CertBus New Updated 70-647 Exam Dumps Free Download
This dump is 100% valid to pass Microsoft MCITP 70-647 exam. The only tips is please do not just memorize the questions and answers, you need to get through understanding of it because the question changed a little in the real exam. Follow the instructions in the CertBus MCITP 70-647 Windows Server 2008,Enterprise Administrator PDF and VCEs. All CertBus materials will help you pass your Microsoft MCITP exam successfully.
We CertBus has our own expert team. They selected and published the latest 70-647 preparation materials from Microsoft Official Exam-Center: http://www.certgod.com/70-647.html
QUESTION NO:18
Your network consists of one Active Directory forest that contains two domains. All domain
controllers run Windows Server 2003. The network contains file servers that run Windows Server
2003 R2. The files servers run DFS Replication. The forest root domain is named contoso.com and
the child domain is named corp.contoso.com. You prepare the forest schema for the installation of
domain controllers that run Windows Server 2008. You prepare the corp.contoso.com domain. You
install a new domain controller that runs Windows Server 2008 on corp.contoso.com. You need to
plan an Active Directory implementation to meet the following requirements:
Enable DFS Replication support for SYSVOL on corp.contoso.com.
Allow the installation of new domain controllers that run Windows Server 2003 in the forest root
domain. What should you include in your plan?
A. Upgrade all file servers to Windows Server 2008.
B. Run adprep /domainprep /gpprep on the corp.contoso.com domain and run adprep /domainprep
on the contoso.com domain.
C. Upgrade all Windows Server 2003 domain controllers to Windows Server 2008. Raise the
functional level of the forest to Windows Server 2008.
D. Upgrade the Windows Server 2003 domain controllers in corp.contoso.com to Windows Server
2008. Raise the corp.contoso.com domain functional level to Windows Server 2008.
Answer: D
Explanation:
To enable DFS Replication support for SYSVOL on corp.contoso.com and to allow the installation of
new domain controllers that run Windows Server 2003 in the forest root domain, you need to
Upgrade the Windows Server 2003 domain controllers in corp.contoso.com to Windows Server 2008
and raise the functional level of corp.contoso.com domain to Windows Server 2008. Upgrade the
Windows Server 2003 domain controllers in corp.contoso.com to Windows Server 2008 enables you
to use domain-based namespaces. DFS Replication is an efficient, multiple-master replication engine
that you can use to keep folders synchronized between servers across limited bandwidth network
connections. It replaces the File Replication Service (FRS) as the replication engine for DFS
Namespaces, as well as for replicating the AD DSSYSVOL folder in domains that use the Windows
Server 2008 domain functional level. To facilitate migrating existing SYSVOL folders to DFS
Replication, Windows Server 2008 includes a Dcpromo tool that helps to migrate the replication of
existing SYSVOL folders from FRS to DFS Replication. The Windows Server 2008 will use DFS
Replication for SYSVOL if the domain functional level is Windows Server 2008
Reference: Distributed File System
http://technet2.microsoft.com/windowsserver2008/en/library/1f0d326d-35af-4193-bda3-
0d1688f90ea71033.mspx?mfr=true
QUESTION NO:7
Your network consists of one Active Directory domain. The functional level of the forest is Windows
Server 2003. All domain controllers run Windows Server 2003. The relevant portion of the network is
configured as shown in the exhibit. (Click the Exhibit button.)
The Bridge all site links option is enabled.
You need to ensure that domain controllers in the spoke sites can replicate with domain controllers
in only the hub sites. The solution must ensure that domain controllers can replicate if a server fails
in one of the hub sites.
What should you do?
A. Lower the site link costs between the spoke sites and the hub sites.
B. Disable the Bridge all site links option. Create site link bridges that include the site links between
each spoke site and the hub sites.
C. Disable the Bridge all site links option. Install a writable domain controller that runs Windows
Server 2008 in each hub site.
D. Enable the global catalog server attribute for all domain controllers in the hub sites. Upgrade all
domain controllers in the spoke sites to Windows Server 2008.
Answer: B
Explanation:
By default, all site links are bridged so that all the sites that are not connected by an explicit site link
can communicate directly, through a chain of intermediary site links and sites. However, if you want
to ensure that domain controllers in the spoke sites do not replicate with other spoke sites when a
server fails in one of the hub sites, you need to disable the Bridge all site links option. You need to
then create site link bridges to create the site links between each spoke site and the hub sites to
ensure that domain controllers in the spoke sites can replicate with domain controllers in the hub
sites.
Reference: Configuring site link bridges
http://technet2.microsoft.com/windowsserver/en/library/b42bb443-c5cd-4539-8dfa-
917dbddb087a1033.mspx?mfr=true
QUESTION NO:14
Your company has one main office and 20 branch offices. Each office is configured as an Active
Directory site. The network consists of one Active Directory domain. All servers run Windows Server
2008 R2 and all client computers run Windows 7. The main office contains three domain controllers.
You need to deploy one domain controller in each branch office to meet the following requirements:
. Authentication to a main office domain controller must only occur if a local domain controller fails.
. Client computers in the main office must not authenticate to a domain controller in a branch
office.
. Client computers in a branch office must not authenticate to a domain controller in another
branch office.
. Client computers in each branch office must attempt to authenticate to the domain controller at
their local site first.
What should you do first?
A. Associate the IP subnet of each branch office to the Active Directory site of the main office.
B. Select the read-only domain controller (RODC) option and the Global Catalog option when
deploying the branch office domain controllers.
C. Create a Group Policy object (GPO) that applies to all branch office domain controllers and
controls the registration of DNS service location (SRV) records.
D. Configure only the main office domain controllers as global catalog servers. Enable Universal
Group Membership Caching in the Active Directory site for each branch office.
Answer: C
Explanation:
To deploy domain controllers in the branch offices and make sure that the client computers in each
branch office must attempt to authenticate to the domain controller at their local site first and the
authentication to a main office domain controller must only occur if a local domain controller fails
and to meet other specified requirements, you need to create a Group Policy object (GPO) for all
branch office domain controllers to control the registration of DNS service location (SRV) records.
SRV records are used by Windows Server to locate domain controllers in specific domains, domain
controllers in the same site, global catalogue servers, and key distribution centers.
Reference: DNS Service Records and Locating Domain Controllers
QUESTION NO:21
Your network consists of one Active Directory domain. The functional level of the domain is
Windows Server 2008. The domain has 30 domain controllers. Twenty administrators manage the
domain. You plan to implement an audit and compliance policy. You need to ensure that all changes
made to Active Directory objects are recorded. What should you do?
A. On all domain controllers, run the Security Configuration Wizard (SCW).
B. In the Default Domain Controller Policy, configure a Directory Services Auditing policy.
C. In the Default Domain Controller Policy, configure and implement a file-level audit policy for the
SYSVOL volume.
D. Create a Group Policy object (GPO) linked to the Domain Controllers OU. Configure the GPO to
install the Microsoft Baseline Security Analyzer (MBSA).
Answer: B
Explanation:
To implement an audit and compliance policy and ensure that all changes made to Active Directory
objects are recorded, you need to configure a Directory Services Auditing policy in the Default
Domain Controller Policy. In Windows Server 2008, you can enable Audit Directory Service Access
policy to log events in the Security event log whenever certain operations are performed on objects
stored in Active Directory. Enabling the global audit policy, Audit directory service access, enables all
directory service policy subcategories. You can set this global audit policy in the Default Domain
Controllers Group Policy (under Security SettingsLocal PoliciesAudit Policy).
Reference: Windows Server 2008 Auditing AD DS Changes Step-by-Step Guide
http://technet2.microsoft.com/windowsserver2008/en/library/a9c25483-89e2-4202-881cea8e02b4b2a51033.
mspx?mfr=true
QUESTION NO:23
Your network contains servers that run Windows Server 2008 and client computers that run
Windows Vista. All network routers support IPsec connections. Client computers and servers use
IPsec to connect through network routers. You have two servers named Server1 and Server2.
Server1 has Active Directory Certificate Services (AD CS) installed and is configured as a certification
authority (CA). Server2 runs Internet Information Services (IIS). You need to recommend a certificate
solution for the network routers. The solution must meet the following requirements:
. Use the Simple Certificate Enrollment Protocol (SCEP).
. Enable the routers to automatically request certificates.
What should you recommend implementing?
A. certification authority Web enrollment services on Server2
B. Network Device Enrollment Service on Server2
C. Online Responder service on Server1
D. subordinate CA on Server1
Answer: B
Explanation:
To recommend a certificate solution for the network routers that would enable the routers to
automatically request certificates and that would use Simple Certificate Enrollment Protocol (SCEP),
you need to implement Network Device Enrollment Service on Server2. The Network Device
Enrollment Service allows routers and other network devices to obtain certificates based on the
Simple Certificate Enrollment Protocol (SCEP) from Cisco Systems Inc.
Reference: Windows Server Active Directory Certificate Services Step-by-Step Guide/ AD CS
Technology Review
http://technet2.microsoft.com/windowsserver2008/en/library/f7dfccc0-4f65-4d6f-a801-
ae6a87fd174c1033.mspx?mfr=true
QUESTION NO:17
Your network consists of one Active Directory domain. The domain contains servers that run
Windows Server 2008. The relevant servers are configured as shown in the following table. (Click the
Exhibit)
All client computers run Windows Vista. You plan to deploy two Java-based applications on all client
computers. The two applications each require a different version of the Java Runtime Environment
(JRE). After testing, you notice that the two JREs prevent the applications from running on the same
computer. You need to recommend a solution that enables the two Java-based applications to run
on all client computers. What should you recommend?
A. Create two Windows Installer (MSI) packages that each contains one version of the JRE and one
compatible application. On Server2, advertise both packages to all client computers.
B. Create two Windows Installer (MSI) packages that each contains one version of the JRE and one
compatible application. On Server1, create a Group Policy object (GPO) that assigns both packages
to all client computers.
C. Use the SoftGrid Sequencer to create two application packages that each contains one version of
JRE and one compatible application. On Server3, stream both application packages to all client
computers.
D. Install the two JRE versions and the two Java-based applications on Server4. Configure all client
computers to connect to the Java-based applications by using Terminal Services RemoteApp (TS
RemoteApp).
Answer: C
Explanation:
To run two Java-based applications that require different versions of Java Runtime Environment
(JRE) on all the client computers of the department you need to create two application packages
using the SoftGrid Sequencer. Each package should contain one version of JRE and its compatible
application. SoftGrid packages and virtualizes Windows applications for delivery as network services.
SoftGrid basically insulates an application from other applications such that they don’t conflict with
one another. In this scenario, where different versions of the Java Runtime are required to run two
applications you can use SoftGrid to”sequence” the required version of the JRE with the application.
When the application is executed it sees only the JRE that it needs and not the other JRE that is
“sequenced” with the other application. You need to stream both application packages to all client
computers on the Server3 because you need the execution of the application to happen on the
Terminal Server so that applications can run on all client computers through Terminal Server.
SoftGrid can be used on and Terminal Servers.
Reference: Re: SoftGrid General Queries
http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3266992andSiteID=17
Reference: Application Packaging: The SoftGrid Sequencer
http://www.microsoft.com/systemcenter/softgrid/evaluation/sequencer.mspx
QUESTION NO:20
Your Company has one main office and four branch offices. Each branch office has a read-only
domain controller (RODC). The network consists of one Active Directory domain. All domain
controllers run Windows Server 2008 R2. Some branch office users work in a department named
Sales. Sales department users must be able to log on to all computers in their respective branch
offices, even if a wide area network (WAN) link fails. The company security policy has the following
requirements:
. User account passwords must be replicated to the minimum number of locations.
. A minimum number of passwords must be replicated to the branch office domain controllers.
You need to configure a password replication policy that supports the company security policy.
What should you do?
A. Install a writable domain controller in all branch offices. Create one global group that contains all
Sales department users. Create a fine-grained password policy and apply the policy to the group.
B. Install a writable domain controller in all branch offices. Create one global group that contains the
computers of all Sales department users. Add the group to the Allowed RODC Password Replication
Group in the domain.
C. Create one global group for each branch office that contains the Sales department users and
computers in the corresponding branch office. Add all groups to Windows Authorization Access
Group in the domain.
D. Create one global group for each branch office that contains the Sales department users and
computers in the corresponding office. Add each group to the Password Replication Policy in the
corresponding branch office.
Answer: D
Explanation:
To configure a password replication policy for the company keeping in mind the security policy of
the company, you need to create one global group for each branch office that contains the Sales
department users and computers in the corresponding office. This is because the password
replication policy must include the appropriate user, computer, and service accounts in order to
allow the RODC to satisfy authentication and service ticket requests locally. You need to then add
each group to the Password Replication Policy in the corresponding branch office. The Password
Replication Policy acts as an access control list (ACL). It determines if an RODC should be permitted
to cache a password. After the RODC receives an authenticated user or computer logon request, it
refers to the Password Replication Policy to determine if the password for the account should be
cached. The same account can then perform subsequent logons more efficiently
Reference: Password Replication Policy
http://technet2.microsoft.com/windowsserver2008/en/library/977fff54-0c7e-46cd-838b-
1161aa09a46c1033.mspx?mfr=true
QUESTION NO:11
Your network consists of one Active Directory domain. All domain controllers run Windows Server
2008. You need to prepare the environment to provide a high-availability solution for a back-end
Microsoft SQL Server 2005 data store. What should you do?
A. Install a Windows Server 2003 Network Load Balancing cluster.
B. Install a Windows Server 2008 Network Load Balancing cluster.
C. Install a Windows Server 2008 failover cluster that has shared storage.
D. Install a Windows Server 2008 failover cluster that has direct attached storage.
Answer: C
Explanation:
To ensure the high availability of the data store, you need to use Windows Server 2008 failover
cluster having a shared storage. Failover clustering can help you build redundancy into your network
and eliminate single points of failure. Administrators have better control and can achieve better
performance with storage than was possible in previous releases. Failover clusters now support
GUID partition table (GPT) disks that can have capacities of larger than 2 terabytes, for increased
disk size and robustness. Administrators can now modify resource dependencies while resources are
online, which means they can make an additional disk available without interrupting access to the
application that will use it. And administrators can run tools in Maintenance Mode to check, fix, back
up, or restore disks more easily and with less disruption to the cluster. You should not use Network
Load Balancing (NLB) because it only allows you to distribute TCP/IP requests to multiple systems in
order to optimize resource utilization, decrease computing time, and ensure system availability.
Reference: High Availability
http://www.microsoft.com/windowsserver2008/en/us/high-availability.aspx
QUESTION NO:10
Your network consists of one Active Directory domain. The network contains one Active Directory
site. All domain controllers run Windows Server 2008. You create a second Active Directory site and
plan to install a domain controller that runs Windows Server 2008 in the new site. You also plan to
deploy a new firewall to connect the two sites. You need to enable the domain controllers to
replicate between the two sites. Which traffic should you permit through the firewall?
A. LDAP
B. NetBIOS
C. RPC
D. SMTP
Answer: C
Explanation:
You should permit RPC traffic through the firewall to enable the domain controllers to replicate
between the two sites because the Active Directory relies on remote procedure call (RPC) for
replication between domain controllers. You can open the firewall wide to permit RPC’s native
dynamic behavior.
Reference: Active Directory Replication over Firewalls
http://technet.microsoft.com/en-us/library/bb727063.aspx
QUESTION NO:32
Your network consists of one Active Directory forest. The functional level of the forest is Windows
Server 2003. You upgrade all domain controllers from Windows Server 2003 SP2 to Windows Server
2008 R2. You plan to deploy the first read-only domain controller (RODC) in the forest. You need to
prepare the network for the installation of the RODC. What should you do?
A. Run adprep /rodcprep on any computer in the forest.
B. Run adprep /forestprep on the schema operations master server.
C. Raise the forest functional level to Windows Server 2008 R2.
D. Raise the domain functional level to Windows Server 2008 R2.
Answer: A
Explanation:
To deploy the first RODC to the forest which operates at the functional level of Windows Server
2003, you need to Run adprep /rodcprep on any computer in the forest. Before you can install an
RODC in a Windows 2000 Server or Windows Server 2003 forest, you must prepare the forest by
running adprep /rodcprep. You can run adprep /rodcprep on any computer in the forest. You can run
it multiple times if necessary.
Reference: Scenarios for Installing AD DS
http://207.46.196.114/windowsserver2008/en/library/708da9f7-aaad-4fa1-bccb-
76ea8569da501033.mspx?mfr=true
CertBus exam braindumps are pass guaranteed. We guarantee your pass for the 70-647 exam successfully with our Microsoft materials. CertBus Windows Server 2008,Enterprise Administrator exam PDF and VCE are the latest and most accurate. We have the best Microsoft in our team to make sure CertBus Windows Server 2008,Enterprise Administrator exam questions and answers are the most valid. CertBus exam Windows Server 2008,Enterprise Administrator exam dumps will help you to be the Microsoft specialist, clear your 70-647 exam and get the final success.
70-647 Latest questions and answers on Google Drive(100% Free Download): https://drive.google.com/file/d/0B_3QX8HGRR1mSl9Pd3J1Nm8wYlk/view?usp=sharing
70-647 Microsoft exam dumps (100% Pass Guaranteed) from CertBus: http://www.certgod.com/70-647.html [100% Exam Pass Guaranteed]
Why select/choose CertBus?
Millions of interested professionals can touch the destination of success in exams by certgod.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.