70-646 Pro: Windows Server 2008, Server Administrator

QUESTION NO: 1 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista or Microsoft Windows XP Professional. The Abc.com network consists of 500 Windows Server 2008 servers. Due to company growth, Abc.com has opened a new branch and move 100 servers to the new branch. You now have received instruction from the CIO to adapt the IP addresses of the servers in the new branch with the least amount of administrative effort. What should you do? A. The best option is to use a Microsoft Application Compatibility Toolkit (ACT) to do the necessary changes. B. The best option is to use your client computer and run the Netsh utility. C. The best option is to use your client computer and run the ServerManagerCMD utility. D. The best option is to install Remote Server Administration Tools (RSAT) modify the servers in the new branch. Answer: B Explanation: The best option is to use the Netsh tool to make the changes to the servers that was moved to the new branch. When you are using the Netsh tool, you will be able to change the static IP address to DHCP. You can also change the entire Layer-3 configuration. This will then allow you to work with the networks that have no DHCP but laptops that connect to quite a few networks. Reference: 10 things you should know about the NETSH tool / #4: Using NETSH to dynamically change TCP/IP addresses QUESTION NO: 2 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2003 and all client computers run Windows Vista. The Abc.com network contains two servers named ABC-SR10 and ABCSR11. ABC-SR10 hosts an application named TestApp1 that uses a 32-bit installation of Windows Server 2003. ABCSR11 hosts another application named TestApp2 that uses a 64-bit installation of Windows Server 2003. You have received instructions from the CIO to run TestApp1 and TestApp2 on a Windows Server 2008 server, without much cost. What should you do? (Choose TWO. Each answer forms part of the solution.) A. You should consider installing a 64-bit version of Windows Server 2008 Enterprise Edition on a new server.

B. You should consider using the Windows System Resource Manager (WSRM) on the server and install the two applications on the new server. C. You should consider installing a 64-bit version of Windows Server 2008 Datacenter Edition on two new servers. D. You should consider using the Hyper-V feature on the server and install the applications on separate child virtual machines. E. You should consider using the Windows System Resource Manager (WSRM) and install the TestApp1 as a child virtual machine. Answer: A,D Explanation: To use as littler money as possible, you need to replace the servers that are running the two applications. The Hyper-V feature ships with a 64-bit hypervisor that can run 32-bit and 64-bit virtual machines at the same time. The Hyper-V feature has tools for example, the snapshot that captures the state of a running virtual machine. Furthermore, you need to use a server that is running Windows Server 2008 to run TestApp1 and TestApp2 Reference : Microsoft Hyper-V Guide http://searchservervirtualization.techtarget.com/generic/0,295582,sid94_gci1318785,00.h tml QUESTION NO: 3 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. Abc.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista or Microsoft Windows XP Professional. You have received instructions from the CIO to set up a Windows Server 2008 server named ABC-SR11 to support the installation of Microsoft SQL Server 2005. However, you also need to offer redundancy to the SQL services in the case of a server failure. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to make use a 64-bit version of Windows Server 2008 Datacenter Edition on two new servers. B. The best option is to make use of two servers and install a full installation of Windows Server 2008 Enterprise Edition. C. You should consider using the Windows System Resource Manager (WSRM). D. The best option is to make use of Network Load Balancing on both servers. E. The best option is to make use of failover clusters both servers. Answer: B,E Explanation: The best option is to install Windows Server 2008 Enterprise Edition on two servers. You can then set up these servers to support Microsoft SQL Server 2005 and to offer redundancy. Furthermore, Failover clustering will allow you to transfer mission-critical resources from a failing machine to an equally configured server automatically. Reference : SQL Server 2008 Pricing and Licensing / PASSIVE SERVERS / FAILOVER SUPPORT

http://download.microsoft.com/download/1/e/6/1e68f92c-f334-4517-b610e4dee946ef91/2008%20SQL%20Licensing%20Overview%20final.docx. QUESTION NO: 4 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. Abc.com has its headquarters in Chicago and quite a few branch offices in the region. All servers on the Abc.com network run Windows Server 2000 and the domain controllers are running Windows 2008 Server. It has come to your attention that the physical security of the branch offices servers is reliable. Therefore, you decided to use Windows BitLocker Drive Encryption (BitLocker) on the servers in the branch offices. You have received instructions from the CIO to make sure that the BitLocker volume can be accessed in the case of corrupt BitLocker keys in the servers at the branch offices. Furthermore, the CIO wants the information that will be recovered, to be stored in a central location. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to upgrade the domain controllers to Windows Server 2008. B. The best option is to upgrade the domain controllers to Windows Server 2008, which runs the schema master role. C. The best option is to configure Public Key Policies by using Group Policies. D. The best option is to enable a Data Recovery Agent (DRA) by using Group Policies. E. The best option is to enable Trusted Platform Module (TPM) backups to Active Directory by using Group Policies. Answer: A,E Explanation: The best option is to upgrade the domain controllers to Windows Server 2008. By doing this, it will allow you to access the BitLocker volume even if the BitLocker keys are corrupted. You should also enable Trusted Platform Module (TPM) backups to Active Directory, by using Group Policies. When you configure Group Policy settings, the user interfaces and programming interfaces within BitLocker and TPM Management features will adhere to the setting. Reference : BitLocker Drive Encryption Configuration Guide: Backing Up BitLocker and TPM Recovery Information to Active Directory http://technet.microsoft.com/en-us/library/cc766015.aspx QUESTION NO: 5 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network contains 250 Windows Server 2003 that uses 64-bit hardware. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You have received instructions from the CIO to combine the 250 servers in to 50 Windows Server 2008 servers. However, you need to make use of the hardware and software Support 64-bit child virtual

machines of the Windows Server 2003 server. You also need to make the most of the resource utilization and you need to keep the services separate on the 50 Windows Server 2008 servers. What should you do? A. The best option is to install the Hyper-V feature on 50 Windows Server 2008 servers and change the servers into virtual machines. B. The best option is to install the Windows System Resource Manager (WSRM). C. The best option is to install a two-node failover cluster after consolidating services across to the 50 Windows Server 2008 servers. D. The best option is to make use a 64-bit version of Windows Server 2008 Datacenter Edition. You should thereafter change the physical machines into virtual machines. Answer: A Explanation: You need to change the servers to virtual machines. By doing this, you will comply the needs of the CIO. With the Hyper-V feature you will be able to use the Physical-toVirtual (P2V) Conversion Wizard and creating a virtual version of a physical server. It also have other features such as creating images of physical hard disks, preparing the images for use in a VM, and creating the final VM. Reference : Virtual Machine Manager 2008 Supports Hyper-V / Other Features http://www.directionsonmicrosoft.com/sample/DOMIS/update/2008/07jul/0708vmm2sh. htm Section 2, Plan for automated server deployment (9 Questions) QUESTION NO: 6 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. Abc.com contains a Windows Server 2008 server named ABC-SR11 that has the DHCP installed. You have received instructions from the CIO to plan the automated deployment of the following:Support the deployments of Windows Vista and Windows Server 2008.Pre-boot Execution Environment (PXE) network adapter should be supported on the computers.Reduce the servers installed. What should you do? A. The best option is to make use of a new server and install the Windows Automated Installation Kit (WAIK). B. The best option is to make use Multiple Activation Key (MAK) Independent Activation and Windows Deployment Services (WDS). C. The best option is to use of Key Management Service (KMS). D. The best option is to use ABC-SR11 and configure the Windows Deployment Services (WDS) server role on it. Answer: D Explanation: You need to configure the Windows Deployment Services (WDS) server role on ABCSR11.

By doing this, you will comply with the instructions of the CIO. With the Windows Deployment Services you will be able to install Windows operating systems, Windows Vista and Windows Server 2008. Furthermore, it can also be used to install new computers by using a network-based installation. Reference : Step-by-Step Guide for Windows Deployment Services in Windows Server 2003 / What is Windows Deployment Services? http://technet.microsoft.com/en-us/library/cc766320.aspx#BKMK_1 Reference : Planning for PXE Initiated Operating System Deployments/ Windows Deployment Services (WDS) and DHCP http://technet.microsoft.com/en-us/library/bb680753.aspx QUESTION NO: 7 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows XP Professional. Abc.com has its headquarters in Chicago and a branch office in Dallas. You have installed a Read-only Domain Controller (RODC) in the Dallas office. You have received instructions from the CIO to plan the Read-only Domain Controller in such a manner that the technical team at the Dallas office is able to maintain drivers and disks on the RODC assigned to their branch office. However the CIO does not want the technical team to manage any domain user accounts. What should you do? A. You should consider configuring the Administrator Role Separation on the Read-only Domain Controller. B. You should consider using select Network Access Protection (NAP). C. You should consider configuring a standard primary zone. D. You should consider using the Deny Full Control permissions on the Active Directory database on the branch office. Answer: A Explanation: The best option is to configure the Read-only Domain Controller for Administrator Role Separation. Doing this will ensure that the technical team cannot manage domain user accounts. However, they will be able to maintain drivers and disks on the Read-only Domain Controller. When using the Administrator Role Separation the user or a group will not have rights on the domain or other domain controllers. However, in this case the technical team will be able to upgrade a driver. Reference : RODC Features/ Administrator role separation http://technet.microsoft.com/en-us/library/cc753223.aspx#bkmk_separation QUESTION NO: 8 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named

Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Due to company growth, Abc.com is planning to open a new branch office that will have the following: A WAN link with limited bandwidth will connect the branch office to the head office but not the Internet.50 Windows Server 2008 servers will occupy the branch office without any Internet connection. However, the deployment of the 50 Windows Server 2008 servers should be automated and automatically activated. What should you do? A. You should consider using the Windows System Resource Manager (WSRM) on the 50 servers in the branch office. B. You should consider using a DHCP server, and Windows Deployment Services (WDS) also use Key Management Service (KMS), in the branch office. C. You should consider using the Hyper-V feature in the branch office and in the head offices, use Windows Deployment Services (WDS). D. You should consider using a DHCP server in the head office and use Multiple Activation Key (MAK) Independent Activation and Windows Deployment Services (WDS) 50 servers in the branch office. Answer: B Explanation: You need to use a DHCP server, and Windows Deployment Services (WDS) also use Key Management Service (KMS), in the branch office. To activate computers against a service that you can host in your environment, you need to use the KMS. To activate the KMS host you need at least 5 Windows Server 2008 computers. To automate the Windows operating systems installation, you need the Windows Deployment Services (WDS). Furthermore, you need a DHCP server with an active scope so that WDS will use PXE. Reference : Microsoft Product Activation http://www.microsoft.com/licensing/resources/vol/default.mspx Reference : Step-by-Step Guide for Windows Deployment Services in Windows Server 2003 / What is Windows Deployment Services? http://technet.microsoft.com/en-us/library/cc766320.aspx#BKMK_1 Reference : Planning for PXE Initiated Operating System Deployments/ Windows Deployment Services (WDS) and DHCP http://technet.microsoft.com/en-us/library/bb680753.aspx QUESTION NO: 9 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. The domain controllers on the Abc.com network run Windows Server 2008 and all client computers run Windows XP Professional. Abc.com has its headquarters in London and branch offices around the globe. You have received instructions from the CIO to deploy Read-only Domain Controllers in the branch offices that have the following criteria:The installation source

files of the RODC should not have cached secrets.The least amount of bandwidth should be use when starting the initial synchronization of Active Directory Domain Services (AD-DS). What should you do? A. The best option is to use the ServerManagerCMD utility and build the new RODCs with the backup. B. The best option is to create a DFS Namespace that holds the Active Directory database and build the new RODCs with an answer file. C. The best option is to create an RODC installation media using ntdsutil ifm and the build the RODCs from the RODC installation media. D. The best option is to use the Windows System Resource Manager (WSRM) and the build the RODCs from the RODC installation media. Answer: C Explanation: An installation media can be created b using a new ntdsutil ifm subcommand. Furthermore, it is used to remove cached secrets from the AD DS database. This will make the installation of the read-only domain controller (RODC) more secure. Reference : Steps for Deploying an RODC/ Optional: Install RODC from media http://technet.microsoft.com/en-us/library/cc754629.aspx QUESTION NO: 10 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. You have received instructions from the CIO to install Windows Server 2008 file servers. However, the CIO wants the files servers to have the following criteria:Volumes bigger than 2 terabytes should be supportedKeep access to data if a server failsKeep data redundancy if a disk failsThe throughput of the disk should be maximize What should you do? (Choose TWO. Each answer forms part of the solution.) A. You should consider installing a Windows Server 2008 server and connect a Microsoft Multipath I/O supported external storage subsystem to it. B. You should consider installing a two-node failover cluster as well as attaching an external storage subsystem. C. You should set up RAID 5 on the external storage subsystem as well as formating the array as an MBR disk. D. You should set up RAID 3 and format the array as a GPT disk. E. You should set up RAID 10 array on the external storage subsystem and format it as a GPT disk. Answer: B,E Explanation: If you use a two-node failover cluster, it will ensure that if a single server fails, access to all data is maintained and if a single disk fails, the data redundancy is maintained. You also need to set up RAID 10 array on the external storage subsystem and format the array as a GPT disk. RAID10 is equal toRAID1 + 0. This means you can use a few disks about 4, and mirror the drives two at a time. This will lead to redundancy.

Reference : Brad Kingsley's Blog http://blogs.orcsweb.com/brad/archive/2007/08/06/raid10.aspx QUESTION NO: 11 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. Due to company growth, Abc.com is planning to install 20 new Windows Server 2008 servers. However, the deployment of the 20 Windows Server 2008 servers should be automated and automatically activated. What should you do? A. The best option is to use of Network Load Balancing to deploy and automatically activate the OP. B. The best option is to use Key Management Service (KMS) and Windows Deployment Services (WDS). C. The best option is to use Multiple Activation Key (MAK) Independent Activation. D. The best option is to Microsoft Virtual PC. Answer: B Explanation: You need to use a DHCP server, and Windows Deployment Services (WDS) also use Key Management Service (KMS), in the branch office. To activate computers against a service that you can host in your environment, you need to use the KMS. To activate the KMS host you need at least 5 Windows Server 2008 computers. To automate the Windows operating systems installation, you need the Windows Deployment Services (WDS). Furthermore, you need a DHCP server with an active scope so that WDS will use PXE. Reference : Microsoft Product Activation http://www.microsoft.com/licensing/resources/vol/default.mspx Reference : Step-by-Step Guide for Windows Deployment Services in Windows Server 2003 / What is Windows Deployment Services? http://technet.microsoft.com/en-us/library/cc766320.aspx#BKMK_1 QUESTION NO: 12 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network contains 100 Windows Server 2003 that uses 64-bit hardware. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You have received instructions from the CIO to combine the 100 servers in to 15 Windows Server 2008 servers. However, you need to make use of the hardware and software Support 64-bit child virtual machines of the Windows Server 2003 server. What should you do? A. The best option is to install the Hyper-V feature. B. The best option is to use Windows Deployment Services (WDS).

C. The best option is to use the Windows Automated Installation Kit (WAIK). D. The best option is to install Microsoft Virtual Server 2005 R2. Answer: A Explanation: You need to change the servers to virtual machines. By doing this, you will comply the needs of the CIO. With the Hyper-V feature you will be able to use the Physical-toVirtual (P2V) Conversion Wizard and creating a virtual version of a physical server. It also have other features such as creating images of physical hard disks, preparing the images for use in a VM, and creating the final VM. Reference : Virtual Machine Manager 2008 Supports Hyper-V / Other Features http://www.directionsonmicrosoft.com/sample/DOMIS/update/2008/07jul/0708vmm2sh. htm QUESTION NO: 13 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. Due to company growth, Abc.com is planning to open a few branch offices and install 1,500 Windows Vista Enterprise Edition computers that have Pre-boot Execution Environment (PXE) network adapters, to these offices. However, the Abc.com management wants the installation to have the following criteria:100 Windows Vista installations should take place simultaneously.The installation should have little effect on the network operations with the least amount of time. What should you do? A. The best option is to use Windows Automated Installation Kit (WAIK).and configure IP Helper tables on the routers. B. The best option is to use Administrator Role Separation and use legacy mode to set up each WDS server. C. The best option is to install both Windows Deployment Services (WDS) server role and Transport Server role services and use a static multicast address range on the Transport Server. D. The best option is use Multiple Activation Key (MAK) Independent Activation and then uses a custom network profile on the Transport Server. Answer: C Explanation: You need to install the Windows Deployment Services (WDS) server role and the Transport Server feature to make sure that 100 Windows Vista computers can be installed with the least amount of time in a Pre-boot Execution Environment. Furthermore, the WDS will allow you to automate the installation. You can also set up the Transport Server which will allow you to boot from the network using Pre-Boot Execution Environment (PXE) and Trivial File Transfer Protocol (TFTP). Reference : Transport Server http://technet.microsoft.com/en-us/library/cc771645.aspx

QUESTION NO: 14 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows XP Professional. Abc.com contains a 64-bit version of Windows Server 2008 DHCP server named ABC-SR24. ABC-SR24 is configured to issue only IPv4. Due to company growth, Abc.com is planning to install 100 new Windows Server 2008 servers which hardware supports PreBoot Execution Environment (PXE) and 64-bit and 32-bit. You have received instructions from the CIO to automated deployment of the 100 servers whilst ensuring that costs are kept to the minimum. What should you do? A. The best option is to use Multiple Activation Key (MAK) Independent Activation on ABC-SR24. B. The best option is to use ntdsutil imf on both, one for the 64-bit servers and the other for the 32- bit servers. C. The best option is to install Windows Deployment Services (WDS) on ABCSR24. D. The best option is to use Microsoft Multipath I/O supported. Answer: C Explanation: You need to use ABC-SR24 and install the Windows Deployment Services (WDS) on it. This will then allow you to automate the installation and to minimize the hardware cost. Furthermore, ABC-SR24 should have an active scope so that the Windows Deployment Services uses PXE. Reference : Installing Windows Deployment Services http://technet.microsoft.com/en-us/library/cc771670.aspx Section 3, Plan infrastructure services server roles (9 Questions) QUESTION NO: 15 You work as the Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory forest that contains 8 domains. All servers on the Abc.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. The global catalog servers at Abc.com have the DNS role installed and is running Windows Server 2008. Abc.com is planning to replace the old Windows Internet Name Service (WINS) environment with a DNS-only environment to enhance name resolution. However, the Abc.com CIO wants the name resolution to have the following criteria.It should sustain IPv4 and IPv6 environmentsIt should allow single-label name resolution across all domainsThe reducing of NetBIOS over TCP/IP (NetBT) traffic What should you do? A. The best option is to use a DHCP server, and Windows Deployment Services (WDS).

B. The best option is use Hyper-V feature as part of a custom Active Directory replication partition. C. The best option is to use the global catalog servers and set up a GlobalNames zone. D. The best option is to use Remote Server Administration Tools (RSAT) to each DNS server in the forest. Answer: C Explanation: The best option is to configure a GlobalNames zone on the entire global catalog servers. Doing this you will support the IPv4 and IPv6 environments. You will also be able to allow single-label name resolution across all domains. You will also be able to minimize the NetBT traffic and replacing the old Windows Internet Name Service (WINS) environment. The GlobalNames Zone (GNZ) is used to hold single-label names and CNAME resource records. Furthermore, DNS supports both IPv4 and IPv6 environments. Reference : Understanding the New GlobalNames Zone Functionality in Windows Server2008 http://johnpolicelli.wordpress.com/2008/01/15/understanding-the-new-globalnameszone-inwindows-server-2008/ Reference : DNS Server GlobalNames Zone Deployment / How GNZ Resolution Works http://download.microsoft.com/download/e/2/0/e2090852-3b7f-40a3-988307a427af1560/DNSGlobalNames-Zone-Deployment.doc. QUESTION NO: 16 You work as the Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008. All the client computers run Windows Vista. Abc.com contains an enterprise certification authority (CA). You have received instructions from the CIO to use to install certificates automatically on each client computer and deploy the certificates to the employees with a new certificate template with the least amount of administrative effort. Furthermore, the employees must be able to use any client computer to access their new certificates. What should you do? (Choose TWO. Each answer forms part of the solution.) A. You should consider configure autoenrollment of certificates. B. You should consider using the Remote Server Administration Tools (RSAT) C. You should consider using the Windows System Resource Manager (WSRM). D. You should consider setting up folder redirection. E. You should consider setting up Credential Roaming. Answer: A,E Explanation: The best option is to set up autoenrollment of certificates and Credential Roaming. This will allow the employees to access any client computer to access their certificates. The

autoenrollment procedure grants certificates based on certificate templates. With Windows Vista and Windows Server "Longhorn", the credential roaming implementation will be able to roam stored user names and passwords. This will allow the employees to access their certificates on any client computer. Reference : How can I enable digital certificate autoenrollment in Windows Server 2003? http://windowsitpro.com/article/articleid/48665/how-can-i-enable-digital-certificateautoenrollmentin-windows-server-2003.html Reference : About Credential Roaming http://technet.microsoft.com/hi-in/library/ cc700848( en-us).aspx QUESTION NO: 17 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008. Half the client computers run Windows XP Professional Service Pack 1, and the rest run Windows Vista. You have received instructions from the CIO to plan a VPN solution with the following criteria:Encrypted text should be used to stored the VPN passwordsSuite B cryptographic algorithms should be supported.Certificates should be automatically enrolled.The client computers that are configured as members of a workgroup should be supported. What should you do? A. The best option is to upgrade the Windows XP Professional Service Pack 1 client computers to Windows Vista. B. The best option is to use the Windows System Resource Manager (WSRM). C. The best option is to use an enterprise certification authority (CA) that is based on Windows Server 2008. D. The best option is to use the 64-bit version of Windows Server 2008 Datacenter Edition. E. The best option is to use Windows Deployment Services (WDS). F. The best option is to use an IPsec VPN that uses certificate-based authentication. Answer: A,C,F Explanation: The VPN solution will allow you to store VPN passwords as encrypted text. It will also offer support for Suite B cryptographic algorithms. You need to upgrade the Windows XP Professional Service Pack 1 client computers to Windows Vista and use an enterprise certification authority (CA) that is based on Windows Server 2008. Furthermore, Windows Vista Service Pack 1 (SP1) and Windows Server 2008 ships with Suite B. Suite B contains Encryption algorithms. You need to use IPsec VPN that uses certificate-based authentication. This will support the client computers, set up as members of a workgroup and allow automatic enrollment of certificates. Reference : Description of the support for Suite B cryptographic algorithms that was added in Windows Vista Service Pack 1 and in Windows Server 2008 http://support.microsoft.com/kb/949856

Reference : iPhone and Virtual Private Networks (VPN) http://images.apple.com/iphone/enterprise/docs/iPhone_VPN.pdf. QUESTION NO: 18 Abc.com has employed you as a Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. Abc.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista or Microsoft Windows XP Professional. The Abc.com network is configured with Perimeter network as seen in the exhibit.

Abc.com uses an enterprise certification authority (CA) and a Microsoft Online Responder on the internal network. You have received instructions from the CIO to implement a safe method for the employees on the Internet for validity of individual certificates, with the least amount bandwidth. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to install a stand-alone CA on a server that resides on the perimeter network B. The best option is to install a subordinate CA on the perimeter network. C. The best option is to install Network Device Enrollment Service (NDES) on a server on the perimeter network. D. The best option is to install a Network Policy Server (NPS) on a server that resides on the perimeter network. E. The best option is to redirect authentication requests to a server on the internal network. F. The best option is to install IIS on a server that resides on the perimeter network G. The best option is to set up IIS to redirect requests to the Online Responder on the internal network. Answer: F,G Explanation: The best option is to install IIS on a server on the perimeter network and configure IIS to redirect requests to the Online Responder on the internal network. This will offer a secure method for employees on the Internet to verify the validity of individual certificates. Furthermore, it will use less network bandwidth. CRL and Online Certificate Status Protocol (OCSP) are supported on Windows Vista and Windows Server 2008. Furthermore, the Internet Information Services (IIS) uses an Internet Server Application Programming Interface (ISAPI) extension. Reference : Online Responder Installation, Configuration, and Troubleshooting Guide

http://technet.microsoft.com/en-us/library/cc770413.aspx QUESTION NO: 19 Abc.com has employed you as a Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run either Windows Server 2003 or Windows Server 2008 and the client computers run Microsoft Windows Vista. The public key infrastructure (PKI) of Abc.com consists of an offline root certification authority (CA) as well as two enterprise subordinate CAs. The Windows Server 2003 servers run all the certification authority. You then publish the certificates to the user accounts. You also publish the computer accounts in Active Director. Due to company growth, Abc.com has opened another department. You have received instructions from the CIO to use a PKI solution for the Windows Vista computers and the Windows Server 2008 servers in the new department. However, the CIO wants the solution to be the following criteria:Suite B hashing and encryption algorithms should be supported by the certificates.The Active Directory is used to store the private keys.The least amount of administrative effort should be used to manage the certificates o the network. What should you do? A. The best option is to use the Windows Deployment Services (WDS) server role. B. The best option is to deploy a new Windows Server 2008 enterprise subordinate CA. C. The best option is to use the Key Management Service (KMS). D. The best option is to use the Windows System Resource Manager (WSRM). Answer: B Explanation: The best option is to install a new Windows Server 2008 enterprise subordinate CA. By this way you can create a PKI solution for the client computers and the servers that meet the desired criteria. Windows Server 2008 ships with Suite B. Suite B contains Encryption algorithms. Reference : Cryptography Next Generation / How should I prepare to deploy this feature? http://technet.microsoft.com/en-us/library/cc730763.aspx QUESTION NO: 20 You work as the network administrator at Abc.com. The Abc.com network consists of a single Active Directory forest named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista.Abc.com is planning to install a new child domain named us.Abc.com that will have two domain controllers that will host the DNS server role. All the employees at Abc.com and the computers at the child domain will be members of us.Abc.com. However, the CIO wants us.Abc.com to have the following criteria:Fully qualified domain names should be used to access resources in the root domain and child domain.Name resolution services should be implemented in the event of a server failure.New DNS

servers should be automatically recognize when added to or removed from the Abc.com domain. What should you do? A. The best option is to use Public Key Policies at that domain for us.Abc.com on the two domain controllers. B. The best option is to use Microsoft Virtual Server 2005 R2 on both the domain controllers and on the other domain controller you should create an Active Directory integrated zone for us.Abc.com. C. The best option is to use Network Access Protection (NAP), on both the domain controllers and on the other domain controller you should create an Active Directory integrated zone for us.Abc.com. D. The best option is to create an Active Directory Integrated zone for us.Abc.com and an Active Directory Integrated stub zone for Abc.com, on one of the domain controller. Answer: D Explanation: You need to create an Active Directory Integrated zone for us.Abc.com and an Active Directory Integrated stub zone for Abc.com, on one of the domain controller. The Active Directory Integrated zones use the Active Directory instead of text files to store the zone information. The new type of Active Directory zone acts as primary zones, because it has writable copies of the zone database. Furthermore, Abc.com also needs an Active Directory Integrated stub zone to ensure the name resolution services. Furthermore, to minimize zone transfer traffic, you need to create Active Directory-integrated stub zones. Reference : DNS Stub Zones in Windows Server 2003 http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html Reference: Host Name Resolution Overview http://www.tech-faq.com/planning-and-implementing-a-dns-namespace.shtml QUESTION NO: 21 Abc.com has employed you as a Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. Abc.com has headquarters in London and branch offices in Paris, Berlin and Milan. The headquarters and the branch offices contains Active Directory domain controller. You have received instructions from the CIO to create a DNS infrastructure with the following criteria:The client computers must register DNS names within their respective offices.The client computers need to resolve names for hosts in all offices. What should you do? A. The best option is to use conditional forwarder for all the offices. B. The best option is to use the Active Directory Integrated zone for the branch offices. C. The best option is to create a standard primary zone for the London office and a secondary zone for the branch offices.

D. The best option is to set up an Active Directory-integrated zone at the headquarters. Answer: D Explanation: The best option is to create an Active Directory-integrated zone at the headquarters. This will allow the client computers to resolve names for hosts in all offices and to register DNS names within their respective offices. The Active Directory Integrated zones use the Active Directory instead of text files to store the zone information. The new type of Active Directory zone acts as primary zones, because it has writable copies of the zone database. Reference : DNS Stub Zones in Windows Server 2003 http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html QUESTION NO: 22 You work as the Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008. All the client computers run Windows Vista. Abc.com contains a Windows Server 2008 server named ABC-SR10 that has the Secure Socket Tunneling Protocol (SSTP) installed and contains a certificate. You have received instruction from the CIO to allow external computers to access internal network resources, with the use of SSTP. What should you do? A. The best option is to make use of the Terminal Services Session Broker role service. B. The best option is to allow inbound traffic on TCP Port 443, by setting up the Firewall. C. The best option is to install Root CA certificate on all external computers. D. The best option is to use the Windows Deployment Services (WDS. Answer: C Explanation: The best option is to install Root CA certificate to the external computers. This will allow the external computers to use SSTP to access the resources. SSTP ships with the Routing and Remote Access server role of Windows Server 2008. SSTP is the same as Virtual Private Networking (VPN) tunnel, but just a new kind. SSTP has the following criteria: Allows for Point-to- Point Protocol (PPP) packets to be encapsulated over HTTP. Allows for a VPN connection to be more easily established through a firewall or through a Network Address Translation (NAT) device. Allows for a VPN connection to be established through an HTTP proxy device. Reference : How to troubleshoot Secure Socket Tunneling Protocol (SSTP)-based connection failures in Windows Server 2008 http://support.microsoft.com/kb/947031 QUESTION NO: 23

Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008. Half the client computers run Windows XP Professional Service Pack 2, and the rest run Windows Vista. You have received instructions from the CIO to make use of Encrypting File System (EFS) for the work stations with the following criteria:Reduce the amount of data should be transferred across the network.The EFS certificates of the employees should be accessible from any work station.The case of disk failure, the EFS certificates should be accessible What should you do? A. You should consider using Smart cards. B. You should consider using Credential roaming. C. You should consider using Roaming user profiles. D. You should consider using Data Recovery Agent. Answer: B Explanation: You need to use credential roaming. The software can be installed on these Windows XP Professional Service Pack 2 workstations. However, the Windows Vista workstations do ship with it. Encrypting File System (EFS) has the following criteria: EFS certificates are signed by a CA or are self-signed With credential roaming functionality in the CSC, it can managed environments and store X.509 certificates. It also private keys specific to a user in Active Directory, independently from the profile. Reference : About Credential Roaming http://technet.microsoft.com/hi-in/library/ cc700848( en-us).aspx Reference : Configuring and Troubleshooting Certificate Services Client-Credential Roaming / Using Encrypting File System http://technet.microsoft.com/en-us/library/cc700823.aspx Section 4, Plan application servers and services (4 Questions) QUESTION NO: 24 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2000. Half the client computers run Windows XP Professional, and the rest run Windows Vista. Abc.com contains three servers named ABC-SR10, ABC-SR11 and ABC-SR12. These servers, each are running a third party application that is incompatible with each other and Windows Server 2008. Furthermore, these applications are using not more than 13% system resources. A new Abc.com policy requires that all the servers should run Windows Server 2008. You have been instructed to migrate the third party applications to the Windows Server 2008 servers with the least amount of hardware costs. What should you do? (Choose TWO. Each answer forms part the solution.) A. The best option is to install a server that runs Windows Server 2008 Enterprise Edition.

B. The best option is to install three servers that run Windows Server 2008 Standard Edition. C. The best option is to install a server that runs Windows Server 2008 Datacenter Edition. D. The best option is to install the Windows System Resource Manager (WSRM) feature on the new server. E. The best option is to install set up Windows 2000 compatibility mode for each application. F. The best option is to install the Hyper-V feature on the Windows Server 2008 server and set up three child virtual machines. G. The best option is to install the Desktop Experience feature. Answer: A,F Explanation: The best option is to install a server that runs Windows Server 2008 Enterprise Edition and install the Hyper-V feature on the Windows Server 2008 server and set up three child virtual machines. This will minimize the cost. Furthermore, the Hyper-V feature contains an application virtualization. This will help with the isolation of the application running environment from the operating system. Reference : Windows Server 2008 Hyper-V Product Overview - An Early look Application Virtualization http://download.microsoft.com/download/4/2/b/42bea8d6-9c77-4db8-b4056bffce59b157/WS08%20Virtualization%20Product%20Overview.doc QUESTION NO: 25 You are the newly appointed an Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows XP Professional. The domain controllers at Abc.com run Windows Server 2008. Abc.com has its headquarters in Chicago and a branch office in Dallas. Both offices consist of an Active Directory site. You have received instructions from the CIO to change the DNS infrastructure with the following criteria:In an event of a server failure, the DNS service should be available.The synchronization data between the DNS servers should be encrypt.The DNS servers should support dynamic updates. What should you do? (Choose TWO. Each answer forms part the solution.) A. The best option is to use a RODC installation media using ntdsutil ifm on a domain controller in the Chicago office. B. The best option is to install a Domain Controller in the Dallas office and the DNS server role on a domain controller in the Chicago office. C. The best option is to deploy 64-bit version of Windows Server 2008 Datacenter Edition on two new servers. D. The best option is to set up the DNS to use Active Directory integrated zones.

E. The best option is to use Windows System Resource Manager (WSRM)in the Dallas office. F. The best option is to deploy the Network Access Protection (NAP) in the Chicago office. Answer: B,D Explanation: The best option is to install the DNS server role on a domain controller in the Chicago office and on a domain controller in the Dallas office. You should then configure DNS to use Active Directory integrated zones. This will allow availability in an event of a server failure and the encryption of synchronized data between the DNS servers. If the domain controllers are hosting the DNS, it will store the zones in the Active Directory. Because the zones are replicated, the Active Directory will also be replicated. Reference : Active Directory-Integrated Zones http://technet.microsoft.com/en-us/library/cc772746.aspx QUESTION NO: 26 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista Service Pack 1. The corporate network of Abc.com is connected to the Internet via a firewall. A new Abc.com security policy requires the following:Encryption should be used on remote connections and remote authentications.Ports 80 and 443 should be used for inbound traffic on the firewall. What should you do? A. To comply with the new Abc.com security policy you need to use roaming user profiles. B. To comply with the new Abc.com security policy you need to use Secure Socket Tunneling Protocol (SSTP). C. To comply with the new Abc.com security policy you need to use Multiple Activation Key (MAK) Independent Activation. D. To comply with the new Abc.com security policy you need to use Hyper-V feature. Answer: B Explanation: To comply with the new Abc.com security policy, you need to use Secure Socket Tunneling Protocol (SSTP). Secure Socket Tunneling Protocol (SSTP) transport data-link layer (L2) frames on a Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) connection. Reference : The Cable Guy The Secure Socket Tunneling Protocol SSTP in Windows http://technet.microsoft.com/en-us/magazine/cc162322.aspx QUESTION NO: 27

Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista or Microsoft Windows XP Professional. Abc.com plans to work together with an external partner company called Courseware Publishers that contains an Active Directory domain named courseware.com that has domain controllers that are running Windows Server 2008. The Abc.com CIO wants the working together to have the following criteria:The documents should not be forwarded to untrusted recipients or printed.The users in Courseware Publishers can only access the protected content to which they have been granted rights.The interorganizational traffic should run via port 443.The least amount of administrative effort should to use to manage the Courseware Publishers users. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to start a federated trust between Abc.com and Courseware Publishers. B. The best option is set up Credential Roaming. C. The best option is to install a Windows Server 2008 server that runs Microsoft Office SharePoint Server 2007 and that has the Active Directory Rights Management Services (AD RMS) role installed. D. The best option is to set up NTFS permissions on the Active Directory database. E. The best option is to install a Windows Server 2008 server with the Windows SharePoint Services role installed. Answer: A,C Explanation: You need to install the install a Windows Server 2008 server that runs Microsoft Office SharePoint Server 2007 and that has the Active Directory Rights Management Services (AD RMS) role installed. This will adhere to the CIO criteria. When you use federation trust, it will allow you to extend Active Directory to share resources securely in a B2B environment. Active Directory Rights Management Services (AD RMS) work in conjunction with AD RMS-enabled applications to help protect digital information from unauthorized use. The use of Office SharePoint Server 2007 will allow Abc.com and Courseware Publishers to work together on documents by posting it to an Office SharePoint Server 2007 site. Reference : Window Server 2003 R2, what's new with Active Directory? / Federation Trust http://www.windowsnetworking.com/articles_tutorials/Window-Server-2003-R2-NewActive- Directory.html Reference : Windows Server 2008: Active Directory Rights Management Services (AD RMS) http://www.keepingitreal.nu/2008/07/windows-server-2008-active-directory_7307.html Reference : Deploying Active Directory Rights Management Services with Microsoft Office SharePoint Server 2007 Step-By-Step Guide http://technet.microsoft.com/en-us/library/cc753046.aspx

Section 5, Plan file and print server roles (9 Questions) QUESTION NO: 28 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. Abc.com has its headquarters in London and a branch office in Madrid. The branch office in Madrid contains a member server named ABC-SR11 that hosts the File Services server role. The Active Directory contain an organizational unit (OU) named Testserv_OU to keep the computer objects for the servers in the Madrid office. Abc.com also contains a global group named TestGlobal that keep the user accounts. You have received instructions from the CIO to allow the users belonging to TestGlobal the necessary permissions to create shared folders on ABC-SR11. What should you do? A. The best option is to use a Group Policy on Testserv_OU. B. The best option is to use Credential Roaming. C. The best option is to set up Read Only permissions on Testserv_OU. D. The best option is to add TestGlobal to the Administrators local group on ABCSR11. Answer: D Explanation: You need to add TestGlobal to the Administrators local group on ABC-SR11. This will allow them to create shared folders. The Administrators local group will give full administrative access to an individual computer or a single domain. Reference : Using Default Group Accounts http://technet.microsoft.com/en-us/library/bb726982.aspx Reference : Securing the Local Administrators Group on Every Desktop http://www.windowsecurity.com/articles/Securing-Local-Administrators-Group-EveryDesktop.html QUESTION NO: 29 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Due to company growth, Abc.com is planning to install 10 file servers which will connect to Ethernet switches. The company has assigned you the task to plan a data storage solution for the company by utilizing the existing network infrastructure and ensuring that the storage space to the servers is allocated as needed. You also need to ensure the maximum performance and fault tolerance in your solution. What should you do? (Choose TWO. Each answer forms part of the solution.) A. You should consider deploying Windows Server 2008 Datacenter Edition on each server.

B. You should consider deploying Windows Server 2008 Enterprise Edition on each server. C. You should consider deploying Windows Server 2008 Standard Edition on each server. D. You should consider deploying the servers in a failover cluster and install an iSCSI storage area network (SAN). E. You should consider deploying the servers in a Network Load Balancing (NLB) cluster and map a network drive on each server to an external storage array. F. You should consider deploying the servers in a Network Load Balancing (NLB) cluster and implement RAID 5 on each server. G. You should consider deploying the servers in a failover cluster and install a Fibre Channel (FC) storage area network (SAN). Answer: A,D Explanation: You need to install Windows Server 2008 Datacenter Edition on each server and install the servers in a failover cluster. You also need to install an iSCSI storage area network (SAN). To provide fault tolerance, you need to use failover clustering. Furthermore, the iSCSI will allow the clients to send SCSI commands to storage devices on remote servers. Reference : What is iSCSI ? http://www.windowsnetworking.com/articles_tutorials/Connect-Windows-Server-2008Windows-Vista-iSCSI-Server.html QUESTION NO: 30 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com has its headquarters in Chicago and a branch office in Dallas. You have received instructions from the CIO to design a file sharing strategy that ensures that the users in Chicago and Dallas to access the same files using the same Universal Naming Convention (UNC) path. However, in an event of a server failure, the users need to access the files. Furthermore, the minimum amount of bandwidth should be used by the users to access the files. What should you do? A. The best option is to use domain-based DFS namespace using replication B. The best option is to use the ServerManagerCMD tool. C. The best option is to use the Hyper-V feature. D. The best option is to use failover clusters with two servers, one in Chicago and the other in Dallas. Answer: A Explanation: To comply with the CIO's request, you need to use domain-based DFS namespace that uses replication. To implement domain-based DFS namespace, the servers need to

members of the Active Directory domain. Furthermore, domain-based DFS enables multiple replications. Multiple DFS replicas also provide some fault tolerance. QUESTION NO: 31 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com has its headquarters in Chicago where you are located and a branch office in Dallas. The Dallas branch office has quite a few technicians. You have received instructions from the CIO to plan the new Windows Server 2008 server in the Dallas office as follows:The technicians at the Dallas office must be able to stop and start services and to install server roles.The technicians should have the least amount of security privileges. What should you do? A. The best option is to use the Windows Server 2003 Enterprise Edition and create a permissions list for the technicians. B. The best option is to use the Windows Server 2008 Standard Edition for the permissions for the technicians and assign them the permissions to change the objects in the new OU. C. The best option is to add the technicians to the Domain group. D. The best option is to add the technicians to the Administrators group on the new Windows Server 2008 server. Answer: D Explanation: To add the technicians to the Administrators local group will give full administrative access to an individual computer or a single domain. The user must be a member of the Administrators group to change accounts or stop and start services or install server roles. Reference: Using Default Group Accounts http://technet.microsoft.com/en-us/library/bb726982.aspx Reference: Securing the Local Administrators Group on Every Desktop http://www.windowsecurity.com/articles/Securing-Local-Administrators-Group-EveryDesktop.html QUESTION NO: 32 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. Abc.com contains two Windows Server 2008 computers named ABCSR10 and ABC-SR11 and two print devices that are the same. You have received instructions from the CIO to plan a print services infrastructure with the following criteria:Print queues should be managed from a central location.In an event of a failed print device, the services should be still available. What should you do?

A. The best option is to use ABC-SR10 and install and share a printer and enable printer pooling. B. The best option is to use a DNS zone and set up a Network Load Balancing cluster and install a printer on each node of the cluster. C. The best option is to use a GlobalNames zone and install the printers on the client computers, by using the Print Manager. D. The best option is to use Microsoft Multipath I/O and set up Terminal Services Session Broker (TS Session Broker). Answer: A Explanation: You need to use ABC-SR10 and install and share a printer and enable printer pooling. You can use the Printer pooling to print to quite a few printers at the same time. The computer will also balance the load if it is a large print job To plan a print services infrastructure that would allow you to manage the print queue from a central location and make the print services available, even if one of the print devices fails, you need to install and share a printer on AbcServer1 and enable printer pooling. Reference : Configure printer pooling to simplify printer management in Windows 2000 http://articles.techrepublic.com.com/5100-10878_11-5727870.html QUESTION NO: 33 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and the client computers run Windows Vista. Abc.com contains two Windows Server 2008 computers named ABC-SR20 and ABC-SR21 and two print devices that are the same. You have received instructions from the CIO to plan a print services infrastructure with the following criteria:Print queues should be managed from a central location.Balance the work load on the two print devices. What should you do? A. The best option is to use ABC-SR20 and install and share a printer and enable printer pooling. B. The best option is to use Hyper-V feature and convert the physical machines into virtual machines and install a printer on each node of the cluster. C. The best option is to install and share one of the printer on ABC-SR20 and the other printer on ABC-SR21. You should also to install the Hyper-V feature. D. The best option is to use the RODC installation media and set up Terminal Services Session Broker (TS Session Broker). Answer: A Explanation: You need to use ABC-SR10 and install and share a printer and enable printer pooling. You can use the Printer pooling to print to quite a few printers at the same time. The computer will also balance the load if it is a large print job

To plan a print services infrastructure that would allow you to manage the print queue from a central location and make the print services available, even if one of the print devices fails, you need to install and share a printer on AbcServer1 and enable printer pooling. Reference : Configure printer pooling to simplify printer management in Windows 2000 http://articles.techrepublic.com.com/5100-10878_11-5727870.html QUESTION NO: 34 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and the client computers run Windows Vista. Abc.com contains two Windows Server 2008 computers named ABC-SR20 and ABC-SR21 and two print devices that are the same. The Abc.com management wants to know what can be used to balance the load of the large print job between the printers. What should you reply? A. You should inform the management that the best option is to use ABC-SR20 and install and share a printer and enable printer pooling. B. You should inform the management that the best option is to install and share a printer on one of the servers and enable printer pooling. C. You should inform the management that the best option is to use Hyper-V feature and install a printer on each node of the cluster. D. You should inform the management that the best option is to use Network Load Balancing and set up Terminal Services Session Broker (TS Session Broker). Answer: A Explanation: You need to use ABC-SR10 and install and share a printer and enable printer pooling. You can use the Printer pooling to print to quite a few printers at the same time. The computer will also balance the load if it is a large print job To plan a print services infrastructure that would allow you to manage the print queue from a central location and make the print services available, even if one of the print devices fails, you need to install and share a printer on AbcServer1 and enable printer pooling. Reference : Configure printer pooling to simplify printer management in Windows 2000 http://articles.techrepublic.com.com/5100-10878_11-5727870.html QUESTION NO: 35 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com has its headquarters in Chicago where you are located and a branch office in Dallas. The Dallas office contains 100 member servers also running Windows Server 2008. The Active Directory contain an organizational unit (OU) named TestMem_OU to keep the computer objects for the servers in the Dallas office. Abc.com also contains

a global group named TestDallas that keep the user accounts of thee administrators of the Dallas office. You have received instructions from the CIO to allow TestMem_OU to do the following on TestDallas:The members of TestMem_OU must be able to stop and start services.The members of TestMem_OU must be able to modify register settings. What should you do? A. The best option is to assign the TestMem_OU members to the Domain group. B. The best option is to use the GlobalNames zone in the Dallas office. C. The best option is to assign the TestMem_OU members change permissions to the TestDallas and to all child objects. D. The best option is to add the TestMem_OU members to the Administrators local group on each server in the Dallas office. Answer: D Explanation: You need to add the TestMem_OU members to the Administrators local group on each server in the Dallas office. This will allow the TestMem_OU to be able to stop and start services and to modify register settings. To add the TestMem_OU members to the Administrators local group will give full administrative access to an individual computer or a single domain. The user must be a member of the Administrators group to change accounts or stop and start services or install server roles. Reference : Using Default Group Accounts http://technet.microsoft.com/en-us/library/bb726982.aspx Reference : Securing the Local Administrators Group on Every Desktop http://www.windowsecurity.com/articles/Securing-Local-Administrators-Group-EveryDesktop.html QUESTION NO: 36 You work as the Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory forest that contains two domains named us.Abc.com and uk.Abc.com. The functional level of the forest is set at Windows Server 2008 and the functional level for both us.Abc.com and uk.Abc.com is set at Windows Server 2008. All servers on the Abc.com network run Windows Server 2008. Half the client computers runWindows XP Professional, and the rest run Windows Vista. The technical team at Abc.com resides in the Account Operators group. The members in the technical team have all the permissions to change the properties of user objects and they often join and leave the technical team. You have received instructions from the CIO apply a solution for managing user accounts with the following criteria: Allow the technical team to manage the user objects in all domainsThe least amount of administrative effort should be used on the managing of the regular changes to the technical team. What should you do? A. The best option is to add the technical team's user accounts to run the ServerManagerCMD tool from the technical team's client computers.

B. The best option is to add the technical team to a new global group and add the technical team's user accounts to the global group and to the Account Operators group in the entire forest. C. The best option is to assign Read and Write permissions to the Account Operators group in Abc.com for user accounts in the entire forest. D. The best option is to run the 32-bit version of Windows Server 2008 Enterprise Edition on every member server in the entire forest. Answer: B Explanation: You need to add the technical team to a new global group and add the technical team's user accounts to the global group and to the Account Operators group in the entire forest. Doing this will lessen the administrative effort with the frequent changes. This will also allow the technical team to manage the user objects in the entire forest. Furthermore, the using of the local group will limit the account creation privileges to a user. The Account Operators can't manage the following: Administrator user account, Backup Operators, the user accounts of administrators, Account Operators, or the group accounts Administrators, Server Operators, and Print Operators. Reference : Using Default Group Accounts http://technet.microsoft.com/en-us/library/bb726982.aspx Reference : Securing the Local Administrators Group on Every Desktop http://www.windowsecurity.com/articles/Securing-Local-Administrators-Group-EveryDesktop.html QUESTION NO: 37 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All domain controllers at Abc.com run Windows Server 2008 and all client computers run Windows Vista and Microsoft Office Outlook 2007. The Abc.com network contains three file servers, a database server on TCP port 47182, and Microsoft Exchange Server 2007 servers. You have received instructions from the CIO to provide the mobile users with remote access to the corporate network. However, the mobile users only support access to the Internet by using HTTP and HTTPS. The CIO wants the remote access to have the following criteria:The database server should be accessible to them.Their connections should be secure to the network.They must have access to e-mail and file resources on the network. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to upgrade all client computers to Windows Vista Service Pack 1. B. The best option is to use Outlook Anywhere for Exchange Server 2007. C. The best option is to install Connection Manager Administration Kit (CMAK) profiles to the client computers

D. The best option is to use a VPN solution that uses Layer Two Tunneling Protocol (L2TP). E. The best option is to use a VPN solution that uses Point-to-Point Tunneling Protocol (PPTP). F. The best option is to use a VPN solution that uses Secure Socket Tunneling Protocol (SSTP). Answer: A,F Explanation: You need to upgrade all client computers to Windows Vista Service Pack 1. The next step is to use a VPN solution that uses Secure Socket Tunneling Protocol (SSTP). This will comply with the CIO's instructions. Windows Vista Service Pack 1 ships with a new VPN technology called Secure Socket Tunneling Protocol (SSTP). This will secure the remote access. Reference : SSTP Makes Secure Remote Access Easier http://biztechmagazine.com/article.asp?item_id=377 QUESTION NO: 38 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com contains two servers named ABC-SR10 and ABC-SR11 that has a Server Core installation of Windows Server 2008 that is part of a Network Load Balancing cluster. You have received instructions from the CIO to remotely manage the Network Load Balancing cluster with your Windows Vista client computers and to support automation. What should you do? A. You should consider enabling Multiple Activation Key (MAK) Independent Activation on the client computers B. You should consider enabling Windows Remote Management (WinRM) on the servers C. You should consider enabling roaming user profiles on the servers. D. You should consider enabling Credential Roaming on the client computers. Answer: B Explanation: The best option is to enable Windows Remote Management ( WinRM ) on the servers. Doing this will allow you to remotely manage the Network Load Balancing cluster via your Windows Vista client computer. WinRM is a component of the remote management application and WinRS (Windows Remote Shell) is the "client" for WinRM . This runs on the remote computer attempting to remotely manage the WinRM server. Reference : Server Core Installation Option of Windows Server 2008 Step-By-Step Guide http://technet.microsoft.com/en-us/library/cc753802.aspx#bkmk_managingservercore Reference : How can Windows Server 2008 WinRM & WinRS help you?

http://www.windowsnetworking.com/articles_tutorials/How-Windows-Server-2008WinRMWinRS.html QUESTION NO: 39 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All the servers on the network run either Windows Server 2003 or Windows Server 2008 and all client computers run Windows Vista. All domain controllers on the network run Windows Server 2008 and a firewall server runs Microsoft Internet Security and Acceleration (ISA) Server 2006. Furthermore, the Terminal Server component is deployed on the Windows Server 2003 servers. You have received instructions from the CIO to create a remote access strategy for the Terminal Server servers that have the following criteria:The open ports on the firewall server should be reduced.The remote connections to the Terminal Server servers should be encrypting.No client computer should access the network when the firewall disabled. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to upgrade a Windows Server 2003 server to Windows Server 2008. B. The best option is to upgrade a Windows Server 2003 server to 32-bit version of Windows Server 2008 Enterprise Edition. C. Implement the Terminal Services Gateway (TS Gateway) role and Network Access Protection (NAP). D. The best option is to upgrade a Windows Server 2003 server to 64-bit version of Windows Server 2008 Enterprise Edition. E. The best option is to make use of Trusted Platform Module (TPM) on the ISA Server. Answer: A,C Explanation: You need to upgrade a Windows Server 2003 server to Windows Server 2008. You also need to use the Terminal Services Gateway (TS Gateway) role, and implement Network Access Protection (NAP) on the Windows Server 2008 server. Furthermore, NAP is a feature of Windows Server 2008. So you need to upgrade the Windows Server 2003 server to Windows Server 2008. The Terminal Services Gateway (TS Gateway) also enables authorized remote users to connect to resources on the network. Furthermore, the TS Gateway transmits RDP traffic to port 443. Reference : Security and Policy Enforcement http://www.microsoft.com/windowsserver2008/en/us/security-policy.aspx Reference : Vista 's Network Access Protection (NAP) helps keep 'unhealthy' computers off your LAN http://articles.techrepublic.com.com/5100-10878_11-6153295.html Reference : TS Gateway Overview http://technet.microsoft.com/en-us/library/cc732122.aspx

QUESTION NO: 40 You work as part of the IT support staff at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com contains a DNS server named ABC-SR20 that has a Server Core installation of Windows Server 2008. You have received instructions from the CIO to allow the administrators to manage ABC-SR20 remotely with their client computers. What should you do? A. The best option is to run Windows Automated Installation Kit (WAIK) to automatic on the DNS server. B. The best option is to run the Key Management Service (KMS) and then add the Component Services snap-in. C. The best option is to install Remote Server Administration Tools (RSAT) on the Windows Vista client computers. D. The best option is to run Netsh tool from the Windows Server 2008 installation media on the Windows Vista client computers. Answer: C Explanation: You need to install Remote Server Administration Tools (RSAT) on the Windows Vista client computers. This will allow the administrator remotely manage ABC-SR20. RSAT also has an updated Group Policy Management Console (GPMC), which was formerly removed in Windows Vista SP1. Reference : Remote Server Administration Tools (RSAT) Now Available for Windows Vista SP1 http://windowsvistablog.com/blogs/windowsvista/archive/2008/03/25/remote-serveradministrationtools-rsat-now-available-for-windows-vista-sp1.aspx QUESTION NO: 41 You work as part of the IT support staff at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista. Due to company growth, Abc.com plans to open a new branch and install 15 servers with the Server Core installation of Windows Server 2008 that will be accessible with TCP ports 80 and 443. However, the CIO wants the Server Core servers to have the following criteria:The server roles must be remotely installed by the administrators.The server should be remotely managed What should you do? A. The best option is to select the Terminal Services on the administrator's computer. B. The best option is to select the Windows Remote Management (WinRM) on the administrator's computer. C. The best option is to use GlobalNames zone on the administrator's computers. D. The best option is to use Ocsetup.exe on the administrator's computers. Answer: B

Explanation: You need to select the Windows Remote Management ( WinRM ) on the administrator's computer. This will ensure that the administrators remotely installed and remotely managed the Server Core servers. The Windows Remote Management ( WinRM ) allows you to install programs, change settings, or do troubleshooting, remotely. Reference : How can Windows Server 2008 WinRM & WinRS help you http://www.windowsnetworking.com/articles_tutorials/How-Windows-Server-2008WinRMWinRS.html QUESTION NO: 42 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Microsoft Windows Server 2003 and the client computers run Microsoft Windows Vista. Abc.com contains 30 DNS server. One of the DNS servers named ABC-SR10 has the Adminpak.msi installed. You are using a client computer to manage the 30 DNS server via ABC-SR10 by using the Remote Desktop Connection (RDC). However, you have replaced 30 DNS servers with Server Core installation of Windows Server 2008 servers by installing DNS server role on the Server Core installation of Windows Server 2008. The Abc.com CIO wants the new DNS server to be remotely managed and that Microsoft Management Console (MMC) should be used to manage the DNS server role. What should you do? A. The best option is to use Credential Roaming. B. The best option is to use the Windows Deployment Services (WDS) server role. C. The best option is to offer remote access to the Windows Server 2008 Server Core servers. D. The best option is to install Remote Server Administration Tools (RSAT) to a Windows Server 2008 server and provide remote access to that server. Answer: D Explanation: You need to install Remote Server Administration Tools (RSAT) to a Windows Server 2008 server and provide remote access to that server. RSAT is an update version of ADMINPAK.MSI. Reference: Remote Server Administration Tools (RSAT) Now Available for Windows Vista SP1 http://windowsvistablog.com/blogs/windowsvista/archive/2008/03/25/remote-serveradministrationtools-rsat-now-available-for-windows-vista-sp1.aspx QUESTION NO: 43 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com has its headquarters in Stockholm where you are located and a branch office in Paris. The branch

office in Paris contains three Windows Server 2008 servers that host Web applications. However, the CIO wants these servers to be managed remotely with the following criteria: The Web developers can set up features on the Web site and should not have full administrative rights on the three Web servers. What should you do? A. The best option is to set up the authorization rules for Web developers on the 3 Web servers. B. The best option is to set up a DFS Namespace. C. The best option is to set up Read & Execute for Web developers. D. The best option is to add the Web developers to the Account Operators group. Answer: A Explanation: You need to set up the authorization rules for Web developers on the 3 Web servers. This will then not give the Web developer full administration rights. It will allow them to configure features on the Web sites. With Authorization rule, you can grant or deny specific computers, groups of computers, or domains access to sites, applications, directories, or files on your server. Reference : IIS 7.0: Configuring URL Authorization Rules in IIS 7.0 http://technet.microsoft.com/en-us/library/cc772206.aspx Section 2, Plan for delegated administration (4 Questions) QUESTION NO: 44 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. Abc.com has headquarters in London where you are located, and branch offices in Paris, Berlin and Milan. Each of the branch offices contains the following: A domain controller with the DHCP Server role is installed; a file server as well as an administrator. You have received instructions from the CIO to delegate the administration of DHCP with the following criteria:The administrator in it respective office should manage their own DHCP scope and not other office's scopes.The administrative effort should be kept to a minimum. What should you do? A. The best option is to implement Key Management Service (KMS) in the AD domain. B. The best option is to the branch office administrator added to the DHCP Administrators local group on every file server. C. The best option is to migrate the DHCP Server role to the file server in every location. D. The best option is to implement Multiple Activation Key (MAK) Independent Activation in the AD domain. Answer: B,C

Explanation: You need to migrate the DHCP Server server role to the file server in each branch office and to add the branch office administrator to the DHCP Administrators local group, on each file server. If you add the branch office's administrators to the DHCP Administrators local group, they will not be able to administer on the other branch offices. Reference : DHCP Server Security (Part 2) http://www.windowsecurity.com/articles/DHCP-Security-Part2.html QUESTION NO: 45 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. Abc.com contains an organizational unit (OU) named Test_User and a global group named Test_Adm. Test_User contains the user accounts. You have received instructions from the CIO to allocate the member in Test_Adm as follows:The member in Test_Adm must be able to set up user accounts and not to reset passwords in Test_User.They must be able to modify the following attributes; address, telephone and location. What should you do? A. The best option is to use the Delegation of Control Wizard on Test_User. B. The best option is to install a subordinate CA. C. The best option is to create an Active Directory-integrated zone. D. The best option is to set up Secure Socket Tunneling Protocol (SSTP) to the Account Operators group. Answer: A Explanation: You need to use the Delegation of Control Wizard on Test_User . This will comply with the CIO's instructions. You will be able to facilitate the delegation of administrative rights over containers. This control wizard will also offer additional level of granularity allowing for custombuilt tasks. Reference : Default security concerns in Active Directory delegation http://support.microsoft.com/kb/235531 QUESTION NO: 46 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com has its headquarters in Chicago where you are located and a branch office in Dallas. The branch office in Dallas contains a Read-only Domain Controller (RODC) named ABC-DC01. The branch office in Dallas has administrators that manage the client computers and servers. The administrators' user accounts resides in a global group named Test_adm. You have received instructions from the CIO

to configure ABC-DC01 with the following criteria:The Test_adm group should have only rights on ABC-DC01, manage it, replace device drivers and install update for the OP.The Test_adm group should be allowed to change the Active Directory objects. What should you do? A. The best option is to add Test_adm on ABC-DC01's Administrators local group. B. The best option is to use the Internet Protocol security (IPsec) to the Server Operators domain local group. C. The best option is to use Hyper-V feature on the new OU. D. The best option is to use Credential Roaming on the ABC-DC01 computer object. Answer: A Explanation: The best option is to add Test_adm on ABC-DC01's Administrators local group. The Administrators local group provides administrative access to an individual computer or a single domain. To be an administrator to administrate computers or domains, you need to add them to the Administrators local group. Reference : Using Default Group Accounts http://technet.microsoft.com/en-us/library/bb726982.aspx Reference : Securing the Local Administrators Group on Every Desktop http://www.windowsecurity.com/articles/Securing-Local-Administrators-Group-EveryDesktop.html QUESTION NO: 47 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com has its headquarters in London where you are located and a branch office in Madrid. The branch office in Madrid contains a Read-only Domain Controller (RODC) named ABC-DC02. The branch office in Dallas has administrators that manage the computers. The administrators' user accounts resides in a global group named CK_adm. You have received instructions from the CIO to configure ABCDC02 with the following criteria:The CK_adm group should have only rights on ABC-DC01 and are not allowed to change the Active Directory objects. What should you do? A. The best option is to add CK_adm on ABC-DC01's Administrators local group. B. The best option is to add CK_adm to the Server Operators domain local group. C. The best option is to allocate ABC-DC01 computer object to a new OU. You should give CK_adm Full Control permission on the new OU. D. The best option is to give Full Control permission to CK_adm on the ABCDC01 computer object. Answer: A Explanation:

The best option is to add CK_adm on ABC-DC01's Administrators local group. The Administrators local group provides administrative access to an individual computer or a single domain. To be an administrator to administrate computers or domains, you need to add them to the Administrators local group. Reference : Using Default Group Accounts http://technet.microsoft.com/en-us/library/bb726982.aspx Reference : Securing the Local Administrators Group on Every Desktop http://www.windowsecurity.com/articles/Securing-Local-Administrators-Group-EveryDesktop.html Section 3, Plan and implement group policy strategy (15 Questions) QUESTION NO: 48 You work as the Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory forest that contains two domains named us.Abc.com and uk.Abc.com. The functional level of the forest is set at Windows Server 2008. All servers on the Abc.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. A new Abc.com security policy requires that the local guest accounts must be renamed and disabled and the administrator accounts, renamed. What should you do? A. The best option is to GlobalNames zone on all the domain controllers. B. The best option is to use Group Policy object (GPO) for each domain. C. The best option is to use folder redirection on the root domain controllers. D. The best option is to use the ServerManagerCMD tool for the root domain. Answer: B Explanation: You need to use Group Policy object (GPO) for each domain. With this you can renamed administrator accounts; and renamed and disabled the local guest accounts. You can also in Windows Server 2003, change the administrator account and guest account names, with a Group Policy. Reference : HOW TO: Rename the Administrator and Guest Account in Windows Server 2003 http://support.microsoft.com/kb/816109 QUESTION NO: 49 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. The Active Directory domain has a top level OU named CKStaff that contains three OU's as seen in the following exhibit:

These OU's store contains the accounts of all managers, fulltime users as well as part time users employed by Abc.com. The previous administrator configured CKStaff to ensure that all managers belonging to the TestManagers get the Group Policy object (GPO) settings that are applied. You receive an instruction from the CIO to ensure that TestManagers will not be affected when a GPO setting is applied to CKStaff. What should you do? A. The best option is to use the Microsoft Multipath I/O to the Full Time Users OU. B. The best option is to use Block Policy Inheritance on the OU of TestManagers. C. The best option is to use Block Policy Inheritance on the OU of CKStaff. D. The best option is to use a Netsh tool to the OU of CKStaff. Answer: C Explanation: You need to use Block Policy Inheritance on the OU of the TestManagers . This will not affect TestManagers OU's user accounts. This will blocks Group Policy Objects that apply higher in the Active Directory hierarchy. However, if No Override setting is enabled, it will not block the GPOs. Reference : Inheriting a Meager Comprehension of Policy Inheritance http://www.informit.com/guides/content.aspx?g=windowsserver&seqNum=60 QUESTION NO: 50 You work as the Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run

Windows Vista. Abc.com consists of a Finance department and a Sales department. The Active Directory domain has a top level OU named CK_Finance that contains the user and computer accounts of all the departments. You have received instructions from the CIO to use a new inhouse Finance application that will be used only by the Finance department. What should you do? A. The best option is to use the Background Intelligent Transfer Service (BITS) settings. B. The best option is to use the Windows System Resource Manager (WSRM). C. The best option is to use the Group Policy object (GPO) for CK_Finance. D. The best option is to use the Group Policy Management Console. Answer: C Explanation: You need to use the Group Policy object (GPO) for CK_Finance . The Group Policies can be used for users and computers. Furthermore for network security, the component that is used is the Group Policy in the Active Directory environment. Reference : Using Group Policy to Deploy Applications http://www.windowsnetworking.com/articles_tutorials/Group-Policy-DeployApplications.html Reference : Planning and Deploying Group Policy 2008 http://www.scribd.com/doc/4716059/Planning-and-Deploying-Group-Policy-2008 QUESTION NO: 51 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. A new Abc.com security policy stipulates that no removable devices should be installed on the Vista Computers. However, the CIO would prefer that it should be done by the administrators and technicians with the least amount of administrative effort. What should you do? A. The best option is to use Internet Protocol security (IPsec) on the domain controllers. B. The best option is to use the Key Management Service (KMS) on the client computers. C. The best option is to use a Group Policy object (GPO) on the client computers. D. The best option is to use folder redirection on the client computers. Answer: C Explanation: You need to use the Group Policy object (GPO) on the client computers. This will prevent the user to install removable devices. The GPO a setting, Preventing Installation of Removable Devices and Prevent Installation of Devices Not Described By Other

Policy Settings, that can be used in this instance. This willl not allow the users to install removable devices. Reference : Windows Longhorn: Using Group Policy to Control Device Management (Part 2) http://www.windowsnetworking.com/articles_tutorials/Windows-Longhorn-UsingGroup-Policy-Control-Device-Management-Part2.html QUESTION NO: 52 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com consists of a Marketing department that utilizes a folder named KINGDATA. KINGDATA is configured to hold data files. You have received instructions from the CIO to use a Group Policy and put into practice roaming user profiles. You need to make sure that users utilizing the roaming profiles are able to log on and off using the least amount of time. What should you do? A. The best option is to use the Shared Folders permissions in the Group Policy object (GPO). B. The best option is to enable Secure Socket Tunneling Protocol (SSTP). C. The best option is to install and configure Credential Roaming. D. The best option is to change the Group Policy object (GPO) to contain folder redirection. Answer: D Explanation: You need to change the Group Policy object (GPO) to include folder redirection. With the use of roaming profiles, the user's files and settings follow them from computer to computer. Reference : Profile and Folder Redirection In Windows Server 2003 http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-RedirectionWindows-Server-2003.html QUESTION NO: 53 You work as the network administrator at Abc.com. The Abc.com network consists of a single Active Directory forest that contains two domains named Abc.com and us.Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista. A Abc.com employee named Mia Hamm works in Abc.com. Due to administrative duties she need to access an organizational unit (OU) named CK_Data that resides in us.Abc.com. You have received instructions from management to assign administrative rights to Mia Hamm to manage CK_Data however, with the following criteria:She needs to create and set up Group Policies in us.Abc.comLinking GPO's to CK_DataShe needs to be assigned the minimum of administrative rights. What should you do? (Choose TWO. Each answer forms part of the solution.)

A. The best option is to use the ServerManagerCMD tool on us.Abc.com. B. The best option is to use the Delegation of Control Wizard on CK_Data. C. The best option is to enable caching in the us.Abc.com. D. The best option is to change the permissions of the Group Policy Objects container in us.Abc.com by using the Group Policy Management Console. E. The best option is to deploy AD RMS in Abc.com. F. The best option is to add Mia Hamm to the Account Operators group. G. The best option is to create an ADMX file on the CK_Data. Answer: B,D Explanation: You need to use the Delegation of Control Wizard on CK_Data . You also need to change the permissions of the Group Policy Objects container in us.Abc.com. To delegate the administrative rights over CK_Data , you need to use the Delegation wizard and run it on CK_Data. Reference : Default security concerns in Active Directory delegation http://support.microsoft.com/kb/235531 QUESTION NO: 54 You work as the Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008. All the client computers run Windows Vista. Abc.com contains three technicians that give support to network users. The Abc.com CIO has instructed you to give the three technicians a GPO with preconfigured settings to allow them to create new GPO's. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to use the Delegation of Control Wizard. B. The best option is to add the technicians to the Group Policy Creator Owners group. C. The best option is to Group Policy Management Console. D. The best option is to use the Administrator Role Separation. E. The best option is to create a new Starter GPO. F. The best option is to create an ADMX file. Answer: B,E Explanation: You need to add the technicians to the Group Policy Creator Owners group and create a new Starter GPO. The new Starter GPO has templates for creating new GPO's. Reference : Group Policy related changes in Windows Server 2008 - Part 1: What are Starter GPOs? http://www.windowsecurity.com/articles/Group-Policy-related-changes-WindowsServer-2008-Part1.html QUESTION NO: 55

Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. Abc.com contains three organizational units (OUs) named Sales, Products and Marketing. The Abc.com CIO wants the OU's to have the following criteria:You should not allow the GPOs linked to the Abc.com domain to have any effect on the Products OU when settings are applied.The least amount of GPOs and OUs should be used. What should you do? A. The best option is to use the block inheritance on Products. B. The best option is to create an ADMX file. C. The best option is to use a DFS Namespace. D. The best option is to use a custom network profile. Answer: A Explanation: You need to use the block inheritance on Products. Doing this, you will be able to blocks Group Policy Objects that apply higher in the Active Directory hierarchy of sites, domains, and organizational units. Reference : Inheriting a Meager Comprehension of Policy Inheritance http://www.informit.com/guides/content.aspx?g=windowsserver&seqNum=60 QUESTION NO: 56 You work as the Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008. All the client computers run Windows Vista. Abc.com consists of the following departments: Research, Sales, Marketing and Finance. The Abc.com CIO wants the users in the Finance department to use a higher level of account and password security. However, you need to lessen the hardware and software costs. What should you do? A. The best option is to folder redirection to the site. B. The best option is to use the ServerManagerCMD tool to the Finance OU. C. The best option is to set up a new Password Settings Object (PSO) for the Finance department. D. The best option is to deploy a GPO to the Finance OU. Answer: C Explanation: You need to set up a new Password Settings Object (PSO) for the Finance department. The Granular Password Settings" or "Fine-Grained Password Policy", is based on the introduction of two new object classes which is the "Password Settings Container" and "Password Setting" objects. Reference : Configuring Granular Password Settings in Windows Server 2008, Part 2

http://www.windowsecurity.com/articles/Configuring-Granular-Password-SettingsWindows-Server-2008-Part2.html QUESTION NO: 57 You work as the network administrator at Abc.com. The Abc.com network consists of a single Active Directory forest named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista. A new Abc.com security policy requires that if employees' logs on to the Abc.com domain, a legal notice should come into view. You need to implement the new Abc.com security policy with the least amount of administrative effort. What should you do? A. The best option is to modify the Default Domain Controller policy. B. The best option is to use the Domain Controllers organizational unit on a reference computer. C. The best option is to create a new Starter GPO. D. The best option is to create, link and enforce a new GPO. Answer: D Explanation: You need to create, link and enforce a new GPO. This will also allow you to do this with the least amount of administrative effort. Reference : Circumventing Group Policy Settings http://blogs.technet.com/markrussinovich/archive/2005/04/30/circumventing-grouppolicysettings.aspx QUESTION NO: 58 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. The Active Directory domain contains three OUs as seen in the following exhibit:

The KingEmployees OU include the TestManagers OU and the TestUsers OU. The user accounts of all Abc.com managers are located in TestManagers. TestManagers is also configured to host the Marketing, Sales and Finance global groups. TestUsers holds the user accounts of the rest of the employees employed within the organization. You receive an instruction from the CIO to create a new GPO and link KingEmployees to it. You decide to name this new GPO CKStaff. During the course of the day, you received complaints that the employees in the Marketing department stating that they cannot use the run command from the Start menu. Whilst troubleshooting the error you find out that the CKStaff settings are causing the problem. To ensure productivity you have to make sure that the employees on the Marketing global group can use the run command from the Start menu. What should you do? A. The best option is to set up Shared Folders permissions for the Marketing global group. B. The best option is to use Credential Roaming on TestManagers. C. The best option is to set up Group Policy filtering on CKStaff the Marketing global group. D. The best option is to new Starter GPO. Answer: C Explanation: You need to set up Group Policy filtering on CK_1 for the Marketing global group. This will allow the Marketing global group to use the run command. On the Group Policies there is no search option for specific policy settings. Reference :

Group Policy related changes in Windows Server 2008 - Part 2: GPMC Version 2 Filtering to search http://www.windowsecurity.com/articles/Group-Policy-related-changes-WindowsServer-2008-Part2.html QUESTION NO: 59 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows XP Professional. A new Abc.com security policy allows the administrators to install USB drivers. However, the other users in TesCKng.com are not allowed to install any USB devices on their systems. You need to adhere to the new Abc.com security policy. What should you do? A. The best option is to set up device installation restrictions using a GPO. B. The best option is to apply the Microsoft Application Compatibility Toolkit (ACT). C. The best option is use the Deny Full Control access policy. D. The best option is to implement the Netsh tool. Answer: A Explanation: You need to use set up device installation restrictions. With this, you can ensure that only the administrators can install USB devices. You will find it in the group policy tree at: Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions. Reference : Windows Longhorn: Using Group Policy to Control Device Management (Part 2) http://www.windowsnetworking.com/articles_tutorials/Windows-Longhorn-UsingGroup-Policy- Control-Device-Management-Part2.html QUESTION NO: 60 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. The Terminal Services role is enabled on the servers at Abc.com. You have received instructions from the CIO to make sure that the Abc.com employees access a third-party application an icon on their desktops, however, when not connected to the network, the employees should not connect to the third-party application. What should you do? A. The best option is to use the Data Collector set. B. The best option is to implement a GPO on the third-party application to all client computers. C. The best option is to use the Delegation of Control Wizard. D. The best option is to use legacy mode.

Answer: B Explanation: You need to use a GPO on the third-party application to all client computers. This will comply with the CIO's instructions. In a network environment, group policies are the main component. Reference : Using Group Policy to Deploy Applications http://www.windowsnetworking.com/articles_tutorials/Group-Policy-DeployApplications.html Reference : Planning and Deploying Group Policy 2008 http://www.scribd.com/doc/4716059/Planning-and-Deploying-Group-Policy-2008 QUESTION NO: 61 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com has its headquarters in London and a branch office in Paris. The English language version of Windows Vista is installed in the London office and the Paris office uses the French version of Windows Vista. You have received instructions from the CIO to apply custom application settings with a Group Policy object (GPO) with the following criteria:The administrators should edit the GPO with their respective language.The least amount of GPOs should be installed. What should you do? A. You should consider setting up roaming user profiles. B. You should consider using an Active Directory-integrated zone. C. You should consider Background Intelligent Transfer Service (BITS) settings site to the branch office. D. You should consider setting up ADMX and ADML files. Thereafter the GPO should be set up and linked to the Abc.com domain. Answer: D Explanation: You need to set up ADMX and ADML files and then set up and link the GPO to the TersCKing.com domain. This will allow the administrators to edit and view the GPO in their own language. The ADMX file is language neutral. Furthermore, they are stored in . adml files. Furthermore, the ADMX files and the ADM files only templates. Reference : Group Policy templates in Windows Vista: ADMX files replace ADM files http://4sysops.com/archives/group-policy-templates-in-windows-vista-admx-filesreplace-adm-files/ QUESTION NO: 62

Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com contains 20 database servers. Abc.com contains two OUs named CK_Base and CK_Ad. CK_Base that keeps the computer accounts of the 20 database servers and CK_Ad store the user accounts of the database administrators. Abc.com also contains a global group named CK_Global. All the database administrators are members of CK_Global. You have received instructions from the CIO to ensure that the database administrators is able to do administrative tasks on the 20 database servers, but not to the other servers. What should you do? A. The best option is to deploy AD RMS. B. The best option is to deploy NPAS. C. The best option is to use the Domain Controllers organizational unit (OU), on CK_Global. D. The best option is to install a group policy to CK_Base. Answer: D Explanation: You need to install a group policy to CK_Base . This will allow the database administrators to do the duty without performing administrative tasks on other servers. With a Group Policy you are allowed to centralized, Active Directory based configuration and change management of computers running Windows Server 2008, Windows Vista, Windows XP and Windows Server 2003. Reference : Windows Server 2008 Springboard Series Part 02: Deploying and Managing Group Policy http://71.203.223.220/files/WS08SBSprt02_GRPOL.docx QUESTION NO: 63 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run either Windows Server 2003 or Windows Server 2008 and the client computers run Microsoft Windows Vista. Abc.com contains a Windows Server Update Services (WSUS) server named ABCSR10 that is used to get updates online from the from the Microsoft Update Web site. However, after the implementation of a secure network, the users are unable to access the neither Internet nor ABC-SR10. You have received instructions from the CIO to use a patch management strategy to install the updates to thee other systems on the network. What should you do? (Choose TWO. Each answer forms part of the solution.) A. You should install a WSUS server on the secure network. B. You should use the Internet Protocol security (IPsec) from the Microsoft Update Web site C. You should make use of the Terminal Services Gateway on the secure network. D. You should also use ABC-SR10 and copy the update metadata and the WSUS content to the WSUS server on the secure network.

E. You should install Windows Server 2008 Datacenter Edition on a WSUS server. Answer: A,D Explanation: You need to install a WSUS server on the secure network and use ABC-SR10 and copy the update metadata and the WSUS content to the WSUS server on the secure network. This will allow you to use a patch management strategy to install the updates to thee other systems on the network Reference : Advanced Deployment Options / Offline Updates http://www.wsuswiki.com/AdvDeployOptions QUESTION NO: 64 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista.Abc.com contains quite a few Windows Server Update Services (WSUS) servers that are used to issue updates to all computers at Abc.com. Abc.com has quite a few remote users that connect the internal network of Abc.com via their personal computers. They accomplish this using a split-tunnel VPN connection. You have received instructions from the CIO to install the updates on the laptops with the following criteria:The least amount of bandwidth should be used on the VPN connectionsOnly approved updates should be installed from the WSUS servers to the client computers. What should you do? A. The best option is to install a Microsoft Internet Information Services (IIS) server. B. The best option is to use Internet Protocol security (IPsec) on the internal WSUS server. C. The best option is to use another WSUS server for the laptops and set up the WSUS server to leave the updates on the Microsoft Update Web site. D. The best option is to use Windows Deployment Services (WDS) on the laptops. Answer: C Explanation: You need to use another WSUS server for the laptops and set up the WSUS server to leave the updates on the Microsoft Update Web site. You can use the Microsoft Windows Server Update Services (WSUS) for enterprise patch management. Reference : Deploying Microsoft Windows Server Update Services http://www.windowsnetworking.com/articles_tutorials/Deploying-Microsoft-WindowsServer-Update-Services.html QUESTION NO: 65 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and

all client computers run Windows Vista. You have received instructions from the CIO to set up a Windows Server Update Services (WSUS) infrastructure with the following criteria:A central location should dispense the updates.Updates should continue even during server failure. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to set up the Delegation of Control Wizard on the servers. B. The best option is to set up a Microsoft SQL Server 2005 failover cluster. C. The best option is to set up each WSUS server to use a RAID 10 array and a local database. D. The best option is to set up Windows Deployment Services (WDS). E. The best option is to set up two WSUS servers in a Network Load Balancing cluster and set up WSUS to use the remote SQL Server 2005 database instance. Answer: B,E Explanation: You need to set up a Microsoft SQL Server 2005 failover cluster and set up two WSUS servers in a Network Load Balancing cluster and set up WSUS to use the remote SQL Server 2005 database instance. Network load balancing (NLB) will keep the networks running in an event of a server failure. Reference : Appendix C: Configure WSUS for Network Load Balancing http://technet.microsoft.com/en-us/library/cc708533.aspx QUESTION NO: 66 You are the newly appointed an Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. The domain controllers at Abc.com run Windows Server 2008. You have received instructions from the CIO to create a monthly report on the status of software updates for the Windows Vista computers with the following criteria:The displaying of updates successfully installed and not successfully installed on the operating system and Microsoft application.Your solution should use the least administrative effort and little cost. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to install Windows Deployment Services (WDS). B. The best option is to use Windows Software Update Services (WSUS) 3.0. C. The best option is to install the management agents on all client computers. D. The best option is to set up Windows Update by using a Group Policy object (GPO). E. The best option is to Network Policy Server (NPS) on the client computers. Answer: B,D Explanation: You need to use Windows Software Update Services (WSUS) 3.0 and set up Windows Update by using a Group Policy object (GPO). Doing this will give the desired effect.

You can use group policies to configure automatic updates. You also need to use the Windows Software Update Services (WSUS) 3.0 to generate reports. Reference : Microsoft Windows Server Update Services http://www.auckland.ac.nz/security/MicrosoftWSUSGuidelines.htm QUESTION NO: 67 You work as the network administrator at Abc.com. The Abc.com network consists of a single Active Directory forest named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista. Abc.com has its headquarters in London and a branch office in Madrid. The branch office in Madrid contains a Windows Server Update Services (WSUS) server named ABC-SR11. Due to company growth, Abc.com has set up five satellite offices that use a dedicated WAN link to connect to the branch office in Madrid. You have received instructions from the CIO to set up a patch management strategy with the following criteria:The updates from ABC-SR11 are approved from a central location.The WLAN traffic should be reduced between the branch office in Madrid and the satellite offices. What should you do? A. The best option is to set up and link the Group Policy objects (GPOs) to the OUs. B. The best option is to use a WSUS server in each satellite office. C. The best option is to use Terminal Services at the London office. D. The best option is to use Microsoft SQL Server 2005 in the Madrid office. E. The best option is to set up each satellite office WSUS server to use the London office WSUS server as an upstream server. Answer: B,E Explanation: You need to use a WSUS server in each satellite office and set up each satellite office WSUS server to use the London office WSUS server as an upstream server. The following modes are supported on a WSUS server: autonomous mode and replica mode. The down loaded information is set up to an upstream server is replicated directly to all of the devices configured as downstream servers. This will also minimize bandwidth. With the use of autonomous mode, only upstream server transmits update files to the downstream servers. Reference : Deploying Microsoft Windows Server Update Services http://www.windowsnetworking.com/articles_tutorials/Deploying-Microsoft-WindowsServer-Update-Services.html QUESTION NO: 68 You work as the network administrator at Abc.com. The Abc.com network consists of a single Active Directory forest named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista. Abc.com has its headquarters in London and branch offices in Madrid and Paris. The London office contains a Windows

Server Update Services (WSUS) server named ABC-SR12 that distributes updates to the computers at the London office. The branch offices at Abc.com use a dedicated WAN link that connects them to the London office. You have received instructions from the CIO to set up a patch management strategy with the following criteria:The WLAN traffic should be reduced between the branch offices and the Internet.The branch offices get their updates from the London office. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to set up and link the Group Policy objects (GPOs) to the OUs. B. The best option is to install a WSUS server in the Paris and Madrid offices. C. The best option is Microsoft SQL Server 2005 in the Paris and Madrid offices. D. The best option is to use Terminal Services at the London office. E. The best option is to set up the WSUS servers to use the main office WSUS server as an upstream server. Answer: B,E Explanation: You need to install a WSUS server in the Paris and Madrid offices and set up the servers to use the main office WSUS server as an upstream server. Using this will reduce WLAN traffic. It will also allow the branch offices get their updates from the London office. The following modes are supported on a WSUS server: autonomous mode and replica mode. The down loaded information is set up to an upstream server is replicated directly to all of the devices configured as downstream servers. This will also minimize bandwidth. With the use of autonomous mode, only upstream server transmits update files to the downstream servers. Reference : Deploying Microsoft Windows Server Update Services http://www.windowsnetworking.com/articles_tutorials/Deploying-Microsoft-WindowsServer-Update-Services.html QUESTION NO: 69 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. The Abc.com network contains more than 5,000 computers. You have received instructions from the CIO to set up storage architecture for Windows Server Update Services (WSUS) updates. It is imperative that you ensure that the updates continue to be highly available. What should you do? A. The best option is have RAID 10 setup on all WSUS server. B. The best option is to use multiple downstream servers. C. The best option is to implement a Group Policy. D. The best option is to have the updates stored on a Distributed File System (DFS) link that is configured to use multiple replicating targets. Answer: D

Explanation: You need to keep the updates on a Distributed File System (DFS) link that uses multiple replicating targets. This will have the updates highly available. The DFS has the following capabilities: views of folders and files, that is, a virtual organization called a namespace, regardless of where those files physically reside in a network. Reference : Step 4: Set up a DFS share http://technet.microsoft.com/en-us/library/cc708533.aspx Section 2, Monitor servers for performance evaluation and optimization (6 Questions) QUESTION NO: 70 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. The Abc.com network contains 8 servers that have the file server role installed. You have received instructions from the CIO to monitor the file servers with the following criteria:Volumes less than 500 MB free space should be notified with e-mail notifications to you.You should impose file storage quotas. What should you do? A. The best option is to set up the File Server Resource Manager (FSRM) role service. You should also set up Quota Management and Storage Reports Management. B. The best option is to set up folder redirection and Event Subscriptions C. The best option is to set up Shared Folders permissions. D. The best option is to set up Windows System Resource Manager (WSRM) feature and Performance Monitor alerts Answer: A Explanation: You need to set up the File Server Resource Manager (FSRM) role service, Quota Management and Storage Reports Management. You can set the also the size that it does not exceeds 500 MB. Furthermore, you can create a File Screen to stop users from saving of video/audio files to a share. Reference : The Basics of Windows Server 2008 FSRM (File Server Resource Manager) http://blogs.technet.com/josebda/archive/2008/08/20/the-basics-of-windows-server-2008fsrm-fileserver- resource-manager.aspx QUESTION NO: 71 You work as the network administrator at Abc.com. The Abc.com network consists of a single Active Directory forest named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista. Abc.com consists of a Marketing department that contains 500 servers. You have received instructions from the CIO to monitor

the servers using the following criteria:Whenever, the processor usage exceeds 80% for 10 minutes, there should be an alert be generated.The processor monitoring threshold should be automatically adjusted for the allowance of temporary changes in the workload. What should you do? A. The best option is to use a Network Load Balancing (NLB) cluster. B. The best option is to use the ServerManagerCMD tool. C. The best option is to use event subscriptions. D. The best option is to use Microsoft System Center Operations Manager (SCOM). Answer: D Explanation: You need to use Microsoft System Center Operations Manager (SCOM). This will generate alerts if the processor usage exceeds 80% for 10 minutes. It can also be adjusted to automatically adjust the processor monitoring threshold to allow for temporary changes. Reference : From MOM to SCOM http://pcquest.ciol.com/content/enterprise/2007/107070501.asp Reference : Self Tuning Thresholds - love and hate http://blogs.technet.com/kevinholman/archive/2008/03/19/self-tuning-thresholds-loveandhate.aspx QUESTION NO: 72 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com contains a server named TESCKIG-SR10 that has the Terminal Services role installed. A new Abc.com policy states that the employees should not use more than 25% of the CPU resources a day, with the exception of the administrators. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to create a System Performance Data Collector Set. B. The best option is to use Windows System Resource Manager (WSRM). C. The best option is to create Network Load Balancing cluster. D. The best option is to set up user policies. E. The best option is implement a GPO. Answer: B,D Explanation: You need to use Windows System Resource Manager (WSRM) and set up user policies. The Windows System Resource Manager (WSRM) enables the allocation of resources, including processor and memory resources, among multiple applications based on business priorities. You can set the CPU and memory allocation policies on applications. Reference : Windows System Resource Manager Fast Facts

http://www.microsoft.com/windowsserver2003/techinfo/overview/wsrmfastfacts.mspx QUESTION NO: 73 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. The Abc.com network contains 20 SharePoint sites. Abc.com contains a server named ABC-SR12 that has the Windows SharePoint Services (WSS) role installed. You have received instructions from the CIO to better the performance of ABC-SR12 and to make sure that utilization of the CPU does go beyond 80%. However if it occurs, an equal amount of system resources should be allocated to each SharePoint site. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to set up the entire SharePoint site to use a separate application pool. B. The best option is to deploy AD RMS. C. The best option is to use Windows System Resource Manager (WSRM). D. The best option is to deploy a Group Policy Objects container. E. The best option is to use Microsoft System Center Configuration Manager (SCCM). Answer: A,C Explanation: You need to set up the entire SharePoint site to use a separate application pool. You also need to use Windows System Resource Manager (WSRM). The Windows System Resource Manager (WSRM) enables the allocation of resources, including processor and memory resources, among multiple applications based on business priorities. You can set the CPU and memory allocation policies on applications. Reference : Windows System Resource Manager Fast Facts http://www.microsoft.com/windowsserver2003/techinfo/overview/wsrmfastfacts.mspx QUESTION NO: 74 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. The Abc.com network contains a Windows Server2008 failover cluster. Abc.com contains an in-house application that resides in the failover cluster. The in-house application requires 40% processor utilization and the memory utilization that is set with a service level agreement (SLA). You need to make sure that the level of performance is specified in the SLA. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to use Windows System Resource Manager (WSRM) B. The best option is to use Microsoft Windows Reliability and Performance Monitor.

C. The best option is to use Microsoft System Center Configuration Manager (SCCM) D. The best option is to set up a resource-allocation policy for process-based management. E. The best option is to configure quotas. Answer: A,D Explanation: You need to use Windows System Resource Manager (WSRM) and set up a resourceallocation policy for process-based management. The Windows System Resource Manager (WSRM) enables the allocation of resources, including processor and memory resources, among multiple applications based on business priorities. You can set the CPU and memory allocation policies on applications. Furthermore, Windows System Resource Manager (WSRM) does not manage address windowing extensions (AWE) memory. It also does not manage large page memory, locked memory, or OS pool memory. Reference : Windows System Resource Manager Fast Facts http://www.microsoft.com/windowsserver2003/techinfo/overview/wsrmfastfacts.mspx QUESTION NO: 75 You work as the network administrator at Abc.com. The Abc.com network consists of a single Active Directory forest named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista. The Abc.com network contains 500 servers. You have received instructions from the CIO to monitor the servers, applying the following criteria:In the event of an application failure, you need to get a notification by e-mail.The least amount of administrative effort should be used. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to use Microsoft Windows Reliability and Performance Monitor. B. The best option is to set up event subscriptions for each server that is host on one server. C. The best option is to install a Network Policy Server (NPS) on a server. D. The best option is to use folder redirection. E. The best option is to attach tasks to the application error events, on the server. Answer: B,E Explanation: You need to set up event subscriptions for each server that is host on one server and attach tasks to the application error events, on the server. The Event Viewer will allow you to view events on a single remote computer. Furthermore, Windows Vista has the ability to collect copies of events from multiple remote computers. Reference : Event Subscriptions http://technet.microsoft.com/en-us/library/cc749183.aspx

Section 3, Monitor and maintain security and policies (4 Questions) QUESTION NO: 76 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista. Abc.com contains more than 1,500 client computers. The client computers are connected to managed switches. You have received instructions from the CIO to plan the strategy for network access with the following criteria:The employees of Abc.com should not evade the restrictions on the network access.Only client computers with updated service packs and updated anti-malware software installed can access the network. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to use Network Access Protection (NAP) B. The best option is to use Background Intelligent Transfer Service (BITS) settings C. The best option is to use 802.1x enforcement D. The best option is to create event subscriptions. E. The best option is to create an ADML file Answer: A,C Explanation: You need to use Network Access Protection (NAP) and 802.1x enforcement. Network Access Protection (NAP) controls access to network resources based on a client computer's identity and compliance with corporate governance policy. Furthermore, when using 802.1X enforcement, the computer must be compliant to get unlimited network access through an 802.1X-authenticated network connection Reference : Network Access Protection Platform Overview http://technet.microsoft.com/hi-in/library/ bb878083( en-us).aspx Reference : Security and Policy Enforcement http://www.microsoft.com/windowsserver2008/en/us/security-policy.aspx QUESTION NO: 77 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista. Abc.com contains three Network Policy Server (NPS) servers named ABC-SR11, ABC-SR12 and ABC-SR13. The Remote Authentication Dial-In User Service (RADIUS) server is installed on these servers. Furthermore, Abc.com contains 20 wireless access points that is set up as RADIUS client. You have received instructions from the CIO to implement a method to audit all access to the wireless access points with the following criteria:Data should be stored in a central location.It should also record all RADIUS attributes.It should also record all RADIUS vendor-specific

attributesThe least amount of cost should be used. What should you do? (Choose TWO. Each answer forms a part of the solution.) A. The best option is to install Microsoft Windows Reliability and Performance Monitor. B. The best option is to audit for logon events on the ABC-SR11. C. The best option is to set up RADIUS accounting by using local file logging on each server D. The best option is to set up the Windows System Resource Manager (WSRM). E. The best option is to set up users containers. F. The best option is to store the log files in an Internet Authentication Service (IAS) format on a shared folder on ABC-SR11. Answer: C,F Explanation: You need to set up RADIUS accounting by using local file logging on each server and to store the log files in an Internet Authentication Service (IAS) format on a shared folder on ABCSR11. This will minimize the cost and comply with the criteria. When you create a new RADIUS client there is a NAP-capable check box. Reference : What is the NAP client doing /The "RADIUS client is NAP-capable" check box http://blogs.technet.com/nap/default.aspx QUESTION NO: 78 You are the newly appointed an Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. The domain controllers at Abc.com run Windows Server 2008. You have received instructions from the CIO to implement a network access solution with the following criteria: Client computers with the recent service packs can access the network, if not it should be redirected to a specific Web site. What should you do? A. The best option is to use the Event Trace Sessions Data Collector Set. B. The best option is to use multiple downstream servers C. The best option is to use Windows System Resource Manager (WSRM). D. The best option is to use Network Access Protection (NAP) Answer: D Explanation: You need to use Network Access Protection (NAP). Network Access Protection (NAP) controls access to network resources based on a client computer's identity and compliance with corporate governance policy. Furthermore, when using 802.1X enforcement, the computer must be compliant to get unlimited network access through an 802.1X-authenticated network connection Reference : Network Access Protection Platform Overview http://technet.microsoft.com/hi-in/library/ bb878083( en-us).aspx

Reference : Security and Policy Enforcement http://www.microsoft.com/windowsserver2008/en/us/security-policy.aspx QUESTION NO: 79 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista. Abc.com contains three Network Policy Server (NPS) servers named ABC-SR11, ABC-SR12 and ABC-SR13. The Remote Authentication Dial-In User Service (RADIUS) server is installed on these servers. ABC-SR11 is configured to run Microsoft SQL Server 2005. Furthermore, Abc.com contains 20 wireless access points that is set up as RADIUS client. You have received instructions from the CIO to implement a method to audit all access to the wireless access points with the following criteria:Data should be stored in a central location.It should also record all RADIUS attributes.It should also record all RADIUS vendor-specific attributesData in a format that is straightforward to query What should you do? (Choose TWO. Each answer forms a part of the solution.) A. The best option is to install Microsoft Windows Reliability and Performance Monitor. B. The best option is to audit for logon events on the ABC-SR11. C. The best option is to set up RADIUS accounting by using SQL logging on each server D. The best option is to set up the Windows System Resource Manager (WSRM). E. The best option is to set up users containers. F. The best option is to forward all security events from ABC-SR12 and ABCSR13 to ABC-SR11. Answer: C,F Explanation: You need to set up RADIUS accounting by using local file logging on each server and to store the log files in an Internet Authentication Service (IAS) format on a shared folder on ABCSR11. This will minimize the cost and comply with the criteria. When you create a new RADIUS client there is a NAP-capable check box. Reference : What is the NAP client doing /The "RADIUS client is NAP-capable" check box http://blogs.technet.com/nap/default.aspx QUESTION NO: 80 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista. The domain controllers at Abc.com run Windows Server 2008. Abc.com contains 8 servers that have the Terminal Server component installed. Abc.com also contains a Microsoft Internet

Security and Acceleration (ISA) Server 2006 server named ABC-SR20 that acts as a firewall. You have received instructions from the CIO the implement a remote access strategy for the terminal servers with the following criteria:The use of fewer ports on the firewall.Access should be restricted to certain users.Encryption should be used on all connections to the 8 terminal servers. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to upgrade a Windows Server 2003 server to Windows Server 2008. B. The best option is to install Windows Server 2008 Datacenter Edition. C. The best option is to use Microsoft System Center Configuration Manager (SCCM). D. The best option is to set up the Terminal Services Gateway (TS Gateway) role and a Terminal Services connection authorization policy (TS CAP) on the upgraded a Windows Server 2003 server. E. The best option is to create an ADMX file. Answer: A,D Explanation: You need to upgrade a Windows Server 2003 server to Windows Server 2008 and set up the Terminal Services Gateway (TS Gateway) role and a Terminal Services connection authorization policy (TS CAP) on it. TS Gateway allows the connection to internal Terminal servers and RDPenabled machines from the outside. Reference : Creating a Secure and Auditable Remote Access and Management Environment / Remote access and management of servers from a remote network via a dedicated RDP gateway http://www.petri.co.il/creating-secure-auditable-remote-access-managementenvironmentwindows-server-security.htm Reference : TS Gateway Server Configuration http://technet.microsoft.com/en-us/library/cc727371.aspx Reference : Configuring the Windows Server 2008 Terminal Services Gateway (Part 2) http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-TerminalServices-Gateway-Part2.html QUESTION NO: 81 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run either Windows Server 2003 or Windows Server 2008 and the client computers run Microsoft Windows Vista. Abc.com contains more than 2,500 client computers. Abc.com has acquired quite a few new applications that need to be installed on the client computers. However, management wants the installation to have the following criteria:The applications should only be installed on systems that meet the hardware requirements.The installation should occur after working hours.There should

be a report of the installation of the applications with regard to the success or failure of it. What should you do? A. The best option is to use an ADML file. B. The best option is to use the Microsoft System Center Configuration Manager (SCCM) 2007. C. The best option is to use Windows Deployment Services (WDS). D. The best option is to use roaming user profiles. Answer: B Explanation: You need to use the Microsoft System Center Configuration Manager (SCCM) 2007. Microsoft System Center Configuration Manager (SCCM) 2007 enables a secure and scalable operating system and application deployment. Reference : System Center Configuration Manager http://technet.microsoft.com/en-us/configmgr/default.aspx Reference : Big Efficiencies for Big Environments http://redmondmag.com/features/article.asp?editorialsid=2518 QUESTION NO: 82 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com contains a server named ABC-SR14 that has the Terminal Services role enabled. You have received instructions from the CIO to install an accounting application to the Vista computers with the following criteria:An icon on the desktop should be used to access the accounting application.Access to the accounting application should occur when there is no network access. What should you do? A. The best option is to use roaming user profiles. B. The best option is to use Internet Protocol security (IPsec). C. The best option is to a use WSUS server. D. The best option is to use a Group Policy object (GPO) and sign the application to the Vita machines. Answer: D Explanation: You need to use a Group Policy object (GPO) and sign the application to the Vita machines. When the user then logs in the user will see the application in the Start menu and / or to the desktop. Reference : Using Group Policy to Deploy Applications http://www.windowsnetworking.com/articles_tutorials/Group-Policy-DeployApplications.html QUESTION NO: 83

You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista and Microsoft Office Outlook 2007. Abc.com is using an in-house application that needs the support of Outlook 2003. You have received instructions from the CIO to install the in-house application with the following criteria:Access should be available on Outlook 2003 and Outlook 2007.Conflict should not occur between Outlook 2003 and Outlook 2007.30 session needs to be supported with as little training as possible. What should you do? A. The best option is to use Background Intelligent Transfer Service (BITS). B. The best option is to use the Microsoft Application Compatibility Toolkit (ACT) application. C. The best option is to have the Terminal Services server role setup on a server with Outlook 2003. Thereafter Outlook 2003 should be published as a TS RemoteApp. D. The best option is to use the Windows Automated Installation Kit (WAIK). Answer: C Explanation: You need to set up the Terminal Services server role on a server with Outlook 2003, and publish Outlook 2003 as a TS RemoteApp . With Terminal Services you can access Windows-based programs from almost any location or computer. The TS RemoteApp allows you to deploy and maintain different versions of the same program for individual systems. Reference : TS RemoteApp Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc730673.aspx QUESTION NO: 84 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista. Abc.com contains seven servers that have the Terminal Services installed. You have received instructions from the CIO to install a server farm with the following criteria:New users with the least active sessions need to be automatically connected to the terminal server.Users that are disconnected should be sent to their previous session. What should you do? A. The best option is to use Terminal Services Session Broker (TS Session Broker). B. The best option is to use event subscriptions. C. The best option is to use Event Trace Sessions. D. The best option is to use a custom network profile. Answer: A Explanation: You need to use Terminal Services Session Broker (TS Session Broker). This will allow the users to reconnect to an existing session.

Reference : Terminal Services Session Broker (TS Session Broker) http://technet.microsoft.com/en-us/library/cc731045.aspx QUESTION NO: 85 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com contains a file server named ABC-SR13. You have received instructions to install a client/server application. However, if a server fails, the applications should still be available. What should you do? A. The best option is to use Network Load Balancing (NLB). B. The best option is to use Failover cluster that uses Node and File Share Disk Majority. C. The best option is to use Round-robin DNS. D. The best option is to use Terminal Services Gateway (TS Gateway). Answer: B Explanation: You need to use Failover cluster that uses Node and File Share Disk Majority. If the clusters has an even number of nodes, then the Node and Disk Majority is recommended. This will allow availability. Reference : Understanding Quorum Configurations in a Failover Cluster http://technet.microsoft.com/en-us/library/cc731739.aspx QUESTION NO: 86 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com contains seven servers that have Terminal Server installed. You have received instruction to set up a remote access strategy for the terminal server users with the following criteria:Only resources on the internal network should be accessible to the remote users.The connections of the remote users to the resources should be encrypt. What should you do? A. The best option is to set up the Terminal Services Gateway (TS Gateway) role on the server. B. The best option is to use Terminal Services Session Broker (TS Session Broker). C. The best option is to set up a Terminal Services resource authorization policy (TS RAP) on the server. D. The best option is to use Windows System Resource Manager (WSRM). E. The best option is to set up TS Gateway server to use an appropriate Secure Sockets Layer (SSL)-compatible X.509 certificate. F. The best option is to use Microsoft System Center Operations Manager (SCOM).

Answer: A,C,E Explanation: You need to set up the Terminal Services Gateway (TS Gateway) role on the server. You also need to set up a Terminal Services resource authorization policy (TS RAP) on the server. Furthermore, you need to set up TS Gateway server to use an appropriate Secure Sockets Layer (SSL)-compatible X.509 certificate. TS Gateway allows the remote clients to successfully connect to internal network resources (computers) through a Terminal Services Gateway (TS Gateway) server. Reference : TS Gateway Server Configuration http://technet.microsoft.com/en-us/library/cc727371.aspx Reference : Configuring the Windows Server 2008 Terminal Services Gateway (Part 2) http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-TerminalServices- Gateway-Part2.html QUESTION NO: 87 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. The Abc.com Active Directory has two organizational units (OU) named CK_Staff and CK_Client. The user accounts reside in the CK_Staff OU and the client computers user accounts resides in the CK_Client OU. You have received instruction form the CIO to install a new accounting application with the following criteria:An icon on the Start menu should allow access to the application.When the remote users are off line, the application should be available. What should you do? A. The best option is to set up Shared Folders permissions for the Marketing global group. B. The best option is to use Credential Roaming on the Managers OU. C. The best option is to new Starter GPO. D. The best option is to assign the application to computers in CK_Client by using a Group Policy object (GPO). Answer: D Explanation: You need to assign the application to computers in CK_Client by using a Group Policy object (GPO). This will allow the user to acess the application from an icon on the Start menu. Reference : Using Group Policy to Deploy Applications http://www.windowsnetworking.com/articles_tutorials/Group-Policy-DeployApplications.html QUESTION NO: 88

You are the newly appointed an Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. You have received instructions from the CIO to allow users to collaborate with each other, using the following criteria:The Web browser should be used by the remote users to access files.The user content should use full-text indexing.Web server should growth in conjunction with company growth.The use of permissions to promote a secure access to files. What should you do? A. The best option is to use Windows System Resource Manager (WSRM). B. The best option is to use folder redirection. C. The best option is to use an ADML file. D. The best option is to use Microsoft Office SharePoint Server 2007. Answer: D Explanation: You need to use Microsoft Office SharePoint Server 2007. This will allow the users to collaboration solution. Microsoft Office Office SharePoint Server 2007 is used to facilitate collaboration, provide content management features and implement business processes. Reference : Introduction to Microsoft Office SharePoint Server 2007 http://office.microsoft.com/en-us/sharepointserver/HA101732171033.aspx Reference : Search in Microsoft Office SharePoint Server 2007 Evaluation Guide http://office.microsoft.com/download/afile.aspx?AssetID=AM102140171033 QUESTION NO: 89 Abc.com has hired you as an Enterprise administrator for their network. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows XP Service Pack 2. Abc.com contains 15 server and 600 client computers. You have received instructions from the CIO to install a new in-house application and enable desktop themes, which is a prerequisite of the application. You need to install it with the following criteria:The in-house applications should only be accessed by authorized users from any client computer.The least amount of changes should occur on the client computer with the minimum amount of costs. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to install the Remote Desktop Connection (RDC) 6.0 software to the client computers. B. The best option is to use Windows System Resource Manager (WSRM). C. The best option is to use Windows Deployment Services (WDS). D. The best option is to select the Desktop Experience feature on the terminal server and install the application on the terminal server. E. The best option is to use Microsoft System Center Configuration Manager (SCCM).

Answer: A,D Explanation: You need to install the Remote Desktop Connection (RDC) 6.0 software to the client computers. You also need to select the Desktop Experience feature on the terminal server and install the application on the terminal server. This will lower the cost and comply with the criteria. Reference : Terminal Services Core Functionality / Desktop Experience/ Single sign-on http://technet.microsoft.com/en-us/library/cc753097.aspx#BKMK_RDC Section 2, Provision data (5 Questions) QUESTION NO: 90 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers and remote users are running Microsoft Windows Vista. The Abc.com network is not connected to the Internet. Abc.com contains a file server named ABC-SR18 that hosts shared folders which the users use to save their files that needs to be shared. You have received instructions from the CIO to allow the users at Abc.com to access the shared files even if they are not connected to the network. What should you do? A. The best option is to use Microsoft System Center Operations Manager (SCOM). B. The best option is to use Terminal Services. C. The best option is to set up caching on the shared folder in ABC-SR18. D. The best option is to use Group Policy. Answer: C Explanation: You need to set up caching on the shared folder in ABC-SR18. this will allow the remote users to access the share even if they are disconnected. Reference : Set Caching Options for Shared Folders http://technet.microsoft.com/en-us/library/cc755136.aspx QUESTION NO: 91 You work as the network administrator at Abc.com. The Abc.com network consists of a single Active Directory forest named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Windows Vista Service Pack 1. The Sales representatives of Abc.com use their laptops to connect remotely. You have received instructions from the CIO to implement a data provisioning infrastructure to secure sensitive files with the following criteria: Files must be stored in an encrypted format and accessible over the Internet for the Sales representatives.Encryption should be used over the Internet for

the Sales representatives. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to use Point-to-Point Tunneling Protocol (PPTP). B. The best option is to use Encrypting File System (EFS) to encrypt the folders that store sensitive files. C. The best option is to use Internet Protocol security (IPsec). D. The best option is to use Secure Socket Transmission Protocol (SSTP) to allow access to files to remote users. E. The best option is to use Microsoft Point-to-Point Encryption (MPPE). Answer: B,D Explanation: You need to use Encrypting File System (EFS) to encrypt the folders that store sensitive files. You should also use Secure Socket Transmission Protocol (SSTP) to allow access to files to remote users. Reference : Vista and Windows Server 2008 Encryption Broken by Advanced EFS Data Recovery http://www.securitysoftwarezone.com/vista-and-windows-server-2008-encryptionbrokenreview968-6.html Reference : How to configure a Secure Socket Tunneling Protocol (SSTP)-based VPN server behind a NAT device in Windows Server 2008 http://support.microsoft.com/kb/947032 QUESTION NO: 92 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com contains a server named ABC-SR10 that hosts seven in-house applications. Furthermore, the in-house applications has Terminal Services RemoteApps configured. During a routine monitoring, you notice that when using one of the applications, it has an effect on the other applications is not responsive. To ensure productivity you need to make sure that equal access is given to all active user sessions. What should you do? A. The best option is to use Terminal Services Session Broker (TS Session Broker). B. The best option is to set up a Terminal Services resource authorization policy (TS RAP) on ABC-SR10. C. The best option is to use Windows System Resource Manager (WSRM). D. The best option is to use Microsoft System Center Operations Manager (SCOM). Answer: D Explanation: You need to use Windows System Resource Manager (WSRM) and set up user policies. The Windows System Resource Manager (WSRM) enables the allocation of resources,

including processor and memory resources, among multiple applications based on business priorities. You can set the CPU and memory allocation policies on applications. Reference : Windows System Resource Manager Fast Facts http://www.microsoft.com/windowsserver2003/techinfo/overview/wsrmfastfacts.mspx QUESTION NO: 93 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista. The users of Abc.com use quite a few systems to log on the Abc.com domain. You have received instructions from the CIO to provide data with the following criteria:Access should always be available regardless of the computer the users are using.The local computer should be used to store the data of the users.The users must log on to the domain with the least amount of administrative effort. What should you do? A. The best option is to use Microsoft System Center Operations Manager (SCOM). B. The best option is to use Credential Roaming. C. The best option is to enable caching. D. The best option is to use Folder redirection. Answer: D Explanation: You need to use Folder redirection. This will make sure that the users store their data on the local computer. It will also comply with the criteria. Folder Redirection is a way to place data in a set of folders in the user profiles on the network. Reference : Folder Redirection http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dseb_ovr _syul.mspx?mfr=true QUESTION NO: 94 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com that is not connected to the Internet. All servers on the Abc.com network run Windows Server 2008 and all laptops run Windows Vista. Abc.com contains a files server named ABC-SR10 which the Abc.com users use to save their data files. You have received instructions from the implement a data provisioning solution with the following criteria:The users not connected to the network are allowed to access the files and the folders.The cached files and folders should not be accessed by unauthorized users. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to set up caching on the shared folder. B. The best option is to use folder redirection. C. The best option is to Windows System Resource Manager (WSRM). D. The best option is to set up offline files to use encryption.

E. The best option is to Configure IPsec domain isolation. Answer: A,D Explanation: You need to set up caching on the shared folder and set up offline files to use encryption. The caching feature allows the users to have access to shared files even when they are working offline. Reference : Set Caching Options for Shared Folders http://technet.microsoft.com/en-us/library/cc755136.aspx QUESTION NO: 95 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. The domain controllers on the Abc.com network run Windows Server 2008 and all client computers run Windows XP Professional. Abc.com has its headquarters in London and branch offices around the region. You have received instructions from the CIO to make use of a Distributed File System (DFS) with the following criteria:The Abc.com users should have only access to their folders.They must be able to access the data locally.The bandwidth on replication should be reduced. What should you do? A. The best option is to use a domain-based DFS namespace that uses folder redirection. B. The best option is to use a stand-alone DFS namespace that uses DFS replication and has access-based enumeration enabled. C. The best option is to use caching on the profiles share. D. The best option is to use Microsoft Point-to-Point Encryption (MPPE). Answer: B Explanation: You need to use a stand-alone DFS namespace that uses DFS replication and has accessbased enumeration enabled. This will allow the users to have only access to their folders, access the data locally. This option will also reduce bandwidth during replication. For fault tolerance purposes, you should use a standalone namespaces that will allow you to use multiple folder targets. Access-based enumeration allows users to see only files and folders on a file server to which they have permission to access. Reference : Planning a DFS Architecture, Part 2 http://www.petri.co.il/planning-dfs-architecture-part-two.htm Reference : Distributed File System http://technet.microsoft.com/en-us/library/cc753479.aspx QUESTION NO: 96 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers

run Microsoft Windows Vista. You have received instructions from the CIO to install a distributed database application. The application will be used o different servers at Abc.com. The CIO wants the storage array to have the following criteria:You need to assign storage to servers as needed.You should use the Abc.com network infrastructure.In an event of a disk failure, the data should still be available. What should you do? A. You should consider using a stand-alone CA and the Network Device Enrollment Service (NDES). B. You should consider using Microsoft System Center Configuration Manager (SCCM). C. You should consider using an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). D. You should consider setting up the storage subsystem as a RAID 10 array. E. You should consider setting up a storage subsystem as a RAID 5 array. Answer: C,E Explanation: You need to use an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). You also need to setting up a storage subsystem as a RAID 5 array. Microsoft iSCSI Software Target option will allow you to use an iSCSI SAN with storage provisioning and management capabilities. Furthermore, the iSCSI disk storage subsystem supports Virtual Disk Service (VDS) and Microsoft Multipath I/O. Reference : The Basics of the Virtual Disk Services (VDS) http://blogs.technet.com/josebda/archive/2007/10/25/the-basics-of-the-virtual-diskservicesvds.aspx Reference : Reference: What is RAID? http://compreviews.about.com/od/storage/l/aaRAIDPage1.htm QUESTION NO: 97 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. The servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com has its headquarters in London and two branch offices in Paris and Milan. The Paris and Milan offices are connected to each other with a WAN link. Each branch office also contains a file server where the users in both branch offices access data from each other. The Abc.com management wants the data access to have the following criteria:The data on the file servers should be available to the Paris and Milan offices.The network bandwidth should be reduced.If a WAN link fails, the users must still be able to access the files in each other's file server. What should you do? A. The best option is to install AD RMS on a server. B. The best option is to use the ServerManagerCMD tool on both the servers

C. The best option is to use Distributed File System Replication (DFSR) on the file servers in the Paris and Milan offices. D. The best option is to install a Windows Server 2008 Datacenter Edition server in both offices. Answer: C Explanation: You need to use Distributed File System Replication (DFSR) on the file servers in the Paris and Milan offices. DFS Replication can be used to keep folders synchronized between servers across limited bandwidth network connections. Reference : Distributed File System http://technet.microsoft.com/en-us/library/cc753479.aspx Reference : Top Reasons to Deploy Distributed File Services in Windows Server 2003 R2 http://www.microsoft.com/windowsserver2003/technologies/storage/dfs/topdeploy.mspx QUESTION NO: 98 You are the newly appointed Enterprise administrator at Abc.com. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all client computers run Windows Vista. Abc.com contains a Windows Server 2008 server named ABC-SR11 that runs Microsoft SQL Server 2005 that is set up as two RAID 1 arrays and one RAID 5 array. You have received instructions from the CIO to allocate hard disk space on ABC-SR11 as follows:In an event of a disk failure, the data should not be lost.Better the performance of the SQL server application.In an event of a disk failure, the loss of write performance should be reduced. What should you do? A. The best option is to use RAID 10 arrays to place OS files and SQL database files to place SQL transaction logs. B. The best option is to use a Group Policy. C. The best option is to use RAID 1 arrays to place OS files and SQL transaction logs and RAID 5 array to place SQL database files. D. The best option is to use RAID 5 array to place SQL transaction logs and SQL database files. Answer: C Explanation: You need to use RAID 1 arrays to place OS files and SQL transaction logs and RAID 5 array to place SQL database files. RAID 1 provides a simple form of redundancy for data. The SQL databases use RAID 5. RAID 5 is the most powerful form of RAID that can be found in a desktop computer system. Reference : What is RAID? http://compreviews.about.com/od/storage/l/aaRAIDPage1.htm QUESTION NO: 99

Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista. Abc.com has acquired a new server named ABC-SR15 that contains five internal SCSI hard disks. The SCSI hard disks are connected to an onboard SCSI controller. You have received instructions from the CIO to install Windows Server 2008 on it and configure it as a file server. However, the CIO wants the storage strategy to have the following criteria:You need to physically keep apart the user data from the operating system data.The data storage should be maximized.No cost must be involved.In an event of a disk failure, you need to keep the integrity of the data, and make sure that the OP starts successfully. What should you do? A. The best option is to assign three disks to a single RAID 5 volume for the user data. B. The best option is to configure a WSUS server to use a RAID 5 array. C. The best option is to assign two disks to a mirrored volume for the operating system data. D. The best option is to use the Delegation of Control Wizard. E. The best option is to assign three disks to a mirrored volume for the operating system data. F. The best option is to use a two-node failover cluster. Answer: A,C Explanation: You need to assign three disks to a single RAID 5 volume for the user data. You also need to assign two disks to a mirrored volume for the operating system data. RAID 5 is the most powerful form of RAID that can be found in a desktop computer system. Two disks to a mirrored volume will provide a simple form of redundancy for data. Reference : What is RAID? http://compreviews.about.com/od/storage/l/aaRAIDPage1.htm QUESTION NO: 100 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Windows XP Service Pack 1. You have received instructions from the CIO to make use of a Distributed File System (DFS) with the following criteria:In an event of a server failure, there should be redundancy.After the problem is solved with the failed server, the client computers must be able to connect again to that server.The cost should be minimal. What should you do? A. The best option is to upgrade all client computers to Windows XP Service Pack 2. B. The best option is to use a stand-alone DFS namespace that uses DFS replication. C. The best option is to a domain-based DFS namespace that uses folder redirection.

D. The best option is to Implement a domain-based DFS namespace, add a second namespace server, and enable the clients fail back to preferred targets option. Answer: A,D Explanation: You need to use a stand-alone DFS namespace that uses DFS replication and has accessbased enumeration enabled. This will allow the users to have only access to their folders, access the data locally. This option will also reduce bandwidth during replication. For fault tolerance purposes, you should use a standalone namespaces that will allow you to use multiple folder targets. Access-based enumeration allows users to see only files and folders on a file server to which they have permission to access. Reference : Configuring DFS Namespaces http://www.windowsnetworking.com/articles_tutorials/Configuring-DFSNamespaces.html Reference : Planning a DFS Architecture, Part 1/ Planning a DFS Architecture, Part 2 / DomainBased Namespaces http://www.petri.co.il/planning-dfs-architecture-part-one.htm QUESTION NO: 101 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Windows Vista. Abc.com has acquires a distributed database application the works on Windows Server 2008. You have received instructions from the CIO to plan a storage strategy using the following criteria:The servers should have enough storage space.The existing network should isolated storage traffic.Data should be available in an event of a disk failure, or a storage controller failure. What should you do? (Choose TWO. Each answer forms part of a solution.) A. The best option is to use assign three disks to a single RAID 5 volume. B. The best option is to use a Fibre Channel (FC) disk storage subsystem that supports Microsoft Multipath I/O. C. The best option is to use a two-node failover cluster. D. The best option is to set up the storage subsystem as a RAID 5 array. E. The best option is to set up the storage subsystem as a RAID 10 array. Answer: B,D Explanation: You need to use a Fibre Channel (FC) disk storage subsystem that supports Microsoft Multipath I/O. You also need to set up the storage subsystem as a RAID 5 array. RAID 5 is the most powerful form of RAID that can be found in a desktop computer system. If your system supports Microsoft Multipath I/O (MPIO), Storage Manager for SANs can provide path failover by enabling multiple ports on the server for LUN I/O traffic. Reference : Support for Multipath I/O

http://technet.microsoft.com/en-us/library/cc771719.aspx Reference : Using Fibre Channel to Reduce SCSI Storage Costs http://dothill.com/assets/pdfs/storage_costs.pdf QUESTION NO: 102 You work as the network administrator at Abc.com. The Abc.com network consists of a single Active Directory forest named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista. Abc.com contains a server named ABC-SR13 that has the File Server role installed. The Sales representatives at Abc.com use their laptop that is running Windows Vista Business Edition. They use their laptops inside the office and at remote locations. You have received instructions from the CIO to plan a data storage solution with the following criteria:The Sales representative needs to use any document when on a remote location.You also need to reduced the save documents on the laptops and reduced the time it takes the Sales representative to log on to the network. What should you do? Choose TWO. Each answer forms part of the solution.) A. The best option is to use Network Load Balancing B. The best option is to set up offline files C. The best option is to use Credential Roaming. D. The best option is to select manual caching. E. The best option is to enable automatic caching. Answer: B,D Explanation: You need to set up offline files and select manual caching. This will comply with the criteria. The Offline Files allows you to keep using network files, folders, and applications although the network is disconnected. Reference : Using Offline Files in Windows 2000 http://articles.techrepublic.com.com/5100-10878_11-5031596.html Section 2, Plan high availability (5 Questions) QUESTION NO: 103 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run either Windows Server 2003 or Windows Server 2008 and the client computers run Microsoft Windows Vista. Abc.com contains a Windows Server 2003 server that runs Web-based application. You have received instructions from the CIO to migrate the Web-based application to Windows Server 2008. However, the set up of the server should meet the following criteria:The Web-based application should be available in an event of a server failure.The installation should support NET applications.You should also reduce the cost of the software. What should you do? (Choose TWO. Each answer forms part of the solution.)

A. The best option is to use a Microsoft Application Compatibility Toolkit (ACT) application. B. The best option is to install the full installation of Windows Server 2008 Web Edition on two servers. C. The best option is to use a RAID 5 array. D. The best option is to set up the servers in a failover cluster. E. The best option is to set up a Network Load Balancing cluster. Answer: B,E Explanation: You need to install the full installation of Windows Server 2008 Web Edition on two servers. You also need to set up a Network Load Balancing cluster. Network load balancing does not require any special hardware. Reference : Failover clustering, network load balancing drive high availability http://searchsystemschannel.techtarget.com/tip/0,289483,sid99_gci1317355,00.html QUESTION NO: 104 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 Enterprise Edition and all the client computers are running Windows Vista. Abc.com has headquarters in London where you are located, and a branch office in Paris. All the Abc.com offices connect to each other via a WAN links. You have received instructions from the CIO to install a failover cluster solution for both offices with the following criteria:In an event of a server failure, you need to maintain availability.You should also reduce the amount of servers. What should you do? A. The best option is to implement a RAID 5 array. B. The best option is to use multiple downstream servers. C. The best option is to install a failover cluster that contains one node in the head office. D. The best option is to install a failover cluster that contains one node in each office. Answer: D Explanation: You need to install a failover cluster that contains one node in each office. This will maintain availability. Failover clustering, network load balancing drive high availability http://searchsystemschannel.techtarget.com/tip/0,289483,sid99_gci1317355,00.html QUESTION NO: 105 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on the Abc.com network run Windows Server 2008 and all the client computers are running Windows Vista. Abc.com has headquarters in London

and branch offices in Paris, Berlin and Milan. The Abc.com network is configured as seen in the exhibit:

Both the headquarters and branch offices, each contain a server that has the File Server role installed. These servers contain a shared folder named CK_Res. You have received instructions from the CIO to implement data availability with the following criteria:You should reduce the amount of traffic.In an event of a WAN link failure or server failure, CK_Res should still be available in all the offices.The users must also be able to use the existing drive mappings, if a server failure occurs. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to use a Domain-based DFS namespace. B. The best option is to use multiple downstream servers C. The best option is to use DFS Replication in a hub and spoke topology. D. The best option is to use a two-node failover cluster. E. The best option is to use Terminal Services Session Broker (TS Session Broker). Answer: A,C Explanation: You need to use a Domain-based DFS namespace and to use DFS Replication in a hub and spoke topology. This will comply with the criteria. To implement domain-based DFS

namespace, the servers need to members of the Active Directory domain. Furthermore, domain-based DFS enables multiple replications. Multiple DFS replicas also provide some fault tolerance. Reference : Planning a DFS Architecture, Part 1/ Planning a DFS Architecture, Part 2 / DomainBased Namespaces http://www.petri.co.il/planning-dfs-architecture-part-one.htm Reference : Configuring and Using DFS Replication http://www.windowsnetworking.com/articles_tutorials/Configuring-Using-DFSReplication.html QUESTION NO: 106 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. All servers on theAbc.com network run Windows Server 2008 Enterprise Edition and all the client computers are running Windows Vista. Abc.com contains two DHCP servers named ABC-SR10 and ABC-SR11. Abc.com also has a single subnet that contains about 1,500 Windows Vista computers. Abc.com uses a router that has a single IP address on the internal interface, to separates the internal network from the Internet. ABC-SR10 has the following information: Starting IP address: 192.168.10.1Ending IP address: 192.168.17.255Subnet mask: 255.255.240.0 You have received instructions from the CIO to set up a fault-tolerant DHCP infrastructure. The structure should support the Windows Vista computers on the internal network. The Windows Vista computers must be able to obtain a valid IP address in the event of a DHCP server failure. What should you do? A. Your best option would be to have a scope created for the 192.168.10.0/26 subnet. Thereafter the scope should be configured to commence at 192.168.10.1 and stop at 192.168.15.254. B. Your best option would be to have a scope created for the 192.168.10.0/20 subnet. Thereafter the scope should be configured to commence at 192.168.8.1 and stop at 192.168.15.254. C. Your best option would be to have a scope created for the 192.168.10.0/24 subnet. Thereafter the scope should be configured to commence at 192.168.4.1 and stop at 172.16.7.254. D. Your best option would be to have a scope created for the 192.168.0.0/16 subnet. Thereafter the scope should be configured to commence at 192.168.0.1 and stop at 192.168.255.254. Answer: B QUESTION NO: 107 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers

run Microsoft Windows Vista. You have created a web site which requires a very high availability and a high scalability for the success of the company. You therefore publish the Web site on two Web servers named ABC-SR20 and ABC-SR21. You have received instructions from the CIO to implement an availability solution for your Web servers with the following criteria:Without interrupting client connections, you need to add ABC-SR20 and ABC-SR21.In an event of a server failure, the Web sites should still be available. What should you do? A. The best option is to use a Network Load Balancing cluster B. The best option is to use Terminal Services Gateway (TS Gateway). C. The best option is to use folder redirection. D. The best option is to use a Web farm on each ABC-SR20 and ABC-SR21. Answer: A Explanation: You need to a Network Load Balancing cluster. Network Load Balancing enables an organization to scale server and application performance by distributing TCP/IP requests to multiple servers. Reference : Failover clustering, network load balancing drive high availability http://searchsystemschannel.techtarget.com/tip/0,289483,sid99_gci1317355,00.html Section 3, Plan for backup and recovery (8 Questions) QUESTION NO: 108 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Windows Vista. The domain controllers at TesCKng.com are running Windows Server 2008. A full back up is scheduled for the domain controllers daily. You have received instructions from the CIO to implement a recovery strategy for Active Directory objects with the following criteria:The objects in the backup should be compared to those in the present Active Directory database.The least amount of administrative effort should be used. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to restore the backup to an alternate location. B. The best option is to use Windows System Resource Manager (WSRM). C. The best option is to create event subscriptions. D. The best option is to mount the database using the Active Directory Database Mounting Tool (Dsamain.exe). E. The best option is to create a System Performance Data Collector Set. Answer: A,D Explanation: You need to restore the backup to an alternate location and mount the database using the Active Directory Database Mounting Tool (Dsamain.exe). You can use the Active

Directory database mounting tool (Dsamain.exe) can improve recovery processes of Abc.com. Reference : Active Directory Database Mounting Tool Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc753609.aspx QUESTION NO: 109 You work as the network administrator at Abc.com. The Abc.com network consists of a single Active Directory forest named Abc.com. Abc.com contains 5 domain controllers that are running Windows Server 2003. Due to unforeseen circumstances you upgraded one of the domain controllers to Windows Server 2008. You have received instructions from the CIO to implement an Active Directory recovery strategy. The CIO wants the strategy to supports the recovery of deleted objects. However, it should support the recovery of deleted object from a year ago. What should you do? A. You should consider making use of a RAID 1 mirror. B. You should consider having a GPO implemented. C. You should consider making use of an ADMX file. D. You should consider having the tombstone lifetime for the forest increased. Answer: D Explanation: You need to increase the tombstone lifetime for the forest. The stuff that is deleted will stay in the Tombstone for a year. The default days of how long the Tombstone will keep the objects are 60 days. So you need to set the Tombstone . Reference : Active Directory Backup? Don't rush - you'll get more time http://msmvps.com/blogs/UlfBSimonWeidner/archive/2005/03/26/39806.aspx Reference : Changing the Tombstone Lifetime Attribute in Active Directory http://www.petri.co.il/changing_the_tombstone_lifetime_windows_ad.htm QUESTION NO: 110 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Windows Vista. The domain controllers at TesCKng.com are running Windows Server 2008. A new Abc.com security policy states that that the domain controllers cannot contain optical drives. You need t implement a backup and recovery plan that restores the domain controllers in the event of a server failing. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to use a RAID 5 array and a local database. B. The best option is to use back up each domain controller to a remote network share with Windows Server Backup. C. The best option is to use roaming user profiles.

D. The best option is to deploy the Windows Recovery Environment (Windows RE) with Windows Deployment Services (WDS). E. The best option is to use Microsoft System Center Operations Manager (SCOM). Answer: B,D Explanation: You need to use back up each domain controller to a remote network share with Windows Server Backup. You also need to deploy the Windows Recovery Environment (Windows RE) with Windows Deployment Services (WDS). The Windows Deployment Services (WDS) allows you to deploy Windows operating systems by using a networkbased installation. Reference : Windows Server Backup Step-by-Step Guide for Windows Server 2008 http://technet.microsoft.com/en-us/library/cc770266.aspx Reference : Step-by-Step Guide for Windows Deployment Services in Windows Server 2003 http://technet.microsoft.com/en-us/library/cc766320.aspx QUESTION NO: 111 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Windows Vista. Abc.com contains quite a few file servers. You have received instruction from the CIO to implement a data recovery strategy that will comply to the following Abc.com criteria:Little impact on the performances should occur during backups.You are required to execute daily backups of data volumes.Users should be able to retrieve earlier versions without any assistance.The files involved should be restored in the event of a server failure. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to perform a daily backup to an external disk, by using Windows Server Backup. B. The best option is to use the File Server Resource Manager (FSRM) to perform a daily backup. C. The best option is to use the Network Device Enrollment Service (NDES). D. The best option is to enable shadow copies for the volumes that contain shared user data and then store the copies on a separate physical disk. E. The best option is to enable shadow copies for the volumes that contain shared user data. Answer: A,D Explanation: You need to perform a daily backup to an external disk, by using Windows Server Backup. You also need to enable shadow copies for the volumes that contain shared user data and then store the copies on a separate physical disk. Shadow copies use the same drive to store backups. So you need to use a separate physical disk.

Reference : The Basics of Windows Server 2008 FSRM (File Server Resource Manager) http://blogs.technet.com/josebda/archive/2008/08/20/the-basics-of-windows-server-2008fsrm-fileserver- resource-manager.aspx Reference : What Is Volume Shadow Copy Service? http://technet.microsoft.com/en-us/library/cc757854.aspx QUESTION NO: 112 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Windows Vista. Abc.com contains quite a few files servers that consist of two volumes that are used for the operating system and one for data files. You have received instructions from the CIO to implement a recovery strategy with the following criteria:The operating system and the data files need to be recovered.Need to make sure that the business is continuingYou need to reduce time that is needed to restore the server. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to create a System Performance Data Collector Set. B. The best option is to use Windows Server Backup feature C. The best option is to use Windows System Resource Manager (WSRM) on the new server. D. The best option is to use Windows Complete PC Restore E. The best option is to use Folder redirection Answer: B,D Explanation: You need to use the use Windows Server Backup feature and the Windows Complete PC Restore. The Windows Complete PC Restore you to recover your entire system. Reference : Windows Complete PC Backup and Restore http://www.microsoft.com/singapore/windows/products/windowsvista/features/details/co mpletepcbackup.mspx QUESTION NO: 113 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Windows Vista. Abc.com contains a file server, a database server, and a messaging server. You have received instructions from the CIO to implement a backup infrastructure. You need to create a constant backup of open files and applications, database server, and the messaging server. However, your result should not disruption to applications much. What should you do? A. The best option is to use the Windows Recover Disk feature. B. The best option is to use the Windows Automated Installation Kit (WAIK).

C. The best option is to enable volume shadow copy service for the volumes that needs to be backed up. D. The best option is to use Volume Shadow Copies. Answer: C Explanation: You need to enable volume shadow copy service for the volumes that needs to be backed up. Volume shadow copy will make a snap shot of the data. this will not disturbed the applications. Reference : What Is Volume Shadow Copy Service? http://technet.microsoft.com/en-us/library/cc757854.aspx QUESTION NO: 114 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Windows Vista. The client computers in Abc.com use quite a few applications. The applications are configured to save documents to the local Sales folder. You have received instructions from the CIO to implement a backup strategy that ensures that all users back up with the least amount of administrative effort. What should you do? A. The best option is to use Windows Recover Disk feature. B. The best option is to use Windows Automated Installation Kit (WAIK). C. The best option is to use the Group Policy objects (GPO) in order to apply folder redirection and then back up the folder redirection target. D. The best option is to use Folder redirection. Answer: C Explanation: You need to use the Group Policy objects (GPO) to apply folder redirection and then back up the folder redirection target. Folder Redirection allows you to redirect the system folders containing the profile of a user on the network. Doing this will allow the users to access their data. Reference : Implementing Folder Redirection using Group Policy http://www.tech-faq.com/implementing-folder-redirection-using-group-policy.shtml QUESTION NO: 115 Abc.com has employed you as an Enterprise administrator. The Abc.com network consists of a single Active Directory domain named Abc.com. The Abc.com network servers run Windows Server 2008 and the client computers run Windows Vista. Abc.com has its headquarters in London and quite a few branch offices around the globe. However, each of these branch offices contains a file server. You have received instruction from the CIO to implement a data recovery strategy for the Abc.com network. Your solution should ensure that:It support of scheduled backups.It should permit file

restoring for individual files.IT should permit complete server recovery.Decentralizes control should be provided over any backup or recovery.It should be accomplished with the least amount of administrative effort. What should you do? A. The best option is to create a shared folder on a file server and then configure scheduled backups. B. The best option is to use Windows Recover Disk feature. C. The best option is to use Windows Server Backup to back up to an external USB drive. D. The best option is to Windows Server Backup from a server. Answer: C Explanation: You need to use Windows Server Backup to back up to an external USB drive. The USB device is perfect. This device is portable and you can back up and restore quite a few computer systems. Reference : USB drive backup: Pros and cons http://searchwindowsserver.techtarget.com/tip/0,289483,sid68_gci1215078,00.html Reference : Active Directory Backup and Restore in Windows Server 2008 http://technet.microsoft.com/en-us/magazine/cc462796.aspx