 Last Updated: Aug 19,2019
  • Updated 70-646 Dumps
  • Based on Real 70-646 Exams Scenarios
  • Free 70-646 pdf Demo Available
  • Check out our 70-646 Dumps in a new PDF format
  • Instant 70-646 download
  • Guarantee 70-646 success in first attempt
Package Select:

Questions & Answers PDF

Practice Test Software

Practice Test + PDF 30% Discount

Price: $65.95 $29.99

Buy Now Free Trial
Home > 70-646

Latest Microsoft 70-646 Practice Test (Topic 6)

31. Your company plans to deploy eight file servers that run Windows Server 2008 R2. All file

servers will connect to Ethernet switches.

You need to plan a data storage solution that meets the following requirements:

Allocates storage to the servers as needed

Utilizes the existing network infrastructure

Maximizes performance

Maximizes fault tolerance

Which actions should you include in your plan?

A. Install Windows Server 2008 R2 Datacenter on each server. Deploy the servers in a

failover cluster. Deploy an iSCSI storage area network (SAN).

B. Install Windows Server 2008 R2 Standard on each server. Deploy the servers in a

Network Load Balancing (NLB) cluster. Implement RAID?5 on each server.

C. Install Windows Server 2008 R2 Enterprise on each server. Deploy theservers in a

failover cluster. Deploy a Fibre Channel (FC) storage area network (SAN).

D. Install Windows Server 2008 R2 Enterprise on each server. Deploy the servers in a

Network Load Balancing (NLB) cluster. Map a network drive on each server to an external

storage array.

Answer: A

Explanation:

DataCenter has Failover Cluster and of course a SAN with ISCSI will utilize the existing

network topology.

 

32. Your network consists of a single Active Directory domain. All domain controllers run

Windows Server 2008 R2.

You need to implement a Certificate Services solution that meets the following

requirements:

Automates the distribution of certificates for internal users

Ensures that the network's certificate infrastructure is as secure as possible

Gives external users access to resources that use certificate based authentication

What should you do?

A. Deploy an online standalone root certification authority (CA). Deploy an offline

standalone root CA.

B. Deploy an offline enterprise root certification authority (CA). Deploy an offline enterprise

subordinate CA.

C. Deploy an offline standalone root certification authority (CA). Deploy an online enterprise

subordinate CA. Deploy an online standalone subordinate CA.

D. Deploy an online standalone root certification authority (CA). Deploy an online enterprise

subordinate CA. Deploy an online standalone subordinate CA.

Answer: C

Explanation:

Certification authority hierarchies

The Microsoft public key infrastructure (PKI) supports a hierarchical certification authority

(CA) model. A certification hierarchy provides scalability, ease of administration, and

consistency with a growing number of commercial and other CA products.

In its simplest form, a certification hierarchy consists of a single CA. However, in general,

ahierarchy will contain multiple CAs with clearly defined parent-child relationships. In this

model, the child subordinate certification authorities are certified by their parent CA-issued

certificates, which bind a certification authority's public key to its identity. The CA at the top

of a hierarchy is referred to as the root authority, or root CA. The child CAs of the root CAs

are called subordinate certification authorities (CAs).

A root certification authority (CA) is the top of a public key infrastructure (PKI) and

generates a self-signed certificate. This means that the root CA is validating itself (selfvalidating).

This root CA could then have subordinate CAs that effectively trust it.The

subordinate CAs receive a certificate signed by the root CA, so the subordinate CAs can

issue certificates that are validated by the root CA. This establishes a CA hierarchy and

trust path.

http://social.technet.microsoft.com/wiki/contents/articles/2900.offline-root-certificationauthority-

ca.aspx

Certification authority hierarchies

The Microsoft public key infrastructure (PKI) supports a hierarchical certification authority

(CA) model. A certification hierarchy provides scalability, ease of administration, and

consistency with a growing number of commercial and other CA products.

In its simplest form, a certification hierarchy consists of a single CA. However, in general, a

hierarchy will contain multiple CAs with clearly defined parent-child relationships. In this

model, the child subordinate certification authorities are certified by their parent CA-issued

certificates, which bind a certification authority's public key to its identity. The CA at the top

of a hierarchy is referred to as the root authority, or root CA. The child CAs of the root CAs

are called subordinate certification authorities (CAs).

Authentication and Authorization

Stand-alone CAs use local authentication for certificate requests, mainly through the Web

enrollment interface.

Stand-alone CAs provide an ideal service provider or commercial PKI provider platform for

issuing certificates to users outsideof an Active Directory environment where the user

identity is separately verified and examined before the request is submitted to the CA.

Offline and Online CAs

Traditionally, the decision of whether to use either an online or offline CAs involves a

compromise between availability and usability versus security. The more sensitive that the

key material is and the higher the security requirements are, the less accessible the CA

should be to users.

Specifying CA Roles

An ideal PKI hierarchy design divides the responsibility of the CAs. A topology that is

designed with requirements that have been carefully considered provides the most flexible

and scalable enterprise configuration. In general, CAs are organized in hierarchies. Single

tier hierarchies might not provide adequate security compartmentalization, extensibility and

flexibility. Hierarchies with more than three tiers might not provide additional valueregarding

security, extensibility and flexibility.

The most important consideration is protecting the highest instance of trust as much as

possible. Single-tier hierarchies are based on the need to compartmentalize risk and

reduce the attack surface that is available to users who have malicious intent. A larger

hierarchy is much more difficult to administer, with little security benefit.

Depending on the organization's necessities, a PKI should consist of two or three logical

levels that link several CAs in a hierarchy. Administrators who understand the design requirements for a three-level topology mayalso be able to build a two-level topology.

A three-tier CA hierarchy consists of the following components:

A root CA that is configured as a stand-alone CA without a network connection

One or more intermediate CAs that are configured as stand-alone CAs without a network

connection

One or more issuing CAs that are configured as enterprise CAs that are connected to the

network

Also worth a look though it refers to windows 2003

http://technet.microsoft.com/en-us/library/cc779714%28WS.10%29.aspx

 

33. Your company has a branch office that contains a Windows Server 2008 R2 server. The

server runs Windows Server Update Services (WSUS).

The company opens four new satellite offices. Each satellite office connects to the branch

office by using a dedicated WAN link.

You need to design a strategy for patch management that meets the following

requirements:

WSUS updates are approved from a central location.

WAN traffic isminimized between the branch office and the satellite offices.

What should you include in your design?

A. In each satellite office, install a WSUS server. Configure each satellite office WSUS

server as a replica of the branch office WSUS server.

B. In each satellite office, install a WSUS server. Configure each satellite office WSUS

server as an autonomous server that synchronizes to the branch office WSUS server.

C. On the branch office WSUS server, create a computer group for each satellite office.

Addthe client computers in each satellite office to their respective computer groups.

D. For each satellite office, create an organizational unit (OU). Create and link a Group

Policy object (GPO) to each OU. Configure different schedules to download updatesfrom

the branch office WSUS server to the client computers in each satellite office.

Answer: A

Explanation:

Replica Mode and Autonomous Mode

You have two options when configuring the administration model for your organization’s

downstream WSUS servers. The first option, shown in Figure 8-5, is to configure the

downstream WSUS server as a replica of the upstream server. When you configure a

WSUS server as a replica, all approvals, settings, computers, and groups from the

upstream server are used on the downstream server. The downstream server cannot be

used to approve updates when configured in replica mode, though you can change a

replica server to the second mode—called autonomous mode—if an update urgently needs

to be deployed.

Figure 8-5Downstream replica server

 

34. Your network consists of a single Active Directory forest that contains a root domain and

two child domains.

All servers run Windows Server 2008 R2. A corporate policy has the following

requirements:

All local guest accounts must be renamed and disabled.

All local administrator accounts must be renamed.

You need to recommend a solution that meets the requirements of the corporate

policy.

What should you recommend?

A. Implement a Group Policy object (GPO) for each domain.

B. Implement a Group Policy object (GPO) for the root domain.

C. Deploy Network Policy and Access Services (NPAS) on all domain controllers in each

domain

D. DeployActive Directory Rights Management Services (AD RMS) on the root domain

controllers.

Answer: A

Explanation:

http://www.windowsecurity.com/articles/protecting-administrator-account.html

http://www.pctips3000.com/enable-or-disable-group-policy-object-in-windows-server-2008/

http://blogs.technet.com/b/chenley/archive/2006/07/13/441642.aspx

 

35. Your network consists of a single Active Directory domain. Your network contains 10

servers and 500 client computers. All domain controllers run Windows Server 2008 R2.

A Windows Server 2008 R2 server has Remote Desktop Services installed. All client

computers run Windows XP Service Pack 3.

You plan to deploy a new line of business Application. The Application requires desktop

themes to be enabled.

You need to recommend a deployment strategy that meets the following requirements:

Only authorized users must be allowed to access the Application.

Authorized users must be able to access the Application from any client computer.

Your strategy must minimize changes to the client computers.

Your strategy must minimize software costs.

What should you recommend?

A. Migrate all client computers to Windows 7. Deploy the Application to all client computers

by using a Group Policy object (GPO).

B. Migrate all client computers to Windows 7. Deploy the Application to the authorized

users by using a Group Policy object (GPO).

C. Deploy the Remote Desktop Connection (RDC) 7.0 software to the client computers.

Install the Application on the RemoteDesktop Services server. Implement Remote

DesktopConnection Broker (RD Connection Broker).

D. Deploy the Remote Desktop Connection (RDC) 7.0 software to the client computers.

Enable the Desktop Experience feature on the Remote Desktop Services server. Install the

Application on the Remote Desktop Services server.

Answer: D

Explanation:

Desktop Experience

Configuring a Windows Server 2008 server as a terminal server lets you use Remote

Desktop Connection 6.0 to connect to a remote computer from your administrator

workstation and reproduces on your computer the desktop that exists on the remote

computer. When you install Desktop Experience on Windows Server 2008, you can use

Windows Vista features such as Windows Media Player, desktop themes, and photo

management within the remote connection.

Get More Information : 70-646 exam