Topic 1, Exam Set 1
QUESTION NO: 1
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. The servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista.
The ABC.com network contains more than 3,000 computers. ABC.com wants to make use of Windows Server Update Services (WSUS) updates. You thus need to setup the appropriate storage mechanism so that it provides high availability.
Where should you store the WSUS updates?
A. In a storage subsystem as a RAID 10.
B. In a network load balancing cluster.
C. In a newly created Group Policy.
D. In a Distributed File System (DFS) link that is configured to utilize several replicating targets.
Answer: D Explanation: You need to keep the updates on a Distributed File System (DFS) link that uses multiple replicating targets. This will ensure that the updates highly available. The DFS contain the following capabilities: views of folders and files, that is a virtual organization where those files physically reside in a network.
Reference: Step 4: Set up a DFS share
http://technet.microsoft.com/en-us/library/cc708533.aspx

QUESTION NO: 2
You work as the Enterprise administrator at ABC.com. The ABC.com network has forest with two domains named us.ABC.com and uk.ABC.com. The functional level of the forest is set at Windows Server 2008.
A new ABC.com security policy requires that the local guest accounts and administrator accounts should be renamed. You have to ensure that the local guest accounts are disabled after it has been renamed.
How can this be achieved?

A. By using a custom network profile.
B. By using a Group Policy object (GPO) for every domain.
C. By using a folder redirection on all the root domain controllers.
D. By using a ServerManagerCMD tool for the root main.
Answer: B Explanation: You need to use Group Policy object (GPO) for every domain. With this you can rename administrator accounts as well as renaming and disabling the local guest accounts. Windows Server 2003 also permits you to modify the administrator account and guest account names with a Group Policy.
Reference: HOW TO: Rename the Administrator and Guest Account in Windows Server 2003
http://support.microsoft.com/kb/816109

QUESTION NO: 3
You work as the Enterprise administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista.
ABC.com has its headquarters in Chicago where you are located and a branch office in Dallas that employs a number of helpdesk staff. You have to implement a new server named ABC-SR10 in the Dallas office. The setup policy of ABC.com states that all helpdesk staff have the necessary permissions to manage services. The helpdesk staff should also be able to configure server roles on ABC-SR10. You need to accomplish this ensuring that the helpdesk staff have the least amount of permissions.
How can this be achieved?
A. You should make the helpdesk staff, members of the global security group.
B. You should make the helpdesk staff, members of the Server Operators group on ABC-SR10.
C. You should make the helpdesk staff, members of the Account Operators group on ABC-SR10.
D. You should make helpdesk staff, members of the Administrators group on ABC-SR10.
Answer: D Explanation: To add the helpdesk staff to the Administrators local group will give full administrative access to an individual computer or a single domain. The user must be a member of the Administrators group to change accounts or stop and start services or install server roles.
Reference: Using Default Group Accounts http://technet.microsoft.com/en-us/library/bb726982.aspx

Reference: Securing the Local Administrators Group on Every Desktop
http://www.windowsecurity.com/articles/Securing-Local-Administrators-Group-Every-Desktop.html

QUESTION NO: 4
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. The servers on the ABC.com network are configured to run Windows Server 2008 and the client computers run Windows Vista.
ABC.com has its headquarters in Paris and branch offices in London and Stockholm. You are in the process of devising a file sharing policy to ensure standardization throughout the network. Your policy needs to ensure that the ABC.com offices are able to access the files using the universal Naming Convention (UNC) path. In the event of a server failure files should still be accessible and the minimum bandwidth needs to be utilized.
You need to determine the components that need to be added to your policy?
A. You should add a DFS namespace that is domain-based and uses replication.
B. You should add the Hyper-V feature to your policy.
C. You should use failover clusters with three servers, one for each office.
D. You should add a DFS namespace that is server-based and uses replication.
Answer: A Explanation: To comply with the CIO��s request, you need to use domain-based DFS namespace that uses replication. To implement domain-based DFS namespace, the servers need to members of the Active Directory domain. Furthermore, domain-based DFS enables multiple replications. Multiple DFS replicas also provide some fault tolerance.

QUESTION NO: 5
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista.
The ABC.com network contains a Windows Server 2008 failover cluster that in turn hosts a database application. During routine monitoring you discover that the database application make use of almost half of processor and memory usage allocated for it. You want to make sure that the level of performance is maintained on the cluster.

How can this be achieved? (Choose TWO. Each answer forms part of the solution.)
A. By using the Windows System Resource Manager (WSRM)
B. The using event subscriptions.
C. By using the Microsoft System Center Configuration Manager (SCCM)
D. By establishing a resource-allocation policy for process-based management.
E. By establishing Performance Monitor alerts.
Answer: A,D Explanation: You need to use Windows System Resource Manager (WSRM) and set up a resource-allocation policy for process-based management. The Windows System Resource Manager (WSRM) enables the allocation of resources, including processor and memory resources, among multiple applications based on business priorities. You can set the CPU and memory allocation policies on applications. Furthermore, Windows System Resource Manager (WSRM) does not manage address windowing extensions (AWE) memory. It also does not manage large page memory, locked memory, or OS pool memory.
Reference: Windows System Resource Manager Fast Facts
http://www.microsoft.com/windowsserver2003/techinfo/overview/wsrmfastfacts.mspx

QUESTION NO: 6
You work as an Enterprise administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. You have received notification from management that Windows Server Update Services (WSUS) has been approved for ABC.com.
ABC.com wants you to ensure that the updates are dispensed from one site and that all client computers are able to acquire the necessary updates even when a server is unavailable. You thus decide to set up a Microsoft SQL Server 2005 failover cluster.
Identify your next steps? (Choose TWO. Each answer forms part of the solution.)
A. You should set up a NLB cluster that contains two WSUS servers.
B. You should configure the WSUS server in the one site as an upstream server.
C. You should use the remote SQL Server 2005 database instance to set up WSUS.
D. You should use a Group Policy object to setup Windows Update.

E. You should copy the metadata to a single WSUS server on the network.
Answer: A,C Explanation: You need to set up a Microsoft SQL Server 2005 failover cluster and set up two WSUS servers in a Network Load Balancing cluster. Thereafter WSUS should be setup to use the remote SQL Server 2005 database instance. Network load balancing (NLB) will assist you in the continuation of networks running in an event of a server failure.
Reference: Appendix C: Configure WSUS for Network Load Balancing
http://technet.microsoft.com/en-us/library/cc708533.aspx

QUESTION NO: 7
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. The ABC.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista.
A new ABC.com security policy requires that a legal notice pops up as soon as an employee connects to the ABC.com domain. Due to your increased workload you need to implement this policy. You thus decide to create and link a new Group Policy Object (GPO) in the domain.
Identify your subsequent step which can be performed with minimal administration?
A. You should enable folder redirection on all computers located in the network.
B. You should enable the group policy filtering.
C. You should enable the Key Management Service (KMS).
D. You should enforce the new GPO.
Answer: D Explanation: To implement this policy in this scenario a new GPO should be created and linked. Thereafter the newly created GPO should be enforced. This will also allow you to accomplish this with the least amount of administrative effort.
Reference: Circumventing Group Policy Settings
http://blogs.technet.com/markrussinovich/archive/2005/04/30/circumventing-group-policy-settings.aspx


QUESTION NO: 8
You work as the Enterprise administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. The ABC.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista.
ABC.com has several servers that are configured to run Terminal Services. You want to have a TS server farm implemented that will give users with the least active sessions priority an automatic connection to the TS server as well as ensuring that users whose sessions are disrupted return to their prior sessions to ensure productivity.
How can this be achieved?
A. By using Terminal Services Session Broker.
B. By using event subscriptions.
C. By using Event Trace Sessions.
D. By using a custom network profile.
Answer: A Explanation: You need to use Terminal Services Session Broker (TS Session Broker) in order to establish a Terminal Server farm. This will allow the users to reconnect to an existing session.
Reference: Terminal Services Session Broker (TS Session Broker)
http://technet.microsoft.com/en-us/library/cc731045.aspx

QUESTION NO: 9
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. The servers on the ABC.com network are configured to run Windows Server 2008.
ABC.com makes use of an enterprise certification authority (CA). You want to automatically install certificates on the client computers as well as deploying the certificates to the employees with a new certificate template with the least amount of administrative effort.
To ensure productivity you need to make sure that employees are able to access the certificates from any computer on the network. To accomplish this task you implement the auto enrollment of certificates.
What else should be configured to ensure that employees can access the certificates?

A. You should set up the Remote Server Administration Tools (RSAT) on all computers on the network.
B. You should set up certificate based authentication on the computers.
C. You should set up folder redirection.
D. You should set up Credential Roaming.
Answer: D Explanation: The best option is to set up autoenrollment of certificates and Credential Roaming. This will allow the employees to access any client computer to access their certificates. The autoenrollment procedure grants certificates based on certificate templates. With Windows Vista and Windows Server "Longhorn", the credential roaming implementation will be able to roam stored user names and passwords. This will allow the employees to access their certificates on any client computer.
Reference: How can I enable digital certificate autoenrollment in Windows Server 2003?
http://windowsitpro.com/article/articleid/48665/how-can-i-enable-digital-certificate-autoenrollment-in-windows-server-2003.html
Reference: About Credential Roaming
http://technet.microsoft.com/hi-in/library/cc700848(en-us).aspx

QUESTION NO: 10
You work as the Enterprise administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com.
You are responsible for managing a Windows Server 2008 server named ABC-SR11. ABC-SR11 is configured to run Microsoft SQL Server 2005 and contains two RAID 1 arrays as well as a RAID 5 array. You are in the process of configuring the data storage space to enhance the performance and ensure that data is not lost or the write performance reduced should a hard disk drive on ABC-SR11 fail.
How can this be ensured?
A. You should use RAID 1 for the SQL database and RAID 5 for the SQL transaction logs.
B. You should configure the RAID 1 and RAID 2 arrays to host the SQL database files, the OS files and the SQL transaction logs.
C. You should use the RAID 1 arrays for OS files and SQL transaction logs and the RAID 5 array for SQL database files.
D. You should use the RAID 5 array for SQL transaction logs and the RAID 1 array for the storage subsystem.

Answer: C Explanation: You need to use RAID 1 arrays for OS files and SQL transaction logs and RAID 5 array for SQL database files. RAID 1 provides a simple form of redundancy for data. The SQL databases use RAID 5. RAID 5 is the most powerful form of RAID that can be found in a desktop computer system.
Reference: What is RAID?
http://compreviews.about.com/od/storage/l/aaRAIDPage1.htm

QUESTION NO: 11
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista.
The ABC.com network has of a Finance division. You create an OU named FinancialData1 that contains the user and computer accounts of the Finance Division. You want to install a new in-house Finance application on the client computer in the Finance division. Other ABC.com users must not have access to the application.
What actions should you take?
A. You should implement the Background Intelligent Transfer Service (BITS) settings.
B. You should implement the Key Management Service (KMS) on all computers in FinancialData1.
C. You should implement a Group Policy object (GPO) for FinancialData1.
D. You should implement a DFS Namespace.
Answer: C Explanation: You need to use the Group Policy object (GPO) for FinancialData1. The Group Policies can be used for users and computers. Furthermore for network security, the component that is used is the Group Policy in the Active Directory environment.
Reference: Using Group Policy to Deploy Applications
http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Deploy-Applications.html
Reference: Planning and Deploying Group Policy 2008
http://www.scribd.com/doc/4716059/Planning-and-Deploying-Group-Policy-2008


QUESTION NO: 12
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008.
You are responsible for managing two servers named ABC-SR10 and ABC-SR11 as well as two printers that are the same. Management wants you to make sure that the print queues can be managed centrally and that printing services is available in the event of a printer failure.
How can this be accomplished? (Choose THREE. Each answer forms part of the solution.)
A. By enabling printer pooling.
B. By setting the printer on ABC-SR11 as the primary printing device.
C. By sharing a printer on ABC-SR10.
D. By installing a Microsoft Multipath I/O.
E. By installing a printer on ABC-SR10 to install and share a printer and enable printer pooling.
Answer: A,C,E Explanation: You need to use ABC-SR10 and install and share a printer and enable printer pooling. You can use the Printer pooling to print to quite a few printers at the same time. The computer will also balance the load if it is a large print job
To plan a print services infrastructure that would allow you to manage the print queue from a central location and make the print services available, even if one of the print devices fails, you need to install and share a printer on ABCServer1 and enable printer pooling.
Reference: Configure printer pooling to simplify printer management in Windows 2000
http://articles.techrepublic.com.com/5100-10878_11-5727870.html

QUESTION NO: 13
You work as the Enterprise administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. The ABC.com network servers run Windows Server 2008 and the client computers run Windows Vista.
ABC.com has acquired a distributed application that requires that the storage traffic is separate from the network and that sufficient storage space is available.

It is imperative that the stored information is readily available even in the event of disk or controller failure. You decide to make use of a Fibre Channel (FC) disk storage subsystem that will support Microsoft Multipath I/O.
Which of the following options should you add to your plan?
A. You should use a stand-alone DFS namespace.
B. You should set up the storage subsystem as a RAID 10 array.
C. You should set up the storage subsystem as a RAID 5 array.
D. You should use a two node failover cluster.
Answer: C Explanation: Then best option in this scenario would be to set up the storage subsystem as a RAID 5 array. RAID 5 is the most powerful form of RAID that can be found in a desktop computer system. If your system supports Microsoft Multipath I/O (MPIO), Storage Manager for SANs can provide path failover by enabling multiple ports on the server for LUN I/O traffic.
Reference: Support for Multipath I/O
http://technet.microsoft.com/en-us/library/cc771719.aspx
Reference: Using Fibre Channel to Reduce SCSI Storage Costs
http://dothill.com/assets/pdfs/storage_costs.pdf

QUESTION NO: 14
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network are configured to run Windows Server 2008 and all client computers either run Windows Vista or Windows XP Professional.
You are responsible for managing a DNS server named ABC-SR20. ABC-SR20 is configured to run a Server Core installation. You must permit other network administrators to administer ABC-SR20 remotely.
How can this be achieved?
A. You should install Connection Manager Administration Kit (CMAK) profiles on the client computers of the administrators.
B. You should run the Key Management Service (KMS) and add the Component Services snap-in.
C. You should install Remote Server Administration Tools (RSAT) on the client computers of the administrators.

D. You should upgrade the client computers of the administrators to Windows Vista Service Pack
1.
Answer: C Explanation: You need to install Remote Server Administration Tools (RSAT) on the Windows Vista client computers. This will allow the administrator remotely manage ABC-SR20. RSAT also has an updated Group Policy Management Console (GPMC), which was formerly removed in Windows Vista SP1.
Reference: Remote Server Administration Tools (RSAT) Now Available for Windows Vista SP1
http://windowsvistablog.com/blogs/windowsvista/archive/2008/03/25/remote-server-administration-tools-rsat-now-available-for-windows-vista-sp1.aspx

QUESTION NO: 15
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. The ABC.com network servers are configured to run Windows Server 2008 and the client computers run Windows Vista.
You are responsible for a domain controller named ABC-DC01. A new security policy prohibits domain controllers to have DVD drives. You must thus implement a backup and recovery plan that does not use DVDs and guarantees that ABC-DC01 be restored. Your backup and recovery plan includes backing up ABC-DC01 to a network share.
Which of the following options would you add to complete this plan?
A. You should use Folder redirection.
B. You should enable the volume shadow copy service.
C. You should deploy Windows Recovery Environment.
D. You should use the Windows Recover Disk feature.
Answer: C Explanation: You need to use back up each domain controller to a remote network share with Windows Server Backup. You also need to deploy the Windows Recovery Environment (Windows RE) with Windows Deployment Services (WDS). The Windows Deployment Services (WDS) allows you to deploy Windows operating systems by using a network-based installation.
Reference: Windows Server Backup Step-by-Step Guide for Windows Server 2008
http://technet.microsoft.com/en-us/library/cc770266.aspx

Reference: Step-by-Step Guide for Windows Deployment Services in Windows Server 2003
http://technet.microsoft.com/en-us/library/cc766320.aspx

QUESTION NO: 16
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network are configured to run Windows Server 2008.
A number of systems are used to log on to the ABC.com domain. You want to devise a data provisioning plan that ensures that accessibility possible regardless of which client computer ABC.com users use and data should not be stored on local computers. To enhance productivity secede to configure the way in which users log on to the domain with the least amount of administrative effort.
Which options should you add to your plan?
A. You should add Credential Roaming.
B. You should enable Encryption.
C. You should enable Caching.
D. You should add Folder redirection.
Answer: D Explanation: You need to use Folder redirection. This will make sure that the users store their data is not stored on the local computer. It will also comply with the criteria. Folder Redirection is a way to place data in a set of folders in the user profiles on the network.
Reference: Folder Redirection
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dseb_ovr_syul.mspx ?mfr=true

QUESTION NO: 17
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista.

You are responsible for managing three servers that are configured to host database applications. You want to be able to administer the servers remotely. Additionally, you need to ensure that the database developers are able to set up features without granting them too much permissions.
What actions should you take?
A. The Web developers on the Web servers should have authorization rules established.
B. The Web developers should be added to the Domain Admins group.
C. The Web developers should be granted administrative privileges on the Web server as soon as they log on.
D. The Web developers on the Web servers should have Read & Execute privileges established.
Answer: A Explanation: You need to set up the authorization rules for Web developers on the 3 Web servers. This will then not give the Web developer full administration rights. It will allow them to configure features on the Web sites. With Authorization rule, you can grant or deny specific computers, groups of computers, or domains access to sites, applications, directories, or files on your server.
Reference: IIS 7.0: Configuring URL Authorization Rules in IIS 7.0
http://technet.microsoft.com/en-us/library/cc772206.aspx

QUESTION NO: 18
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and the client computers Windows Vista.
ABC.com consists of a Sales, Marketing and Finance division. Due to the sensitivity of information in the Finance division you have to establish a higher level of account and password security for users located in that division.
How can this be accomplished while considering budgetary constraints?
A. You should set up folder redirection.
B. You should set up an enterprise certification authority (CA).
C. You should set up a new Password Settings Object (PSO).
D. You should set up a GPO with the necessary permissions for all users.
Answer: C

Explanation: You need to set up a new Password Settings Object (PSO) for the Finance department. The Granular Password Settings�� or ��Fine-Grained Password Policy��, is based on the introduction of two new object classes which is the ��Password Settings Container�� and ��Password Setting�� objects.
Reference: Configuring Granular Password Settings in Windows Server 2008, Part 2
http://www.windowsecurity.com/articles/Configuring-Granular-Password-Settings-Windows-Server-2008-Part2.html

QUESTION NO: 19
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. The functional level of the domain is set at Windows Server 2008.
ABC.com consists of a Marketing department that utilizes a folder named KINGDATA. KINGDATA is configured to hold data files. You want to use Group Policy to establish roaming user profiles for users in the Marketing department. To ensure productivity you need to make sure that least amount of time is used by users who utilize the roaming profiles when logging on or off.
How can this be achieved?
A. The Group Policy object (GPO) should be changed to contain the Shared Folders permissions.
B. The Remote Server Administration Tools (RSAT) should be installed on computers in the marketing department.
C. The client computers of the marketing department should have Credential Roaming configured.
D. The Group Policy object (GPO) should be changed to contain folder redirection.
Answer: D Explanation: You need to change the Group Policy object (GPO) to include folder redirection. With the use of roaming profiles, the user��s files and settings follow them from computer to computer.
Reference: Profile and Folder Redirection In Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html
QUESTION NO: 20

You work as the network administrator at ABC.com. The ABC.com network has a forest with four domains. The functional level of the forest is set at Windows Server 2008.
The ABC.com domain controllers also function as DNS servers. ABC.com wants the Windows Internet Name Service (WINS) service to be removed from the network. Thus only DNS will be used for name resolution of IPv4 and IPv6 systems in all domains.
What should you take to implement a name resolution strategy that reduces traffic of NetBIOS over TCP/IP (NetBT)?
A. You should deploy a DHCP server in to the network.
B. You should set up an Active Directory Integrated stub zone on the global catalog servers.
C. You should create a GlobalNames zone on the global catalog servers.
D. You should configure Remote Server Administration Tools (RSAT) on the DNS servers in the forest.
Answer: C Explanation: The best option is to configure a GlobalNames zone on the entire global catalog servers. Doing this you will support the IPv4 and IPv6 environments. You will also be able to allow single-label name resolution across all domains. You will also be able to minimize the NetBT traffic and replacing the old Windows Internet Name Service (WINS) environment. The GlobalNames Zone (GNZ) is used to hold single-label names and CNAME resource records. Furthermore, DNS supports both IPv4 and IPv6 environments.
Reference: Understanding the New GlobalNames Zone Functionality in Windows Server 2008
http://johnpolicelli.wordpress.com/2008/01/15/understanding-the-new-globalnames-zone-in-windows-server-2008/
Reference: DNS Server GlobalNames Zone Deployment /
How GNZ Resolution Works
http://download.microsoft.com/download/e/2/0/e2090852-3b7f-40a3-9883-07a427af1560/DNS-GlobalNames-Zone-Deployment.doc.

QUESTION NO: 21
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and the client computers run Windows Vista.

The domain controllers are scheduled to run a full backup daily. You want to compare the AD objects in the latest backup with the current AD database using the least amount of effort. You decide to restore the backup to an alternate location.
Which step should you next perform?
A. You should use the File Server Resource Manager to execute daily backups.
B. You should use the Windows Backup Server to backup the data to an external USB drive.
C. You should use the Active Directory Database Mounting Tool (Dsamain.exe) to mount the database.
D. You should set up a System Performance Data Collector Set.
Answer: C Explanation: You need to restore the backup to an alternate location and mount the database using the Active Directory Database Mounting Tool (Dsamain.exe). You can use the Active Directory database mounting tool (Dsamain.exe) can improve recovery processes of ABC.com.
Reference: Active Directory Database Mounting Tool Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc753609.aspx

QUESTION NO: 22
You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. The network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista.
Due to company growth, ABC.com installs 6 Server Core servers that can be accessed via HTTP and HTTPS. You have to ensure that the serer roles on the 6 servers are remotely installed and managed by the local administrators.
How can this be achieved?
A. You should select the Windows Remote Management (WinRM) on the computers of the local administrators.
B. You should create a GlobalNames zone and enable the zone on the computer of the local administrator.
C. You should run the key Management Service (KMS) and add the Component Services snap-in on the computers of the local administrators.
D. You should use Credential Roaming on the computers of the local administrators.

Answer: A Explanation: You need to select the Windows Remote Management (WinRM) on the administrator��s computer. This will ensure that the administrators remotely installed and remotely managed the Server Core servers. The Windows Remote Management (WinRM) allows you to install programs, change settings, or do troubleshooting, remotely.
Reference: How can Windows Server 2008 WinRM & WinRS help you
http://www.windowsnetworking.com/articles_tutorials/How-Windows-Server-2008-WinRM-WinRS.html

QUESTION NO: 23
You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. The network servers run either Windows Server 2003 or Windows Server 2008 and the client computers run Microsoft Windows Vista.
Your job function includes managing a Windows Server 2003 server named ABC-SR02. ABC-SR02 is configured to host a database application. You want to migrate the application to Windows Server 2008.
You need to set up ABC-SR02 so that the application can be accessed even in the event of server failure. Your solution should also allow for the installation of .NET applications and the reduction of the cost of the software.
Which options should you select that will support the Web application? (Choose TWO. Each answer forms part of the solution.)
A. You should have a failover cluster installed that contains one node.
B. You should have a full installation of Windows Server 2008 Web Edition installed on two servers in the network.
C. You should have Terminal Services installed on the servers in the network.
D. You should set up a RAID 5 array.
E. You should establish a Network Load Balancing cluster.
Answer: B,E Explanation: You need to install the full installation of Windows Server 2008 Web Edition on two servers. You also need to set up a Network Load Balancing cluster. Network load balancing does not require any special hardware.

Reference: Failover clustering, network load balancing drive high availability
http://searchsystemschannel.techtarget.com/tip/0,289483,sid99_gci1317355,00.html

QUESTION NO: 24
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. All the client computers run Windows Vista.
Due to your increased workload you are assigned three assistants that will help you create and manage Group Policy Objects (GPOs) at the domain level. You have a provide the assistants with a GPO with set permissions to allow the assistants to generate new GPOs.
How should you configure the GPO? (Choose TWO. Each answer forms part of the solution.)
A. You should create a custom network profile for the technicians.
B. You should grant the technician administrative permissions.
C. You should add the technicians to the Group Policy Creator Owners group.
D. You should create a new Starter GPO.
E. You should add the technicians to the Domain Administrators group.
Answer: C,D Explanation: You need to add the technicians to the Group Policy Creator Owners group and create a new Starter GPO. The new Starter GPO has templates for creating new GPO��s.
Reference: Group Policy related changes in Windows Server 2008 - Part 1: What are Starter GPOs?
http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part1.html

QUESTION NO: 25
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista.
You are responsible for managing a server named ABC-SR05. ABC-SR05 is configured to host the Terminal Services role. You have to make sure that ABC.com employees can run a third-party application from a shortcut on their client computers. Employees should however not be allowed to open the application when they are offline.

How can this be achieved?
A. You should implement a Data Collector set.
B. You should implement a GPO on the third-party application to all client computers.
C. You should create roaming user profiles.
D. You should implement device installation restrictions on the client computers.
Answer: B Explanation: You need to use a GPO on the to all client computers. This will comply with the CIO��s instructions. In a network environment, group policies are the main component.
Reference: Using Group Policy to Deploy Applications
http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Deploy-Applications.html
Reference: Planning and Deploying Group Policy 2008
http://www.scribd.com/doc/4716059/Planning-and-Deploying-Group-Policy-2008

QUESTION NO: 26
You work as the network administrator at ABC.com. The ABC.com network has a forest named ABC.com. All domain controllers on the ABC.com network run Windows Server 2003 and Windows Server 2008.
You have to implement a backup and recovery plan for the domain controllers that supports the recovery of deleted Active Directory objects up to a year ago.
How should you accomplish this?
A. You should use of a RAID 1 mirror.
B. You should have a GPO implemented with the appropriate permissions.
C. You should use of an ADMX file.
D. You should have the tombstone lifetime increased for the forest.
Answer: D Explanation: You need to increase the tombstone lifetime for the forest. The stuff that is deleted will stay in the Tombstone for a year. The default days of how long the Tombstone will keep the objects are 60 days. So you need to set the Tombstone.

Reference: Active Directory Backup? Don't rush - you'll get more time
http://msmvps.com/blogs/UlfBSimonWeidner/archive/2005/03/26/39806.aspx
Reference: Changing the Tombstone Lifetime Attribute in Active Directory
http://www.petri.co.il/changing_the_tombstone_lifetime_windows_ad.htm

QUESTION NO: 27
You work as the Enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. The network servers run Windows Server 2008 and the client computers are running Windows Vista. The ABC.com network does not have Internet connectivity.
ABC.com contains a file server named ABC-SR18 that hosts shared folders which the users use to save their files that needs to be shared.
You receive an instruction to ensure that productivity continues by permitting the users access to the files in the shared folders on ABC-SR18 even if ABC-SR18 is not connected to the network.
How should you configure ABC-SR18?
A. You should set up offline files to use encryption
B. You should set up folder redirection on ABC-SR18.
C. You should set up caching on the shared folder in ABC-SR18.
D. You should set up a Group Policy for remote users on ABC-SR18.
Answer: C Explanation: You need to set up caching on the shared folder in ABC-SR18. This will allow the remote users to access the share even if they are disconnected.
Reference: Set Caching Options for Shared Folders
http://technet.microsoft.com/en-us/library/cc755136.aspx


QUESTION NO: 28
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com.
Due to company growth, ABC.com is planning to open a few branch offices and install 800 Windows Vista Enterprise Edition computers with network cards that support Pre-boot Execution Environment (PXE), to these offices.
You have to devise a deployment strategy that will allow you to install 100 computers at the same time with little effect to the ABC.com network. You decide to install the Windows Deployment Services (WDS) server role and use a static multicast address range.
Which other server should you add to your strategy in order to use the static multicast address range?
A. You should add a Terminal Server to your strategy plan.
B. You should add a Unified Messaging Server to your strategy plan.
C. You should add a Transport Server to your strategy plan.
D. You should add a Client Access Server to your strategy plan.
Answer: C Explanation: You need to install the Windows Deployment Services (WDS) server role and the Transport Server feature to make sure that 100 Windows Vista computers can be installed with the least amount of time in a Pre-boot Execution Environment. Furthermore, the WDS will allow you to automate the installation. You can also set up the Transport Server which will allow you to boot from the network using Pre-Boot Execution Environment (PXE) and Trivial File Transfer Protocol (TFTP).
Reference: Transport Server
http://technet.microsoft.com/en-us/library/cc771645.aspx

QUESTION NO: 29
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and the client computers run Windows Vista. The client computers also have Outlook 2007 installed.
You receive notification from one of the departments that wants the employees to access an in-house application that requires the use of Outlook 2003. To ensure productivity you need to make sure that the client computers can run both Outlook 2003 and Outlook 2007 with no application conflict.

How can you ensure that the criteria are met? (Choose all that apply.)
A. You should setup the Terminal Services Session Broker role service.
B. You should use Microsoft Multipath I/O.
C. You should setup the Terminal Services server role on a server configured to run Outlook 2003.
D. You should publish Outlook 2003 as a TS RemoteApp.
E. You should setup the Windows Automated Installation Kit (WAIK).
Answer: C,D Explanation: You need to set up the Terminal Services server role on a server with Outlook 2003, and publish Outlook 2003 as a TS RemoteApp. With Terminal Services you can access Windows-based programs from almost any location or computer. The TS RemoteApp allows you to deploy and maintain different versions of the same program for individual systems.
Reference: TS RemoteApp Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc730673.aspx

QUESTION NO: 30
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers are configured to run Windows Server 2008 and all client computers either run Windows XP Professional or Windows Vista.
You receive instruction to only allow client computers running the latest service pack to access the network whilst ensuring that other client computers are redirected to the Microsoft Web site.
What Windows 2008 feature will assist you in your solution?
A. You should use the Event Trace Sessions Data Collector Set.
B. You should use multiple downstream servers
C. You should use the Windows System Resource Manager (WSRM).
D. You should use Network Access Protection (NAP).
Answer: D Explanation: You need to use Network Access Protection (NAP). Network Access Protection (NAP) controls access to network resources based on a client computer��s identity and compliance with corporate governance policy. Furthermore, when using 802.1X enforcement, the computer must be compliant to get unlimited network access through an 802.1X-authenticated network connection

Reference: Network Access Protection Platform Overview
http://technet.microsoft.com/hi-in/library/bb878083(en-us).aspx
Reference: Security and Policy Enforcement
http://www.microsoft.com/windowsserver2008/en/us/security-policy.aspx

QUESTION NO: 31
You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. The ABC.com network servers run Windows Server 2008 and the client computers run Microsoft Windows Vista.
You are in the process of installing a distributed application that uses several servers. You decide to implement a storage solution that use the network infrastructure and assign hard disk space as the need arise. You also want to have the data accessible in the event of a hard disk failure.
What should you add to your plan?
A. You should enable the Network Device Enrollment Service (NDES).
B. You should add the Microsoft System Center Configuration Manager (SCCM).
C. You should establish an iSCSI disk storage subsystem that will permit Virtual Disk Service (VDS). .
D. You should establish a storage subsystem as a RAID 5 array.
Answer: C,D Explanation: You need to use an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). You also need to setup the storage subsystem as a RAID 5 array. Microsoft iSCSI Software Target option will allow you to use an iSCSI SAN with storage provisioning and management capabilities. Furthermore, the iSCSI disk storage subsystem supports Virtual Disk Service (VDS) and Microsoft Multipath I/O.
Reference: The Basics of the Virtual Disk Services (VDS)
http://blogs.technet.com/josebda/archive/2007/10/25/the-basics-of-the-virtual-disk-services-vds.aspx

Reference: Reference: What is RAID?
http://compreviews.about.com/od/storage/l/aaRAIDPage1.htm

QUESTION NO: 32
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers are configured to run Windows Server 2008 and the client computers Windows Vista.
ABC.com users store their files in the My Documents folder on their client computers. You want to implement a backup strategy that allows you to backup the files in the users' My Documents folders with the least amount of administration.
Which option should you use in your backup strategy? (Choose all that apply.)
A. You should add the Windows Recover Disk feature to allow you to backup information with the least amount of effort.
B. You should apply folder redirection using a Group Policy objects (GPO).
C. You should add the Windows Automated Installation Kit (WAIK) to allow you to backup information with the least amount of effort.
D. You should then have the folder redirection target backed up.
E. You should then add Folder redirection to allow you to backup information with the least amount of effort.
Answer: B,D Explanation: You need to use the Group Policy objects (GPO) to apply folder redirection and then back up the folder redirection target. Folder Redirection allows you to redirect the system folders containing the profile of a user on the network. Doing this will allow the users to access their data.
Reference: Implementing Folder Redirection using Group Policy
http://www.tech-faq.com/implementing-folder-redirection-using-group-policy.shtml

QUESTION NO: 33
You work as the Enterprise administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server 2008.

Your job entails managing a server named ABC-SR10 that has a Virtual Private Network (VPN) installed. ABC-SR10 is set up as a standalone root certificate authority. ABC.com has entered into a partnership with two other companies.
Which actions should you take to permit computers in the partner companies to access the resources on ABC.com?
A. You should use allow incoming traffic on TCP Port 443 on the Windows Firewall.
B. You should install a Root CA certificate on the partner companies�� computers.
C. You should use the Windows Deployment Services (WDS).
D. You should use an external certificate authority to issue certificates via an e-mail.
E. You should install Terminal Services.
Answer: B Explanation: The best option is to install Root CA certificate to the external computers. This will allow the external computers to use SSTP to access the resources. SSTP ships with the Routing and Remote Access server role of Windows Server 2008. SSTP is the same as Virtual Private Networking (VPN) tunnel, but just a new kind. SSTP has the following criteria:
.
Allows for Point-to-Point Protocol (PPP) packets to be encapsulated over HTTP.

.
Allows for a VPN connection to be more easily established through a firewall or through a Network Address Translation (NAT) device.

.
Allows for a VPN connection to be established through an HTTP proxy device.


Reference: How to troubleshoot Secure Socket Tunneling Protocol (SSTP)-based connection failures in Windows Server 2008
http://support.microsoft.com/kb/947031

QUESTION NO: 34
You work as the network administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. ABC.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista or Microsoft Windows XP Professional.
You are preparing a server deployment that will host Microsoft SQL Server 2005 for the ABC.com employees. In your deployment strategy you need to make sure that productivity with regard to SQL services will not be interrupted when a server happens to go offline.
Which action should you take? (Choose THREE. Each answer forms part of the solution.)

A. You should install a full installation of Windows Server 2008 Enterprise Edition.
B. You should use two servers.
C. You should use the Windows System Resource Manager (WSRM).
D. You should use of Network Load Balancing on one servers.
E. You should configure failover clusters on the two servers.
Answer: A,B,E Explanation: The best option is to install Windows Server 2008 Enterprise Edition on two servers. You can then set up these servers to support Microsoft SQL Server 2005 and to offer redundancy. Furthermore, Failover clustering will allow you to transfer mission-critical resources from a failing machine to an equally configured server automatically.
Reference: SQL Server 2008 Pricing and Licensing/ PASSIVE SERVERS / FAILOVER SUPPORT
http://download.microsoft.com/download/1/e/6/1e68f92c-f334-4517-b610-e4dee946ef91/2008%20SQL%20Licensing%20Overview%20final.docx.

QUESTION NO: 35
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. The servers on the ABC.com network are configured to run Windows Server 2008 and the client computers Windows XP Service Pack 1.
You are preparing to install Distributed File System (DFS) into the ABC.com network. You need to make allowance for failover if a server should go offline as well as keeping the cost as low as possible. You thus create a domain-based DFS namespace as well as an additional namespace server. Thereafter you allow the client fail back to the preferred target option.
What actions should you take next? (Select two. Each correct answer will present a part of the answer)
A. You should upgrade the client computers to Windows XP Service Pack 2.
B. You should use DFS replication on a stand-alone DFS namespace.
C. You should use folder redirection on a domain-based DFS namespace.
D. You should install a Windows Server 2008 Datacenter Edition server.
Answer: A Explanation: To plan the deployment of Distributed File System (DFS) with the given requirements, you need to upgrade all client computers to Windows XP Service Pack 2 to use DFS and implement a domain-based DFS namespace. You need to then add a second namespace server and enable the Clients fail back to preferred targets option.

Rather than having every user in your organization access their files from the same server, you can distribute the user workload across multiple DFS replicas rather than over burdening a single server. Domain based namespaces should be used here because Domain based namespaces require all servers to be members of an Active Directory domain. The DFS supports automatic synchronization of DFS targets. In a domain environment, a server is capable of hosting multiple DFS roots that provides you with a degree of scalability.
Another reason for having multiple DFS replicas is because doing so provides you with a degree of fault tolerance. DFS can also provide fault tolerance from the standpoint of protecting you against network link failures.
You should add a second namespace server and enable the Clients fail back to preferred targets option to ensure a client failback on the namespace (or on specific folders in your namespace). So, when the failed target comes back online the client will fail back to that target as its preferred target.
If your WAN links are unreliable, you might find your clients frequently accessing different targets for the same folder. This can be a problem, for by default, DFS caches referrals for a period of time (300 seconds or 5 minutes) so if a target server suddenly goes down the client will keep trying to connect to the target and give an error instead of making the resource available to the client from a different target. To prevent this from happening (especially non-optimal targets), you can configure a client failback to preferred targets option on the namespace.
Reference: Configuring DFS Namespaces
http://www.windowsnetworking.com/articles_tutorials/Configuring-DFS-Namespaces.html
Reference: Planning a DFS Architecture, Part 1/ Planning a DFS Architecture, Part 2 / Domain-Based Namespaces
http://www.petri.co.il/planning-dfs-architecture-part-one.htm

QUESTION NO: 36
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. Half the client computers run Windows XP Professional Service Pack 2, and the rest run Windows Vista.
You need to make sure that network traffic is reduced when employees log on and off and that their EFS certificates are available from any work station. It is imperative that the EFS certificates are accessible when a disk gets corrupted.

How can you deploy Encrypting File System (EFS) to meet all the goals?
A. You should use Smart cards.
B. You should use Credential roaming.
C. You should use Roaming user profiles.
D. You should use universal caching.
E. You should use an internal certificate authority.
Answer: B Explanation: You need to use credential roaming. The software can be installed on these Windows XP Professional Service Pack 2 workstations. However, the Windows Vista workstations do ship with it. Encrypting File System (EFS) has the following criteria:
.
EFS certificates are signed by a CA or are self-signed

.
With credential roaming functionality in the CSC, it can managed environments and store X.509 certificates.

.
It also private keys specific to a user in Active Directory, independently from the profile.


Reference: About Credential Roaming
http://technet.microsoft.com/hi-in/library/cc700848(en-us).aspx
Reference: Configuring and Troubleshooting Certificate Services Client�CCredential Roaming / Using Encrypting File System
http://technet.microsoft.com/en-us/library/cc700823.aspx

QUESTION NO: 37
You work as the network administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com.
There are currently 30 Microsoft Windows Server 2003 servers that have the DNS service role installed, on the ABC.com network. You are monitoring one of these DNS servers named ABC-SR10 because it is configured with the Adminpak.msi. You use the Remote Desktop Connection (RDC) to make a connection to ABC-SR10 in order to monitor the remaining servers.
The ABC.com servers are all destined to be upgraded to Windows Server 2008 servers. The new servers must host the DNS server role on the Server Core installation of Windows Server 2008
How can you proceed to make sure that the above goals are achieved while also allowing for the remote management with Microsoft Management Console (MMC).

A. You should use Credential Roaming.
B. You should install Remote Server Administration Tools (RSAT) to a Windows Server 2008 server.
C. You should use the Windows Deployment Services (WDS) server role.
D. You should offer remote access to the Windows Server 2008 Server Core servers.
E. You should provide remote access to that server.
F. You should enable Terminal Services on the entire network.
Answer: B,E Explanation: You need to install Remote Server Administration Tools (RSAT) to a Windows Server 2008 server and provide remote access to that server. RSAT is an update version of ADMINPAK.MSI.
Reference: Remote Server Administration Tools (RSAT) Now Available for Windows Vista SP1
http://windowsvistablog.com/blogs/windowsvista/archive/2008/03/25/remote-server-administration-tools-rsat-now-available-for-windows-vista-sp1.aspx

QUESTION NO: 38
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. The domain controllers on the ABC.com network run Windows Server 2008.
Your installation plan should ensure that employees only have a local connection to their folders. It is imperative that bandwidth usage is reduced.
How can you proceed with the installation of Distributed File System (DFS) to make sure that the goals are achieved? (Choose all that apply.)
A. You should add a domain-based DFS namespace that uses folder redirection.
B. You should add a stand-alone DFS namespace that uses DFS replication.
C. You should add an iSCSI disk storage subsystem that supports Virtual Disk Service.
D. You should enable access-based enumeration on the stand-alone DFS namespace.
E. You should enable caching on the profiles share.
F. You should create and apply a group policy object (GPO) that specifies local connections only.
Answer: B,D Explanation: You need to use a stand-alone DFS namespace that uses DFS replication and has access-based enumeration enabled. This will allow the users to have only access to their folders, access the data locally. This option will also reduce bandwidth during replication. For fault tolerance purposes, you should use a standalone namespaces that will allow you to use multiple folder targets. Access-based enumeration allows users to see only files and folders on a file server to which they have permission to access.

Reference: Planning a DFS Architecture, Part 2
http://www.petri.co.il/planning-dfs-architecture-part-two.htm
Reference: Distributed File System
http://technet.microsoft.com/en-us/library/cc753479.aspx

QUESTION NO: 39
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008.
Your job entails managing a file server named ABC-SR13. During the course of the day you receive notification to install a client/server application.
What of the following options should you use for availability of the application even if the server goes offline?
A. By using a Network Load Balancing (NLB).
B. By using a Failover cluster that uses Node and File Share Disk Majority.
C. By using Round-robin DNS.
D. By using Terminal Services Gateway (TS Gateway).
Answer: B Explanation: You need to use Failover cluster that uses Node and File Share Disk Majority. If the clusters has an even number of nodes, then the Node and Disk Majority is recommended. This will allow availability.
Reference: Understanding Quorum Configurations in a Failover Cluster
http://technet.microsoft.com/en-us/library/cc731739.aspx
QUESTION NO: 40
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. The servers on the ABC.com network are configured to run Windows Server 2008 and all client computers either Windows XP Professional or Windows Vista.

A new ABC.com security policy only allows the administrators to install removable devices. You need to make sure that all users adhere to this policy.
Which actions should you take?
A. You should create a group policy object (GPO) that specifies the device installation restrictions.
B. You should implement the Microsoft Application Compatibility Toolkit (ACT).
C. You should implement a Deny Full Control access policy.
D. You should use the Netsh tool.
E. You should use MAC addressing as the conditions for device installation.
Answer: A Explanation: You need to use set up device installation restrictions. With this, you can ensure that only the administrators can install USB devices. You will find it in the group policy tree at: Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions.
Reference: Windows Longhorn: Using Group Policy to Control Device Management (Part 2)
http://www.windowsnetworking.com/articles_tutorials/Windows-Longhorn-Using-Group-Policy-Control-Device-Management-Part2.html

QUESTION NO: 41
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. The servers on the ABC.com network run Windows Server 2008 and all client computers either run Windows Vista or Windows XP Professional.
A new ABC.com security policy stipulates that no USB devices should be installed on the Vista Computers. Only administrators and senior helpdesk staff members are exempted from this security policy.
Which actions should you take to make allowance for this exemption?
A. You should add Internet Protocol security (IPsec) on the domain controllers.
B. You should add Key Management Service (KMS) on the client computers.
C. You should add a Group Policy object (GPO) on the client computers.
D. You should add folder redirection on the client computers.

Answer: C Explanation: You need to use the Group Policy object (GPO) on the client computers. This will prevent the user to install removable devices. The GPO a setting, Preventing Installation of Removable Devices and Prevent Installation of Devices Not Described By Other Policy Settings, that can be used in this instance. This will not allow the users to install removable devices.
Reference: Windows Longhorn: Using Group Policy to Control Device Management (Part 2)
http://www.windowsnetworking.com/articles_tutorials/Windows-Longhorn-Using-Group-Policy-Control-Device-Management-Part2.html

QUESTION NO: 42
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com.
You are responsible for managing a Windows Server 2008 server named ABC-SR10. ABC-SR10 is configured to host the Terminal Services role. A new ABC.com policy states that the employees should not use more than 20% of the CPU resources in a day, with the exception of the administrators.
Which actions should you take? (Choose TWO. Each answer forms part of the solution.)
A. You should use Windows System Resource Manager (WSRM).
B. You should create Network Load Balancing cluster.
C. You should setup user policies.
D. You should create a GPO.
E. You should link a GPO that specifies a restrictive policy.
Answer: A,C Explanation: You need to use Windows System Resource Manager (WSRM) and set up user policies. The Windows System Resource Manager (WSRM) enables the allocation of resources, including processor and memory resources, among multiple applications based on business priorities. You can set the CPU and memory allocation policies on applications.
Reference: Windows System Resource Manager Fast Facts
http://www.microsoft.com/windowsserver2003/techinfo/overview/wsrmfastfacts.mspx


QUESTION NO: 43
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory forest named ABC.com. All servers are configured to run Windows Server 2008 and the client computers Microsoft Windows Vista.
There are over 100 servers on the ABC.com network. You add the subsequent precautions to enhance productivity:
.In the event of an application failure notification via e-mail should be sent to you.
How can you ensure that both goals are achieved with least administration? (Choose TWO. Each answer forms part of the solution.)
A. By using Microsoft Windows Reliability and Performance Monitor.
B. By setting up event subscriptions for all servers.
C. By installing a Network Policy Server (NPS) on a server.
D. By using folder redirection.
E. By attaching tasks to the application error events on the server.
F. By using the Windows Sidebar utility.
Answer: B,E Explanation: You need to set up event subscriptions for each server that is host on one server and attach tasks to the application error events, on the server. The Event Viewer will allow you to view events on a single remote computer. Furthermore, Windows Vista has the ability to collect copies of events from multiple remote computers.
Reference: Event Subscriptions
http://technet.microsoft.com/en-us/library/cc749183.aspx

QUESTION NO: 44
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. The servers are configured to run Windows Server 2008.
You have created a web site which requires a very high availability and a high scalability for the success of the company. You therefore publish the Web site on two Web servers named ABC-SR20 and ABC-SR21.
You have received instructions from the CIO to implement an availability solution for your Web servers. You thus need to ensure when ABC-SR20 and ABC-SR21 are added, the connections to the websites remain unaffected. Web site needs to remains online in the event of a server failure.

How can you accomplish the goals?
A. You should implement Network Load Balancing cluster
B. You should implement Terminal Services Gateway (TS Gateway).
C. You should implement folder redirection.
D. You should implement a Web farm on ABC-SR20 and ABC-SR21.
Answer: A Explanation: You need to a Network Load Balancing cluster. Network Load Balancing enables an organization to scale server and application performance by distributing TCP/IP requests to multiple servers.
Reference: Failover clustering, network load balancing drive high availability
http://searchsystemschannel.techtarget.com/tip/0,289483,sid99_gci1317355,00.html

QUESTION NO: 45
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 Enterprise Edition.
ABC.com has headquarters in London where you are located and a Marketing division in Ireland that connects to headoffice via a WAN link. You receive an instruction from the CIO to implement a failover cluster solution between the offices that provides service availability to employees at both offices in the event of server failure as well as reducing the amount of servers.
Which action should you take?
A. You should implement a RAID 5 array.
B. You should implement multiple downstream servers.
C. You should implement a failover cluster in the London office.
D. You should implement a single node failover cluster in the offices.
E. You should implement a mirrored volume of all servers in the offices.
Answer: D Explanation: You need to install a failover cluster that contains one node in each office. This will maintain availability. Failover clustering, network load balancing drive high availability http://searchsystemschannel.techtarget.com/tip/0,289483,sid99_gci1317355,00.html

Topic 2, Exam Set 2
QUESTION NO: 46
You work as an administrator at ABC.com. The ABC.com network has a domain named ABC.com.
ABC.com has acquired two new servers that should have an edition of Windows Server 2008 R2 installed. You are required to make sure that the two new servers are configured in such a way that Microsoft SQL Server 2008 is supported, and that SQL services will continue even if one of the servers goes offline.
Which two of the following actions should you take? (Choose two.)
A. You should consider having Windows Server 2008 R2 Enterprise fully installed on both new servers.
B. You should consider having Windows Server 2008 R2 Enterprise installed on one of the new servers, and Windows Server 2008 R2 standard installed on the other.
C. You should consider configuring the two new servers in an NLB cluster.
D. You should consider configuring the two new servers in a failover cluster.
Answer: A,D Explanation:

QUESTION NO: 47
You work as an administrator at ABC.com. The ABC.com network has a single domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed.
ABC.com has its headquarters in New York and is connected to the internet. ABC.com has informed you of their plans to establish a satellite office in Dallas that must be linked to the New York office via a limited Wan link. The Dallas office will not, however, have access to the Internet.
You have been given the responsibility of designing a deployment strategy for 50 Windows Server 2008 R2 computers in the Dallas office. You are informed that the deployment and the activation of the new servers should occur without human intervention. You strategy should also allow for Network traffic between the New York and Dallas offices.

Which of the following actions should you take? (Choose all that apply.)
A. You should consider employing Key Management Service (KMS) in the Dallas office.
B. You should consider employing Key Management Service (KMS) in the New York office.
C. You should consider deploying a DHCP server in the Dallas office.
D. You should consider deploying a DHCP server in the New York office.
E. You should consider making use of Windows Deployment Services (WDS) in the Dallas office.
F. You should consider making use of Windows Deployment Services (WDS) in the New York office.
Answer: A,C,E Explanation:

QUESTION NO: 48
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. The servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com has recently acquired 30 new servers that either have one CPU, one dual core CPU, or two quad core CPUs. All of these servers have 64-bit hardware installed.
You have been instructed to install Windows Server 2008 R2 on the new servers using Windows Deployment Services (WDS). You also have to make sure that the installation makes use of as little install images as possible.
Which of the following is the amount of images required to complete this task?


A. 30
B. 15
C. 6
D. 1
Answer: D Explanation:
QUESTION NO: 49
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 Enterprise installed.

When ABC.com informs you that they are opening a few new branch offices, they request that 800 workstations containing network cards that support Pre-boot Execution Environment (PXE) be installed in these offices. Furthermore, they inform you that the workstations must have Windows 7 Enterprise installed.
You have to devise a deployment solution that will allow you to install Windows 7 Enterprise on 100 workstations at the same time, with little effect to the ABC.com network. Your solution should also allow for the installation of Windows 7 Enterprise to be as fast as possible.
Which combination of the following should form part of your solution? (Choose all that apply.)
A. A Windows Deployment Services (WDS) server role deployment.
B. A Key Management Service (KMS) server role deployment.
C. The deployment of the Transport Server feature.
D. The deployment of the Terminal Server feature.
E. The deployment of the Desktop Experience feature.
F. The use of a static multicast address range for the Transport Server.
G. The use of a static multicast address range for the Terminal Server.
Answer: A,C,F Explanation:

QUESTION NO: 50
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 Enterprise installed. A router that meets the RFC 1542 standard is used to link two subnets that make up ABC.com's network.
You have been instructed to deploy 5 new Windows Server 2008 R2 servers, which are configured to support PreBoot Execution Environment (PXE), via Windows Deployment Services (WDS). You have also been instructed to make sure that the method you use allows for WDS to be installed on the minimum required servers, and for the Windows Server 2008 R2 servers to be deployed on both subnets using WDS.
You start by deploying a single server configured to run WDS and DHCP.
Which of the following actions should you take to successfully complete your task?
A. You should consider having the IP Helper tables configured on the router.
B. You should consider having the Key Management Service (KMS) server role deployed.
C. You should consider having group policy filtering enabled.

D. You should consider having the Hyper-V feature deployed.
Answer: A Explanation:

QUESTION NO: 51
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network, including domain controllers, have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com's Marketing, Sales, and Finance departments are located in different buildings. You have received instruction to add a Read-only Domain Controller (RODC) in each of the departments.
You must make sure that log on details does not form part of the RODC's installation files, and that bandwidth usage during the first AD-DS synchronization is kept as low as possible.
You decide to construct an RODC in each department. You then run the ntdsutil ifm command on an existing domain controller.
Why would you need to run this command?
A. It allows you to create installation media for the new RODCs.
B. It allows you to transfers and seize operations master roles for the new RODCs.
C. It allows you to perform a staged RODC installation for the new RODCs.
D. It allows you to run an unattended installation for the new RODCs.
Answer: A Explanation:

QUESTION NO: 52
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network, including domain controllers, have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com has recently employed part-time staff and issued them with user accounts, as well as workstations that are not members of the ABC.com domain. Either a wireless or wired link will be used by the part-time staff to access the ABC.com network. However, the part-time staff requires the most recent OS updates to access the network.

You have to make sure that ABC.com's network security is suitably configured to allow this.
Which of the following actions should you take?
A. You should consider making use of Network Access Protection (NAP).
B. You should consider making use of Active Directory Rights Management Services (AD RMS).
C. You should consider making use of the Remote Desktop Connection Broker role service.
D. You should consider making use of Background Intelligent Transfer Service (BITS).
Answer: A Explanation:

QUESTION NO: 53
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network, including domain controllers, have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
You have been instructed to design a strategy that allows Certificate Services to issue ABC.com's intranet users certificates automatically. The strategy should also allow resources that employ certificate based authentication to be available to ABC.com's Internet users. Furthermore, you have to make sure that the certificate infrastructure of ABC.com's network has optimum protection.
You decide to have an offline standalone root certification authority (CA) and an online enterprise subordinate CA deployed.
You have to make sure that your task is completed successfully.
Which of the following actions should you take?
A. You should consider having an online standalone subordinate CA deployed.
B. You should consider having an offline standalone subordinate CA deployed.
C. You should consider having an offline enterprise subordinate CA deployed.
D. You should consider having an online enterprise subordinate CA deployed.
Answer: A Explanation: QUESTION NO: 54



You work as an administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed.
ABC.com has its headquarters in London, and a satellite office in New York. You have been instructed to deploy a Read-Only Domain Controller (RODC), named ABC-DC03, in the New York office and also design a management solution for it.
You decide to configure Administrator Role Separation on ABC-DC03.
Which of the following is TRUE with regards to Administrator Role Separation?
A. Administrator Role Separation allows you to delegate local administrative permissions for ABC-DC03 to any domain user in the New York office without granting that user any user rights for the domain or other domain controllers.
B. Administrator Role Separation allows you to delegate administrative permissions for ABC-DC03 to any domain user in the New York office, including user rights to the domain.
C. Administrator Role Separation allows you to delegate local administrative permissions for ABC-DC03 to any domain user in the London office without granting that user any user rights for the domain or other domain controllers.
D. Administrator Role Separation allows you to delegate local administrative permissions for ABC-DC03 to any domain user in the London office, including user rights to the domain.
Answer: A Explanation:
QUESTION NO: 55
You work as an administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed.
You have been instructed to make sure that ABC.com's are forced to make use of complex passwords for their user accounts. You have to make sure that your method is executed using as little servers as possible.
Which of the following actions should you take?

A. You should consider making use of Encrypting File System (EFS).
B. You should consider having a new Password Settings Object (PSO) configured for ABC.com's administrators.
C. You should consider making use of File Server Resource Manager (FSRM).
D. You should consider making use of Microsoft System Center Configuration Manager (SCCM).

Answer: B Explanation:


QUESTION NO: 56
You work as an administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed.
You have been instructed to devise a solution for deploying Group policy objects (GPOs) that prevents organizational unit (OU) level GPOs from being replaced by OUlevel GPOs. You are also instructed to make sure that ABC.com's Server Operators group remains unaffected by the OUlevel GPOs.
Which two of the following actions should you take?
A. You should consider enabling the Enforced setting for all domain level GPOs.
B. You should consider enabling the Block Inheritance setting for all domain level GPOs.
C. You should consider having the permissions of the GPOs that are linked to OUs altered.
D. You should consider enabling the Block Inheritance setting for all OUs.
Answer: A,C Explanation:
QUESTION NO: 57
You work as an administrator at ABC.com. The ABC.com network has 3 Active Directory forests that have forest trust relationships configured between them. All servers on the ABC.com network, including domain controllers, have Windows Server 2008 R2 installed.
Each ABC.com forest and its Group Policy objects (GPOs) are administered by a different administrator. You are preparing to create standard GPOs for each forest. You are then informed that user configuration and computer configuration settings should be included in separate standard GPOs, without creating excessive GPOs.

You, therefore, create a GPO that is configured to make use of the required user configurations, as well as a GPO that is configured to make use of the required computer configurations.
Which of the following actions should you take NEXT?
A. You should consider having the new GPOs exported to .cab files.
B. You should consider having the new GPOs exported to .exe files
C. You should consider having the new GPOs exported to .inf files
D. You should consider having the new GPOs exported to .config files
Answer: A Explanation:

QUESTION NO: 58
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory forest named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com has its headquarters in London and branch offices in Madrid and Paris. The London office contains a Windows Server Update Services (WSUS) server, named ABC-SR12, which is configured to store updates at the London office. The branch offices have a dedicated WAN connection that links them to the London office, which in turn provides the branch offices with Internet access.
You have received instructions to set up a patch management solution that allows for a reduction in Internet traffic, while also allowing the approval of updates for the Madrid and Paris offices to occur separately.
Which of the following actions should you take? (Choose two.)
A. You should consider setting up and linking the Group Policy objects (GPOs) to the OUs.
B. You should consider installing a WSUS server in the Paris and Madrid offices.
C. You should consider making use of Microsoft SQL Server 2005 in the Paris and Madrid offices.
D. You should consider making use of Terminal Services at the London office.
E. You should consider setting up the WSUS servers to use ABC-SR12 as an upstream server.
Answer: B,E Explanation: QUESTION NO: 59



You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network, including domain controllers have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com has its headquarters in New York, and numerous satellite offices located in various countries.
You have received instructions to implement Windows Server Update Services (WSUS) in ABC.com's environment. You have to make sure that your solution allows for the distribution of updates from the New York office. Furthermore, you are informed that a server failing should not prevent ABC.com's workstations from receiving updates.
You start by setting up a Microsoft SQL Server 2008 failover cluster, and arranging 2 WSUS servers in a Network Load Balancing cluster.
Which of the following actions should you take?
A. You should consider having WSUS set up to make use of the local database.
B. You should consider configuring the WSUS servers to include mirrored physical disks.
C. You should consider configuring the WSUS servers to include mirrored virtual disks.
D. You should consider having WSUS set up to make use of the remote SQL Server 2008 database instance.
Answer: D Explanation:
QUESTION NO: 60
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory forest named ABC.com. The ABC.com network servers run Windows Server 2008 R2 and the workstations run Windows 7.
ABC.com has of a Marketing department that contains 500 servers.
You have received instructions from the CIO to monitor the servers in such a way that you are alerted when average CPU utilization is in excess of a specified percentage for a specific length of time. You should also make sure that the CPU monitoring threshold is adjusted to make allowance for temporary workload changes. You should make sure that the adjustment occurs automatically.
Which of the following actions should you take?

A. You should consider making use of File Server Resource Manager (FSRM).
B. You should consider having the Microsoft System Center Operations Manager (OpsMgr) deployed.
C. You should consider having the Microsoft System Center Configuration Manager (SysMgr) deployed.
D. You should consider making use of Network Policy Server (NPS) connection request policies.
Answer: B Explanation:

QUESTION NO: 61
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. The ABC.com network servers have Windows Server 2008 R2 installed and workstations have Windows 7 installed.
ABC.com contains more than 1,500 workstations, which has been linked to managed switches. You are in the process of devising a network access solution that prevents ABC.com employees from evading the restrictions on the network access. The solution should also only allow network access to workstations with updated service packs and updated anti-malware software installed.
You then decide to make use of Network Access Protection (NAP) with enforcement.
Which of the following is the method you should use?
A. NAP Enforcement for DHCP.
B. NAP Enforcement for 802.1X.
C. NAP Enforcement for IPsec Communications.
D. NAP Enforcement for Remote Desktop Gateway.
E. NAP Enforcement for VPN.
Answer: B Explanation:

QUESTION NO: 62
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed. Half of ABC.com's workstations have Windows XP SP1 installed, while the rest have Windows 7 installed.
You have been instructed to design a VPN solution that allows for encrypted text to be used when storing VPN passwords. Furthermore, workstations that are configured as members of a workgroup, as well as Suite B cryptographic algorithms should be supported. You also have to make sure that certificates can be automatically enrolled.

Which combination of the following actions should you take? (Choose all that apply.)
A. You should consider upgrading the Windows XP Professional workstations to Windows 7.
B. You should consider making use of the Windows System Resource Manager (WSRM).
C. You should consider making use of an enterprise certification authority (CA) that is based on Windows Server 2008 R2.
D. You should consider making use of the 64-bit version of Windows Server 2008 R2 Datacenter Edition.
E. You should consider making use of Windows Deployment Services (WDS).
F. You should consider making use of an IPsec VPN that uses certificate-based authentication.
Answer: A,C,F Explanation:

QUESTION NO: 63
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have either Windows Vista or Windows 7 installed.
ABC.com has informed you of their intention to enter into a working partnership with a company, named Weyland Industries, which has an Active Directory domain named weylandindustries.com. The domain controllers in the weylandindustries.com domain have Windows Server 2008 R2 installed.
As a result, ABC.com has released a written security policy that prohibits the printing of classified documents, or forwarding these classified documents to recipients that are not trusted. The new policy also states that Weyland Industries users should not be able to access classified data if they do not have the necessary permissions. Furthermore, the management of the Weyland Industries users should require as little administrative effort as possible. Lastly, the network traffic between the two organizations should be handled by port 443.
You start by configuring a federated trust between ABC.com and Weyland industries. You then deploy a Windows Server 2008 R2 server, named ABC-SR36.
You have to make sure that the written security policy is fully adhered to.

Which combination of the following actions should you take? (Choose two.)
A. You should consider installing Microsoft Office SharePoint Server 2010 on ABC-SR36.
B. You should consider making use of Windows System Resource Manager (WSRM) on ABC-SR36.
C. You should consider installing the Active Directory Rights Management Services (AD RMS) role on ABC-SR36.
D. You should consider installing the Windows SharePoint Services role on ABC-SR36.
Answer: A,C Explanation:

QUESTION NO: 64
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. ABC.com's domain controllers have Windows Server 2008 R2 installed, their network servers have Windows Server 2003 SP2 installed, and the workstations have Windows 7 installed.
Eight of the network servers are configured as Terminal Servers. ABC.com also has a server, named ABC-SR20, which has Microsoft Internet Security and Acceleration (ISA) Server 2006 installed and is configured as a firewall server.
You have been instructed to configure remote access for servers that have Remote Desktop Services installed. Your configurations should allow for the use of fewer ports on the firewall, as well as the use of encryption on all connections to the Remote Desktop servers. You also have to make sure that specified users are not allowed access.
You start by upgrading one of the network servers to Windows Server 2008 R2. You have to make sure that your task is successfully completed.
Which of the following actions should you take? (Choose two.)
A. You should consider installing the Remote Desktop Gateway (RD Gateway) role service on the upgraded server.
B. You should consider installing Windows Server 2008 R2 Datacenter Edition on the upgraded server.
C. You should consider making use of use Microsoft System Center Configuration Manager (SCCM).
D. You should consider setting up the Remote Desktop connection authorization policy (RD CAP) on the upgraded server.
E. You should consider creating an ADMX file on the upgraded server.

Answer: A,D Explanation:

QUESTION NO: 65
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. ABC.com's domain controllers have Windows Server 2008 R2 installed, their network servers have Windows Server 2003 R2 installed, and the workstations have Windows 7 installed.
Eight of the network servers are configured as Terminal Servers. ABC.com also has a server, named ABC-SR20, which has Microsoft Internet Security and Acceleration (ISA) Server 2006 installed and is configured as a firewall server.
You have been instructed to configure remote access for servers that have Remote Desktop Services installed. Your configurations should allow for the use of fewer ports on the firewall, as well as the use of encryption on all connections to the Remote Desktop servers. You also have to make sure that the availability of specified Remote Desktop servers is limited.
You start by upgrading one of the network servers to Windows Server 2008 R2. You have to make sure that your task is successfully completed.
Which of the following actions should you take? (Choose two.)
A. You should consider installing the Remote Desktop Gateway (RD Gateway) role service on the upgraded server.
B. You should consider installing Windows Server 2008 R2 Datacenter Edition on the upgraded server.
C. You should consider making use of use Microsoft System Center Configuration Manager (SCCM).
D. You should consider setting up the Remote Desktop resource authorization policy (RD RAP) on the upgraded server.
E. You should consider creating an ADMX file on the upgraded server.
Answer: A,D Explanation:

QUESTION NO: 66
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. ABC.com's domain controllers have Windows Server 2008 R2 installed, their network servers have Windows Server 2003 R2 installed, and the workstations have Windows 7 installed.

Eight of the network servers are configured as Terminal Servers. ABC.com also has a server, named ABC-SR20, which has Microsoft Internet Security and Acceleration (ISA) Server 2006 installed and is configured as a firewall server.
You have been instructed to configure remote access for servers that have Remote Desktop Services installed. Your configurations should allow for the use of fewer ports on the firewall, as well as the use of encryption on all connections to the Remote Desktop servers. You also have to make sure that workstations that do not have Windows Firewall enabled are not allowed access to ABC.com's network.
You start by upgrading one of the network servers to Windows Server 2008 R2. You have to make sure that your task is successfully completed.
Which of the following actions should you take? (Choose two.)
A. You should consider installing the Remote Desktop Gateway (RD Gateway) role service on the upgraded server.
B. You should consider installing Windows Server 2008 R2 Datacenter Edition on the upgraded server.
C. You should consider making use of use Microsoft System Center Configuration Manager (SCCM).
D. You should consider configuring Network Access Protection (NAP) on the upgraded server.
E. You should consider creating an ADMX file on the upgraded server.
Answer: A,D Explanation:

QUESTION NO: 67
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network, including domain controllers, have Windows Server 2008 R2 installed and all workstations have Windows XP SP 3 installed.
The ABC.com is made up of 15 servers and 600 workstations. One of the servers, named ABC-SR13, is configured as a Remote Desktop Services server.
You have received instructions to install a new in-house application and enable desktop themes, which is a prerequisite of the application. Furthermore, the in-house application should only be accessible from any workstation to users that have the necessary permissions.

You also need to make sure that the amounts of modifications made to the workstations, as well as the costs are kept to a minimum.
You start by having the Remote Desktop Connection (RDC) 7.0 software deployed to all workstations. You have to make sure that your task is suitably completed.
Which combination of the following actions should you take? (Choose two.)
A. You should consider having the Desktop Experience feature enabled on ABC-SR13.
B. You should consider making use of Windows System Resource Manager (WSRM).
C. You should consider making use of Windows Deployment Services (WDS).
D. You should consider having the application installed on ABC-SR13.
E. You should consider making use of Microsoft System Center Configuration Manager (SCCM).
Answer: A,D Explanation:

QUESTION NO: 68
You work as an administrator at ABC.com. The ABC.com network has a single domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
The ABC.com network has a server running Remote Desktop Services.
You have been instructed to make sure that a new application is deployed in such a way that the most up to date edition of the application is always accessible to ABC.com employees via ABC.com's portal. The deployment should also allow for the installation of as little applications as possible on ABC.com workstations.
You have published the application as a RemoteApp.
Which of the following actions should you take NEXT?
A. You should make use of the Remote Desktop Connection Broker.
B. You should have Remote Desktop Web Access (RD Web Access) enabled.
C. You should make use of the Remote Desktop connection authorization policy (RD CAP).
D. You should make use of the Remote Desktop resource authorization policy (RD RAP).


Answer: B Explanation:


QUESTION NO: 69
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network, including domain controllers have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com has instructed you to devise a document access management strategy for their employees. You have been instructed to make sure that employees can make use of document versioning, and also collaborate documents while they are online.
Which of the following actions should you take?
A. You should consider making use of Encrypting File System (EFS) in your strategy.
B. You should consider making use of Windows BitLocker Drive Encryption (BitLocker) in your strategy.
C. You should consider making use of Microsoft SharePoint Foundation 2010 in your strategy.
D. You should consider making use of folder redirection in your strategy.
Answer: C Explanation:
QUESTION NO: 70
All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed. You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com.
The ABC.com network has a server running the File Services server role that hosts a shared folder. A subfolder in the shared folder has been allocated to every ABC.com user for keeping their private data.
You have been instructed to make sure that the amount of storage used for each subfolder is restricted, and that any attempts to store multimedia data results in an administrator being alerted. Furthermore, you are required to make sure that your tasks make use of little or no administrator input.

You then install the File Server Resource Manager (FSRM) role service on the file server.
Which combination of the following actions should you take? (Choose two.)
A. You should consider having hard quotas set up.
B. You should consider having automated scripts set up.
C. You should consider having Shared Folders permissions set up.
D. You should consider having file screening set up.
Answer: A,D Explanation:

QUESTION NO: 71
You work as an administrator at ABC.com. The ABC.com network has a single domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed.
ABC.com has two Web servers, named ABC-SR13 and ABC-SR14. You are preparing to publish a new ABC.com Web site on ABC-SR13 and ABC-SR14.
You want to make sure that, in the event of one of the Web servers failing, users can still access the Web site. You are also informed that your strategy should allow for the addition of Web servers in the future, without having any impact on clients connecting to the Web site.
Which of the following actions should you take?
A. You should recommend that ABC-SR13 and ABC-SR14 be configured as a failover cluster.
B. You should recommend the creation of a Web server farm.
C. You should recommend that ABC-SR13 and ABC-SR14 be configured in a Network Load Balancing cluster.
D. You should recommend the use of a RAID 5 array for both servers.
Answer: C Explanation: QUESTION NO: 72



You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com has numerous servers that are configured to run the File Services server role, and have two volumes configured for the operating system and data files respectively.
You have received instructions to devise a solution that allows for the recovery of the operating system, as well as the data files. You are also informed that normal operations should not be disrupted by the recovery process, which should take as little time as possible to complete.
You have decided to make use of the Windows Server Backup feature. You have to make sure that the task is suitably completed.
Which of the following actions should you take?
A. You should consider making use of Folder redirection.
B. You should consider creating a System Performance Data Collector Set.
C. You should consider making use of use Windows System Resource Manager (WSRM) on the new server.
D. You should consider making use of System Image Recovery.
Answer: D Explanation:
QUESTION NO: 73
You work as the network administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server 2003 SP2 and the domain controllers are running Windows 2008 Server.
ABC.com has its headquarters in Chicago and quite a few satellite offices in the region. It has come to your attention that the servers located at the satellite offices are not stored securely. You then configure the use of Windows BitLocker Drive Encryption (BitLocker) on servers in the satellite offices.
You have received instructions to make sure that the BitLocker volume is accessible even if the BitLocker keys become corrupt. You have to make sure that the data that will be used for recovery is centrally accessible.

To achieve this, you start by having all ABC.com's domain controllers upgraded to Windows Server 2008 R2.
Which of the following actions should you take NEXT?
A. You should consider making use of Network Policy Server (NPS) connection request policies.
B. You should consider having Trusted Platform Module (TPM) backups to Active Directory enabled by making use of Group Policies.
C. You should consider making use of folder redirection.
D. You should consider making use of the Netsh tool.
Answer: A,D Explanation:

QUESTION NO: 74
You work as an administrator at ABC.com. The ABC.com network has a single domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed, and workstations have Windows 7 installed.
You have been instructed to apply Encrypting File System (EFS) for ABC.com��s workstations. During the process, you also instructed to enable credential roaming.
Which of the following is TRUE with regards to enabling credential roaming? (Choose all that apply.)
A. Once credential roaming is enabled, you can specify the length of time a roaming credential will remain in AD DS for a certificate or key that has been deleted locally.
B. Once credential roaming is enabled, you are prevented from restricting roaming for credentials that exceed a specified size.
C. Once credential roaming is enabled, you can specify whether to include or exclude stored user names and passwords from the credential roaming policy.
D. Once credential roaming is enabled, you are prevented from specifying a maximum number of certificates and keys that can be used with credential roaming.
Answer: A,C Explanation: QUESTION NO: 75



You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network, including domain controllers have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com has acquired two new servers that should be configured in a two-node failover cluster. The nodes should have the best suited edition of the Windows Server 2008 R2 operating system installed, but take up the least amount of space.
Which of the following options are TRUE with regards to this scenario?
A. You could make use of a full installation of Windows Server 2008 R2 Enterprise on the one server, and a Server Core installation of Windows Server 2008 R2 Enterprise on the other.
B. You could make use of a full installation of Windows Server 2008 R2 Datacenter on the one server, and a Server Core installation of Windows Server 2008 R2 Datacenter on the other.
C. You could make use of a Server Core installation of Windows Server 2008 R2 Enterprise on both servers.
D. You could make use of a Server Core installation of Windows Server 2008 R2 Datacenter on one server, and a Server Core installation of Windows Server 2008 R2 Datacenter on the other.
Answer: C Explanation:
QUESTION NO: 76
You work as an administrator at ABC.com. The ABC.com network has a single domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed.
ABC.com has expanded their business by establishing a satellite office in Dallas. Dallas office has numerous servers deployed of which one must be promoted to a Read-Only domain controller.
Which of the following actions should you take?
A. You should consider making use of Administrator Role Separation.
B. You should consider making use of Active Directory snapshots.
C. You should consider making use of IFM subcommand.
D. You should consider making use of the dcpromo command.
Answer: C Explanation: QUESTION NO: 77



You work as an administrator at ABC.com. The ABC.com network has a single domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed.
ABC.com has a web server, named ABC-SR15, which hosts an application named ABCWA7. You have been instructed to configure an authentication and encryption solution. The solution should make use of an authentication method that transmits user names and passwords across the network in clear text. The solution should also make use of an encryption method that establish establishes a secure connection.
Which of the following actions should you take?
A. You should consider making use of Anonymous authentication and SSL.
B. You should consider making use of Basic authentication and SSL.
C. You should consider making use of Windows authentication and SSL.
D. You should consider making use of Client Certificate Mapping authentication and SSL.
Answer: A Explanation:
QUESTION NO: 78
You work as an administrator at ABC.com. The ABC.com network has a single domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed.
ABC.com's Research department stores all their research data in a shared folder hosted by a file server, named ABC-SR13. The staff in the Research department has complained that finding relevant data in the shared folder is taking too long.
You have been instructed to make sure that researchers are able to find data faster.
Which of the following actions should you take?
A. You should consider installing the Windows System Resource Manager (WSRM).
B. You should consider configuring Network Policy Server (NPS) connection request policies.
C. You should consider making use of Distributed File System (DFS) namespaces.
D. You should consider installing the Windows Search Service
Answer: D Explanation: QUESTION NO: 79



You work as the network administrator at ABC.com. The ABC.com network has an Active Directory forest with two domains named us.ABC.com and uk.ABC.com. All servers on the ABC.com network, including domain controllers have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
An administrator, named Andy Reid, has been given the responsibility of managing backups in the us.ABC.com domain. You have been instructed to make sure that Andy Reid only has these permissions in the us.ABC.com domain. Andy Reid should, however, is prevented from having unnecessary permissions.
You have to achieve this with as little administrative effort as possible.
Which of the following actions should you take?
A. You should consider making Andy Reid a member of the Admins domain local group in the us.ABC.com domain.
B. You should consider making Andy Reid a member of the Backup Operators domain local groupin the us.ABC.com domain.
C. You should consider making Andy Reid a member of the administrators OU on each server in the us.ABC.com domain.
D. You should consider making Andy Reid a member of the Domain Admins global group in the ABC.com forest.
Answer: B Explanation:
QUESTION NO: 80
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network has Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com has released a security policy requiring all servers and workstations to have the same Windows firewall settings. You have been instructed to make sure that this policy is adhered to using as little administrative effort as possible.
Which of the following actions should you take?
A. You should consider making use of domain-based Group Policy objects (GPOs)
B. You should consider creating a Windows Management Instrumentation (WMI) filter.

C. You should consider making use of local Group Policy objects (GPOs)
D. You should consider creating an ADML file.
Answer: A Explanation:

QUESTION NO: 81
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com.
ABC.com has its headquarters in New York and a satellite office in Dallas. The Dallas office has numerous servers that are used to store data.
You have configured the use of File Server Resource Manager (FSRM) for these servers.
Which of the following is TRUE with regards to File Server Resource Manager (FSRM)? (Choose all that apply.)
A. It allows you to place storage limits on volumes and folders on the servers.
B. It allows users unlimited storage on volumes and folders on the servers.
C. It allows you to actively screen files stored by users.
D. You cannot generate wide-ranging storage reports using File Server Resource Manager (FSRM).
Answer: A,C Explanation:

QUESTION NO: 82
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
You are in the process of configuring a new MEDV workspace.
Which of the following statements are TRUE with regards to the MEDV workspace? (Choose all that apply.)
A. You are unable to clone a MED-V workspace from the Policy menu.
B. You are able to clone a MED-V workspace from the Policy menu.

C. You are able to delete a MED-V workspace by clicking Remove in the Policy module, while the workspace pane is in focus.
D. You are able to delete a MED-V workspace by clicking Remove in the Policy menu.
Answer: B,C Explanation:

QUESTION NO: 83
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com.
You want to group shared folders that are located on different servers into a single logically structured namespace. The namespace should appear to users as a single shared folder with a series of sub folders, and should not require routing over WAN connections.
Which of the following actions should you take?
A. You should consider making use of AD RMS.
B. You should consider making use of File Server Resource Manager (FSRM).
C. You should consider making use of Distributed File System (DFS) namespaces.
D. You should consider making use of Distributed File System (DFS) Replication.
Answer: C Explanation:

QUESTION NO: 84
You work as an Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed.
ABC.com has a web server, named ABC-SR13, and a backup server, named ABC-SR17.
You have been instructed to design a backup solution that allows for remote server backups of ABC-SR13 to be carried out from ABC-SR17.
Which of the following actions should you take?
A. You should consider suggesting the installation of Windows PowerShell, as well as the modification of the Windows Firewall settings on ABC-SR13.

B. You should consider suggesting the installation of Windows Server Backup, and Windows PowerShell on ABC-SR13.
C. You should consider suggesting the installation of Windows PowerShell, as well as having the IIS Management Service feature enabled on ABC-SR13.
D. You should consider suggesting the installation of Windows Server Backup, as well as the modification of the Windows Firewall settings on ABC-SR13.
Answer: D Explanation:

QUESTION NO: 85
You work as an Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed.
ABC.com has a server running HyperV. There are multiple virtual machines (VMs) configured on the server.
ABC.com has informed you that you have to devise a solution for backing up the HyperV server.
Which combination of the following should form part of your solution? (Choose two.)
A. You should consider taking a snapshot of every VM.
B. You should consider making use of a full backup for each VM.
C. You should consider taking a snapshot of the HyperV server.
D. You should consider making use of a full backup for the HyperV server.
Answer: B,D Explanation:

QUESTION NO: 86
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory forest named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com is planning to install a new child domain, named us.ABC.com, which will have two domain controllers configured to host the DNS server role. All the employees at ABC.com and the computers at the child domain will be members of us.ABC.com.

You have been instructed to make sure that fully qualified domain names is used to access resources in ABC.com's root and child domain. You have also been informed that name resolution services should be implemented in the event of a server failure and that new DNS servers should automatically be recognized when added to or removed from the ABC.com domain.
You are required to devise a solution that suitably deals with the scenario.
Which of the following actions should you take?
A. You should consider making use of Public Key Policies at that domain for us.ABC.com on the two domain controllers.
B. You should consider making use of Microsoft Virtual Server 2005 R2 on both the domain controllers and only create an Active Directory integrated zone for us.ABC.com on one of them.
C. You should consider making use of Network Access Protection (NAP) on both the domain controllers and only create an Active Directory integrated zone for us.ABC.com on one of them.
D. You should consider creating an Active Directory Integrated zone for us.ABC.com and an Active Directory Integrated stub zone for ABC.com on one of the domain controllers.
Answer: D Explanation: You need to create an Active Directory Integrated zone for us.ABC.com and an Active Directory Integrated stub zone for ABC.com, on one of the domain controller. The Active Directory Integrated zones use the Active Directory instead of text files to store the zone information. The new type of Active Directory zone acts as primary zones, because it has writable copies of the zone database. Furthermore, ABC.com also needs an Active Directory Integrated stub zone to ensure the name resolution services. Furthermore, to minimize zone transfer traffic, you need to create Active Directory-integrated stub zones.
Reference: DNS Stub Zones in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html
Reference: Host Name Resolution Overview
http://www.tech-faq.com/planning-and-implementing-a-dns-namespace.shtml


QUESTION NO: 87
You work as the Enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. The ABC.com network servers have Windows Server 2008 R2 installed and workstations have Windows 7 installed.

ABC.com contains more than 1,500 workstations, which has been linked to managed switches. You are in the process of devising a network access solution that prevents ABC.com employees from evading the restrictions on the network access. The solution should also only allow network access to workstations with updated service packs and updated anti-malware software installed.
Which combination of the following actions should you take? (Choose two.)
A. You should make use of Network Access Protection (NAP).
B. You should make use of Background Intelligent Transfer Service (BITS) settings.
C. You should make use of 802.1x enforcement.
D. You should generate event subscriptions.
E. You should generate an adml file.
Answer: A,C Explanation: You need to use Network Access Protection (NAP) and 802.1x enforcement. Network Access Protection (NAP) controls access to network resources based on a workstation��s identity and compliance with corporate governance policy. Furthermore, when using 802.1X enforcement, the computer must be compliant to get unlimited network access through an 802.1X-authenticated network connection
Reference: Network Access Protection Platform Overview
http://technet.microsoft.com/hi-in/library/bb878083(en-us).aspx
Reference: Security and Policy Enforcement
http://www.microsoft.com/windowsserver2008/en/us/security-policy.aspx

QUESTION NO: 88
You work as the Enterprise administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 R2. Half the workstations run Windows Vista, and the rest run Windows 7.
ABC.com has its headquarters in London and a satellite office in Madrid. The satellite office in Madrid contains a File server, named ABC-SR11.
An organizational unit (OU), named Testserv_OU, has been configured to host the computer objects for the servers in the Madrid office. The user accounts of ABC.com's administrators are part of a global group named TestGlobal.

You have received instructions to grant administrators the necessary permissions to create shared folders on ABC-SR11. You want to achieve this with as little administrative effort as possible.
Which of the following actions should you take?
A. You should consider creating a Group Policy for Testserv_OU.
B. You should consider making use of Credential Roaming.
C. You should consider configuring Read Only permissions on Testserv_OU.
D. You should consider making the TestGlobal group a member of the Administrators local group on ABC-SR11.
Answer: D Explanation: You need to add TestGlobal to the Administrators local group on ABC-SR11. This will allow them to create shared folders. The Administrators local group will give full administrative access to an individual computer or a single domain.
Reference: Using Default Group Accounts
http://technet.microsoft.com/en-us/library/bb726982.aspx
Reference: Securing the Local Administrators Group on Every Desktop
http://www.windowsecurity.com/articles/Securing-Local-Administrators-Group-Every-Desktop.html

QUESTION NO: 89
You work as the Enterprise administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 installed and all workstations have Windows Vista SP1 installed. The ABC.com network of ABC.com is connected to the Internet via a firewall.
ABC.com releases a new written security policy that requires the use of encryption on remote connections and remote authentications. The policy also requires ports 80 and 443 to be used for incoming traffic on the firewall.
You have been instructed to devise a solution that adheres to the new security policy.
Which of the following actions should you take?
A. You should consider making use of roaming user profiles.

B. You should consider making use of Secure Socket Tunneling Protocol (SSTP).
C. You should consider making use of Multiple Activation Key (MAK) Independent Activation.
D. You should consider making use of the Hyper-V feature.
Answer: B Explanation: To comply with the new ABC.com security policy, you need to use Secure Socket Tunneling Protocol (SSTP). Secure Socket Tunneling Protocol (SSTP) transport data-link layer (L2) frames on a Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) connection.
Reference: The Cable Guy The Secure Socket Tunneling Protocol SSTP in Windows
http://technet.microsoft.com/en-us/magazine/cc162322.aspx

QUESTION NO: 90
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory forest named ABC.com. All servers on the ABC.com network have Windows Server 2008 installed and all workstations have Windows Vista installed.
ABC.com has a server, named ABC-SR13, which is configured as a File server. The Sales representatives at ABC.com making use of their Windows Vista Business Edition laptops from inside and outside the office.
You have received instructions to make sure that Sales representatives have the ability to decide which documents are accessible when they are not connected to the office network. You have also been informed that your solution should provide for a reduction in the amount of saved documents on the laptops, while also reduce network logon times for the Sales representatives.
Which combination of the following actions should you take? (Choose two.)
A. You should consider making use of Network Load Balancing.
B. You should consider configuring offline files.
C. You should consider making use of Credential Roaming.
D. You should consider selecting the manual caching option.
E. You should consider selecting the automatic caching option.
Answer: B,D Explanation: You need to set up offline files and select manual caching. This will comply with the criteria. The Offline Files allows you to keep using network files, folders, and applications although the network is disconnected.

Reference: Using Offline Files in Windows 2000
http://articles.techrepublic.com.com/5100-10878_11-5031596.html

QUESTION NO: 91
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have either Windows XP Professional or Windows 7 installed.
The ABC.com network has an internal network and a perimeter network which is separated by a firewall. The perimeter network is also connected to the Internet via a firewall. ABC.com makes use of an enterprise certification authority (CA) and a Microsoft Online Responder on the internal network.
You have been instructed to make sure that users who connect via the Internet are able to securely detect whether individual certificates are valid, without consuming unnecessary bandwidth.
Which of the following actions should you take? (Choose all that apply.)
A. You should consider installing a stand-alone CA on a server that resides on the perimeter network
B. You should consider installing IIS on a server that resides on the perimeter network
C. You should consider installing Network Device Enrollment Service (NDES) on a server on the perimeter network.
D. You should consider installing a Network Policy Server (NPS) on a server that resides on the perimeter network.
E. You should consider redirecting authentication requests to a server on the internal network.
F. You should consider installing a subordinate CA on the perimeter network.
G. You should consider setting up IIS to redirect requests to the Online Responder on the internal network.
Answer: B,G Explanation: You should consider installing IIS on a server on the perimeter network and configure IIS to redirect requests to the Online Responder on the internal network. This will offer a secure method for employees on the Internet to verify the validity of individual certificates. Furthermore, it will use less network bandwidth. CRL and Online Certificate Status Protocol (OCSP) are supported on Windows Vista and Windows Server 2008. Furthermore, the Internet Information Services (IIS) uses an Internet Server Application Programming Interface (ISAPI) extension.

Reference: Online Responder Installation, Configuration, and Troubleshooting Guide
http://technet.microsoft.com/en-us/library/cc770413.aspx

QUESTION NO: 92
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all workstations run Windows Vista.
The Active Directory domain has a top level OU named ABCStaff that contains three OU��s named ABCMan, ABCPerm, and ABCTemp. ABCMan hosts the user accounts of ABC.com's managers, ABCPerm hosts the user accounts of ABC.com's permanent staff, and ABCTemp host the user accounts of ABC.com's temporary staff.
ABCStaff has previously been configured in such a way that the Group Policy object (GPO) settings applied to it also affects members of the ABCMan OU.
You have been instructed to make sure that ABCMan OU will not be affected when GPO settings are applied to ABCStaff.
Which of the following actions should you take?
A. You should consider configuring the ABCPerm OU to make use of the Microsoft Multipath I/O.
B. You should consider configuring the ABCStaff OU to have the Block Policy Inheritance setting enabled.
C. You should consider configuring the ABCMan OU to have the Block Policy Inheritance setting enabled.
D. You should consider making use Netsh tool.
Answer: C Explanation: You need to use Block Policy Inheritance on the OU of the TestManagers. This will not affect TestManagers OU��s user accounts. This will blocks Group Policy Objects that apply higher in the Active Directory hierarchy. However, if No Override setting is enabled, it will not block the GPOs.
Reference: Inheriting a Meager Comprehension of Policy Inheritance
http://www.informit.com/guides/content.aspx?g=windowsserver&seqNum=60


QUESTION NO: 93
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 installed and all workstations have either Windows XP Professional or Microsoft Windows Vista installed.
ABC.com has informed you of their intention to enter into a working partnership with a company, named Weyland Industries, which has an Active Directory domain named weylandindustries.com. The domain controllers in the weylandindustries.com domain have Windows Server 2008 installed.
As a result, ABC.com has released a written security policy that prohibits the printing of classified documents, or forwarding these classified documents to recipients that are not trusted. The new policy also states that Weyland Industries users should not be able to access classified data if they do not have the necessary permissions. Furthermore, the management of the Weyland Industries users should require as little administrative effort as possible. Lastly, the network traffic between the two organizations should be handled by port 443.
You need to devise a solution that adheres to the new policy.
Which combination of the following actions should you take? (Choose two.)
A. You should consider starting a federated trust between ABC.com and Weyland Industries.
B. You should consider configuring Credential Roaming.
C. You should consider installing a Windows Server 2008 server that runs Microsoft Office SharePoint Server 2007, and has the Active Directory Rights Management Services (AD RMS) role installed.
D. You should consider configuring NTFS permissions on the Active Directory database.
E. You should consider installing a Windows Server 2008 server with the Windows SharePoint Services role installed.
Answer: A,C Explanation: You need to install the install a Windows Server 2008 server that runs Microsoft Office SharePoint Server 2007 and that has the Active Directory Rights Management Services (AD RMS) role installed. This will adhere to the CIO criteria. When you use federation trust, it will allow you to extend Active Directory to share resources securely in a B2B environment. Active Directory Rights Management Services (AD RMS) work in conjunction with AD RMS-enabled applications to help protect digital information from unauthorized use. The use of Office SharePoint Server 2007 will allow ABC.com and Weyland Industries to work together on documents by posting it to an Office SharePoint Server 2007 site.

Reference: Window Server 2003 R2, what��s new with Active Directory? / Federation Trust
http://www.windowsnetworking.com/articles_tutorials/Window-Server-2003-R2-New-Active-Directory.html
Reference: Windows Server 2008: Active Directory Rights Management Services (AD RMS)
http://www.keepingitreal.nu/2008/07/windows-server-2008-active-directory_7307.html
Reference: Deploying Active Directory Rights Management Services with Microsoft Office SharePoint Server 2007 Step-By-Step Guide
http://technet.microsoft.com/en-us/library/cc753046.aspx

QUESTION NO: 94
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers, including domain controllers, on the ABC.com network have Windows Server 2008 installed and all workstations have Microsoft Windows Vista installed.
You have received instructions to make sure that a report on the status of software updates for the Windows Vista workstations is created on a monthly basis. The report should show the operating system and Microsoft application updates that have been successfully and unsuccessfully installed.
You need to devise a suitable solution that is cost effective, and requires as little administrative effort as possible.
Which combination of the following actions should you take? (Choose two.)
A. You should consider installing Windows Deployment Services (WDS).
B. You should consider making use of Windows Software Update Services (WSUS) 3.0.
C. You should consider installing the management agents on all workstations.
D. You should consider making use of a Group Policy object (GPO) to set up Windows Update.
E. You should consider making use of Network Policy Server (NPS) on the workstations.
Answer: B,D Explanation: You need to use Windows Software Update Services (WSUS) 3.0 and set up Windows Update by using a Group Policy object (GPO). Doing this will give the desired effect. You can use group policies to configure automatic updates. You also need to use the Windows Software Update Services (WSUS) 3.0 to generate reports.

Reference: Microsoft Windows Server Update Services
http://www.auckland.ac.nz/security/MicrosoftWSUSGuidelines.htm

QUESTION NO: 95
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com has its headquarters in London and two satellite offices in Paris and Milan. The Paris and Milan offices are linked to each other via a WAN connection. Each satellite office has a file server that hosts data for that office.
You have been instructed to make sure that data hosted on the file servers are accessible to both the Paris and Milan offices. You also have to make sure that the files on either file server remains accessible to users, even in the event of the WAN connection failing.
You are then informed that your solution should provide for a reduction in the utilization of network bandwidth.
Which of the following actions should you take?
A. You should consider installing AD RMS.
B. You should consider making use of the ServerManagerCMD tool on both the servers
C. You should consider making use of Distributed File System Replication (DFSR) on the file servers in the Paris and Milan offices.
D. You should consider installing a Windows Server 2008 Datacenter Edition server in both offices.
Answer: C Explanation:
QUESTION NO: 96
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 Enterprise Edition installed and all workstations have Windows 7 installed.

ABC.com has two DHCP servers, named ABC-SR10 and ABC-SR11, and a single subnet that hosts 1,500 workstations. ABC.com's intranet and the Internet are connected to a router that has a single IP address on the internal interface. ABC-SR10 is configured to issue IP addresses from
192.168.10.1 to 192.168.17.255 on the 255.255.240.0 subnet mask.
You have been instructed to configure a DHCP that is fault-tolerant and supports the workstations on the subnet. You also have to make sure that, in the event of a DHCP server failure, the workstations can still obtain valid IP addresses.
Which combination of the following actions should you take? (Choose two.)
A. You should consider having a scope configured for the 192.168.10.0/26 subnet.
B. You should consider having a scope configured for the 192.168.10.0/20 subnet.
C. You should consider having the scope configured to commence at 192.168.10.1 and stop at
192.168.15.254.
D. You should consider having a scope configured for the 192.168.8.1 and stop at
192.168.15.254.
Answer: B,D Explanation:

QUESTION NO: 97
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 installed and all workstations have either Windows XP Professional or Microsoft Windows Vista installed.
You have been instructed to design a VPN solution that allows for encrypted text to be used when storing VPN passwords. Furthermore, workstations that are configured as members of a workgroup, and Suite B cryptographic algorithms should be supported. You also have to make sure that certificates can be automatically enrolled.
Which combination of the following actions should you take? (Choose all that apply.)
A. You should consider upgrading the Windows XP Professional workstations to Windows Vista.
B. You should consider making use of the Windows System Resource Manager (WSRM).
C. You should consider making use of an enterprise certification authority (CA) that is based on Windows Server 2008.
D. You should consider making use of the 64-bit version of Windows Server 2008 Datacenter Edition.
E. You should consider making use of Windows Deployment Services (WDS).

F. You should consider making use of an IPsec VPN that uses certificate-based authentication.
Answer: A,C,F Explanation: The VPN solution will allow you to store VPN passwords as encrypted text. It will also offer support for Suite B cryptographic algorithms. You need to upgrade the Windows XP Professional Service Pack 1 workstations to Windows Vista and use an enterprise certification authority (CA) that is based on Windows Server 2008. Furthermore, Windows Vista Service Pack 1 (SP1) and Windows Server 2008 ships with Suite B. Suite B contains Encryption algorithms. You need to use IPsec VPN that uses certificate-based authentication. This will support the workstations, set up as members of a workgroup and allow automatic enrollment of certificates.
Reference: Description of the support for Suite B cryptographic algorithms that was added in Windows Vista Service Pack 1 and in Windows Server 2008
http://support.microsoft.com/kb/949856
Reference: iPhone and Virtual Private Networks
(VPN)
http://images.apple.com/iphone/enterprise/docs/iPhone_VPN.pdf.


QUESTION NO: 98
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com.
The ABC.com network contains 250 servers that have Windows Server 2003 installed. All of these servers make use of 64-bit hardware. The ABC.com workstations either have Windows XP Professional, or Windows Vista installed.
You have received instructions from the CIO to combine the 250 servers into 50 Windows Server 2008 servers. Your configurations should allow for the use of the current hardware and software, and also the use of 64-bit child virtual machines. You have also been informed that you should make the most of the resource utilization and prevent services from being integrated on the 50 Windows Server 2008 servers.
Which of the following actions should you take?
A. You should consider installing the Hyper-V feature on 50 Windows Server 2008 servers and change the servers into virtual machines.

B. You should consider installing the Windows System Resource Manager (WSRM).
C. You should consider installing a two-node failover cluster after consolidating services across to the 50 Windows Server 2008 servers.
D. You should consider making use of a 64-bit version of Windows Server 2008 Datacenter Edition. You should thereafter change the physical machines into virtual machines.
Answer: A Explanation: You need to change the servers to virtual machines. By doing this, you will comply the needs of the CIO. With the Hyper-V feature you will be able to use the Physical-to-Virtual (P2V) Conversion Wizard and creating a virtual version of a physical server. It also have other features such as creating images of physical hard disks, preparing the images for use in a VM, and creating the final VM.
Reference: Virtual Machine Manager 2008 Supports Hyper-V / Other Features
http://www.directionsonmicrosoft.com/sample/DOMIS/update/2008/07jul/0708vmm2sh.htm

QUESTION NO: 99
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 installed and all workstations have Windows Vista installed.
The ABC.com network contains 8 servers configured as file servers. You have been given the task of monitoring these files servers. Your monitoring solution should allow for notification e-mails to be sent when the available free space has reached a pre-defined level. Your solution should also include the use of quotas for file storage.
Which of the following actions should you take?
A. You should consider setting up the File Server Resource Manager (FSRM) role service. You should also set up Quota Management and Storage Reports Management.
B. You should consider setting up folder redirection and Event Subscriptions
C. You should consider setting up Shared Folders permissions.
D. You should consider setting up Windows System Resource Manager (WSRM) feature and Performance Monitor alerts
Answer: A Explanation: You need to set up the File Server Resource Manager (FSRM) role service, Quota Management and Storage Reports Management. You can set the also the size that it does not exceeds 500 MB. Furthermore, you can create a File Screen to stop users from saving of video/audio files to a share.

Reference: The Basics of Windows Server 2008 FSRM (File Server Resource Manager)
http://blogs.technet.com/josebda/archive/2008/08/20/the-basics-of-windows-server-2008-fsrm-file-server-resource-manager.aspx

QUESTION NO: 100
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2003 installed and all workstations have Windows Vista installed.
The ABC.com network contains two servers named ABC-SR10 and ABC-SR11. ABC-SR10 has a 32-bit version of Windows Server 2003 installed, while ABC-SR11 has a 64-bit version installed. Both servers has an application installed, named TestApp1 and TestApp2, respectively. The two applications require their respective operating systems to function properly.
You have been instructed move the applications to a server running Windows Server 2008. To keep costs to a minimum, you want to make use of a single server, and make use of Hyper-V feature on the server before installing the applications on separate child virtual machines.
Which of the following actions should you take?
A. You should consider installing a 64-bit version of Windows Server 2008 Enterprise Edition on the new server.
B. You should consider installing a 32-bit version of Windows Server 2008 Enterprise Edition on the new server.
C. You should consider installing a 64-bit version of Windows Server 2008 Standard on the new server.
D. You should consider installing a 32-bit version of Windows Server 2008 Enterprise Edition on the new server.
Answer: A Explanation:
QUESTION NO: 101
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 installed and all workstations have Windows Vista installed.

You have received instructions to make sure that ABC.com's users have the ability to work together on files. You have been informed that your solution should allow for ABC.com's remote users to access files via a Web browser, as well as allow for the use of full-text indexing for user content. You solution should also allow for the use of permissions to promote a secure access to files. Furthermore, you have to make sure that, in the event of ABC.com expanding, more Web servers can be in the solution.
Which of the following actions should you take?
A. You should consider making use of Windows System Resource Manager (WSRM).
B. You should consider making use of folder redirection.
C. You should consider making use of an adml file.
D. You should consider making use of OU should consider making use of Microsoft Office SharePoint Server 2007.
Answer: D Explanation: You need to use Microsoft Office SharePoint Server 2007. This will allow the users to collaborate. Microsoft Office Office SharePoint Server 2007 is used to facilitate collaboration, provide content management features and implement business processes.
Reference: Introduction to Microsoft Office SharePoint Server 2007
http://office.microsoft.com/en-us/sharepointserver/HA101732171033.aspx
Reference: Search in Microsoft. Office SharePoint. Server 2007
Evaluation Guide
http://office.microsoft.com/download/afile.aspx?AssetID=AM102140171033


QUESTION NO: 102
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 R2. Half the workstations run Windows Vista, and the rest run Windows 7.
You have previously created separate organizational units (OUs) for the Sales, Products and Marketing departments. You now need to make sure that the Products OU remain unaffected when settings are applied to GPOs linked to the ABC.com domain. You also have to make sure that the amount of GPOs and OUs used are kept to a minimum.
Which of the following actions should you take?

A. You should consider making use of block inheritance on the Products OU.
B. You should consider creating an ADMX file.
C. You should consider making use of a DFS Namespace.
D. You should consider making use of a custom network profile.
Answer: A Explanation: You need to use the block inheritance on Products. Doing this, you will be able to blocks Group Policy Objects that apply higher in the Active Directory hierarchy of sites, domains, and organizational units.
Reference: Inheriting a Meager Comprehension of Policy Inheritance
http://www.informit.com/guides/content.aspx?g=windowsserver&seqNum=60

QUESTION NO: 103
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server 2000 and the domain controllers are running Windows Server 2008.
ABC.com has its headquarters in Chicago and quite a few satellite offices in the region. The storage location of the servers in the satellite offices is currently not secured. As a result, you are preparing to make use of Windows BitLocker Drive Encryption (BitLocker) on the servers in the satellite offices.
Which of the following is TRUE with regards to Windows BitLocker Drive Encryption? (Choose all that apply.)
A. BitLocker uses the TPM to help to protect the Windows operating system and user data, and also helps to ensure that a computer is not tampered with, even if it is left unattended, lost, or stolen.
B. BitLocker can only be configured on servers that have a Trusted Platform Module (TPM) microchip installed.
C. BitLocker requires a minimum of one NTFS, and one FAT32 drive partitions
D. BitLocker encrypts all data stored on the Windows operating system volume.
Answer: A,D Explanation:
QUESTION NO: 104

You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network, including domain controllers, have Windows Server 2008 R2 installed and all workstations have Windows Vista installed.
ABC.com has its headquarters in Chicago and a satellite office in Dallas, which are configured as separate Active Directory sites.
You have received instructions to alter ABC.com's DNS to make sure that, in the event of a server failure, the DNS service remains accessible. You should also make sure that synchronization data between the DNS servers are encrypted and that the DNS servers support dynamic updates.
Which combination of the following actions should you take? (Choose two.)
A. You should consider making use of a RODC installation media using ntdsutil ifm on a domain controller in the Chicago office.
B. You should consider configuring a domain controller in each office as a DNS server.
C. You should consider deploying 64-bit version of Windows Server 2008 Datacenter Edition on two new servers.
D. You should consider setting up the DNS to use Active Directory integrated zones.
E. You should consider making use of Windows System Resource Manager (WSRM)in the Dallas office.
F. You should consider deploying the Network Access Protection (NAP) in the Chicago office.
Answer: B,D Explanation: You should consider installing the DNS server role on a domain controller in the Chicago office and on a domain controller in the Dallas office. You should then configure DNS to use Active Directory integrated zones. This will allow availability in an event of a server failure and the encryption of synchronized data between the DNS servers. If the domain controllers are hosting the DNS, it will store the zones in the Active Directory. Because the zones are replicated, the Active Directory will also be replicated.
Reference: Active Directory-Integrated Zones
http://technet.microsoft.com/en-us/library/cc772746.aspx

QUESTION NO: 105
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.

ABC.com has 20 servers that are configured to host their databases. You have previously created an OU, named ABC_Base, and configured it to host the computer accounts of the 20 database servers. You have also created and configured an OU, named ABC_Ad, to host the user accounts of the administrators that manage the databases. ABC.com also contains a global group, named ABC_Global, which all the database administrators are members of.
You have been informed that the database administrators should only be able to manage ABC.com's database servers.
Which of the following actions should you take?
A. You should consider having AD RMS implemented.
B. You should consider having NPAS implemented.
C. You should consider making use of the Domain Controllers organizational unit (OU), on ABC_Global.
D. You should consider having a group policy deployed to ABC_Base.
Answer: D Explanation: You need to install a group policy to ABC_Base. This will allow the database administrators to do the duty without performing administrative tasks on other servers. With a Group Policy you are allowed to centralized, Active Directory based configuration and change management of computers running Windows Server 2008, Windows Vista, Windows XP and Windows Server 2003.
Reference: Windows Server 2008 Springboard Series Part 02: Deploying and Managing Group Policy
http://71.203.223.220/files/WS08SBSprt02_GRPOL.docx

QUESTION NO: 106
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 installed and all workstations have Windows Vista installed.
ABC.com has three servers named ABC-SR11, ABC-SR12 and ABC-SR13, which are configured as Network Policy Servers (NPSs). ABC-SR11 has Microsoft SQL Server 2005 installed, and all three servers have Remote Authentication Dial-In User Service (RADIUS) server installed. Furthermore, ABC.com contains 20 wireless access points that are set up as RADIUS clients.

You have received instructions to devise a solution for auditing access to the wireless access points. You are informed that your solution should provide for data to be stored centrally, in a format that allows straightforward queries. You are also informed that your solution should allow for the recording of all RADIUS attributes and RADIUS vendor-specific attributes
Which combination of the following actions should you take? (Choose two.)
A. You should consider installing Microsoft Windows Reliability and Performance Monitor.
B. You should consider auditing for logon events on the ABC-SR11.
C. You should consider setting up RADIUS accounting by using SQL logging on each server
D. You should consider setting up the Windows System Resource Manager (WSRM).
E. You should consider setting up users containers.
F. You should consider forwarding all security events from ABC-SR12 and ABC-SR13 to ABC-SR11.
Answer: C,F Explanation: You need to set up RADIUS accounting by using local file logging on each server and to store the log files in an Internet Authentication Service (IAS) format on a shared folder on ABC-SR11. This will minimize the cost and comply with the criteria. When you create a new RADIUS client there is a NAP-capable check box.
Reference: What is the NAP client doing /The "RADIUS client is NAP-capable" check box
http://blogs.technet.com/nap/default.aspx

QUESTION NO: 107
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network, including domain controllers, have Windows Server 2008 installed and all workstations have Windows XP Service Pack 2 installed.
The ABC.com is made up of 15 servers and 600 workstations. One of the servers, named ABC-SR07, is configured as a Terminal server.
You have received instructions to install a new in-house application and enable desktop themes, which is a prerequisite of the application. Furthermore, the in-house application should only be accessible from any workstation to users that have the necessary permissions.
You also need to make sure that the amount of modifications on the workstations, as well as the costs is kept to a minimum.

Which combination of the following actions should you take? (Choose two.)
A. You should consider installing the Remote Desktop Connection (RDC) 6.0 software on all workstations.
B. You should consider making use of Windows System Resource Manager (WSRM).
C. You should consider making use of Windows Deployment Services (WDS).
D. On ABC-SR07, select the Desktop Experience feature and install the application.
E. You should consider making use of Microsoft System Center Configuration Manager (SCCM).
Answer: A,D Explanation: You need to install the Remote Desktop Connection (RDC) 6.0 software to the workstations. You also need to select the Desktop Experience feature on the terminal server and install the application on the terminal server. This will lower the cost and comply with the criteria.
Reference: Terminal Services Core Functionality / Desktop Experience/ Single sign-on
http://technet.microsoft.com/en-us/library/cc753097.aspx#BKMK_RDC

QUESTION NO: 108
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 installed and all workstations have Windows Vista installed.
ABC.com has numerous servers that are configured to run the File Services server role, and have two volumes configured for the operating system and data files respectively.
You have received instructions to devise a solution that allows for the recovery of the operating system, as well as the data files. You are also informed that normal operations should not be disrupted by the recovery process, which should take as little time as possible to complete.
Which of the following two actions should you take? (Choose two.)
A. You should consider creating a System Performance Data Collector Set.
B. You should consider making use of Windows Server Backup feature.
C. You should consider making use of use Windows System Resource Manager (WSRM) on the new server.
D. You should consider making use of use Windows Complete PC Restore.
E. You should consider making use of Folder redirection.

Answer: B,D Explanation: You need to use the use Windows Server Backup feature and the Windows Complete PC Restore. The Windows Complete PC Restore you to recover your entire system.
Reference: Windows Complete PC Backup and Restore
http://www.microsoft.com/singapore/windows/products/windowsvista/features/details/completepcb ackup.mspx

QUESTION NO: 109
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. ABC.com's domain controllers have Windows Server 2008 installed, their network servers have Windows Server 2003 installed, and the workstations have Microsoft Windows Vista installed.
Eight of the network servers are configured as Terminal Servers. ABC.com also has a server, named ABC-SR20, which has Microsoft Internet Security and Acceleration (ISA) Server 2006 installed and is configured as a firewall server.
You have been instructed to configure remote access for ABC.com's terminal servers. Your configurations should allow for the use of fewer ports on the firewall, as well as the use of encryption on all connections to the terminal servers. You also have to make sure that specified users are not allowed access.
Which of the following actions should you take? (Choose two.)
A. You should consider upgrading one of the network servers to Windows Server 2008.
B. You should consider installing Windows Server 2008 Datacenter Edition.
C. You should consider making use of use Microsoft System Center Configuration Manager (SCCM).
D. You should consider setting up the Terminal Services Gateway (TS Gateway) role and a Terminal Services connection authorization policy (TS CAP) on the upgraded server.
E. You should consider creating an ADMX file.
Answer: A,D Explanation: You need to upgrade a Windows Server 2003 server to Windows Server 2008 and set up the Terminal Services Gateway (TS Gateway) role and a Terminal Services connection authorization policy (TS CAP) on it. TS Gateway allows the connection to internal Terminal servers and RDP-enabled machines from the outside.

Reference: Creating a Secure and Auditable Remote Access and Management Environment / Remote access and management of servers from a remote network via a dedicated RDP gateway
http://www.petri.co.il/creating-secure-auditable-remote-access-management-environment-windows-server-security.htm
Reference: TS Gateway Server Configuration
http://technet.microsoft.com/en-us/library/cc727371.aspx
Reference: Configuring the Windows Server 2008 Terminal Services Gateway (Part 2)
http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Terminal-Services-Gateway-Part2.html

QUESTION NO: 110
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com contains numerous servers that have the File Services server role installed.
You have received instruction from the CIO to come up with a solution that allows for data recovery with little or no effect to the performance of the servers. The solution should provide for the execution of daily backups of data volumes, while also allowing employees to retrieve earlier versions of the data without any assistance. You are also informed that your solution should allow for the restoration of specific data in the event of a server failure.
Which of the following actions should you take? (Choose two.)
A. You should consider executing a daily backup to an external storage device by making use of Windows Server Backup.
B. You should consider making use of the File Server Resource Manager (FSRM) to perform a daily backup.
C. You should consider making use of the Network Device Enrollment Service (NDES).
D. You should consider enabling shadow copies for the volumes that host shared employee data, before having it stored on a different disk.

Answer: A,D Explanation:
QUESTION NO: 111
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com has its headquarters in Chicago and a satellite office in Dallas. Administrators in the Dallas office are responsible for administering the workstations and servers located in the Dallas office. The user accounts for these administrators reside in a global group named Test_adm.
The Dallas office has a Read-only Domain Controller (RODC), which is currently being administered from the Chicago office. In a bid to delegate control of the RODC, you have been instructed to make sure that the Test_adm group only has permissions to manage, replace device drivers, and install updates for the operating system on the RODC. The Test_adm group should not be allowed to make changes to the Active Directory objects.
Which of the following actions should you take?
A. You should consider making Test_adm a member of the Administrators local group on the RODC.
B. You should consider making use of the Internet Protocol security (IPsec) for the Server Operators domain local group.
C. You should consider making use of the Hyper-V feature for a new OU.
D. You should consider making use of Credential Roaming on the computer object of the RODC.
Answer: A Explanation: The best option is to add Test_adm on RODC��s Administrators local group. The Administrators local group provides administrative access to an individual computer or a single domain. To be an administrator to administrate computers or domains, you need to add them to the Administrators local group.
Reference: Using Default Group Accounts
http://technet.microsoft.com/en-us/library/bb726982.aspx
Reference: Securing the Local Administrators Group on Every Desktop
http://www.windowsecurity.com/articles/Securing-Local-Administrators-Group-Every-Desktop.html



QUESTION NO: 112
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. The ABC.com network servers run Windows Server 2008 and the workstations run Microsoft Windows Vista.
ABC.com has purchased a new server, named ABC-SR15, which includes five internal SCSI hard disks connected to an on-board SCSI controller. ABC-SR15 will have Windows Server 2008 and the File Services server role installed.
You have been instructed to make sure that user data and operating system data are stored separately. You are then informed that data storage should be maximized, without incurring added costs. You also have to make sure that the integrity of the data is kept and that the OS starts successfully, even if a disk becomes corrupt.
Which two of the following actions should you take? (Choose two.)
A. You should consider assigning three disks to a single RAID 5 volume for the user data.
B. You should consider configuring a WSUS server to use a RAID 5 array.
C. You should consider assigning two disks to a mirrored volume for the operating system data.
D. You should consider making use of the Delegation of Control Wizard.
E. You should consider assigning three disks to a mirrored volume for the operating system data.
F. You should consider making use of a two-node failover cluster.
Answer: A,C Explanation: You need to assign three disks to a single RAID 5 volume for the user data. You also need to assign two disks to a mirrored volume for the operating system data. RAID 5 is the most powerful form of RAID that can be found in a desktop computer system. Two disks to a mirrored volume will provide a simple form of redundancy for data.
Reference: What is RAID?
http://compreviews.about.com/od/storage/l/aaRAIDPage1.htm

QUESTION NO: 113
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 installed and all workstations have Windows Vista installed.

ABC.com has its headquarters in London and an office in Paris. The English language version of Windows Vista is installed in the London office and the Paris office uses the French version of Windows Vista.
You have received instructions to make use of a Group Policy object (GPO) to apply custom application settings that enables administrators to edit the GPO with their respective language. You also have to make sure that the least amount of GPOs is installed.
Which of the following actions should you take?
A. You should consider setting up roaming user profiles.
B. You should consider using an Active Directory-integrated zone.
C. You should consider Background Intelligent Transfer Service (BITS) settings site to the Paris office.
D. You should consider setting up ADMX and ADML files, prior to the GPO being set up and linked to the ABC.com domain.
Answer: D Explanation: You need to set up ADMX and ADML files and then set up and link the GPO to the ABC.com domain. This will allow the administrators to edit and view the GPO in their own language. The ADMX file is language neutral. Furthermore, they are stored in .adml files. Furthermore, the ADMX files and the ADM files only templates.
Reference: Group Policy templates in Windows Vista: ADMX files replace ADM files
http://4sysops.com/archives/group-policy-templates-in-windows-vista-admx-files-replace-adm-files/

QUESTION NO: 114
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. The servers on the ABC.com network run Windows Server 2008 and all workstations run Windows XP Professional.
ABC.com's Marketing, Sales, and Finance departments are located in different buildings. You have received instruction to add a Read-only Domain Controller (RODC) in each of the departments.
You must make sure that log on details are not part of the RODC's installation files, and that bandwidth usage during the first AD-DS synchronization is kept as low as possible.
You start by constructing an RODC in each department. You have to make sure that your tasks are suitably completed.

Which of the following actions should you take?
A. You should consider making use of the adprep /rodcprep command to create an RODC installation media.
B. You should consider making use of the adprep /forestprep command to create an RODC installation media.
C. You should consider making use of the ntdutil imf command to create an RODC installation media.
D. You should consider making use of the dcpromo command to create an RODC installation media.
Answer: C Explanation: An installation media can be created by using a new ntdsutil ifm subcommand. Furthermore, it is used to remove cached secrets from the AD DS database. This will make the installation of the read-only domain controller (RODC) more secure.
Reference: Steps for Deploying an RODC/ Optional: Install RODC from media
http://technet.microsoft.com/en-us/library/cc754629.aspx

QUESTION NO: 115
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory forest that contains two domains named ABC.com and us.ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
You have been informed that a ABC.com domain user, named Mia Hamm, requires access to an organizational unit (OU) named ABC_Data to perform administrative tasks. ABC_Data, however, resides in us.ABC.com domain. Mia Hamm's administrative tasks will include creating and setting up Group Policies (GPOs) in the us.ABC.com, before linking the GPOs to ABC_Data.
You have been instructed to assign Mia Hamm the minimum permissions required to complete her tasks.
Which two of the following actions should you take? (Choose two.)
A. You should consider making use of the ServerManagerCMD tool on us.ABC.com.

B. You should consider making use of the Delegation of Control Wizard on ABC_Data.
C. You should consider enabling caching in the us.ABC.com.
D. You should consider changing the permissions of the Group Policy Objects container in us.ABC.com by using the Group Policy Management Console.
E. You should consider deploying AD RMS in ABC.com.
F. You should consider including Mia Hamm in the Account Operators group.
G. You should consider creating an ADMX file on the ABC_Data.
Answer: B,D Explanation: You need to use the Delegation of Control Wizard on ABC_Data. You also need to change the permissions of the Group Policy Objects container in us.ABC.com. To delegate the administrative rights over ABC_Data, you need to use the Delegation wizard and run it on ABC_Data.
Reference: Default security concerns in Active Directory delegation
http://support.microsoft.com/kb/235531

QUESTION NO: 116
You work as the Enterprise administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. The functional level of the servers is set to Windows Server 2008 R2.
ABC.com has a Marketing, Sales, and Finance department that has a domain controller configured as a DHCP Server, and a file server each.
A new ABC.com policy states that administrators in each department should only be allowed to administer the DHCP scope in their respective departments, and that administrative effort should be kept to a minimum.
You have to make sure that the new policy is adhered to.
Which of the following actions should you take? (Choose all that apply.)
A. You should consider migrating the DHCP server role to each of the file servers.
B. You should consider assigning the administrators in each department Full Administrative rights across the network.
C. You should consider making the administrators in each department to the DHCP Administrators local group on the file servers in their respective departments.
D. You should consider creating Multiple Activation Key (MAK) Independent Activation in the AD domain.

Answer: A,C Explanation: You need to migrate the DHCP Server role to the file server in each branch office and to add the branch office administrator to the DHCP Administrators local group, on each file server. If you add the branch office��s administrators to the DHCP Administrators local group, they will not be able to administer on the other branch offices.
Reference: DHCP Server Security (Part 2)
http://www.windowsecurity.com/articles/DHCP-Security-Part2.html

QUESTION NO: 117
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network has Windows Server 2008 installed and all workstations have Windows XP Professional installed.
You have been informed that ABC.com is planning to install 100 new Windows Server 2008 servers, of which a certain number includes 64-bit hardware, and the rest includes 32-bit hardware. You have also been informed that Pre-Boot Execution Environment (PXE) is supported by all of these servers. ABC.com has a version of Windows Server 2008 (64-bit) server, named ABC-SR24, which is configured as a DHCP server and only issues IPv4 addresses.
You have received instructions to make sure that the deployment process is automated, whilst ensuring that costs are kept to the minimum.
Which of the following actions should you take?
A. You should consider making use of Multiple Activation Key (MAK) Independent Activation on ABC-SR24.
B. You should consider making use of ntdsutil imf on both a 64-bit, and a 32-bit server.
C. You should consider installing Windows Deployment Services (WDS) on ABC-SR24.
D. You should consider making use of Microsoft Multipath I/O supported.
Answer: C Explanation: You need to use ABC-SR24 and install the Windows Deployment Services (WDS) on it. This will then allow you to automate the installation and to minimize the hardware cost. Furthermore, ABC-SR24 should have an active scope so that the Windows Deployment Services uses PXE.
Reference: Installing Windows Deployment Services

http://technet.microsoft.com/en-us/library/cc771670.aspx

QUESTION NO: 118
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network has Windows Server 2008 installed and all workstations have Windows XP Professional installed.
The ABC.com network consists of 500 servers located at their headquarters. When ABC.com decides to expand by setting up a satellite office, you are instructed to relocate 100 of the existing servers to the new office.
You have to make sure that the IP addresses of the servers in the new office are suitably adapted with as little administrative effort as possible.
Which of the following actions should you take?
A. You should consider making use of a Microsoft Application Compatibility Toolkit (ACT) to do the necessary changes.
B. You should consider making use the Netsh utility from the command prompt on your workstation.
C. You should consider making use the ServerManagerCMD utility from the command prompt on your workstation.
D. You should consider installing Remote Server Administration Tools (RSAT) to modify the servers in the new branch.
Answer: B Explanation: The best option is to use the Netsh tool to make the changes to the servers that was moved to the new branch. When you are using the Netsh tool, you will be able to change the static IP address to DHCP. You can also change the entire Layer-3 configuration. This will then allow you to work with the networks that have no DHCP but laptops that connect to quite a few networks.
Reference: 10 things you should know about the NETSH tool
/ #4: Using NETSH to dynamically change TCP/IP addresses


QUESTION NO: 119
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. The ABC.com network servers run Windows Server 2008 and the workstations run Microsoft Windows Vista.
ABC.com has three servers named ABC-SR11, ABC-SR12 and ABC-SR13, which are configured as Network Policy Servers (NPSs) and have Remote Authentication Dial-In User Service (RADIUS) server installed. Furthermore, ABC.com contains 20 wireless access points that are set up as RADIUS clients.
You have received instructions to devise a solution for auditing access to the wireless access points. You are informed that your solution should provide for data to be stored centrally, and include all RADIUS attributes and all RADIUS vendor-specific attributes.
You have to make sure that your solution does not incur any unnecessary expenses.
Which combination of the following actions should you take? (Choose two.)
A. You should consider installing Microsoft Windows Reliability and Performance Monitor.
B. You should consider auditing for logon events on the one of the servers.
C. You should consider setting up RADIUS accounting by using local file logging on each server
D. You should consider setting up the Windows System Resource Manager (WSRM).
E. You should consider setting up users containers.
F. You should consider storing the log files in an Internet Authentication Service (IAS) format on a shared folder on the one of the servers.
Answer: C,F Explanation: You need to set up RADIUS accounting by using local file logging on each server and to store the log files in an Internet Authentication Service (IAS) format on a shared folder on the one of the servers. This will minimize the cost and comply with the criteria. When you create a new RADIUS client there is a NAP-capable check box.
Reference: What is the NAP client doing /The "RADIUS client is NAP-capable" check box
http://blogs.technet.com/nap/default.aspx

QUESTION NO: 120
You work as the network administrator at ABC.com. All servers on the ABC.com network have Windows Server 2000 installed.

ABC.com has four servers that each runs a different third party application. When ABC.com informs you of their intention to upgrade the servers to Windows Server 2008, you discover that the applications are not suitable to run on the Windows Server 2008 operating system, or be installed together on the same machine either. You notice that the each application uses up a minimal amount of the processor resources.
You are instructed to make sure that the servers have windows server 2008 installed and that the applications are still available for use. You are also informed that your solution should keep expenses to a minimum.
Which two of the following actions should you take? (Choose two.)
A. You should consider installing Windows Server 2008 Enterprise Edition on a new server.
B. You should consider installing Windows Server 2008 Datacenter Edition server on a new server.
C. You should consider installing a 64-bit version of Windows Server 2008 Enterprise Edition on a new server.
D. You should consider installing a two-node failover cluster on the new server.
E. You should consider installing Microsoft Virtual Server 2005 R2 on the new server.
F. You should consider installing Hyper-V feature on the new server and setting up four child virtual machines.
Answer: A,F Explanation: The best option is to install a server that runs Windows Server 2008 Enterprise Edition and install the Hyper-V feature on the Windows Server 2008 server and set up three child virtual machines. This will minimize the cost. Furthermore, the Hyper-V feature contains an application virtualization. This will help with the isolation of the application running environment from the operating system.
Reference: Windows Server 2008 Hyper-V Product Overview �C An Early look
Application Virtualization
http://download.microsoft.com/download/4/2/b/42bea8d6-9c77-4db8-b405-6bffce59b157/WS08%20Virtualization%20Product%20Overview.doc
question wording not sure seems too similar.
QUESTION NO: 121

You work as the network administrator at ABC.com. The ABC.com network has an Active Directory forest named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com has its headquarters in London and branch offices in Madrid and Paris. The London office contains a Windows Server Update Services (WSUS) server, named ABC-SR12, which is configured to distribute updates to the workstations at the London office. The branch offices have a dedicated WAN connection that links them to the London office.
You have received instructions to set up a patch management solution that allows for a reduction in WLAN traffic between the branch offices and the Internet, while also allowing branch offices to receive updates from the London office.
Which of the following actions should you take? (Choose two.)
A. You should consider setting up and linking the Group Policy objects (GPOs) to the OUs.
B. You should consider installing a WSUS server in the Paris and Madrid offices.
C. You should consider making use of Microsoft SQL Server 2005 in the Paris and Madrid offices.
D. You should consider making use of Terminal Services at the London office.
E. You should consider setting up the WSUS servers as a replica of ABC-SR12.
Answer: B,E Explanation:
QUESTION NO: 122
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
The Active Directory domain has a top-level OU named KingEmployees that includes an OU named TestManagers and an OU named TestUsers.
TestManagers is configured to host the user accounts of all ABC.com's managers, as well as the Marketing, Sales and Finance global groups. TestUsers is configured to host the user accounts of the rest of ABC.com's staff.
After creating a new GPO, named ABCStaff, and linking KingEmployees to it, you received complaints from the members of the Marketing global group stating that they cannot use the run command from the Start menu. You perform an analysis and determine that the settings configured for the ABCStaff GPO is the root of the problem.

You have to make sure that problem is suitably resolved.
Which of the following actions should you take?
A. You should consider setting up Shared Folders permissions for the Marketing global group.
B. You should consider making use of Credential Roaming on TestManagers.
C. You should consider setting up Group Policy filtering on the ABCStaff GPO for the Marketing global group.
D. You should consider setting up a new Starter GPO.
Answer: C Explanation: You need to set up Group Policy filtering on ABCStaff for the Marketing global group. This will allow the Marketing global group to use the run command. On the Group Policies there is no search option for specific policy settings.
Reference: Group Policy related changes in Windows Server 2008 - Part 2: GPMC Version 2 Filtering to search
http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part2.html


QUESTION NO: 123
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 installed and all workstations have either Windows XP Professional or Microsoft Windows Vista installed.
You have previously configured an organizational unit (OU), named Test_User, to host ABC.com's user accounts. You have also configure a global group, named Test_Adm.
You have to make sure that members of Test_Adm are able to set up user accounts, but not reset passwords in Test_User. Test_Adm should also have the ability to modify address, telephone and location attributes.
Which of the following actions should you take?
A. You should consider making use of the Delegation of Control Wizard on Test_User.
B. You should consider installing a subordinate CA.
C. You should consider creating an Active Directory-integrated zone.

D. You should consider setting up Secure Socket Tunneling Protocol (SSTP) to the Account Operators group.
Answer: A Explanation: You need to use the Delegation of Control Wizard on Test_User. This will comply with the CIO��s instructions. You will be able to facilitate the delegation of administrative rights over containers. This control wizard will also offer additional level of granularity allowing for custom-built tasks.
Reference: Default security concerns in Active Directory delegation
http://support.microsoft.com/kb/235531

QUESTION NO: 124
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers, including domain controllers, on the ABC.com network have Windows Server 2008 installed and all workstations have Windows Vista and Microsoft Office Outlook 2007 installed.
The ABC.com network has three file servers, of which one is configured as a database server and two are configured as Microsoft Exchange Server 2007 servers. The database server is accessible via TCP port 47182.
You have been instructed to make sure that ABC.com's mobile users are able to access the ABC.com network remotely. However, the mobile users only support the use of HTTP and HTTPS for Internet access.
Your solution should allow for the database server, as well as e-mail and file resources on the network to be accessible. Your solution should also provide for secure network connections.
Which combination of the following actions should you take? (Choose two.)
A. You should consider upgrading all workstations to Windows Vista Service Pack 1.
B. You should consider making use of Outlook Anywhere for Exchange Server 2007.
C. You should consider installing Connection Manager Administration Kit (CMAK) profiles to the workstations
D. You should consider making use of a VPN solution that uses Layer Two Tunneling Protocol (L2TP).
E. You should consider making use of a VPN solution that uses Point-to-Point Tunneling Protocol (PPTP).

F. You should consider making use of a VPN solution that uses Secure Socket Tunneling Protocol (SSTP).
Answer: A,F Explanation: You need to upgrade all workstations to Windows Vista Service Pack 1. The next step is to use a VPN solution that uses Secure Socket Tunneling Protocol (SSTP). This will comply with the CIO��s instructions. Windows Vista Service Pack 1 ships with a new VPN technology called Secure Socket Tunneling Protocol (SSTP). This will secure the remote access.
Reference: SSTP Makes Secure Remote Access Easier
http://biztechmagazine.com/article.asp?item_id=377

QUESTION NO: 125
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com has numerous Windows Server Update Services (WSUS) servers that are configured to issue updates to all ABC.com's workstations. ABC.com's remote users accesses ABC.com's internal network via a split-tunnel VPN connection from their Windows Vista laptops
You have been instructed to make sure that only approved updates are installed on the laptops, and that as little bandwidth as possible is consumed by the VPN connections. Your solution should make use of patch management.
Which of the following actions should you take?
A. You should consider installing a Microsoft Internet Information Services (IIS) server.
B. You should consider making use of Internet Protocol security (IPsec) on the internal WSUS server.
C. You should consider configuring the laptops to make use of a different WSUS server that has been configured to leave the updates on the Microsoft Update Web site.
D. You should consider making use of Windows Deployment Services (WDS) on the laptops.
Answer: C Explanation: You need to use another WSUS server for the laptops and set up the WSUS server to leave the updates on the Microsoft Update Web site. You can use the Microsoft Windows Server Update Services (WSUS) for enterprise patch management.

Reference: Deploying Microsoft Windows Server Update Services
http://www.windowsnetworking.com/articles_tutorials/Deploying-Microsoft-Windows-Server-Update-Services.html

QUESTION NO: 126
You work as the network administrator at ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed.
Due to company growth, there is a need for 3 additional file servers, which must be configured to connect to the existing Cisco switches.
You have been instructed to design a strategy that assigns the file servers storage space as required, while improving the performance and fault tolerance of the servers. Your strategy should not require any changes to the current network setup.
As part of your strategy, you upgrade the servers to Windows Server 2008 R2 Datacenter Edition. You have to make sure that your task is suitably completed.
Which combination of the following actions should you take? (Choose two.)
A. You should consider deploying the servers in a failover cluster.
B. You should consider deploying Windows Server 2008 Enterprise Edition on all servers.
C. You should consider deploying Windows Server 2008 Standard Edition on each server.
D. You should consider installing an iSCSI storage area network (SAN).
E. You should consider installing a Fibre Channel (FC) storage area network (SAN).
F. You should consider deploying the servers in a Node and File Share Disk Majority cluster.
Answer: A,D Explanation:
QUESTION NO: 127
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. The ABC.com network servers run either Windows Server 2003 or Windows Server 2008 and the workstations run Microsoft Windows Vista.
ABC.com contains a Windows Server Update Services (WSUS) server named ABC-SR10 that is used to get updates online from the from the Microsoft Update Web site. Subsequent to the implementation of a secure network, it is reported that ABC-SR10 and the Internet has become inaccessible to ABC.com's users.

You have been instructed to make sure that updates are available to the other systems on the network, by making use of a patch management solution.
Which combination of the following actions should you take? (Choose two.)
A. You should consider having a WSUS server installed on the secure network.
B. You should consider making use of the Internet Protocol security (IPsec) from the Microsoft Update Web site
C. You should consider making use of the Terminal Services Gateway on the secure network.
D. You should consider copying the update metadata, as well as the WSUS content from ABC-SR10 to the WSUS server on the secure network.
E. You should consider installing Windows Server 2008 Datacenter Edition on a WSUS server.
Answer: A,D Explanation: You need to install a WSUS server on the secure network and use ABC-SR10 and copy the update metadata and the WSUS content to the WSUS server on the secure network. This will allow you to use a patch management strategy to install the updates to thee other systems on the network
Reference: Advanced Deployment Options / Offline Updates
http://www.wsuswiki.com/AdvDeployOptions


QUESTION NO: 128
You work as the Enterprise administrator at ABC.com. The ABC.com network has an Active Directory forest that contains two domains named us.ABC.com and uk.ABC.com. The functional level of the forest is set at Windows Server 2008 and the functional level for both us.ABC.com and uk.ABC.com is set at Windows Server 2008. All servers on the ABC.com network have Windows Server 2008 installed and all workstations have either Windows XP Professional or Microsoft Windows Vista installed.
The technical team at ABC.com is included in the Account Operators group and has the required permissions to change the properties of user objects in the us.ABC.com. There are often users added to, and removed from the technical team.
You have been instructed to make sure that the technical team is allowed to manage the user objects in all domains, and that the regular changes to the technical team requires as little input as possible to administer.

Which of the following actions should you take?
A. You should consider assigning the technical team��s user accounts the required permissions to run the ServerManagerCMD tool from their workstations.
B. You should consider creating a new global group and configuring it to host the technical team��s user accounts, before including the new global group in the Account Operators group for the entire forest.
C. You should consider assigning Read and Write permissions to the Account Operators group in ABC.com for user accounts in the entire forest.
D. You should consider running the 32-bit version of Windows Server 2008 Enterprise Edition on every member server in the entire forest.
Answer: B Explanation: You need to add the technical team to a new global group and add the technical team��s user accounts to the global group and to the Account Operators group in the entire forest. Doing this will lessen the administrative effort with the frequent changes. This will also allow the technical team to manage the user objects in the entire forest. Furthermore, the using of the local group will limit the account creation privileges to a user. The Account Operators can't manage the following: Administrator user account, Backup Operators, the user accounts of administrators, Account Operators, or the group accounts Administrators, Server Operators, and Print Operators.
Reference: Using Default Group Accounts
http://technet.microsoft.com/en-us/library/bb726982.aspx
Reference: Securing the Local Administrators Group on Every Desktop
http://www.windowsecurity.com/articles/Securing-Local-Administrators-Group-Every-Desktop.html

QUESTION NO: 129
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network has Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com has workstations in excess of 2,500. When ABC.com acquires some new applications, you are instructed to make sure that it is installed on ABC.com's workstations.

You have been informed that applications should only be installed on workstations that meet the hardware requirements. Furthermore, you are told that reports should be generated for the success or failure of the installation and that the installation should not take place during normal work time.
Which of the following actions should you take?
A. You should consider making use of an ADML file.
B. You should consider making use of the Microsoft System Center Configuration Manager (SCCM) 2007.
C. You should consider making use of Windows Deployment Services (WDS).
D. You should consider making use of roaming user profiles.
Answer: B Explanation: You need to use the Microsoft System Center Configuration Manager (SCCM) 2007. Microsoft System Center Configuration Manager (SCCM) 2007 enables a secure and scalable operating system and application deployment.
Reference: System Center Configuration Manager
http://technet.microsoft.com/en-us/configmgr/default.aspx
Reference: Big Efficiencies for Big Environments http://redmondmag.com/features/article.asp?editorialsid=2518

QUESTION NO: 130
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com.
You are responsible for managing a Windows Server 2008 server, named ABC-SR11, which has the DHCP services role installed.
You have been instructed to devise an unattended deployment solution that allows for the support of Windows Vista and Windows Server 2008 deployments. You also have to make sure that the PXE network card is supported on the workstations and that the amount of installed servers on the ABC.com network is kept to a minimum.
Which of the following actions should you take?

A. You should consider deploying a new server.
B. You should consider making use of Multiple Activation Key (MAK) Independent Activation.
C. You should consider making use of Key Management Service (KMS).
D. You should consider configuring ABC-SR11 to host the Windows Deployment Services (WDS) server role.
E. You should consider installing the Windows Automated Installation Kit (WAIK).
F. You should consider running the installation with the unattended command parameter specified.
Answer: D Explanation:
You need to configure the Windows Deployment Services (WDS) server role on ABC-SR11. By doing this, you will comply with the instructions of the CIO. With the Windows Deployment Services you will be able to install Windows operating systems, Windows Vista and Windows Server 2008. Furthermore, it can also be used to install new workstations by using a network-based installation.
Reference: Step-by-Step Guide for Windows Deployment Services in Windows Server 2003 / What is Windows Deployment Services?
http://technet.microsoft.com/en-us/library/cc766320.aspx#BKMK_1
Reference: Planning for PXE Initiated Operating System Deployments/ Windows Deployment Services (WDS) and DHCP
http://technet.microsoft.com/en-us/library/bb680753.aspx
question wording to be checked/changed again.


QUESTION NO: 131
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. Servers on the ABC.com network run Windows Server 2003 and all workstations run Windows Vista.
ABC.com's domain controllers have Windows Server 2008 installed. ABC.com also has a firewall server, named ABC-SR13 that has Microsoft Internet Security and Acceleration (ISA) Server 2006 installed. The Terminal Server component is currently deployed on the Windows Server 2003 servers.
You have received instructions to make sure that the open ports on the ABC-SR13 should be kept to a minimum. You also have to make sure that the remote connections to the Terminal Server servers should be encrypted and that workstations are unable access the network when the firewall disabled.

Which combination of the following actions should you take? (Choose two.)
A. You should consider upgrading one of the Windows Server 2003 servers to Windows Server 2008.
B. You should consider upgrading one of the Windows Server 2003 servers to a 32-bit version of Windows Server 2008 Enterprise Edition.
C. You should consider installing the Terminal Services Gateway (TS Gateway) role and Network Access Protection (NAP) on the upgraded server.
D. You should consider upgrading one of the Windows Server 2003 server to a 64-bit version of Windows Server 2008 Enterprise Edition.
E. You should consider making use of Trusted Platform Module (TPM) on the ISA Server.
Answer: A,C Explanation: You need to upgrade a Windows Server 2003 server to Windows Server 2008. You also need to use the Terminal Services Gateway (TS Gateway) role, and implement Network Access Protection (NAP) on the Windows Server 2008 server. Furthermore, NAP is a feature of Windows Server 2008. So you need to upgrade the Windows Server 2003 server to Windows Server 2008. The Terminal Services Gateway (TS Gateway) also enables authorized remote users to connect to resources on the network. Furthermore, the TS Gateway transmits RDP traffic to port 443.
Reference: Security and Policy Enforcement
http://www.microsoft.com/windowsserver2008/en/us/security-policy.aspx
Reference: Vista's Network Access Protection (NAP) helps keep 'unhealthy' computers off your LAN
http://articles.techrepublic.com.com/5100-10878_11-6153295.html
Reference: TS Gateway Overview
http://technet.microsoft.com/en-us/library/cc732122.aspx

QUESTION NO: 132
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all workstations run Windows Vista.

The management at ABC.com has informed you of their intention to establish a satellite office. The new satellite office will be linked to ABC.com's headquarters via a WAN link that has limited bandwidth, and will not be linked to the Internet. The management at ABC.com has also informed you that 50 Windows Server 2008 servers will be deployed in the satellite office, and will not be linked to the Internet. Furthermore, management has stipulated that the deployment and activation should be automated.
Which of the following should be implemented in the satellite office? (Choose all that apply.)
A. A DHCP server.
B. Windows System Resource Manager (WSRM).
C. Windows Deployment Services (WDS).
D. The Hyper-V feature.
E. Key Management Service (KMS).
F. Multiple Activation Key (MAK) Independent Activation.
Answer: A,C,E Explanation:
You need to use a DHCP server, and Windows Deployment Services (WDS) also use Key Management Service (KMS), in the satellite office. To activate computers against a service that you can host in your environment, you need to use the KMS. To activate the KMS host you need at least 5 Windows Server 2008 computers. To automate the Windows operating systems installation, you need the Windows Deployment Services (WDS). Furthermore, you need a DHCP server with an active scope so that WDS will use PXE.
Reference: Microsoft Product Activation
http://www.microsoft.com/licensing/resources/vol/default.mspx
Reference: Step-by-Step Guide for Windows Deployment Services in Windows Server 2003 / What is Windows Deployment Services?
http://technet.microsoft.com/en-us/library/cc766320.aspx#BKMK_1
Reference: Planning for PXE Initiated Operating System Deployments/ Windows Deployment Services (WDS) and DHCP
http://technet.microsoft.com/en-us/library/bb680753.aspx
QUESTION NO: 133

You work as the network administrator at ABC.com. The ABC.com network consists of an Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 R2. Half the workstations run Windows Vista, and the rest run Windows 7.
ABC.com has headquarters in London and branch offices in Paris, Berlin and Milan. An Active Directory domain controller is located in the London office, and also the branch offices.
You have received instructions f to make sure that the workstations register DNS names within their respective offices, have the ability to resolve names for hosts in all ABC.com's offices.
Which of the following actions should you take?
A. You should consider making use of a conditional forwarder for all the offices.
B. You should consider making use of a stub zone.
C. You should consider creating a standard primary zone for the London office and a secondary zone for the branch offices.
D. You should consider making use of an Active Directory-integrated zone at the London office.

Answer: D Explanation:
The best option is to create an Active Directory-integrated zone at the headquarters. This will allow the workstations to resolve names for hosts in all offices and to register DNS names within their respective offices. The Active Directory Integrated zones use the Active Directory instead of text files to store the zone information. The new type of Active Directory zone acts as primary zones, because it has writable copies of the zone database.
Reference: DNS Stub Zones in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html


QUESTION NO: 134
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com contains two servers named ABC-SR10 and ABC-SR11, which has a Server Core installation of Windows Server 2008 R2. ABC-SR10 and ABC-SR11 has been included in a Network Load Balancing cluster.

You have received instructions to make sure that the Network Load Balancing cluster can be managed remotely from the administrator workstations. You have also been informed that your solution allows for the support of automation.
Which of the following actions should you take?
A. You should consider enabling Multiple Activation Key (MAK) Independent Activation on the workstations
B. You should consider enabling Windows Remote Management (WinRM) on the servers
C. You should consider enabling roaming user profiles on the servers.
D. You should consider enabling Credential Roaming on the workstations.
Answer: B Explanation: The best option is to enable Windows Remote Management (WinRM) on the servers. Doing this will allow you to remotely manage the Network Load Balancing cluster via your Windows Vista workstation. WinRM is a component of the remote management application and WinRS (Windows Remote Shell) is the ��client�� for WinRM. This runs on the remote computer attempting to remotely manage the WinRM server.
Reference: Server Core Installation Option of Windows Server 2008 Step-By-Step Guide
http://technet.microsoft.com/en-us/library/cc753802.aspx#bkmk_managingservercore
Reference: How can Windows Server 2008 WinRM & WinRS help you?
http://www.windowsnetworking.com/articles_tutorials/How-Windows-Server-2008-WinRM-WinRS.html

QUESTION NO: 135
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com has headquarters in London and branch offices in Paris, Berlin and Milan. The Paris office is connected to the London office via a 3 Mbps Wan connection. The Berlin and Milan offices are connected to the London office via a 512 Mbps Wan connection.
Both the headquarters and branch offices have a File server configured to host a shared folder named ABC_Res.

You have received instructions from the CIO to implement data availability solution that allows for the reduction of traffic. Your solution should also allow ABC_Res to be available in all the offices in the event of a WAN connection or server failure, while maintaining existing user drive mappings.
Which combination of the following actions should you take? (Choose two.)
A. You should consider making use of a Domain-based DFS namespace.
B. You should consider making use of multiple downstream servers
C. You should consider making use of DFS Replication in a hub and spoke topology.
D. You should consider making use of a two-node failover cluster.
E. You should consider making use of Terminal Services Session Broker (TS Session Broker).
Answer: A,C Explanation:
You need to use a Domain-based DFS namespace and to use DFS Replication in a hub and spoke topology. This will comply with the criteria. To implement domain-based DFS namespace, the servers need to members of the Active Directory domain. Furthermore, domain-based DFS enables multiple replications. Multiple DFS replicas also provide some fault tolerance.
Reference: Planning a DFS Architecture, Part 1/ Planning a DFS Architecture, Part 2 / Domain-Based Namespaces.
http://www.petri.co.il/planning-dfs-architecture-part-one.htm
Reference: Configuring and Using DFS Replication
http://www.windowsnetworking.com/articles_tutorials/Configuring-Using-DFS-Replication.html


QUESTION NO: 136
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 installed and all workstations have Windows Vista installed.
The ABC.com network has 20 SharePoint sites configured. ABC.com contains a server, named ABC-SR12, which is configured to run the Windows SharePoint Services (WSS) role.
You have been instructed to improve ABC-SR12's performance, and to also make sure that system resources are equally assigned to each SharePoint site if the CPU surpasses 80% utilization.

Which combination of the following actions should you take? (Choose two.)
A. You should consider setting up the use of a separate application pool for each SharePoint site.
B. You should consider deploying AD RMS.
C. You should consider making use of Windows System Resource Manager (WSRM).
D. You should consider deploying a Group Policy Object (GPO) container.
E. You should consider making use of Microsoft System Center Configuration Manager (SCCM).
Answer: A,C Explanation: You need to set up the entire SharePoint site to use a separate application pool. You also need to use Windows System Resource Manager (WSRM). The Windows System Resource Manager (WSRM) enables the allocation of resources, including processor and memory resources, among multiple applications based on business priorities. You can set the CPU and memory allocation policies on applications.
Reference: Windows System Resource Manager Fast Facts
http://www.microsoft.com/windowsserver2003/techinfo/overview/wsrmfastfacts.mspx

QUESTION NO: 137
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com that is not connected to the Internet. All servers on the ABC.com network have Windows Server 2008 R2 installed and all portable workstations have Windows 7 installed.
ABC.com contains a files server named ABC-SR10, which hosts a shared folder that stores the data files of ABC.com��s users.
You have received instructions from the CIO to make sure that ABC.com users are able to access their files when they are not connected to the ABC.com network. Your solution should also prevent unauthorized users from accessing cached files and folders.
Which combination of the following actions should you take? (Choose all that apply.)
A. You should consider having caching configured on the shared folder.
B. You should consider making use of folder redirection.
C. You should consider making use of Windows System Resource Manager (WSRM).
D. You should consider having offline files configured to use encryption.
E. You should consider having IPsec domain isolation configured.

Answer: A,D Explanation:
You need to set up caching on the shared folder and set up offline files to use encryption. The caching feature allows the users to have access to shared files even when they are working offline.
Reference: Set Caching Options for Shared Folders
http://technet.microsoft.com/en-us/library/cc755136.aspx


QUESTION NO: 138
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 installed and all workstations have Windows XP Professional installed.
ABC.com has its headquarters in Chicago and a satellite office in Dallas. You have installed a Read-only Domain Controller (RODC) in the Dallas office.
You have received instructions to make sure that the technical team at the Dallas office is able to maintain drivers and disks on the RODC, but does not have the ability to administer any domain user accounts.
Which of the following actions should you take?
A. You should consider configuring the Administrator Role Separation on the Read-only Domain Controller.
B. You should consider using select Network Access Protection (NAP).
C. You should consider configuring a standard primary zone.
D. You should consider using the Allow Full Control permissions on the Active Directory database on the branch office.
Answer: A Explanation: The best option is to configure the Read-only Domain Controller for Administrator Role Separation. Doing this will ensure that the technical team cannot manage domain user accounts. However, they will be able to maintain drivers and disks on the Read-only Domain Controller. When using the Administrator Role Separation the user or a group will not have rights on the domain or other domain controllers. However, in this case the technical team will be able to upgrade a driver.
Reference: RODC Features/ Administrator role separation http://technet.microsoft.com/en-us/library/cc753223.aspx#bkmk_separation


QUESTION NO: 139
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory forest named ABC.com. All servers on the ABC.com network have Windows Server 2008 installed and all workstations have Windows Vista Service Pack 1 installed.
The ABC.com's Sales representatives connect remotely to the network via their laptops. You have to make sure that classified data is stored in an encrypted format and is accessible to the Sales representatives via the Internet. You also have to make sure that encryption is used over the Internet for the Sales representatives.
Which combination of the following actions should you take? (Choose two.)
A. You should consider making use of Point-to-Point Tunneling Protocol (PPTP).
B. You should consider making use of Encrypting File System (EFS) to encrypt the folders that store sensitive files.
C. You should consider making use of Internet Protocol security (IPsec).
D. You should consider instructing remote users to make use of Secure Socket Transmission Protocol (SSTP) when accessing files.
E. You should consider making use of Microsoft Point-to-Point Encryption (MPPE).
Answer: B,D Explanation:
QUESTION NO: 140
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 and all workstations have Windows 7 installed.
ABC.com contains a server named ABC-SR10 that hosts seven in-house applications. Furthermore, the in-house applications has Terminal Services RemoteApps configured.
During routine monitoring, you notice that ABC-SR10 reacts sluggishly when more than one application is accessed. You want to maintain productivity by making sure that active user sessions are given the same access.

Which of the following actions should you take?
A. You should consider making use of Remote Desktop Connection Broker.
B. You should consider making use of a Remote Desktop resource authorization policy (RD RAP) on ABC-SR10.
C. You should consider making use of Windows System Resource Manager (WSRM).
D. You should consider making use of Microsoft System Center Operations Manager (SCOM).
Answer: C Explanation:

QUESTION NO: 141
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 R2 and all workstations run Windows 7.
The ABC.com Active Directory has two organizational units (OU) named ABC_Emp and ABC_Comp. The user accounts reside in the ABC_Emp OU and the computer accounts reside in the ABC_Comp OU.
You have received instruction form the CIO to install a new accounting application that is available to ABC.com's users via an icon pinned to the Start menu. You also have to make sure that offline remote users are able to access the new application.
Which of the following actions should you take?
A. You should configure Shared Folders permissions for the Marketing global group.
B. You should make use of Credential Roaming on the Managers OU.
C. You should create a new Starter Group Policy object (GPO).
D. You should create and configure a new Group Policy object (GPO) to assign the application to the computer accounts in ABC_Comp.
Answer: D Explanation: You need to assign the application to computers in ABC_Comp by using a Group Policy object (GPO). This will allow the user to access the application from an icon on the Start menu.
Reference: Using Group Policy to Deploy Applications
http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Deploy-Applications.html



QUESTION NO: 142
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 installed and all workstations have Windows Vista installed.
ABC.com has two servers, named ABC-SR13 and ABC-SR14, which are configured as file servers.
You have been informed that the data stored on these servers must be accessible in the event of one of them failing. You also have to make sure that volumes in excess of 2 TB are supported, and that data redundancy is preserved in the event of disk failure. Furthermore, you should make sure that disk throughput is maximized.
You start by configuring ABC-SR13 and ABC-SR14 in a two-node failover cluster. You want to make sure that the task is suitably completed.
Which of the following actions should you take?
A. You should consider attaching an external storage subsystem and configure it as a RAID 1 array GPT disk.
B. You should consider attaching an external storage subsystem and configure it as a RAID 3 array GPT disk.
C. You should consider attaching an external storage subsystem and configure it as a RAID 5 array GPT disk.
D. You should consider attaching an external storage subsystem and configure it as a RAID 10 array GPT disk.
Answer: D Explanation: If you use a two-node failover cluster, it will ensure that if a single server fails, access to all data is maintained and if a single disk fails, the data redundancy is maintained. You also need to set up RAID 10 array on the external storage subsystem and format the array as a GPT disk. RAID10 is equal toRAID1 + 0. This means you can use a few disks about 4, and mirror the drives two at a time. This will lead to redundancy.

QUESTION NO: 143
You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com.

You are responsible for managing a Windows Server 2008 R2 server named ABC-SR10. ABC-SR10 is configured to host the Terminal Services role. A new ABC.com policy states that the employees should not use more than 20% of the CPU resources in a day, with the exception of the administrators.
Which actions should you take? (Choose TWO. Each answer forms part of the solution.)
A. You should use Windows System Resource Manager (WSRM).
B. You should create Network Load Balancing cluster.
C. You should setup user policies.
D. You should create a GPO.
E. You should link a GPO that specifies a restrictive policy.
Answer: A,C Explanation: You need to use Windows System Resource Manager (WSRM) and set up user policies. The Windows System Resource Manager (WSRM) enables the allocation of resources, including processor and memory resources, among multiple applications based on business priorities. You can set the CPU and memory allocation policies on applications.
Reference: Windows System Resource Manager Fast Facts
http://www.microsoft.com/windowsserver2003/techinfo/overview/wsrmfastfacts.mspx

QUESTION NO: 144
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. The ABC.com network servers run Windows Server 2008 and the workstations run Windows Vista.
ABC.com has its headquarters in London and quite a few branch offices around the globe. However, each of these branch offices contains a file server. You have received instruction from the CIO to implement a data recovery strategy for the ABC.com network.
You design a solution that backs up data to a USB device using Windows Server Backup.
Which of the following is TRUE with regards to this scenario? (Choose two.)
A. It enables you to schedule backups.
B. It prevents you from scheduling backups.
C. Servers can be recovered completely.
D. Servers are prevented from being recovered completely.

Answer: A,C Explanation:
QUESTION NO: 145
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory forest named ABC.com. The ABC.com network servers run Windows Server 2008 and the workstations run Windows Vista.
ABC.com has of a Marketing department that contains 500 servers. You have received instructions from the CIO to monitor the servers.
You have decided to deploy Microsoft System Center Operations Manager (SCOM).
Which of the following is TRUE with regards to Microsoft System Center Operations Manager (SCOM)? (Choose all that apply.)
A. Modifying the processor monitoring threshold to make allowance for temporary changes can only be done manually.
B. Allows you to making use of event subscriptions for alerts.
C. It can be used to deploy operating systems.
D. You can select the option to modify the processor monitoring threshold automatically to make allowance for temporary changes.
Answer: D Explanation:

QUESTION NO: 146
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory forest named ABC.com. All servers are configured to run Windows Server 2008 R2 and the workstations Windows 7.
There are over 100 servers on the ABC.com network. You add the subsequent precautions to enhance productivity:
.
In the event of an application failure notification via e-mail should be sent to you.

A.
By using Microsoft Windows Reliability and Performance Monitor.

B.
By setting up event subscriptions for all servers.

C.
By installing a Network Policy Server (NPS) on a server.

D.
By using folder redirection.

E.
By attaching tasks to the application error events on the server.

F.
By using the Windows Sidebar utility.


How can you ensure that both goals are achieved with least administration? (Choose TWO. Each answer forms part of the solution.)

Answer: B,E Explanation: You need to set up event subscriptions for each server that is host on one server and attach tasks to the application error events, on the server. The Event Viewer will allow you to view events on a single remote computer. Furthermore, Windows Vista has the ability to collect copies of events from multiple remote computers.
Reference: Event Subscriptions
http://technet.microsoft.com/en-us/library/cc749183.aspx


QUESTION NO: 147
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. Some of ABC.com's network servers have Windows Server 2003 installed, while the rest have Windows Server 2008 installed. Microsoft Windows Vista is installed on all ABC.com's workstations.
ABC.com's public key infrastructure (PKI) is made up of an offline root certification authority (CA) and two enterprise subordinate CAs that are all running Windows Server 2003. Subsequent to the certificates being published to ABC.com's user accounts, you also publish ABC.com's computer accounts in Active Directory.
When ABC.com establishes a new satellite office, you are informed that workstations for that office will have Windows Vista installed and that servers will have Windows Server 2008 installed.
You have received instructions from the CIO to configure a PKI solution for the new office that allows Active Directory to store the private keys. Your solution should also allow for certificates to have Suite B hashing and encryption algorithms support, and as little human interaction as possible for certificate management.
Which of the following actions should you take?
A. You should consider making use of the Windows Deployment Services (WDS) server role.
B. You should consider deploying a new Windows Server 2008 enterprise subordinate CA.

C. You should consider making use of the Key Management Service (KMS).
D. You should consider making use of the Windows System Resource Manager (WSRM).
Answer: B Explanation: The best option is to install a new Windows Server 2008 enterprise subordinate CA. By this way you can create a PKI solution for the workstations and the servers that meet the desired criteria. Windows Server 2008 ships with Suite B. Suite B contains Encryption algorithms.
Reference: Cryptography Next Generation / How should I prepare to deploy this feature?
http://technet.microsoft.com/en-us/library/cc730763.aspx

QUESTION NO: 148
You work as the network administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed.
ABC.com has its headquarters in Chicago and a satellite office in Dallas that contains 100 servers. The computer objects for the Dallas servers are hosted in an organizational unit (OU) named TestMem_OU. The user accounts of the Dallas administrators are included in a global group named TestDallas.
You have received instructions from the CIO to make sure that members of TestDallas global group are able to make modifications to the registry settings, and also stop and start services.
Which of the following actions should you take?
A. You should consider assigning the TestMem_OU members to the Domain group.
B. You should consider making use of the GlobalNames zone in the Dallas office.
C. You should consider granting the TestDallas group change permissions for the TestMem_OU.
D. You should consider including the TestDallas group in the Administrators local group on each server in the Dallas office.
Answer: D Explanation:
Topic 3, Exam Set 3 QUESTION NO: 149


Users in the research and development department use laptops, and often these laptops hold proprietary information. Management wants to protect the data on these laptops. What technology would you implement?
A. NTFS permissions
B. Server Core
C. NAP
D. BitLocker Drive Encryption
Answer: D Explanation:
QUESTION NO: 150
A fellow administrator created a PowerShell script. She has shared it with you, and you try to run it on your system but are unsuccessful. What do you need to do to run a PowerShell script?
A. You must be a member of the Enterprise Admins group.
B. You must be a member of the Domain Admins group.
C. The server role of PowerShell must be added using Server Manager.
D. The server feature of PowerShell must be added using Server Manager.
Answer: B Explanation:

QUESTION NO: 151
You are using Windows Deployment Services (WDS) to deploy Windows Server 2008 onto several new servers. The WDS server is set up to respond only to known computers. None of the new servers can connect to the WDS server. What should be done?
A. Run Sysprep on each of the servers before booting.
B. Prestage each of the computers in WDS.
C. Prestage each of the computers in Active Directory.
D. Log onto the new servers using an account with administrative privileges.
Answer: C Explanation: QUESTION NO: 152



Which Windows Deployment Services (WDS) image type can be used to deploy an image to a non-PXE client?
A. Capture image
B. Boot image
C. Install image
D. Discover image
Answer: D Explanation:
QUESTION NO: 153
You manage several Internet Information Services (IIS) servers in a web farm. You want to configure events so that they can be centrally managed on a single server. Further, you want the monitoring server to pull the events from each IIS server on a regular basis. What should you create?
A. Collector-initiated subscriptions
B. Source computer�Cinitiated subscriptions
C. A Minimize Bandwidth delivery method
D. A Minimize Latency delivery method
Answer: A Explanation:

QUESTION NO: 154
You have been having problems with a SQL Server machine. You��ve found that when a specific critical event is recorded, within 30 minutes the SQL Server machine stops responding to all queries. You want to be notified when this critical event occurs. What could you do?
A. Configure an event subscription to forward this event to your system.
B. Configure an event subscription to send you an email if the event occurs.
C. Create an event task to forward this event to your system.
D. Create an event task to send you an email if the event occurs.
Answer: D Explanation: QUESTION NO: 155



After rebooting your DNS server that is also a domain controller, you having a wide variety of problems. A significant problem is that users aren��t able to access any network resources, but you verify that they received the correct DHCP lease. You suspect that SRV records haven��t been created. What can you do to create them?
A. Use the DNS Manager console to manually create the SRV records.
B. Stop and restart the NetSRV service.
C. Stop and restart the NetLogon service.
D. Stop and restart the SRV service.
Answer: C Explanation:
QUESTION NO: 156
You have modified GPO settings for a test GPO assigned to a test OU. You are logged onto a test system, but the new settings are not applied. What can you do to see the results of the settings?
A. Wait 90 to 120 minutes.
B. Run the GPResults /Force command.
C. Run the GPUpdate /Force command.
D. Launch ADSIEdit, and refresh the screen.
Answer: C Explanation:

QUESTION NO: 157
You have shared a printer as clrLaser on a print server named PS1. You want users to be able to search for the printer in Active Directory Domain Services. What should you do?
A. Create a GPO, and apply it to the Printers container.
B. Right-click the printer in Active Directory, and select Enable Searching.
C. Right-click the printer in Print Management, and select Enable Searching.
D. Right-click the printer in Print Management, and select List in Directory.
Answer: D Explanation: QUESTION NO: 158



You want to enable users to remotely access TS RemoteApp programs over the Internet using TS Gateway. Which operating systems would support this functionality? (Choose all that apply.)
A. Windows XP SP1
B. Windows Vista SP1
C. Windows Server 2003 SP1
D. Windows Server 2008
Answer: B,D Explanation:
QUESTION NO: 159
You are troubleshooting replication problems and want to ensure that detailed replication events are logged. You have modified the default domain controller policy to enable auditing of directory service access events, but you aren��t seeing the level of detail you need. What else should you do?
A. Modify the default domain policy to enable auditing of directory service access events.
B. Enable auditing of object access events for the domain controllers.
C. Remove the default domain controller policy, and replace it with the default domain policy.
D. Enable auditing of subcategories using the auditpol command-line tool.
Answer: D Explanation:

QUESTION NO: 160
You are deploying a Windows Server 2008 server to a remote office. The server will hold files that you want to protect, but the remote office doesn��t have adequate physical security. How should you protect the files?
A. Use NTFS permissions.
B. Use a RODC.
C. Use BitLocker.
D. Encrypt the data with SSL.
Answer: C Explanation: QUESTION NO: 161



You manage a domain of 500 users, and you��ve decided to allow Sally to manage all the users and computers in the Sales organizational unit. How should you grant her the appropriate permissions?
A. Right-click the domain, and select Delegation of Control Wizard.
B. Right-click the Sales OU, and select Delegation of Control Wizard.
C. Right-click Sally��s user account, and select Delegation of Control Wizard.
D. Add Sally��s user account to the Domain Admins group.
Answer: B Explanation:
QUESTION NO: 162
You are tasked with recommending a strategy that allows users to retrieve previous versions of files without intervention by an administrator. If a disk fails, you should be able to restore individual files. All servers are running Windows Server 2008. What should you do? (Choose all that apply.)
A. Perform a daily backup of data.
B. Enable Shadow Copies, and store them on the same volume.
C. Enable Shadow Copies, and store them on a different volume.
D. Enable clustering on the server.
Answer: A,C Explanation:

QUESTION NO: 163
Users store their data on a file server running Windows Server 2008. Recently, a junior administrator has spent a lot of time retrieving data files for several users from backups. You��d like to reduce the administrator��s need to do this. What can you do?
A. Install Windows Server Backup on the users�� desktops.
B. Install Windows Complete PC Restore on the users�� desktops.
C. Install the WinRE on the users�� desktops.
D. Enable Shadow Copies.
Answer: D Explanation: QUESTION NO: 164



Your organization consists of a single Windows Server 2008 Active Directory forest that contains seven domains arranged in a single tree. The root domain is named ABC.com. IT departmental mandate specifies that all domain controllers must have the DNS server role installed. You need to plan the DNS infrastructure for a new child domain named tech.east.ABC.com. The three chief requirements are that (a) DNS services are fault-tolerant in the tech.east.ABC.com domain, (b) the tech.east.ABC.com domain is automatically made aware of any new DNS servers that are brought online in the root domain, and (c) full forest-wide name resolution is supported.
Which of the following actions should you perform? (Select two choices. Each correct answer represents a part of a single solution.)
A. Create an Active Directory-integrated stub zone for ABC.com.
B. Create an Active Directory-integrated zone on tech.east.ABC.com.
C. Create a standard secondary zone for ABC.com.
D. Create a standard primary zone on tech.east.ABC.com. Next, configure conditional forwarding on this server for the remaining DNS zones in the forest.
Answer: A,B Explanation:
QUESTION NO: 165
You manage a single Active Directory domain for a software company. All servers in the organization run Windows Server 2008 Enterprise Edition. All client computers run Windows Vista with Microsoft Visual Studio 2008 installed. Your product development team is working with an offline replica domain controller named HERA on which they are building a new client/server Web application. The team employs Active Directory snapshotting to save incremental copies of the Active Directory database for testing purposes. However, now the team needs to be able to view past instances of AD and compare the data to the current state of the directory database.
Which of the following actions should you perform to meet the needs of your product development team? (Select two answers. Each correct choice represents a complete solution in itself.)
A. Teach the team how to use the LDP.exe utility.
B. Teach the team how to use the Wbadmin command.
C. Teach the team how to use the Active Directory Database Mounting Tool.
D. Teach the team how to use the Ntdsutil command.
Answer: A,C Explanation: QUESTION NO: 166



You manage a single Windows Server 2008 domain for your company. You have an extranet partner relationship with another company. The partner organization is also organized as a single Windows Server 2008 domain. You need to give a portion of the extranet partner's user population access to a SharePoint Server 2007 Web application that exists on your company's intranet. The collaboration/business requirements for the solutions are that (a) No additional domain user accounts in the local domain must be created to accommodate the partner company's users, (b) all interorganization traffic needs to occur over TCP 443, and (c) access to Microsoft Office documents must be IRM-protected.
Which of the following Microsoft technologies must be configured in order to enact this solution? (Choose two answers. Each correct choice represents a part of a single solution.)
A. Active Directory Federation Services (AD FS)
B. Active Directory Rights Management Services (AD RMS)
C. Active Directory Lightweight Directory Services (AD LDS)
D. Active Directory Domain Services (AD DS)
Answer: A,B Explanation:
QUESTION NO: 167
You manage a single Active Directory domain for a private accounting firm. All client computers run Windows Vista. You plan to deploy an enterprise financial management application that uses Microsoft SQL Server 2008 for back-end data storage. You will install SQL Server on a Windows Server 2008 Enterprise Edition member server named PROTEUS. You need to design a disk storage strategy for SQL Server to (a) correspond with industry best practice, (b) provide for maximum application performance, and (c) provide data protection for the OS and the SQL data files in the event of a disk failure.
Which of the following actions should you perform in order to accomplish your goal?
A. Store the OS and the SQL Server transaction logs on a RAID 1 array. Store the SQL Server data files on a RAID 5 array.
B. Store the OS and the SQL Server transaction logs on a RAID 1 array. Store the SQL Server data files on a RAID 1 array.
C. Store the OS and the SQL Server transaction logs on a RAID 0 array. Store the SQL Server data files on a RAID 1 array.
D. Store the OS and the SQL Server transaction logs on a RAID 1 array. Store the SQL Server data files on a RAID 0 array.
Answer: A Explanation: QUESTION NO: 168



You plan to deploy 10 Windows Server 2008 servers and 75 Windows Vista workstations to a secure remote facility that is a part of your organization. This secure remote facility is not connected to the Internet. A low-speed WAN connection will link the headquarters with the secure remote facility. You plan to deploy operating systems in the remote facility by using Windows Deployment Services (WDS). However, you need to determine the appropriate Windows Activation model for your infrastructure. Network traffic over the WAN must be strictly limited.
Which of the following actions should you perform?
A. Implement a VA 1.0 volume license key infrastructure.
B. Implement a KMS activation infrastructure for the secure remote facility.
C. Use RIS instead of WDS as an operating system deployment method.
D. Implement a MAK activation infrastructure for the secure remote facility.
Answer: B Explanation:
QUESTION NO: 169
You are part of the IT management team for your company. The organization consists of a single Windows Server 2008 forest; the forest includes seven domains, a total of 70 domain controller, and 15,000 client computers. All of the client computers run Windows Vista with Service Pack 1. You are planning a solution to automate the deployment and management of software to all users in the forest. This solution must meet the following business goals:
-The software must be centrally managed and controlled. -Software license usage must be metered. -Detailed reports must be generated concerning software deployment status, software usage,
and so on. Which of the following actions should you perform in order to accomplish your goal?
A. Deploy the software by using Windows Server Update Services (WSUS).
B. Deploy the software by using System Center Operations Manager 2007.
C. Deploy the software by using Group Policy Software Installation.
D. Deploy the software by using System Center Configuration Manager 2007.
Answer: D Explanation: QUESTION NO: 170



You manage a single Windows Server 2008 domain for a dry goods importer. All client computers in the domain run Windows Vista with Service Pack 1. Your development team has developed a custom inventory tracking application. In order to ensure centralized control over application updates, you decide to deploy this application via Terminal Services RemoteApp technology. To this end, you provision a Terminal Service member server named APP01 that hosts a TS Web Access site and publish the custom application via the TS Web Access interface. However, your users claim to have difficulty locating the TS Web Access site on the corporate intranet. Accordingly, you need to simplify the users' path to using the custom application.
Which of the following represent valid approaches to solving the problem? (Select two answers. Each correct choice represents a complete solution in itself.)
A. Distribute the RemoteApp as an .EXE installer to all users.
B. Publish the RemoteApp as a Start menu shortcut to all users.
C. Distribute the RemoteApp as an .RDP file to all users.
D. Publish the RemoteApp in a shared folder and notify the user population of the folder's location.
Answer: B,C Explanation:
QUESTION NO: 171
You manage a multi-domain Windows Server 2008 Active Directory forest. To support the management of several recently deployed internally developed client/server applications, departmental administration teams in all domains throughout the enterprise need to create custom Group Policy template files that contain settings to ease administration of these homegrown applications. All client computers in the forest run Windows Vista SP1. The wrinkle to the situation is that some domains reside in non-English-speaking countries, and each team needs to be able to edit GPO templates using their native language. Your solution must involve the least amount of administrative effort.
Which of the following actions should you perform?
A. Distribute "starter" ADM and XML files to the systems administration group in each domain.
B. Distribute "starter" ADMX and ADML files to the systems administration group in each domain.
C. Install the appropriate Windows Server 2008 Multilingual User Interface Pack(s) on the domain controllers in each domain.
D. Deploy the MUI Pack to all Windows Vista workstation computers in all domains by using Group Policy Software Installation.
Answer: B Explanation: QUESTION NO: 172



You manage a single Windows Server 2008 domain for a financial institution. You have deployed Network Access Protection (NAP) with 802.1X enforcement. The network contains four Network Policy Server (NPS) servers that are configured as RADIUS servers and 18 managed Cisco switches that are configured as RADIUS clients. You need to develop an auditing/accounting/logging solution that (a) maintains a centralized data store, (b) involves absolutely no additional costs, and (c) minimizes administrative effort.
Which of the following actions should you perform in order to accomplish your goal?
A. Install SQL Server 2005 Express Edition on each NPS Server. Configure SQL Server logging on each server to write to a single database on a specified NPS server computer
B. Designate one NPS server as a RADIUS server and the other NPS servers as RADIUS clients. Configure RADIUS accounting on the RADIUS server and specify the IAS local log file option.
C. Deploy Windows Remote Management and the Event Collector service on the three NPS servers. Configure Event Forwarding on two NPS servers and Event Subscriptions on the third NPS server.
D. Deploy audit logging for the three NPS servers by using Group Policy.
Answer: B Explanation:
QUESTION NO: 173
You manage a single Windows Server 2008 Active Directory domain for a university hospital. The domain contains an organizational unit named Interns. You need to grant a contract developer named Clark the ability to define additional attributes to user account objects that are contained within the Interns OU. Clark must not have any additional privileges to objects within the OU or elsewhere within the domain. Your solution must involve the least amount of administrative effort.
Which of the following actions should you perform? (Select two choices. Each correct answer represents a part of a single solution.)
A. Install ADSI Edit on Clark's workstation.
B. Run the Delegation of Control Wizard on Clark's domain user account.
C. Install Adprep on Clark's workstation.
D. Run the Delegation of Control Wizard on the Interns OU.
Answer: A,D Explanation:
QUESTION NO: 174
You work as a Network Administrator for ABC Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2008. The network includes client computers running Windows Vista Ultimate and Windows XP Professional.

You have been assigned the task to provide a plan for keeping the operating systems up-to-date with the latest critical security patches and operating system fixes. The written policy of the company dictates the following points:
-All critical updates must be tested before deploying them to the computers on the network. -All computers must be up-to-date with the latest fixes and security patches from Microsoft as soon as possible. You provide the following plan to accomplish the task:
-Configure two servers to run WSUS 3.0 SP1 and name them TestServer and FinalServer. -Designate five computers on the network to test updates. Configure an Automatic Updates policy for these computers to point to TestServer to download updates. -For the rest of the computers, configure another Automatic Updates policy to point to
FinalServer to download updates. -Configure FinalServer to point to TestServer to download updates. -On TestServer, set up a synchronization schedule to check the Windows Update server for
updates everyday at 5:30 pm. -At 5:45 pm, deploy the updates from TestServer onto the test computers. -Approve the updates on TestServer after the successful deployment of the updates. -Schedule FinalServer to query for the updates daily at 7:30 pm. -Configure all computers, except the test computers, to synchronize automatically with the
FinalServer daily at 8:30 am. What will this plan accomplish?
A. All computers will be up-to-date with the latest fixes and security patches from Microsoft as soon as possible.
B. All critical updates will be tested before deploying them to the computers on the network.
C. None of the tasks will be accomplished.
D. Both tasks will be accomplished.
Answer: D Explanation:

QUESTION NO: 175
You work as a Network Administrator for ABC Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2008. You have configured a DNS server on the network. The network is configured as a single subnet. The internal Web site of the company is hosted on three Web servers for load balancing. Users complain of the slow response of the servers. The images of the Advanced tab of the DNS configuration and the A (Host) record entry are shown below: You monitor the Web servers and find that two servers are idle and only one server is responding to client queries. What is the most likely cause?

A. A (Host) records of other two Web servers are not entered.
B. Netmask ordering is preventing other Web servers from responding to client queries.
C. DNS is not configured for round robin load balancing.
D. CNAME records of the other two Web servers are not entered.
Answer: A Explanation:

QUESTION NO: 176
You work as a Network Administrator for ABCInc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest network. The functional level of the forest is Windows Server 2008. You are creating DFS Namespace on the network. Which of the following types of namespaces can you configure on the domain?
Each correct answer represents a complete solution. Choose two.
A. Stand-alone
B. Forest
C. Enterprise
D. Domain
Answer: A,D Explanation:

QUESTION NO: 177
You work as a Network Administrator for ABCInc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest network. The functional level of the forest is Windows Server 2008.
Rick, your assistant, is configuring DFS structure on a member server running Windows Server 2008 Standard edition. He wants to create two namespaces on the server. He tells you that he has created one namespace, but is not able to create the second one on the same volume of the server.
What is the most likely cause of the issue?
A. Windows Server 2008 Standard edition does not support multiple namespaces.
B. The volume on which Rick is trying to create the namespace is not an NTFS volume.

C. The File Services Server role is not enabled on the server.
D. DFS Replication is not enabled on the server.
Answer: A Explanation:

QUESTION NO: 178
You are a server administrator for your organization. Your organization has a main office in Sydney and a branch office in Melbourne. You have deployed Windows Server 2008 on all servers in both offices. You also used Server Manager to install BitLocker on a Windows Server 2008 server in the branch office to encrypt data that will be used by various applications.
Your organization wants you to manage the BitLocker encryption from the main office rather than traveling to the branch office. How can you enable this functionality without enabling BitLocker encryption on any servers at the main office?
A. run the ServerManagerCmd -install BitLocker command
B. run the ServerManagerCmd -resultPath command
C. run the ServerManagerCmd -install RSAT-BitLocker command
D. run the Scwcmd command

Answer: C


QUESTION NO: 179
You are the network administrator for your organization. Your organization's network has a single Active Directory domain. You have deployed Windows Server 2008 domain controllers and Windows Vista client computers in your organization.
You have installed the Terminal Services and Application Server role services on a Windows Server 2008 server named WS08-TAS. You notice that the performance of WS08-TAS is noticeably slower when remote users are accessing the server or when multiple applications are opened on the server.
The Reliability and Performance Monitor shows the following information:
-Processor: %Processor Time - 85 -Memory: Pages/Sec - 9 -System: Processor Queue Length - 1 -Paging File: % Usage - 50 -Paging File\: Usage Peak - 50 -PhysicalDisk: % Disk Time - 45 -PhysicalDisk: Avg. Disk Queue Length - 1 What should you do to improve system performance?

A. Upgrade the processor.
B. Upgrade the disk subsystem to RAID1.
C. Increase the amount of RAM.
D. Upgrade disk subsystem to RAID5.
Answer: A Explanation:
QUESTION NO: 180
You are the administrator for a company that manufactures industrial chemicals. All servers in the single domain run Windows Server 2008, and all clients run Windows Vista. You want to create a Terminal Services Farm that provides fault tolerance in the event that a server is unavailable. What must you configure to provide load balancing? (Choose all that apply.)
A. Install the TS Session Broker role service.
B. Install the TS Licensing role.
C. Install Windows System Resource Manager 2007 (WSRM).
D. Populate the Session Broker Computers Local Group.
E. Populate the TS Web Access Computers Group.
F. Populate the TS Web Access Administrators group.
G. Manage the terminal servers with WSRM and configure them to participate in the load balancing.
H. Add the DNS entries for the terminal servers.
Answer: A,D,H Explanation:

QUESTION NO: 181
You are the administrator of your company's application servers. One application server is used by a group of users in the accounting department. Processes on the server are causing the processor load to exceed 70%. Some processes are taking up more resources than other processes. Most users open the same number of processes on the server.
You want to give equal access to each process and maintain minimum resource availability while ensuring that the processor load is not too great. What should you configure?
A. Implement Windows System Resource Manager (WSRM) and configure an Equal_Per_Process resource allocation policy.
B. Implement WSRM and configure an Equal_Per_User resource allocation policy.
C. Implement WSRM and configure an Equal_Per_Session resource allocation policy.

D. Use Windows Remote Management. Configure the service in a GPO. Add the users into the Security Filtering of the GPO.
E. Use Windows Remote Management. Configure the service in a GPO. Add the users' computers into the Security Filtering of the GPO.
Answer: A Explanation:

QUESTION NO: 182
You are a server manager for your organization. Your organization has a single Active Directory domain that contains Windows Server 2008 domain controllers and Windows Vista client computers.
You have recently installed Microsoft System Center Configuration Manager 2007 on a Windows Server 2008 server. You plan to use Configuration Manager 2007 to apply software updates to client computers in your organization.
What must you do to apply software updates on client computers?
A. Install Windows Installer 2.0.
B. Configure the software Distribution component settings.
C. Install Windows Server Update Services (WSUS) 3.0.
D. Configure a distribution point.
Answer: C Explanation:

QUESTION NO: 183
Your company has a single Active Directory domain. All of the domain controllers run Windows Server 2008, and all of the client computers have been recently upgraded to Windows Vista.
All user accounts have roaming profiles. Your company wants to allow users to use their certificates on multiple computers. You want to ensure that the current version of any certificate is being used.
What must you do?
A. Replace the roaming profiles with mandatory roaming profiles, and enable credential roaming.
B. Replace the roaming profiles with mandatory roaming profiles, and add a recovery agent for each user on each computer.
C. Replace the roaming profiles with Folder Redirection, and enable credential roaming.
D. Replace the roaming profiles with Folder Redirection, and add a recovery agent for each user on each computer.

Answer: C Explanation:

QUESTION NO: 184
You are the administrator for your single Active Directory domain. All servers run Windows Server 2008. Most of the client computers run Windows Vista. However, the older computers run Windows 2000 Professional.
You have the terminal server with RemoteApp installed named TS1. You create a Windows Installer (.msi) package that deploys a remote application to users and will create a program icon on the Desktop or Start Menu.
When users click the program icon, they will access the application on TS1. You want to ensure that the remote application behaves like a local application. You also want to reproduce the same desktop that exists on the remote computer on the user's client computer.
What must you configure on the client computers? (Choose all that apply.)
A. Ensure that Remote Desktop (RDP) client 6.X is installed on all Windows 2000 Professional computers.
B. Upgrade all Windows 2000 Professional computers computers to Windows Vista.
C. Install the Desktop Experience Pack and Themes support on all client computers.
D. Ensure that Remote Assistance is enabled on all client computers.
E. Ensure that the Telnet service is set to Automatic.
Answer: B,C Explanation:

QUESTION NO: 185
You are the administrator of a company that manufactures aerospace components. Your company has a single Active Directory forest that has a tree with three domains. All servers run Windows Server 2003 or Windows Server 2008 and all client computers use Windows XP Professional and Windows Vista. All servers in the root domain are running Windows Server 2008.
You have several file servers in different locations that your users need to access. All of your users actively use the file servers to store and share files. You want to do the following:
-Create quotas for a soft and hard space limit on the data volumes of all file servers -Generate storage reports to identify duplicate files and dormant files -Incur minimal costs for hardware or operating system upgrades What should you configure?

A. Upgrade all file servers to Windows Server 2008 and install a domain DFS root.
B. Install a domain DFS root and use the existing servers in the tree.
C. Upgrade all file servers to Windows Server 2008 and install FSRM on a server in the root domain.
D. Install FSRM on a server in the root domain and use the existing servers in the tree.
E. Upgrade all file servers to Windows Server 2008 and install AD FS on a server in the root domain.
F. Install AD FS on a server in the root domain and use the existing servers in the tree.
Answer: D Explanation:

QUESTION NO: 186
You are a server administrator for your organization. You have deployed Windows Server 2008 on all domain controllers and installed Active Directory Domain Services (AD DS) and Active Directory Federation Services (AD FS) on a Windows Server 2008 server, named AD_Srv. You are installing the DNS server role on another Windows Server 2008 server.
You need to grant a user permission to run Dnscmd.exe to view and modify the DNS server configuration.
What should you do?
A. Add the user to the Performance Log Users group
B. Add the user to the Server Operators group
C. Add the user to the Account Operators group
D. Add the user to Network Configuration Operators group
Answer: B Explanation:

QUESTION NO: 187
You are the administrator for your company's domain. All your servers run Windows Server 2008, and all your clients run Windows Vista. You plan to create a failover cluster with iSCSI disks. You are using third-party software to configure the iSCSI target.
What should use to test whether your system, storage, and network configuration is suitable for a cluster?
A. Install the Cluster Validation Tool.
B. Run nlb.exe.
C. Run wlbs.exe.

D. Run verclsid.exe.
Answer: A Explanation:

QUESTION NO: 188
You are a server administrator for your organization. You have deployed Windows Server 2008 on the domain controllers. The client computers in your organization run Windows XP Service Pack 3 (SP3) or Windows Vista SP1. You have deployed Active Directory Domain Services (AD DS) and Active Directory Certificate Services (AD CS) on a Windows Server 2008 domain controller.
You are setting up AD DS auditing. You need to enable and view all four directory service policy subcategories on a Windows Server 2008 domain controller.
What should you do?
A. Enable the global Audit directory service access audit policy, and run GPedit.msc to view the audit policy subcategories.
B. Enable the Audit object access audit policy, and run GPedit.msc to view the audit policy subcategories.
C. Enable the Directory Service Changes audit policy subcategory, and run Auditpol.exe to view the audit policy subcategories.
D. Enable the Directory Service Access audit policy subcategory, and run Auditpol.exe to view the audit policy subcategories.
Answer: D Explanation:

QUESTION NO: 189
You are the server administrator for your organization. Your organization has multiple Active Directory domains that include Windows Server 2008 domain controllers. You have deployed Windows Vista on all client computers.
Your organization has multiple Windows Server 2008 servers configured with the File Services role.
You need to recommend a solution to ensure that multiple shared folders located on different file servers appear as a single shared folder to users in the organization.
What should you do?
A. Enable offline caching.

B. Implement Distributed File System (DFS) replication.
C. Implement a DFS namespace.
D. Implement volume shadowing.
Answer: C Explanation:

QUESTION NO: 190
Your company has a single Active Directory domain with branch offices in three cities. Each city is configured as an Active Directory site. All servers run Windows Server 2008, and all client computers run Windows Vista.
Each office has a file server with shared folders. You want users in each office to be able to access and update the data in each file server's shared folder on a local server in each office. You also want to prevent a server that was offline for a long time from overwriting fresh data when it comes back online with stale data.
Your solution should minimize hardware expenses. What should you configure?
A. Implement Distributed File System (DFS) Namespaces and DFS Replication.
B. Implement Cluster Continuous Replication (CCR).
C. Implement a Network Load Balancing cluster.
D. Implement a single copy cluster (SCC).
Answer: A Explanation:

QUESTION NO: 191
You are the administrator for a single Active Directory domain. You have to upgrade all client computers to Windows Vista. All servers in the network run either Windows Server 2003 or Windows Server 2008. You want to create a storage design infrastructure that can use block-based storage over an existing IP network infrastructure.
What should you implement?
A. Implement iSCSI.
B. Implement Fiber Channel.
C. Implement Virtual Disk Service.
D. Implement Serial ATA.
Answer: A Explanation: