Free Download the Most Update CertBus Microsoft 70-646 Brain Dumps
How to pass MCSA 70-646 exam 100% without any difficulties? We, CertBus, provide the latest exam preparation material for the Microsoft 70-646 Windows Server 2008, Server Administrator exam. Successful candidates share their experience about their MCSA 70-646 exam and the MCSA 70-646 exam preparation with CertBus exam Q and As. CertBus provides the new VCE and PDF dumps for the latest 70-646 exam. We ensure your MCSA 70-646 Windows Server 2008, Server Administrator exam pass.
We CertBus has our own expert team. They selected and published the latest 70-646 preparation materials from Microsoft Official Exam-Center: http://www.certgod.com/70-646.html
QUESTION NO:28
Your network consists of a single Active Directory domain. The domain contains three
organizational units (OUs) named Test, Application, and Database.
You need to redesign the layout of the OUs to support the following requirements:
-Prevent Group Policy objects (GPOs) that are linked to the domain from applying to computers
located in the
Applications OU
-Minimize the number of GPOs
-Minimize the number of Ous
What should you include in your design?
A. Create a Starter GPO.
B. Create a Windows Management Instrumentation (WMI) filter.
C. Delegate permissions on the Application OU.
D. Configure block inheritance on the Application OU.
Answer: D
Explanation:
Understanding Group Policy
You already know that Group Policy settings contained in Group Policy objects (GPOs) can be
linked to OUs, and that OUs can either inherit settings from parent OUs or block inheritance and
obtain their specific settings from their own linked GPOs. You also know that some
policies
QUESTION NO:31
Your network consists of three Active Directory forests. Forest trust relationships exist between all
forests. Each forest contains one domain. All domain controllers run Windows Server 2008 R2.
Your company has three network administrators. Each network administrator manages a forest
and the Group Policy objects (GPOs) within that forest.
You need to create standard GPOs that the network administrators in each forest will use. The
GPOs must meet the following requirements:
-The GPOs must only contain settings for either user configurations or computer configurations.
-The number of GPOs must be minimized.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. Export the new GPOs to .cab files. Ensure that the .cab files are available to the network
administrator in each forest.
B. Create two new GPOs. Configure both GPOs to use the required user configurations and the
required computer configurations.
C. Create two new GPOs. Configure one GPO to use the required user configuration. Configure
the other GPO to use the required computer configuration.
D. Back up the Sysvol folder that is located on the domain controller where the new GPOs were
created. Provide the backup to the network administrator in each forest.
Answer: A,C
Explanation:
http://technet.microsoft.com/en-us/library/ee390958.aspx
http://www.petri.co.il/working_with_group_policy.htm
Export a GPO to a File
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2
You can export a controlled Group Policy object (GPO) to a CAB file so that you can copy it to a
domain in another forest and import the GPO into Advanced Group Policy Management (AGPM)
in that domain. For information about how to import GPO settings into a new or existing GPO, see
Import a GPO from a File.
A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions
in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review
the details in “Additional considerations” in this topic.
To export a GPO to a file
1. In the Group Policy Management Console tree, click Change Control in the forest and domain in
which you want to manage GPOs.
2. On the Contents tab, click the Controlled tab to display the controlled GPOs.
3. Right-click the GPO, and then click Export to.
4. Enter a file name for the file to which you want to export the GPO, and then click Export. If the
file does not exist, it is created. If it already exists, it is replaced.
Additional considerations
. By default, you must be an Editor or an AGPM Administrator (Full Control) to perform this
procedure. Specifically, you must have List Contents, Read Settings, and Export GPO permissions
for the GPO.
Group Policy sections
Each GPO is built from 2 sections:
. Computer configuration contains the settings that configure the computer prior to the user logon
combo-box.
. User configuration contains the settings that configure the user after the logon. You cannot
choose to apply the setting on a single user, all users, including administrator, are affected by the
settings.
QUESTION NO:8
Your network consists of a single Active Directory domain. The network is located on the
172.16.0.0/23 subnet.
The company hires temporary employees. You provide user accounts and computers to the
temporary employees. The temporary employees receive computers that are outside the Active
Directory domain. The temporary employees use their computers to connect to the network by
using wired connections and wireless connections.
The company’s security policy specifies that the computers connected to the network must have
the latest updates for the operating system.
You need to plan the network’s security so that it complies with the company’s security policy.
What should you include in your plan?
A. Implement a Network Access Protection (NAP) strategy for the 172.16.0.0/23 subnet.
B. Create an extranet domain within the same forest. Migrate the temporary employees’ user
accounts to the extranet domain. Install the necessary domain resources on the 172.16.0.0/23
subnet.
C. Move the temporary employees’ user accounts to a new organizational unit (OU). Create a new
Group Policy object (GPO) that uses an intranet Microsoft Update server. Link the new GPO to the
new OU.
D. Create a new subnet in a perimeter network. Relocate the wireless access point to the
perimeter network. Require authentication through a VPN server before allowing access to the
internal resources.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/dd125338(WS.10).aspx
Network Access Protection Design Guide
Updated: October 6, 2008
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
Network Access Protection (NAP) is one of the most anticipated features of the
WindowsServer.2008 operating system. NAP is a new platform that allows network
administrators to define specific levels of network access based on a client
QUESTION NO:45
Your network consists of a single Active Directory domain. All domain controllers run Windows
Server 2008 R2. There are five Windows Server 2003 SP2 servers that have the Terminal Server
component installed. A firewall server runs Microsoft Internet Security and Acceleration (ISA)
Server 2006.
You plan to give remote users access to the Remote Desktop Services servers.
You need to create a remote access strategy for the Remote Desktop Services servers that meets
the following requirements:
QUESTION NO:50
Your network consists of a single Active Directory domain. The domain contains a server that runs
Windows Server 2008 R2 and that has the Remote Desktop Services server role installed.
The server has six custom Applications installed. The custom Applications are configured as
RemoteApps.
You notice that when a user runs one of the Applications, other users report that the server seems
slow and that some Applications become unresponsive.
You need to ensure that active user sessions receive equal access to system resources.
What should you do?
A. Implement Remote Desktop Web Access.
B. Implement Remote Desktop Connection Broker.
C. Configure Performance Monitor.
D. Implement Windows System Resource Manager.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc771218(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc732553(WS.10).aspx
Terminal Services and Windows System Resource Manager
Windows. System Resource Manager (WSRM) on Windows Server. 2008 allows you to control
how CPU and memory resources are allocated to applications, services, and processes on the
computer. Managing resources in this way improves system performance and reduces the chance
that applications, services, or processes will take CPU or memory resources away from one
another and slow down the performance of the computer. Managing resources also creates a
more consistent and predictable experience for users of applications and services running on the
computer.
You can use WSRM to manage multiple applications on a single computer or users on a computer
on which
Terminal Services is installed.
Resource-Allocation Policies
WSRM uses resource-allocation policies to determine how computer resources, such as CPU and
memory, are allocated to processes running on the computer. There are two resource-allocation
policies that are specifically designed for computers running Terminal Services. The two Terminal
Services-specific resource-allocation policies are:
Equal_Per_User
Equal_Per_Session
QUESTION NO:43
Your network consists of a single Active Directory domain. All domain controllers run Windows
Server 2008 R2.
Your company and an external partner plan to collaborate on a project. The external partner has
an Active Directory domain that contains Windows Server 2008 R2 domain controllers.
You need to design a collaboration solution that meets the following requirements:
-Allows users to prevent sensitive documents from being forwarded to untrusted recipients or
from being printed.
-Allows users in the external partner organization to access the protected content to which they
have been granted rights.
-Sends all interorganizational traffic over port 443.
-Minimizes the administrative effort required to manage the external users.
What should you include in your design?
A. Establish a federated trust between your company and the external partner. Deploy a Windows
Server 2008 R2 server that has Microsoft SharePoint Foundation 2010 installed.
B. Establish a federated trust between your company and the external partner. Deploy a Windows
Server 2008 R2 server that runs Microsoft SharePoint 2010 and that has the Active Directory
Rights Management Services (AD RMS) role installed.
C. Establish an external forest trust between your company and the external partner. Deploy a
Windows Server 2008 R2 server that has the Active Directory Certificate Services server role
installed. Implement Encrypting File System (EFS).
D. Establish an external forest trust between your company and the external partner. Deploy a
Windows Server 2008 R2 server that has the Active Directory Rights Management Service (AD
RMS) role installed and Microsoft SharePoint Foundation 2010 installed.
Answer: B
Explanation:
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration:
Active Directory Federation Services
You can create forest trusts between two or more Windows Server 2008 forests (or Windows
Server 2008 and Windows Server 2003 forests). This provides cross-forest access to resources
that are located in disparate business units or organizations. However, forest trusts are sometimes
not the best option, such as when access across organizations needs to be limited to a small
subset of individuals. Active Directory Federation Services (AD FS) enables organizations to allow
limited access to their infrastructure to trusted partners. AD
FS acts like a cross-forest trust that operates over the Internet and extends the trust relationship to
Web applications (a federated trust). It provides Web single-sign-on (SSO) technologies that can
authenticate a user over the life of a single online session. AD FS securely shares digital identity
and entitlement rights (known asclaims) across security and enterprise boundaries.
Windows Server 2003 R2 introduced AD FS and Windows Server 2008 expands it. New AD FS
features introduced in Windows Server 2008 include the following:
Improved application supportWindows Server 2008 integrates AD FS with Microsoft Office
SharePoint Server 2007 and Active Directory Rights Management Services (AD RMS).
Improved installationAD FS is implemented in Windows Server 2008 as a server role. The
installation wizard includes new server validation checks.
Improved trust policyImprovements to the trust policy import and export functionality help to
minimize configuration issues that are commonly associated with establishing federated trusts.
AD FS extends SSO functionality to Internet-facing applications. Partners experience the same
streamlined SSO user experience when they access the organization
QUESTION NO:34
Your company has a branch office that contains a Windows Server 2008 R2 server. The server
runs Windows Server Update Services (WSUS).
The company opens four new satellite offices. Each satellite office connects to the branch office by
using a dedicated WAN link.
You need to design a strategy for patch management that meets the following requirements:
-WSUS updates are approved from a central location.
-WAN traffic is minimized between the branch office and the satellite offices.
What should you include in your design?
A. In each satellite office, install a WSUS server. Configure each satellite office WSUS server as a
replica of the branch office WSUS server.
B. In each satellite office, install a WSUS server. Configure each satellite office WSUS server as
an autonomous server that synchronizes to the branch office WSUS server.
C. On the branch office WSUS server, create a computer group for each satellite office. Add the
client computers in each satellite office to their respective computer groups.
D. For each satellite office, create an organizational unit (OU). Create and link a Group Policy
object (GPO) to each OU. Configure different schedules to download updates from the branch
office WSUS server to the client computers in each satellite office.
Answer: A
Explanation:
Replica Mode and Autonomous Mode
You have two options when configuring the administration model for your organization
QUESTION NO:21
Your network consists of a single Active Directory domain. The network includes a branch office
named Branch1. Branch1 contains a Read only Domain Controller (RODC) named Server1. A
global group named Branch1admins contains the user accounts for administrators. Administrators
manage the client computers and servers in Branch1.
You need to recommend a solution for delegating control of Server1.
Your solution must meet the following requirements:
-Allow the members of the Branch1admins group to administer Server1 including, change device
drivers and install operating system updates by using Windows Update.
-Provide the Branch1admins group rights on Server1 only.
-Prevent Branch1admins group from modifying Active Directory objects.
What should you recommend?
A. Add the Branch1admins global group to the Server Operators builtin local group.
B. Add the members of the Branch1admins global group to the Administrators builtin local group of
Server1.
C. Grant Full Control permission on the Server1 computer object in the domain to the
Branch1admins group
D. Move the Server1 computer object to a new organizational unit (OU) named Branch1servers.
Grant Full Control permission on the Branch1servers OU to the Branch1admins group.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc753223(WS.10).aspx
Administrator role separation
Administrator role separation specifies that any domain user or security group can be delegated to
be the local administrator of an RODC without granting that user or group any rights for the
domain or other domain controllers. Accordingly, a delegated administrator can log on to an
RODC to perform maintenance work, such as upgrading a driver, on the server. But the delegated
administrator is not able to log on to any other domain controller or perform any other
administrative task in the domain. In this way, a security group that comprises branch users, rather
than members of the Domain Admins group, can be delegated the ability to effectively manage the
RODC in the branch office, without compromising the security of the rest of the domain.
QUESTION NO:2
Your network consists of a single Active Directory domain. Your main office has an Internet
connection.
Your company plans to open a branch office. The branch office will connect to the main office by
using a WAN link. The WAN link will have limited bandwidth. The branch office will not have
access to the Internet. The branch office will contain 30 Windows Server 2008 R2 servers.
You need to plan the deployment of the servers in the branch office.
The deployment must meet the following requirements:
-Installations must be automated.
-Computers must be automatically activated.
-Network traffic between the offices must be minimized.
What should you include in your plan?
A. In the branch office, implement Key Management Service (KMS), a DHCP server, and
Windows Deployment Services (WDS).
B. Use Multiple Activation Key (MAK) Independent Activation on the servers. In the main office,
implement a DHCP server and Windows Deployment Services (WDS).
C. In the main office, implement Windows Deployment Services (WDS). In the branch office,
implement a DHCP server and implement the Key Management Service (KMS).
D. Use Multiple Activation Key (MAK) Independent Activation on the servers. In the main office,
implement a DHCP server. In the branch office, implement Windows Deployment Services (WDS).
Answer: A
Explanation:
The key here is that bandwidth from the branch to the main office is limited and there is no direct
link to MS.
WDS and Product Activation
Although product activation does not need to occur during the actual installation process,
administrators considering using WDS to automate deployment should also consider using volume
activation to automate activation. Volume activation provides a simple centralized method that
systems administrators can use for the activation of large numbers of deployed servers. Volume
activation allows for two types of keys and three methods of activation. The key types are the
Multiple Activation Key (MAK) and the Key Management Services (KMS) key.
Multiple Activation Keys allow activation of a specific number of computers. Each successful
activation depletes the activation pool. For example, a MAK key that has 100 activations allows for
the activation of 100 computers. The Multiple Activation Key can use the MAK Proxy Activation
and the MAK Independent Activation activation methods. MAK Proxy Activation uses a centralized
activation request on behalf of multiple products using a single connection to Microsoft
QUESTION NO:26
Your network consists of a single Active Directory domain. The functional level of the domain is
Windows Server 2008 R2.
All domain controllers run Windows Server 2008 R2. A corporate policy requires that the users
from the research department have higher levels of account and password security than other
users in the domain.
You need to recommend a solution that meets the requirements of the corporate policy. Your
solution must minimize hardware and software costs.
What should you recommend?
A. Create a new Active Directory site. Deploy a Group Policy object (GPO) to the site.
B. Create a new Password Settings Object (PSO) for the research department’s users.
C. Create a new organizational unit (OU) named Research in the existing domain. Deploy a Group
Policy object (GPO) to the Research OU.
D. Create a new domain in the forest. Add the research department’s user accounts to the new
domain. Configure a new security policy in the new domain.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc770842(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc754461(WS.10).aspx
CertBus exam braindumps are pass guaranteed. We guarantee your pass for the 70-646 exam successfully with our Microsoft materials. CertBus Windows Server 2008, Server Administrator exam PDF and VCE are the latest and most accurate. We have the best Microsoft in our team to make sure CertBus Windows Server 2008, Server Administrator exam questions and answers are the most valid. CertBus exam Windows Server 2008, Server Administrator exam dumps will help you to be the Microsoft specialist, clear your 70-646 exam and get the final success.
70-646 Latest questions and answers on Google Drive(100% Free Download): https://drive.google.com/file/d/0B_3QX8HGRR1mYlZ0VmhMc2JaTlE/view?usp=sharing
70-646 Microsoft exam dumps (100% Pass Guaranteed) from CertBus: http://www.certgod.com/70-646.html [100% Exam Pass Guaranteed]
Why select/choose CertBus?
Millions of interested professionals can touch the destination of success in exams by certgod.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.