Free Sharing CertBus Updated Microsoft 70-647 VCE and PDF Exam Practice Materials
CertBus ensures to provide the most update 70-647 Windows Server 2008,Enterprise Administrator exam questions with the most accurate answers. CertBus MCITP 70-647 are the most complete and authoritative exam preparation materials with which one can pass the MCITP 70-647 exam in an easy way. Preparing for Microsoft MCITP 70-647 Windows Server 2008,Enterprise Administrator exam is really a tough task to accomplish. But CertBus will simplified the process.
We CertBus has our own expert team. They selected and published the latest 70-647 preparation materials from Microsoft Official Exam-Center: http://www.certgod.com/70-647.html
QUESTION NO:27
Your Company has one main office and 100 branch offices. The network consists of one Active
Directory domain. All domain controllers run Windows Server 2008 R2. The wide area network
(WAN) links from the branch offices to the main office are unreliable. A local administrator manages
each branch office. Your company plans to add a new branch office. You create a new organizational
unit (OU) that contains all the computer accounts for the new branch office. You configure a server
in the main office to test all new software updates. You install Microsoft Windows Server Update
Services (WSUS) 3.0. You need to implement an update management solution for the new branch
office to meet the following requirements:
. Only approved updates must be installed in the branch office.
. Client computers must be able to download updates if a WAN link fails.
. Each branch office administrator must be able to approve updates before installation.
What should you do?
A. In each branch office, install a WSUS 3.0 server as a replica server and configure it to download
updates from the main office. Configure all computers to receive updates from their local WSUS
server.
B. In each branch office, install a WSUS 3.0 server as a child server and configure it to download
updates from Microsoft Update. Configure all computers to receive updates from their local WSUS
server.
C. In the main office, install a WSUS 3.0 server as a child server and configure it to download updates
from Microsoft Update. Configure all computers to receive updates from the new WSUS server.
D. In the main office, install and configure a WSUS 3.0 server as a stand-alone server and configure it
to download updates from Microsoft Update. Configure all computers to receive updates from the
new WSUS server.
Answer: B
Explanation:
To ensure that only the approved updates by the head office are allowed to be installed in the new
branch office and to ensure that each branch office administrator must be able to approve the
updates before their installation, you need to install a WSUS 3.0 server as a child server in each
branch office. A child server can be configured as a replica or as an autonomous server. You should
not install/configure replica server because you don
QUESTION NO:43
Your network consists of two Active Directory forests. The Active Directory forests are configured as
shown in the following table. (Click the Exhibit)
The contoso.com and fabrikam.com domains each contain one server that runs Active Directory
Federation Services (AD FS). Users in the company1.contoso.com domain require access to an
application server in the company2.fabrikam.com domain. The application server is configured to
allow only Kerberos authentication. You need to ensure that users in the company1.contoso.com
domain can access the application server in the company2.fabrikam.com domain. What should you
do first?
A. Create a forest trust between the contoso.com forest and the fabrikam.com forest.
B. Create an external trust between the contoso.com domain and the fabrikam.com domain.
C. Create an AD FS federation trust between the contoso.com forest and the fabrikam.com forest.
D. Create an external trust between the company1.contoso.com domain and the
company2.fabrikam.com domain.
Answer: A
QUESTION NO:4
Your network consists of one Active Directory forest that contains one root domain and 22 child
domains. All domain controllers run Windows Server 2003. All domain controllers run the DNS
Server service and host Active Directory-integrated zones. Administrators report that it takes more
than one hour to restart the DNS servers. You need to reduce the time it takes to restart the DNS
servers. What should you do?
A. Upgrade all domain controllers to Windows Server 2008.
B. Upgrade all domain controllers in the root domain to Windows Server 2008, and then set the
functional level for the root domain to Windows Server 2008.
C. Deploy new secondary zones on additional servers in each child domain.
D. Change the Active Directory-integrated DNS zones to standard primary zones.
Answer: A
Explanation:
Sometime DNS server can take an hour or more in companies that have extremely large zones and
the DNS data of the company is stored in AD DS. The result is that the DNS server is effectively
unavailable to service client requests for the entire time that it takes to load AD DS-based zones. The
problem can be solved by upgrading the domain controllers to Windows Server 2008. This is because
a DNS server running Windows Server 2008 now loads zone data from AD DS in the background
while it restarts so that it can respond to requests for data from other zones.
Reference: DNS Server Role/ Background zone loading
http://technet2.microsoft.com/windowsserver2008/en/library/533a1cfc-5173-4248-914c-
433bd018f66d1033.mspx?mfr=true
QUESTION NO:21
Your network consists of one Active Directory domain. The functional level of the domain is
Windows Server 2008. The domain has 30 domain controllers. Twenty administrators manage the
domain. You plan to implement an audit and compliance policy. You need to ensure that all changes
made to Active Directory objects are recorded. What should you do?
A. On all domain controllers, run the Security Configuration Wizard (SCW).
B. In the Default Domain Controller Policy, configure a Directory Services Auditing policy.
C. In the Default Domain Controller Policy, configure and implement a file-level audit policy for the
SYSVOL volume.
D. Create a Group Policy object (GPO) linked to the Domain Controllers OU. Configure the GPO to
install the Microsoft Baseline Security Analyzer (MBSA).
Answer: B
Explanation:
To implement an audit and compliance policy and ensure that all changes made to Active Directory
objects are recorded, you need to configure a Directory Services Auditing policy in the Default
Domain Controller Policy. In Windows Server 2008, you can enable Audit Directory Service Access
policy to log events in the Security event log whenever certain operations are performed on objects
stored in Active Directory. Enabling the global audit policy, Audit directory service access, enables all
directory service policy subcategories. You can set this global audit policy in the Default Domain
Controllers Group Policy (under Security SettingsLocal PoliciesAudit Policy).
Reference: Windows Server 2008 Auditing AD DS Changes Step-by-Step Guide
http://technet2.microsoft.com/windowsserver2008/en/library/a9c25483-89e2-4202-881cea8e02b4b2a51033.
mspx?mfr=true
QUESTION NO:78
Your network consists of one Active Directory domain. The domain contains four servers that run
Windows Server 2008. The relevant servers are configured as shown in the following table. (Click the
Exhibit)
Your company has a department named Sales. All client computers in the Sales department run
Windows Vista and use an application named Application1. Application1 uses a dynamic-link library
(DLL) named Salesapp.dll. You plan to deploy a new application named Application2 that uses a
different version of Salesapp.dll. During testing, administrators report that Application2 causes
Application1 to fail when both applications run on the same computer. You need to ensure that
users can run both applications successfully on the same computer. The solution must enable users
that use portable computers to run both applications when they are disconnected from the network.
What should you do?
A. On Server1, create and link a Group Policy object (GPO) that assigns Application2 to all computers
in the Sales department.
B. On Server3, create a SoftGrid application package that contains Application2 and stream it to all
computers in the Sales department.
C. On Server2, install Application2. Configure all computers in the Sales department to access
Application2 by using Terminal Services Gateway (TS Gateway).
D. On Server2, install Application2. Configure all computers in the Sales department to run
Application2 by using Terminal Services RemoteApp (TS RemoteApps).
Answer: B
Explanation:
To ensure that both the applications should be able run on the same computer and must enable
users that use portable computers to run both applications when they are disconnected from the
network, you need to create a SoftGrid application package that contains App2 on Server3 and
stream it to all computers in the Marketing department. SoftGrid applications are sandboxed from
each other, so that different versions of the same application can be run under SoftGrid
concurrently. There can be numerous scripts per profile and scripts can even be stuff that is not
directly executable such as data or DLLs. SoftGrid can be executed on a connected desktop system
and published via Citrix. The Scripts used on this server can run BEFORE application execution or
AFTER the application terminates and can run inside or outside of isolation.
Reference: Application Streaming and SoftGrid – dual mode
http://blogs.technet.com/virtualworld/archive/2008/02/23/application-streaming-and-softgriddual-
mode.aspx
QUESTION NO:38
Your network consists of one Active Directory domain that contains two servers that run Windows
Server 2008 named Server1 and Server2. Server1 runs Active Directory Certificate Services (AD CS)
and is configured as a certification authority (CA). Server2 runs Internet Information Services (IIS)
and hosts a secure Web service. External users must subscribe in order to access the Web service.
The Web service accepts subscriptions only from client computers that run Windows XP Service Pack
2 or Windows Vista. The relevant portion of the network is configured as shown in the following
diagram.
You need to ensure that subscribers can successfully connect to the Web service on Server2 through
HTTPS. Users must not receive any certificate-related errors. What should you do on Server2?
A. Install a server certificate issued by Server1.
B. Issue and install a self-signed server certificate.
C. Install a server certificate issued by a public CA.
D. Install the trusted root CA certificate issued by Server1.
Answer: C
Explanation:
To ensure that the subscribers can successfully connect to the Web service on Server2 through
HTTPS without receiving any certificate errors, you need to install a server certificate issued by a
public CA. This is because a web service needs, that is not internal application of the company needs
to be accessed by the external users on the Internet server. Public Certificates are usually used
where services needs to be accessed on the Internet as in the above case on Server2 that runs
Internet Information Services (IIS) and hosts a secure Web service. The most common use of the
certificates granted by a public (that is, external) CA on the Internet is probably by sites doing ecommerce.
The certificates issued by Public CA are most commonly used by a site to identify itself to
the public and provide secure communications during financial and other sensitive transactions.
Certificates (or digital IDs) are used to verify the identity of a Web site and provide a secure
communications channel for transactions that may contain sensitive information. Digital certificates
can also be used by the news media or other sources of information to validate their identity, and
therefore the integrity of the provided data.
Reference: Certificate Server / Public CA
http://www.windowsitlibrary.com/Content/405/17/1.html
QUESTION NO:66
Your company has one office in San Diego and one office in New York. The network consists of one
Active Directory forest that contains one domain named contoso.com and one domain named
newyork.contoso.com. All servers run Windows Server 2008. All domain controllers for contoso.com
are located in San Diego. All domain controllers for newyork.contoso.com are located in New York.
Contoso.com contains two domain controllers named Server1 and Server2. Newyork.contoso.com
contains two domain controllers named Server3 and Server4. All domain controllers host Active
Directory-integrated DNS zones for their respective domains. You need to ensure that users from
each office can resolve computer names for both domains from a local DNS server. What should you
do?
A. Add the contoso.com and the newyork.contoso.com DNS zones to the ForestDNSZones partition.
B. Create a stub DNS zone for contoso.com on Server3. Create a stub DNS zone for
newyork.contoso.com on Server1.
C. Create a standard primary DNS zone named contoso.com on Server3. Create a standard primary
DNS zone named newyork.contoso.com on Server1.
D. Configure conditional forwarders on Server1 to point to Server3. Configure conditional forwarders
on Server3 to point to Server1.
Answer: A
Explanation:
To ensure that users from each office can resolve computer names for both domains from a local
DNS server, you need to add the contoso.com and the Branch.contoso.com DNS zones to the
ForestDNSZones partition because the ForestDNSZones directory partition can be replicated among
all domain controllers (DCs) located in both the domains Contoso.com and Newyork.contoso.com in
the forest of the company. This is because all the domain controllers have the DNS service installed.
Once the DNS Zones data is replicated the users from each office can resolve computer names for
both domains from their local DNS server A stub zone cannot be used because it is used to resolve
names between separate DNS namespaces a Standard Primary DNS zone cannot be used because
the DNS Server in this type of zone contains the only writable copy of the DNS zone database files.
There can be only one Standard Primary DNS Server for a particular zone. A conditional forwarder
cannot be used because it handles name resolution only for a specific domain. Reference: What
causes the error I receive in the event log when I attempt to replicate the ForestDNSZones directory
partition?
http://windowsitpro.com/article/articleid/43165/q-what-causes-the-error-i-receive-in-the-eventlog-
when-i-attempt-to-replicate-the-forestdnszones-directory-partition.html
Reference: Understanding stub zones
http://207.46.196.114/windowsserver/en/library/648f2efd-0ad4-4788-80c8-
75f8491f660e1033.mspx?mfr=true
Reference: DNS Conditional Forwarding in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows
_Server_2003.html
QUESTION NO:39
Your network contains 200 Web servers that run Windows Server 2008. You need to plan the
management of security settings for all servers on the network. The solution must meet the
following requirements:
. Minimize administrative effort.
. Maintain identical security settings for all servers.
. Enable compliance audits of servers added to the network.
What should you do first?
A. On each server, configure a local security audit policy.
B. On one server, run the Security Configuration Wizard (SCW).
C. On one server, install and run the Microsoft Security Assessment Tool (MSAT).
D. On one server, install and run the Microsoft Baseline Security Analyzer (MBSA).
Answer: B
Explanation:
To maintain identical security settings for all servers and enable compliance audits of servers added
to the network using minimum amount of administrative effort, you need to run Security
Configuration Wizard (SCW) on any one of the server on the network. SCW allows you to create a
policy on one system and then apply it to many systems. If you are building out a network with many
systems, you should first define host classes that are all configured separately. Then you can create a
policy using one of them as a prototype and easily apply the policy to all the others with little to no
modifications.
Reference: Security Watch Using SCW on Windows Server 2008 Configuring Your Server with SCW
http://technet.microsoft.com/en-us/magazine/cc194400.aspx
QUESTION NO:68
Your network consists of one Active Directory domain that contains two servers named Serverl1and
Server2 that run Windows Server 2008. Server1 runs Active Directory Certificate Services (AD CS)
and is configured as an enterprise root certification authority (CA). Server1 is only accessible from
the internal network. Server1 issues certificates to both internal and external client computers that
run Windows Vista. Server2 is configured as a Web server. Server2 is located in the perimeter
network and is only accessible through HTTP. The network is configured as shown in the following
diagram.
You need to recommend an e-mail security solution for all Windows Vista client computers that
meets the following requirements. Users must only request status information for individual
certificates. Users must be notified when they attempt to send a secure e-mail message to a user
that has an expired certificate. What should you recommend?
A. Configure a root CA on Server2.
B. Configure a subordinate CA on Server2.
C. Configure the Online Responder service on Server2.
D. Configure a certification revocation list (CRL) distribution point on Server2.
Answer: C
Explanation:
To ensure that the clients can only request status information for individual certificates and they
should be notified when they attempt to send a secure e-mail message to a user that has an expired
certificate, you need to configure the Online Responder service on Server2. An Online Responder
receives and responds only to requests from clients for information about the status of a single
certificate. The use of Online Responders that distribute Online Certificate Status Protocol (OCSP)
responses, along with the use of CRLs, is one of two common methods for conveying information
about the validity of certificates. CRLs should not be used because they are distributed periodically
and contain information about all certificates that have been revoked or suspended.
AD CS: Online Certificate Status Protocol Support
http://technet2.microsoft.com/windowsserver2008/en/library/99d1f392-6bcd-4ccf-94ee-
640fc100ba5f1033.mspx?mfr=true
QUESTION NO:62
Your company has one main office and 10 branch offices. You plan to deploy Active Directory. You
need to recommend a solution to recover Active Directory domain objects in the event of data loss.
The solution must ensure that you can recover individually deleted user accounts. What should you
recommend?
A. Install multiple domain controllers.
B. Install a server that runs Windows Server 2008 that has Active Directory Lightweight Directory
Services (AD LDS).
C. Schedule regular system state backups by using Windows Server Backup.
D. Schedule regular backups of the SYSVOL folder on the existing domain controller.
Answer: C
Explanation:
To make sure that the Active Directory domain objects can be recovered in the event of data loss
and to recover individually deleted user accounts, you need to use Windows Server Backup to
schedule regular system state backups. The Windows Server Backup feature in Windows Server 2008
consists of an MMC snap-in and command-line tools that provide a complete solution for your dayto-
day backup and recovery needs. You can use four wizards to guide you through running backups
and recoveries. You can use Windows Server Backup to back up a full server (all volumes), selected
volumes, or the system state. You can recover volumes, folders, files, certain applications, and the
system state. And, in case of disasters like hard disk failures, you can perform a system recovery by
using a full server backup and the Windows Recovery Environment
CertBus exam braindumps are pass guaranteed. We guarantee your pass for the 70-647 exam successfully with our Microsoft materials. CertBus Windows Server 2008,Enterprise Administrator exam PDF and VCE are the latest and most accurate. We have the best Microsoft in our team to make sure CertBus Windows Server 2008,Enterprise Administrator exam questions and answers are the most valid. CertBus exam Windows Server 2008,Enterprise Administrator exam dumps will help you to be the Microsoft specialist, clear your 70-647 exam and get the final success.
70-647 Latest questions and answers on Google Drive(100% Free Download): https://drive.google.com/file/d/0B_3QX8HGRR1mSl9Pd3J1Nm8wYlk/view?usp=sharing
70-647 Microsoft exam dumps (100% Pass Guaranteed) from CertBus: http://www.certgod.com/70-647.html [100% Exam Pass Guaranteed]
Why select/choose CertBus?
Millions of interested professionals can touch the destination of success in exams by certgod.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.