Microsoft 70-646 ExamPro: Windows Server 2008 - Server Administrator

Total Question: 262 Last Updated: Aug 19,2019
  • Updated 70-646 Dumps
  • Based on Real 70-646 Exams Scenarios
  • Free 70-646 pdf Demo Available
  • Check out our 70-646 Dumps in a new PDF format
  • Instant 70-646 download
  • Guarantee 70-646 success in first attempt
Package Select:

Questions & Answers PDF

Practice Test Software

Practice Test + PDF 30% Discount

Price: $65.95 $29.99

Buy Now Free Trial
Home > 70-646

Latest Microsoft 70-646 study guide (Topic 9)

46. A company has 10,000 client computers that run Windows 7. The company has a single

domain Active Directory Domain Services (AD DS) forest with domain controllers that run

Windows Server 2008 R2. Users have local administrative rights on client computers.

You need to design a Group Policy solution that deploys a printer and enforces printer

settings.

What should you recommend? (More than one answer choice may achieve the goal.

Selectthe BEST answer.)

A. Use the Local Security Policy.

B. Use Group Policy preferences (GPPs).

C. Use a Group Policy object (GPO) Windows setting.

D. Use Starter Group Policy objects (GPOs).

Answer: B

Explanation:

Group Policy preferences, new for the Windows Server 2008 operating system, include

more than 20 new Group Policy extensions that expand the range of configurable settings

within a Group Policy object (GPO). These new extensions are included in the Group

Policy Management Editor window of the Group Policy Management Console (GPMC),

under the new Preferences item. Examples of the new Group Policy preference extensions

include folder options, mapped drives, printers, scheduled tasks, services, and Start menu

settings.

In addition to providing significantly more coverage, better targeting, and easier

management, Group Policy preferences enable you to deploy settings to client computers

without restricting the users from changing the settings. This capability provides you with

the flexibility to decidewhich settings to enforce and which settings to not enforce. You can

deploy settings that you do not want to enforce by using Group Policy preferences.

System requirements and installation steps

To use Group Policy preferences, complete the following steps:

Install the set of client-side extensions (CSEs) on client computers. Supported operating

systems: Windows

Vista RTM or later, Windows XP with Service Pack 2 or later, Windows Server 2003 with

Service Pack 1 or later

Download locations: Windows Vista (x86):

http://go.microsoft.com/fwlink/?LinkId=111859Windows Vista

(x64): http://go.microsoft.com/fwlink/?LinkID=111857Windows XP (x86):

http://go.microsoft.com/fwlink/?

LinkId=111851Windows XP (x64): http://go.microsoft.com/fwlink/?LinkId=111862Windows

Server 2003 (x86):

http://go.microsoft.com/fwlink/?LinkId=111852Windows Server 2003 (x64):

http://go.microsoft.com/fwlink/?

LinkId=111863

For more information, see Article 943729 in the Microsoft Knowledge Base.

Install the XMLLite low-level XML parser on client computers that are not running Windows

Vista.

Supported operating systems: Windows XP SP2 or later, Windows Server 2003 SP1 or

later

Download location: http://go.microsoft.com/fwlink/?LinkId=111843 worth looking at:

GP Policy vs. Preference vs. GP preferences

http://blogs.technet.com/b/grouppolicy/archive/2008/03/04/gp-policy-vs-preference-vs-gppreferences.

aspx

 

47. Your company has several branch offices.

Your network consists of a single Active Directory domain. Each branch office contains

domain controllers and member servers. The domain controllers run Windows Server 2003

SP2. The member servers runWindows Server 2008 R2.

Physical security of the servers at the branch offices is a concern.

You plan to implement Windows BitLocker Drive Encryption (BitLocker) on the member

servers.

You need to ensure that you can access the BitLocker volume if the BitLocker keys are

corrupted on the member servers. The recovery information must be stored in a central

location.

What should you do?

A. Upgrade all domain controllers to Windows Server 2008 R2. Use Group Policy to

configure Public Key Policies.

B. Upgrade all domain controllers to Windows Server 2008 R2. Use Group Policy to enable

Trusted Platform Module (TPM) backups to Active Directory.

C. Upgrade the domain controller that has the schema master role to Windows Server 2008 R2. Use Group Policy to enable a Data Recovery Agent (DRA).

D. Upgrade the domain controller that has the primary domain controller (PDC) emulator

role to Windows Server 2008 R2. Use Group Policy to enable a Data Recovery Agent

(DRA).

Answer: B

Explanation:

MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration:

Planning BitLocker Deployment

Windows BitLocker and Drive Encryption (BitLocker) is a feature that debuted in Windows

Vista Enterprise and Ultimate Editions and is available in all versions of Windows

Server2008. BitLocker serves two purposes:

protecting server data through full volume encryption and providing an integrity-checking

mechanism to ensure that the boot environment has not been tampered with.

Encrypting the entire operating system and data volumes means that not only are the

operating system and data protected, but so are paging files, applications, and application

configuration data. In the event that a server is stolen or a hard disk drive removed from a

server by third parties for their own nefarious purposes, BitLocker ensures that these third

parties cannot recover any useful data. The drawback is that if the BitLocker keys for a

server are lost and the boot environment is compromised, the data stored on that server

will be unrecoverable.

Tosupport integrity checking, BitLocker requires a computer to have a chip capable of

supporting the Trusted Platform Module (TPM) 1.2 or later standard. A computer must also

have a BIOS that supports the TPM standard. When BitLocker is implemented in

theseconditions and in the event that the condition of a startup component has changed,

BitLocker-protected volumes are locked and cannot be unlocked unless the person doing

the unlocking has the correct digital keys. Protected startup components include the BIOS,

Master Boot Record, Boot Sector, Boot Manager, and Windows Loader.

From a systems administration perspective, it is important to disable BitLocker during

maintenance periods when any of these components are being altered. For example, you

must disableBitLocker during a BIOS upgrade. If you do not, the next time the computer

starts, BitLocker will lock the volumes and you will need to initiate the recovery process.

The recovery process involves entering a 48-character password that is generated and

saved to a specified location when running the BitLocker setup wizard. This password

should be stored securely because without it the recovery process cannot occur. You can

also configure BitLocker to save recovery data directly to Active Directory; this is the

recommended management method in enterprise environments.

You can also implement BitLocker without a TPM chip. When implemented in this manner there is no startup integrity check. A key is stored on a removable USB memory device,

which must be presentand supported by the computer’s BIOS each time the computer

starts up. After the computer has successfully started, the removable USB memory device

can be removed and should then be stored in a secure location. Configuring a computer

running Windows Server2008 to use a removable USB memory device as a BitLocker

startup key is covered in the second practice at the end of this lesson.

BitLocker Group Policies

BitLocker group policies are located under the Computer Configuration\Policies\

Administrative Templates\Windows Components\BitLocker Drive Encryption node of a

Windows Server 2008 Group Policy object. In the event that the computers you want to

deploy BitLocker on do not have TPM chips, you can use the Control Panel Setup: Enable

Advanced Startup Options policy, which is shown in Figure 1-7. When this policy is enabled

and configured, you can implement BitLocker without a TPM being present. You can also

configure this policy to require that a startup code be entered if a TPM chip is present,

providing another layer of security.

Figure 1-7Allowing BitLocker without the TPM chip

Other BitLocker policies include:

Turn On BitLocker Backup To Active Directory Domain Services When this policy

isenabled, a computer’s recovery key is stored in Active Directory and can be recovered by

an authorized administrator.

Control Panel Setup: Configure Recovery Folder When enabled, this policy sets the default

folder to which computer recovery keys can be stored.

 

48. You need to design a Windows Server Update Services (WSUS) infrastructure that meets

the following requirements:

·The updates must be distributed from a central location.

·All computers must continue to receive updates in theevent that a server fails.

What should you include in your design?

A. Configure two WSUS servers in a Microsoft SQL Server 2008 failover cluster. Configure

each WSUS server to use a local database.

B. Configure a single WSUS server to use multiple downstream servers. Configure each

WSUS server to use a RAID 1 mirror and a local database.

C. Configure a single WSUS server to use multiple downstream servers. Configure each

WSUS server to use a RAID 5 array and a local database.

D. Configure a Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in

a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008

database instance.

Answer: D

Explanation:

http://technet.microsoft.com/en-us/library/dd939812(v=WS.10).aspx

WSUS database

WSUS 3.0 SP2 requires a database for each WSUS server. WSUS supports the use of a

database that resides on a different computer than the WSUS server, with some

restrictions. For a list of supported databases and remote database limitations, see WSUS database requirements.

The WSUS database stores the following information:

• WSUS server configuration information

• Metadata that describes each update

• Information about client computers, updates, and interactions

If you install multiple WSUS servers, you must maintain a separate database for each

WSUS server, whether it is an autonomous or a replica server. (For more information about

WSUS server types, see Design the WSUS Server Layout.) You cannot store multiple

WSUS databases on a single instance of SQL Server, except in Network Load Balancing

(NLB) clusters that use SQL Server failover. For more about this configuration, see

Configure WSUS for Network Load Balancing.

SQL Server, SQL Server Express, and Windows Internal Database provide the same

performance characteristics for a single server configuration, where the database and the

WSUS service are located on the same computer. A single server configuration can

support several thousand WSUS client computers.

Windows Server 2008 Enterprise Edition

Windows Server 2008 Enterprise Edition is the version of the operating system targeted at

large businesses.

Plan to deploy this version of Windows 2008 on servers that will run applications such as

SQL Server 2008 Enterprise Edition and Exchange Server 2007. These products require

the extra processing power and RAM that Enterprise Edition supports. When planning

deployments, consider Windows Server 2008 Enterprise Edition in situations that require

thefollowing technologies unavailable in Windows Server 2008 Standard

Edition:

Failover ClusteringFailover clustering is a technology that allows another server to continue

to service client requests in the event that the original server fails. Clustering is covered in

more detail in Chapter 11, “Clustering and High Availability.” You deploy failover clustering

on mission-critical servers to ensure that important resources are available even if a server

hosting those resources fails.

 

49. Your network consists of a single Active Directory domain. All domain controllers run

Windows Server 2008 R2. There are five Windows Server 2003 SP2 servers that have the

Terminal Server component installed. A firewall server runs Microsoft Internet Security and

Acceleration (ISA) Server 2006.

You plan to give remote users access to the Remote Desktop Services servers.

You need to create a remote access strategy for the Remote Desktop Services servers that

meets the following requirements:

·Restricts access to specific Remote Desktop Services servers

·Encrypts all connections to the Remote Desktop Services servers

·Minimizes the number of open ports on the firewall server

Whatshould you do?

A. Implement SSL bridging on the ISA Server. Require authentication on all inbound

connections to the ISA Server.

B. Implement port forwarding on the ISA Server. Require authentication on all inbound

connections to the ISA Server.

C. Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the

Windows Server 2008 R2 server, implement the Remote Desktop Gateway (RD Gateway)

role service, and configure a Remote Desktop resource authorization policy (RD RAP).

D. Upgrade a WindowsServer 2003 SP2 server to Windows Server 2008 R2. On the

Windows Server 2008 R2 server, implement the Remote Desktop Gateway (RD Gateway)

role service, and configure a Remote Desktop connection authorization policy (RD CAP).

Answer: C

Explanation:

MCITPSelf-Paced Training Kit Exam 70-646 Windows Server Administration:

Terminal Services Gateway TS Gateway allows Internet clients secure, encrypted access

to Terminal Servers behind your organization’s firewall without having to deploy a Virtual

Private Network (VPN) solution. This means that you can have users interacting with their

corporate desktop or applications from the comfort of their homes without the problems that

occur when VPNs are configured to run over multiple Network Address Translation

(NAT)gateways and the firewalls of multiple vendors.

TS Gateway works using RDP over Secure Hypertext Transfer Protocol (HTTPS), which is

the same protocol used by Microsoft Office Outlook 2007 to access corporate Exchange

Server 2007 Client Access Servers over the Internet. TS Gateway Servers can be

configured with connection authorization policies and resource authorization policies as a

way of differentiating access to Terminal Servers and network resources.

Connection authorization policies allow access based on a set of conditions specified by

the administrator; resource authorization policies grant access to specific Terminal Server

resources based on user account properties.

Resource Authorization Policies

Terminal Services resource authorization policies (TS-RAPs) are used to determine the

specific resources on an organization’s network that an incoming TS Gateway client can

connect to. When you create a TS-RAP you specify a group of computers that you want to

grant access to and the group of users thatyou will allow this access to. For example, you

could create a group of computers called AccountsComputers that will be accessible to

members of the Accountants user group. To be granted access to internal resources, a

remote user must meet the conditionsof at least one TS-CAP and at least one TS-RAP.

 

50. Your network consists of a single Active Directory domain. All servers run Windows Server

2008 R2. A server named Server1 has the Remote Desktop Services server role installed.

You notice that several users consume more than 30 percent of the CPU resources

throughout the day. You need to prevent users from consuming more than 15 percent of

the CPU resources. Administrators must not be limited by the amount of CPU resources

that they can consume.

What should you do?

A. Implement Windows System Resource Manager (WSRM), and configure user policies.

B. Implement Windows System Resource Manager (WSRM), and configure session

policies.

C. Configure Performance Monitor, and create a userdefined Data Collector Set.

D. Configure Performance Monitor, and create an Event Trace Session Data Collector Set.

Answer: A

Explanation:

You can use tools such as the Windows System Resource Manager and Performance

Monitor to determinememory and processor usage of Terminal Services clients. Once you

understand how the Terminal Server’s resources are used, you can determine the

necessary hardware resources and make a good estimate as to the Terminal Server’s

overall client capacity. Terminal Server capacity directly influences your deployment plans:

A server that has a capacity of 100 clients is not going to perform well when more than 250

clients attempt to connect. Monitoring tools are covered in more detail in “Monitoring

Terminal Services” later in this lesson.

Windows System Resource Manager

Windows System Resource Manager (WSRM) is a feature that you can install on a

Windows Server 2008 computer that controls how resources are allocated. The WSRM

console, shown in Figure 5-9, allows an administrator to apply WSRM policies. WSRM

includes four default policies and also allows administrators to create their own. The two

policies that will most interest you as someone responsible for planning and deploying

Terminal Services infrastructure are Equal_Per_User and Equal_Per_Session.

The Equal_Per_User WSRM policy ensures that each user is allocated resources equally,

even when one user has more sessions connected to the Terminal Server than other

users. Apply this policy when you allow users to have multiple sessions to the Terminal

Server—it stops any one user from monopolizing hardware resources by opening multiple

sessions. The Equal_Per_Session policy ensures that each session is allocated resources

equally. If applied on a Terminal Server where users are allowed to connect with multiple

sessions, this policy can allow those users to gain access to a disproportionate amount of

system resources in comparison to users with single sessions.

Get More Information : 70-646 exam