Note: The answer is for reference only, you need to understand all question.
Include:
Testlet 1: Northwind Traders Testlet 2: Proseware Inc. Testlet 3: Lucerne Publishing Testlet 4: City Power & Light Testlet 5: Baldwin Museum Testlet 6: Woodgrove Bank Testlet 7 Litware, Inc. Testlet 8 Wingtip Toys Testlet 9 A. Datum Coporation Testlet 10: Blue Yonder Airlines Testlet 11: School of Fine Art Testlet 12: Fabrikam Inc. Testlet 13 Humongous Insurance Testlet 14 Trey Research Testlet 15 Wingtip Toys Case B Testlet 16 Graphics Design Institute Testlet 17 Contoso, LTD.
Part of the problem requires you to answer.

QUESTION 1
Your company has three offices. Each office is configured as an Active Directory site. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2. The company has five departments. You use a domain-level Group Policy object (GPO) to install Microsoft Office on all client computers.
You need to deploy a GPO strategy to meet the following requirements:
�� Install a custom application in one of the departments. �� Restrict access to removable storage devices for all users. �� Implement separate Windows Internet Explorer proxy settings for each physical location.
What should you do?
A.Create a new group for each department. Create a new GPO for each site. Create a new GPO for the domain and use the GPO to install the custom application. B.Create a new organizational unit (OU) for each department. Create a new GPO for each site and a new GPO for the domain. Create a GPO for one department OU and use the GPO to install the application.
C.Create a new organizational unit (OU) for each department. Create a single GPO for all the sites and a new GPO for the domain. Create a single GPO for each department OU and use the GPO to install the custom application.
D.Create a new child domain for each department. Create a new GPO for each site and a new GPO for each new child domain. Create a single GPO for all the new child domains and use the GPO to install the custom application.
Answer: B
QUESTION 2
Your network consists of one Active Directory forest named contoso.com. The relevant portion of the network is configured as shown in the exhibit. (Click the Exhibit button.)


www.contoso.com Users in the sales.apac.intl.contoso.com domain frequently access resources on the products.corp. contoso.com domain. Users report slow access times when they access resources on the products.corp. contoso.com domain.
You need to minimize access times when users access resources on the products. corp.contoso.com domain.
What should you do?
A. Create a realm trust.
B. Create a shortcut trust.
C. Create a new DNS application partition. Add the contoso.com zone to the application partition.
D. Enable Universal Group Membership Caching for all Active Directory sites.
Answer: B
QUESTION 3
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2 and are configured as global catalog servers. The relevant portion of the network is configured as shown in the exhibit. (Click the Exhibit button.)


The Bridge all site links option is enabled. You are designing a failover strategy for domain controller availability.
You need to ensure that client computers in SiteH only authenticate to DC1 or DC2 if DC8 fails.
What should you do?
A.Change the B-H site link cost to 50. B.Remove the global catalog server attribute from DC3, DC4, DCS, DC6, DC7, and DC8. C.Disable the Bridge all site links option. In SiteB, install a new writable domain controller that runs Windows
Server 2008 R2. D.Prevent DC3, DC4, DC5, DC6, DC7, and DC8 from registering generic (non-site-specific) domain controller locator DNS records.
Answer: D
QUESTION 4
Your company has a main office and nine branch offices. Each office is configured as a separate TCP/IP subnet. You plan to deploy Active Directory domain controllers in all offices. You install the first domain controller for the forest in the main office.
You need to prepare the environment for the deployment of domain controllers in all offices. The solution must ensure that users always authenticate to a domain controller in their local office, unless it is unavailable.
What should you do?

A.Create 10 subnet objects and one site object. Link all subnet objects to the site. Install domain controllers in all offices. B.Create a subnet object and a site object for each office. Link each subnet object to its respective site.Install domain controllers in all offices. C.Install domain controllers in all offices. Create 10 subnet objects and one site object. Link all subnet objects to the site. D.Install domain controllers in all offices. Create a subnet object and a site object for each office. Link each subnet object to its respective Site.
Answer: B
QUESTION 5
Your network consists of one Active Directory domain. The functional level of the domain is Windows Server 2008 R2. Your company has 10 departments. Each department has a department manager and a department administrator. Some department administrators are responsible for multiple departments. You have an organizational unit (OU) named AllUsers that contains all user accounts.
You need to recommend a solution to simplify the management of all users in the domain.
The solution must meet the following requirements:
�� Department managers must only be able to reset passwords for users in their respective departments. �� Department administrators must only be able to modify user accounts in their respective departments. �� Only the respective department administrators and managers must be able to manage the accounts of users who are transferred to their departments from other
departments.
What should you recommend?
A.�� Create an Ou for each department. �� Delegate password control for each new Ou to the respective department manager. �� Delegate administration of each new OU to the respective department administrator.
B.�� Create an OU for each department. �� When the same administrator is responsible for multiple departments, create only one OU for those departments. �� Delegate password control for each new OU to the respective department manager. �� Delegate administration of each new OU to the respective department administrator.
C.�� Create an OU for each department. �� When the same administrator is responsible for multiple departments, create a new OU and nest the OUs of those departments into the new OU. �� Delegate password control for each new OU to the respective to the respective department manager. �� Delegate administration of each new OU to the respective department administrator.

D.�� Create a global security group for each department. �� Add all the users, department managers, and administrators from each department to the global security group. �� Delegate password control to the department managers of the AllUsers OU. �� Delegate administration to the department administrators of the AllUsers OU.
Answer: A
QUESTION 6
Your network consists of one Active Directory forest. The functional level of the forest is Windows Server 2003. You upgrade all domain controllers from Windows Server 2003 SP2 to Windows Server 2008 R2. You plan to deploy the first read-only domain controller (RODC) in the forest.
You need to prepare the network for the installation of the RODC.
What should you do?
A. Run adprep /rodcprep on any computer in the forest.
B. Run adprep /forestprep on the schema operations master server.
C. Raise the forest functional level to Windows Server 2008 R2.
D. Raise the domain functional level to Windows Server 2008 R2.
Answer: A
QUESTION 7
Your network consists of one Active Directory domain. The functional level of the domain is Windows Server 2008 R2. Your company has three departments named Sales, Marketing, and Engineering. All users in the domain are in an organizational unit (OU) named AllUsers. You have three custom applications. You deploy all custom applications by using a Group Policy object (GPO) named AppInstall. The Sales department purchases a new application that is only licensed for use by the Sales department.
You need to recommend a solution to simplify the distribution of the new application.
The solution must meet the following requirements:
�� The application must only be distributed to licensed users. �� The amount of administrative effort required to manage the users must remain unaffected. �� The three custom applications must be distributed to all existing and new users on the network.
What should you recommend?

A.Create a new child domain for each department and link the AppInstall GPO to each child domain. Create a new GPO. Link the new GPO to the Sales domain. B.Create a new child OU for each department. Link the AppInstall GPO to the Marketing OU and the Engineering OU. Create a new GPO. Link the new GPO to the Sales OU. C.Create a new group for each department and filter the AppInstall GPO to each group. Create a new GPO. Link the new GPO to the domain. Filter the new GPO to the Sales group.
D.Create a new group for each department. Filter the AppInstall GPO to the Marketing group and the Engineering group. Create a new GPO. Link the new GPO to the domain. Filter the new GPO to the Sales group.
Answer: C
QUESTION 8
Your company named Contoso, Ltd. and another company named Fabrikam, Inc. establish a partnership. The Contoso network consists of one Active Directory forest named contoso.com. The Fabrikam network consists of one Active Directory forest named fabnkam.com. Users from contoso.com plan to share files with users from fabrikam.com.
You need to prepare the environment so that users from contoso.com can protect confidential files from being copied or forwarded to unauthorized users.
What should you do?
A.Create a one-way forest trust from Contoso. Set the NTFS permissions to read-only for all confidential files. B.Create a one-way forest trust from Fabrikam. Set the NTFS permissions to read-only for al confidential files. C.Deploy Active Directory Federation Services (AD FS). Deploy Active Directory Rights Management Services
(AD RMS). D.Deploy Active Directory Federation Services (AD FS). Publish the files by using Microsoft SharePoint Foundation 2010.
Answer: C
QUESTION 9
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2.
You need to deploy Active Directory Certificate Services on the network to support the following requirements:
�� Maintain availability if a single server fails. �� Delegate the enrollment of certificates for separate groups of users, �� Restrict the types of certificates that can be issued by a certificate manager.

What should you do?
A.Deploy two servers that run Windows Server 2008 R2 Enterprise. Configure a failover cluster.Configure an enterprise certification authority (CA). B.Deploy two servers that run Windows Server 2008 R2 Enterprise. Configure a failover cluster.Configure a standalone root certification authority (CA). C.Deploy two servers that run Windows Server 2008 R2 Enterprise. Configure an enterprise root certification authority (CA) and a standalone subordinate CA. D.Deploy two servers that run Windows Server 2008 R2 Standard. Configure a standalone root certification authority (CA) and an enterprise subordinate CA.
Answer: A
QUESTION 10
Your network consists of one Active Directory domain. All domain controllers run either Windows Server 2008 R2 or Windows Server 2003 SP2. A custom application stores passwords in Active Directory. You plan to deploy read-only domain controllers (RODCs) on the network.
You need to prevent custom application passwords from being replicated to the ROOCs.
What should you do?
A.Upgrade the schema master to Windows Server 2008 R2. Configure a fine-gained password policy. B.Upgrade the infrastructure master to Windows Server 2008 R2. Mark the custom application password attribute as confidential. C.Upgrade all domain controllers to Windows Server 2008 R2. Add the custom application password attribute to the RODC filtered attribute set and mark the attribute as confidential. D.Upgrade all domain controllers to Windows Server 2008 R2. Set the functional level of the forest and the domain to Windows Server 2008 R2. Configure a fine-grained password policy
Answer: C
QUESTION 11
Your network contains two servers named Server1 and Server2. Server1 is a reverse proxy. Server2 runs Windows Server 2008 R2 and has the Web server (IIS) server role installed. Server2 hosts a secure Web site. You want users to connect to Server2 by using the https://www.contoso.com URL.
You need to prepare the environment for the deployment of server certificates to meet the foflowmg requirements:
�� Users connecting from the local network must only connect directly to Server2.

�� Users must be able to access the Web site on Server2 when they connect from the Internet or the internal network.
What should you do?
A.Install a server certificate for the name www.contoso.com on Server1 and Server2. B.Install a server certificate for the name server.contoso.com on Server1 and Server2. C.Install a server certificate for the name server.contoso.com on Server1. Install a server certificate for the
name www.contoso.com on Server2. D.Install a server certificate for the name www.contoso.com on Server1. Install a server certificate for the name server2.coritoso.com on Server2.
Answer: A
QUESTION 12
Your company has one main office and four branch offices. Each branch office has a read-only domain controller (RODC). The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2. Some branch office users work in a department named Sales. Sales department users must be able to log on to all computers in their respective branch offices, even if a wide area network (WAN) link fails.
The company security policy has the following requirements:
�� User account passwords must be replicated to the minimum number of locations. �� A minimum number of passwords must be replicated to the branch office domain controllers
You need to configure a password replication policy that supports the company security policy.
What should you do?
A.Install a writable domain controller in all branch offices. Create one global group that contains all Sales department users. Create a fine-grained password policy and apply the policy to the group.
B.Install a writable domain controller in all branch offices, Create one global group that contains the computers of all Sales department users. Add the group to the Allowed RODC Password Replication Group in the domain.
C.Create one global group for each branch office that contain the Sales department users and computers in the corresponding branch office. Add all groups to Windows Authorization Access Group in the domain.
D.Create one global group for each branch office that contains the Sales department users and computers in the corresponding branch office. Add each group to the Password Replication Policy in the corresponding branch office.
Answer: D QUESTION 13

You network consist of one Active Directory domain and three Network Information Services (NIS) domains. All domain controllers run Windows Server 2008 R2. All NIS domain servers run UNIX-based operating systems.
You need to plan the integration of the Active Directory domain and the NIS domains.
The solution must meet the following requirements:
�� Minimize the Costs required to implement the solution. �� Minimize the number of additional Windows servers required. �� Provide centralized administration of Active Directory domain objects and NIS domain objects.
What should you include in your plan?
A. Add the Server for Network Information Services role server.
B. Install the subsystem for UNIX-based applications.
C. Install Active Directory Federation Services (AD FS).
D. Implement a Microsoft Forefront Identity Manager 2010 server.
Answer: A
QUESTION 14
Your company has a main office and 10 branch offices. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2 and are located in the main office. Each branch office contains one member server. Branch office administrators in each branch office are assigned the necessary rights to administrators only their member servers. You deploy one read-only domain controller (RODC) in each branch office.
You need to recommend a security solution for the branch office Windows Server 2008 R2 domain controllers.
The solution must meet the following requirements: �� Branch office administrators must be granted rights on their local domain controller only. �� Branch office administrators must be able to administer the domain controller in their branch office. This includes changing device drivers and running Windows
updates.
What should you recommend?

A.Add each branch office administrator to the Administrators group of the domain. B.Add each branch office administrator to the local Administrators group of their respective domain controller. C.Grant each branch office administrator Full Control permission on their domain controller computer object in
Active Directory. D.Move each branch office domain controller computer object to a new organizational unit (OU). Grant each local administrator Full Control permission on the new OU.
Answer: B
QUESTION 15
Your network contains servers that run Windows Server 2008 R2 and client computers that run Windows 7. You deploy a public key infrastructure by using Certificate Services servers that run Windows Server 2008 R2.
You need to plan the implementation of smart card authentication on the network.
The solution must meet the following requirements:
�� Help desk users must only be able to enroll user certificates. �� Managers must be able to enroll smartcards for other employees. �� Managers must be able to use their client computers to manage certificates.
What should you include in your plan?
A. Enable Web enrollment.
B. Configure Restricted Enrollment Agents.
C. Upgrade all certificates to V3 templates.
D. Configure Restricted Certificate Managers.
Answer: B
QUESTION 16
Your network consists of one Active Directory domain that contains servers that n.ai Windows Server 2008 R2. The relevant servers are configured as shown in the following table.


The relevant portion of the network is shown in the exhibit. (Click the Exhibit button.)

Server3 hosts a secure Web site. You want remote users to access the secure Web site by using a Secure Socket Layer (SSL) connection throu the Internet. A server certificate issued by Server2 is installed on Server3.
You need to recommend a solution that will enable the distribution of certificates to the remote users.
The solution must meet the following requirements:
�� the certification authority must be automatically trusted. �� Remote users connecting to Server3 must use client certificates issued by Server4. �� A minimum amount of TCP/IP ports must be opened on the firewall that connects the perimeter network and the internal network
Which certification authority should you recommend installing on Server4?
A. enterprise root
B. enterprise subordinate
C. standalone root
D. standalone subordinate
Answer: D
QUESTION 17
Your network consists of one Active Directory domain that contains only domain controllers that run Windows Server 2008 R2. All domain controllers run DNS and DHCP services. All DNS zones are standard primary zones.

You need to plan a solution that allows administrators to perform routine maintenance on domain controllers.
The solution must meet the following requirements:
�� Minimize server downtime. �� Maximize the availability of DNS and DHCP services.
What should you do?
A. Instruct server administrators to run ntdsutil.
B. Instruct server administrators to stop the NTDS service.
C. Instruct server administrators to stop the Netlogon service.
D. Instruct server administrators to restart the servers in Directory Services Restore Mode (DSRM).
Answer: B
QUESTION 18
Your network consists of one Active Directory domain. All servers run Windows Server 2008 R2. You plan to publish a Web site on two Web servers.
You need to recommend a solution for the deployment of the two Web servers.
The solution must provide the following requirements:
�� Session-state information for all users �� Access to the Web site if a single server fails �� Scalability to as many as seven Web servers �� Support for multiple dedicated IP addresses for each Web server
what should you recommend?
A. Install failover clustering on each Web server.
B. Install Network Load Balancing on each Web server.
C. Assign multiple binding5 in Internet Information Services (IIS).
D. Create managed handler mappings in Internet Information Services (IIS).
Answer: B
QUESTION 19

Your company has three offices. Each office contains servers that run Windows Server 2008 R2. The servers are configured as file servers. Users regularly travel between offices and require access to corporate data stored on file servers in their home offices.
You need to plan a data access policy for the users. The solution must ensure that users can access corporate data from a local server when they are traveling.
What should you include in your plan?
A.On all servers, install and configure Distributed File System (DFS).
B.On all servers install and configure the File Server Resource Manager (FSRM) and the File Replication Service (FRS).
C.On one server, install and configure the File Server Resource Manager (FSRM). On the other two servers, install and configure the File Replication Service (FRS).
D.On one server, install and configure Distributed File System (DFS). On the other two servers, install and configure the Background Intelligent Transfer Service (BITS).
Answer: A
QUESTION 20
Your network consists of one Active Directory domain. All servers run Windows Server 2008 R2.
You need to implement a storage management policy for. failover clustering that uses storage area network (SAN)-based storage.
The solution must support the following requirements:
�� Maintain disk space usage information �� Quota tracking by folder or by volume �� Email notifications when users exceed their quota limits.
What should you do?
A. Use the File Server Resource Manager (FSRM).
B. Create and deploy NTFS file system disk quotas.
C. Install and configure the Storage Manager for SANs.
D. Use the Performance Monitor.
Answer: A
QUESTION 21

Your company has one main office and one new branch office. The network consists of one Active Directory domain. The domain contains one domain controller that runs Windows Server 2008 R2. You create a new organizational unit (OU) that contains all the computer accounts for the new office. You configure a server in the main office to test and approve all new software updates. You configure Microsoft Windows Server Update Services (WSUS) to deploy all approved updates to the environment.
You need to recommend a patch management solution for the new branch office that meets the following requirements:
�� Ensures that only updates approved by main office administrators are installed. �� Reduces the amount of network bandwidth used to download updates from Microsoft Update.
What should you recommend?
A.In the main office, install and configure a WSUS server as a replica server. Configure a Group Policy for the OU so that all computers receive updates from the new WSUS server. B.In the main office, install and configure a WSUS server as a stand-alone server. Configure a new Group Policy for the OU so that all computers receive updates from the new WSUS server. C.In the new branch office, install and configure a WSUS server as a stand-alone server. Configure a Group Policy for the OU so that all computers receive updates from the new WSUS server. D.In the new branch office, install and configure a WSUS server as a replica server. Configure a Group Policy for the OU so that all computers receive updates from the new WSUS server.
Answer: D
QUESTION 22
Your company has a main office and a new branch office. The network consists of one Active directory domain. The branch office contains two member servers that run Windows Server 2008 R2. One of the servers is configured as a file server that hosts shared folders. An administrator in the branch office is responsible for maintaining the servers. You have a single DNS zone that is hosted on a DNS server located in the main office. A wide area network (WAN) link between the branch office and the main office is unreliable.
You need to recommend a network services solution for the new branch office.
The solution must meet the following requirements:
�� Users must be able to log on to the domain if a WAN link fails. �� Users must be able to access file shares on the local server if a WAN link fails. �� Branch office administrators must be prevented from initiating changes to Active Directory. �� Branch office administrators must be able to make configuration changes to the servers in the branch office.
What should you recommend?

A.Promote the member server to a domain controller and add the branch office administrators to the Domain Admins group. B.Promote the member server to a read-only domain controller (RODC) and add the branch office administrators to the Domain Admins group. C.Promote the member server to a read-only domain controller (RODC) and configure the DNS role. Delegate administrative rights to the local branch office administrator. D.Promote the member server to a domain controller and configure the DNS role. Create an organizational unit (OU) for each branch office and delegate administrative rights to the local branch office administrator.
Answer: C
QUESTION 23
Your network consists of one Active Directory forest that contains one root domain and two child domains. All domain controllers run Windows Server 2008 R2. A domain controllers run the DNS Server service and host Active Directory-integrated zones. You design a name resolution solution to support single-label names.
You need to prepare the environment to support single-label name resolution across the entire forest.
What should you do?
A. Deploy a GlobalNames zone.
B. Deploy stub zones in each child domain.
C. Configure conditional forwarders in each child domain.
D. Configure A.A.AA resource records in the parent domain.
Answer: A
QUESTION 24
Your company has a main office and two branch offices. The network contains one Active Directory domain named contoso.com. Au domain controllers and DNS servers for the contoso.com domain are located in the main office. All DNS servers are member servers. You plan to deploy two new Active Directory domains named east.contoso.com and west.contoso.com in the branch offices. You install a DNS server in each branch office.
You need to prepare the environment for the installation of the new domains.
What should you do next?

A.Create a new standard primary zone on each branch office DNS server for the new domains Configure forwarders on the main office DNS servers to point to the branch office servers.
B.Create a new stub zone on each branch office DNS server for the new domains. Configure conditional forwarders on the main office DNS servers to point to the branch office DNS servers.
C.Configure a delegation subdomain DNS record on the main office DNS server for each new domain. Configure a stub zone on each branch office DNS server for the new domains. Configure zone transfer for the contoso.com zone to the branch office DNS servers.
D.Configure a delegation subdomain DNS record on the main office DNS server for each new domain, Create a new standard primary zone on each branch office DNS server for the new domains. Configure zone transfer for the contoso.com zone to the branch office DNS servers.
Answer: D
QUESTION 25
Your network consists of one Active Directory domain. The domain contains servers that run Windows Server 2008 R2. The relevant servers are configured as shown in the following table.

Your company has a department named Sales. Al client computers in the Sales department run Windows 7 and use an application named Application1. Application1 uses a dynamic-link library (DLL.) named Salesapp.dll.. You plan to deploy a new application named Apphcation2 that uses a different version of Salesapp.dll. During testing, administrators report that Apphcabon2 causes Application1 to fail when both applications run on the same computer.
You need to ensure that users can run both applications successfully on the same computer.
What should you do?
A.On Server1, create and link a Group Policy object (GPO) that publishes Appcation2 to all users in the Sales department. B.On Server1, create and link a Group Policy object (GPO) that assigns Application2 to all computers in the Sales department. C.On Server2, install Application1 and Applcation2. Configure all computers in the Sales department to run the applications by using RemoteApp. D.On Server2, install Application2 and configure all computers in the Sales department to run the application by using RemoteApp.

Answer: D
QUESTION 26
Your network consists of one Active Directory domain. Your company has a department named Sales. Some employees in the Sales department work from home and require access to applications and file servers on the corporate network.
The corporate security policy includes the following requirements:
�� Remote computers must only connect to the network by using Secure Socket Layer (SSL). �� Computers that connect to the network must have an up-to-date antivirus application and all available security updates installed.
You need to plan a remote access solution for the Sales department employees.
What should you include in your plan?
A. Configure a virtual private network (VPN) solution that uses PPTP.
B. Configure a virtual private network (VPN) solution that uses L2TP.
C. Configure a Remote Desktop Services solution that uses Remote Desktop Gateway (RD Gateway).
D. Configure a Remote Desktop Services solution that uses Remote Desktop Web Access (RD Web Access).
Answer: C
QUESTION 27
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2008. The functional level of the domain is Windows Server 2003. You have one Terminal Services licensing server that runs Windows Server 2008 and three terminal servers that run Windows Server 2008. You plan to deploy a new Remote Desktop Services server that runs Windows Server 2008 R2.
You need to plan a solution that enables reporting for all Terminal Services client access licenses (TS CALs).
What should you include in your plan?
A. Upgrade the licensing server to Windows Server 2008 R2.
B. Upgrade all domain controllers to Windows Server 2008 R2.
C. Upgrade the three terminal servers to Windows Server 2008 R2.
D. Raise the functional level of the domain to Windows Server 2008 R2.
Answer: A QUESTION 28

Your network consists of one Active Directory domain Your company uses a firewall to connect to the Internet. Inbound TCP/IP port 443 is allowed on the firewall.
You have Remote Desktop Services servers on the internal network. You have one server on the internal network that has Remote Desktop Gateway (RD Gateway) deployed. Al servers run Windows Server 2008 R2.
You need to recommend a solution that enables remote users to access network resources by using RD Gateway.
What should you recommend?
A.Change the firewall rules to permit traffic through port 3389 from the Internet. B.Install the Remote Desktop Services server role with the Remote Desktop Web Access (RD Web Access) services role. C.Install the Remote Desktop Services server role with the Remote Desktop Connection Broker (RD Connection Broker) services role. D.Create a Remote Desktop connection authorization policy (RD CAP) and a Remote Desktop resource authorization policy (RD RAP).
Answer: D
QUESTION 29
Your network consists of one Active Directory forest named contoso.com. The functional level of the contoso.com forest is Windows Server 2008. The network contains seven servers that run Internet Information Services (IIS) 7.0 and host Web services. Remote users from a partner company access the Web services through HTTPS. The partner company has a separate Active Directory forest named fabrikam.com. The functional level of the fabrikam.com forest is Windows Server 2003.
You need to recommend an authentication solution for the fabrikam.com users.
The solution must meet the following requirements:
-All communications between both forests must use only HTTPS. -Remote users must only authenticate once to access all Web services. -Users from fabrikam.com must access the Web services by using user accounts in the fabrikam.com forest.
What should you recommend?
A.Implement Client Certificate Mapping Authentication on the IIS servers.

B.Implement Microsoft Identity Lifecycle Manager (ILM) 2007 on the contoso.com forest.
C.Implement a forest trust between the contoso.com and the fabrikam.com forests. Configure the forest trust to use Selective Authentication.
D.Implement Active Directory Federation Services (AD FS) in the contoso.com forest. Create a federation trust between the contoso.com forest and the fabrikam.com forest.
Answer: D
QUESTION 30
Your network consists of one Active Directory domain named contoso.com. The domain contains three Windows Server 2008 servers named Server1, Server2, and Server3. Server1 runs Active Directory Certificate Services (AD CS) and is configured as an enterprise root certification authority. Server2 hosts an internal Web site. Users currently connect to the Web site by using the URL https://server2.contoso. com. You plan to replicate the Web site from Server2 to Server3.
You need to recommend a solution to enable users to connect to the Web site through HTTPS on either Server2 or Server3 by using a single URL.
The solution must meet the following requirements:
-Users must be able to use the https://www.contoso.com URL to connect to the Web site. -Incoming connections must be dynamically balanced between Server2 and Server3.
What should you recommend?
A.Add both servers to a Network Load Balancing cluster. Export the Web server certificate on Server2 to Server3.
B.Add both servers to a failover cluster. Issue a Web server certificate for www.contoso.com. Install the certificate on Server2.
C.Add both servers to a Network Load Balancing cluster. Issue a Web server certificate for www.contoso. com. Install the certificate on Server2 and Server3.
D.Add both servers to a failover cluster. Issue a Web server certificate for server2.contoso.com and install the certificate on Server2. Issue a Web server certificate for server3.contoso.com and install the certificate on Server3.
Answer: C
QUESTION 31
Your company has a main office and 10 branch offices. The network consists of one Active Directory domain.

All domain controllers run Windows Server 2008 and are located in the main office.
You need to plan the deployment of one Windows Server 2008 domain controller in each branch office.
The solution must meet the following requirements:
-Branch office domain controllers must be able to log users on to the domain. -Branch office domain controllers must be able to store the passwords of only some domain users. -Users must be able to download Group Policy objects (GPOs) from the branch office domain controllers.
What should your plan include?
A.Install Active Directory Lightweight Directory Services (AD LDS). B.Install Active Directory Domain Services (AD DS) on a Server Core installation of Windows Server 2008. C.Install Active Directory Domain Services (AD DS). Select the read-only domain controller (RODC) option
during installation. D.Install Active Directory Domain Services (AD DS). Create a new Password Settings object (PSO). Link the PSO to user objects in the respective branch office.
Answer: C
QUESTION 32
Your company has a main office and 100 branch offices. The network consists of one Active Directory domain that contains 10,000 users. You plan to deploy one Windows Server 2008 domain controller in each branch office.
You need to recommend a solution to minimize network traffic during the installation of Active Directory Domain Services (AD DS) on each branch office domain controller.
What should you recommend?
A.Install AD DS by using the Install from Media feature. B.Install AD DS and configure the read-only domain controller (RODC) option. C.Install a Server Core installation of Windows Server 2008, and then install AD DS. D.Disable the Global Catalog option on each branch office domain controller. Enable Universal Group
Membership Caching from each branch office site.
Answer: A
QUESTION 33
Your network consists of one Active Directory domain that contains only domain controllers that run Windows Server 2003. Your company acquires another company.

You need to provide user accounts for the employees of the newly acquired company. The solution must support multiple account lockout policies.
What should you do?
A.Implement Authorization Manager. B.Implement Active Directory Federation Services (AD FS). C.Upgrade one domain controller to Windows Server 2008. Raise the functional level of the domain to
Windows Server 2003. D.Upgrade all domain controllers to Windows Server 2008. Raise the functional level of the domain to Windows Server 2008.
Answer: D
QUESTION 34
Your company has a main office and a branch office. Your network consists of one Active Directory domain. All domain controllers run Windows Server 2008.
You need to plan the installation of a new server as a read-only domain controller (RODC) in the branch office.
The plan must meet the following requirements:
-A branch office user must complete the RODC installation. -The branch office user must only be a member of only the Domain Users security group.
What should you do first?
A. Create an installation media by using ntdsutil.
B. Instruct the user to join the new server to the domain.
C. Pre-create a read-only domain controller (RODC) account for the branch office server.
D. Create an organizational unit (OU) for the branch office. Delegate full control of the OU to the branch office user.
Answer: C
QUESTION 35
Your network contains one Active Directory forest that has a root domain and three child domains. All domain controllers run Windows Server 2003 Service Pack 1 (SP1).

Each domain has a different password policy.The domain is configured as shown in the exhibit. You plan to reduce the number of domains in the forest.
You need to plan the restructuring of the forest to meet the following requirements: -Maintain all existing password policies. -Maintain all existing user account attributes.
What should you include in your plan? Exhibit:

A.Upgrade all domains to Windows Server 2008. Redirect the users container in the root domain by using the redirusr.exe tool, and then remove the child domains. Enable fine-grained password policies.
B.Upgrade all domains to Windows Server 2008 and enable SID history. Move all user accounts from the child domains to the root domain by using the movetree.exe tool, and then remove the child domains.
C.Upgrade the forest root domain to Windows Server 2008. Use the Active Directory Migration Tool (ADMT) to migrate user accounts that contain SID history from the child domains to the forest root domain. Remove the child domains.
D.Upgrade the forest root domain to Windows Server 2008. Use the Active Directory Migration Tool (ADMT) to migrate user accounts from the child domains to the forest root domain, and then remove the child domains. Enable fine-grained password policies.
Answer: D QUESTION 36

Your company has a main office, three regional offices, and six branch offices. The network links are configured as shown in the exhibit. The network consists of one Active Directory domain. You create an Active Directory site for each office. You create a site link for each wide area network (WAN) link. The Bridge all site links option is disabled.
You need to plan the deployment of domain controllers.
The solution must meet the following requirements.
-Windows PowerShell must be installed on all domain controllers in each regional office. -Domain user account passwords stored on the domain controllers must be protected if a branch office domain controller is stolen.
What should you do?
Exhibit:

A.In each branch office and in each regional office, install a Server Core installation of Windows Server 2008 and configure a writable domain controller.
B.In each branch office and in each regional office, install a full installation of Windows Server 2008 and configure a read-only domain controller (RODC).

C.In each branch office, install a Server Core installation of Windows Server 2008 and configure a read-only domain controller (RODC). In each regional office, install a full installation of Windows Server 2008 and configure a writable domain controller.
D.In each branch office, install a full installation of Windows Server 2008 and configure a read-only domain controller (RODC). In each regional office, install a Server Core installation of Windows Server 2008 and configure a writable domain controller.
Answer: C
QUESTION 37
Your company has a main office and 10 branch offices. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 and are located in the main office. Each branch office contains one member server. Branch office administrators in each branch office are assigned the necessary rights to administer only their member servers. You deploy one read-only domain controller (RODC) in each branch office.
You need to recommend a security solution for the branch office Windows Server 2008 domain controllers.
The solution must meet the following requirements:
-Branch office administrators must be granted rights on their local domain controller only. -Branch office administrators must be able to administer the domain controller in their branch office. This includes changing device drivers and running Windows updates.
What should you recommend?
A.Add each branch office administrator to the Administrators group of the domain. B.Add each branch office administrator to the local Administrators group of their respective domain controller. C.Grant each branch office administrator Full Control permission on their domain controller computer object in
Active Directory. D.Move each branch office domain controller computer object to a new organizational unit (OU). Grant each local administrator Full Control permission on the new OU.
Answer: B
QUESTION 38
Your company has four offices that are connected by using high speed wide area network (WAN) links. Each office has a router that supports the Simple Certificate Enrollment Protocol (SCEP). The network consists of one Active Directory domain. All domain controllers run Windows Server 2008. You have a Certificate Services infrastructure.

The Certificate Services servers run Windows Server 2003 Standard Edition. You plan to enable device authentication for all routers.
You need to recommend changes to the Certificate Services infrastructure to support device authentication.
Which changes should you recommend?
A.Install a new server that runs Windows Server 2008 Enterprise Edition. Enable the Active Directory Certificate Services (AD CS) role. B.Install a new server that runs Windows Server 2008 Standard Edition. Install the Network Protection and Access Services (NPAS) role. C.Upgrade the existing Certificate Services servers to Windows Server 2008 Standard Edition. Enable the Web enrollment component. D.Upgrade the existing Certificate Services servers to Windows Server 2008 Enterprise Edition. Enable the Network Device Enrollment service.
Answer: D
QUESTION 39
Your network consists of two Active Directory forests. The Active Directory forests are configured as shown in the following table:

The contoso.com and fabrikam.com domains each contain one server that runs Active Directory Federation Services (AD FS). Users in the company1.contoso.com domain require access to an application server in the company2.fabrikam.com domain. The application server is configured to allow only Kerberos authentication.
You need to ensure that users in the company1.contoso.com domain can access the application server in the company2.fabrikam.com domain.

What should you do first?
A. Create a forest trust between the contoso.com forest and the fabrikam.com forest.
B. Create an external trust between the contoso.com domain and the fabrikam.com domain.
C. Create an AD FS federation trust between the contoso.com forest and the fabrikam.com forest.
D. Create an external trust between the company1.contoso.com domain and the company2.fabrikam.com domain.
Answer: A
QUESTION 40
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2003. The functional level of the forest is Windows 2000. The functional level of the domain is Windows 2000 mixed. You install a domain controller that runs Windows Server 2008.
You plan to deploy a read-only domain controller (RODC). You need to modify the domain and forest functional levels to support the installation of the RODC.
What should you do?
A. Set the domain functional level to Windows 2003 and the forest functional level to Windows 2000 native.
B. Set the domain functional level to Windows 2003 and the forest functional level to Windows 2003.
C. Set the domain functional level to Windows 2008 and the forest functional level to Windows 2003.
D. Set the domain functional level to Windows 2008 and the forest functional level to Windows 2008.
Answer: B
QUESTION 41
Your network consists of one Active Directory domain that contains servers that run Windows Server 2008. The relevant servers are configured as shown in the following table:

All client computers are members of the domain and run Windows Vista. All users have accounts in the domain.

You need to recommend a solution that enables all client computers to automatically request and install computer certificates.
What should you recommend?
A. On Server2, implement the Network Device Enrollment Service.
B. On Server2, implement certification authority Web enrollment support.
C. On Server1, enable auto-enrollment in the User Configuration section of the Default Domain Policy.
D. On Server1, enable auto-enrollment in the Computer Settings section of the Default Domain Policy.
Answer: D
QUESTION 42
Your company has one main office and eight branch offices. Each branch office has 200 client computers and a local administrator. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008. You plan to deploy domain controllers to the branch office locations.
You need to plan an administration solution for the branch offices that meets the following requirements:
-Branch office administrators must be able to update drivers on their respective branch office domain controllers. -Branch office administrators must be able to log on only to domain controllers in their respective branches.
What should you include in your plan?
A.Deploy a Windows Server 2008 read-only domain controller (RODC) in each branch office. Assign the Administrators role for the RODC to the branch office administrators. B.Deploy a Windows Server 2008 read-only domain controller (RODC) in each branch office. Assign the Network Configuration Operators role for the RODC to the branch office administrators. C.Deploy a domain controller that runs a Server Core Installation of Windows Server 2008 in each branch office. Add the branch office administrator to the Server Operators domain local group. D.Deploy a domain controller that runs a Server Core Installation of Windows Server 2008 in each branch office. Add the branch office administrator to the Administrators domain local group.
Answer: A
QUESTION 43

Your network consists of one Active Directory forest that contains 20 domain trees. All DNS servers run Windows Server 2008. The network is configured as an IPv4 network. Users connect to network applications in all domains by using a NetBIOS name. You plan to migrate to an IPv6-enabled only network.
You need to recommend a solution to migrate the network to IPv6. The solution must not require any changes to client computers.
What should you recommend?
A. On the DNS servers, configure GlobalNames zones.
B. On the DNS servers, add all domain zones to the ForestDNSZones partition.
C. On a new server, install and configure a Windows Server 2008 WINS server.
D. On a new server, install and configure a Windows Server 2003 WINS server.
Answer: A
QUESTION 44
Your network consists of one Active Directory domain. The domain contains servers that run Windows Server 2008.
The relevant servers are configured as shown in the following table:

You install an application named Application1 on Server3. User-specific settings for the application are stored in a configuration file named Application1.ini. When multiple users run Application1 concurrently, Application1.ini is overwritten and the application fails.
You need to recommend a solution that enables users to successfully run Application1 on Server3.
What should you recommend?
A.On Server3, deploy Terminal Services Session Broker (TS Session Broker).
B.On Server2, stream a SoftGrid application package containing Application1 to Server3.
C.On Server3, configure Application1 as a Terminal Services RemoteApp (TS RemoteApp).
D.On Server1, create and link a Group Policy object (GPO) to publish Application1 to all users who establish a Terminal Services session on Server3.

Answer: B
QUESTION 45
Your network consists of a single IP subnet. All servers and client computers connect to managed switches. All servers run Windows Server 2008. All client computers run Windows Vista.
The servers on the network are configured as shown in the following table:

You need to prepare the Network Access Protection (NAP) environment to meet the following requirements:
-Computers that have the required Microsoft updates installed must be able to access all computers on the network. -Network switches must first allow client computers to communicate to only Server1 and Server2 when the computers connect to the network.
Which NAP enforcement method should you use?
A. 802.1x
B. DHCP
C. IPsec
D. VPN
Answer: A
QUESTION 46
Your network consists of one Active Directory domain. The domain contains servers that run Windows Server 2008.

The servers are configured as shown in the following table:

All client computers run Windows Vista Service Pack 1 (SP1). Remote domain users at a customer site report that they can access Server2 from the Internet by using the URL https://portal.contoso.com. They also report that a firewall at the customer site prevents all other outbound connections.
You need to implement a solution to enable remote users to access files on Server3 from a VPN connection.
Which connection should you enable on Server1?
A. IPsec Tunnel mode

B. L2TP
C. PPTP
D. Secure Socket Tunneling Protocol (SSTP)
Answer: D
QUESTION 47
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2003. The functional level of the domain is Windows 2000 native. You have one Terminal Services licensing server that runs Windows Server 2003 and three terminal servers that run Windows Server 2003.
You plan to deploy a new terminal server that runs Windows Server 2008. You need to plan a solution that enables reporting for all Terminal Services client access licenses (TS CALs).
What should you include in your plan?
A. Upgrade the licensing server to Windows Server 2008.
B. Upgrade all domain controllers to Windows Server 2008.
C. Upgrade the three terminal servers to Windows Server 2008.
D. Raise the functional level of the domain to Windows Server 2003.
Answer: A
QUESTION 48

Your network consists of one Active Directory domain. Your company has an intranet. You deploy Terminal Services terminal servers that run Windows Server 2008. You plan to make applications available to users on the intranet.
You need to recommend a solution to ensure that each user session receives an equal share of the CPU resources on the terminal servers.
What should you recommend?
A.Install and configure the Network Load Balancing feature on all terminal servers. B.Install and configure the Terminal Services server role with the Terminal Services Session Broker (TS Session Broker) services role on all terminal servers. C.Install the Windows System Resource Manager (WSRM) feature on all terminal servers. Set the resource-allocation policy. D.Install the Network Policy and Access Services (NPAS) server role on another server. Define and apply a new policy by using Network Policy Server (NPS).
Answer: C
QUESTION 49
Your network consists of one Active Directory domain. The domain contains four servers that run Windows Server 2008.
The relevant servers are configured as shown in the following table:

Your company has a department named Sales. All client computers in the Sales department run Windows Vista and use an application named Application1. Application1 uses a dynamic-link library (DLL) named Salesapp.dll. You plan to deploy a new application named Application2 that uses a different version of Salesapp.dll. During testing, administrators report that Application2 causes Application1 to fail when both applications run on the same computer.
You need to ensure that users can run both applications successfully on the same computer. The solution must enable users that use portable computers to run both applications when they are disconnected from the network.

What should you do?
A.On Server1, create and link a Group Policy object (GPO) that assigns Application2 to all computers in the Sales department. B.On Server3, create a SoftGrid application package that contains Application2 and stream it to all computers in the Sales department. C.On Server2, install Application2. Configure all computers in the Sales department to access Application2 by using Terminal Services Gateway (TS Gateway). D.On Server2, install Application2. Configure all computers in the Sales department to run Application2 by using Terminal Services RemoteApp (TS RemoteApps).
Answer: B
QUESTION 50
Your company has one office in Montreal and one office in New York. Each office has 2,000 client computers configured as DHCP clients. DHCP relay is not supported on the network routers. The network consists of one Active Directory domain.
You need to recommend a DHCP addressing solution for both offices.
The solution must meet the following requirements:
-Minimize traffic between offices. -Be available if a single server fails.
What should you recommend?
A.In each office, install a DHCP server that has two scopes. B.In each office, install a DHCP instance on a two node failover cluster. C.In the Montreal office, install a DHCP server. In the New York office, install a DHCP Relay Agent. D.In the Montreal office, install a DHCP instance on a two node failover cluster. In the New York office, install a
DHCP Relay Agent.
Answer: B
QUESTION 51
Your network consists of one Active Directory forest that contains one root domain and 10 child domains. Administrators of the child domains frequently modify the records for authoritative DNS servers for the child domain DNS zones.

You need to recommend a solution to minimize the amount of manual configuration steps required to maintain name resolution on the network.
What should you recommend?
A. On the child domain DNS servers, create stub zones for the root domain zone.
B. On the child domain DNS servers, configure conditional forwarders for the parent domain.
C. On the root domain DNS servers, create stub zones for the child domain zones.
D. On the root domain DNS servers, configure delegation subdomain records for the child domains.
Answer: C
QUESTION 52
Your network consists of one Active Directory domain. The domain contains servers that run Windows Server 2008.
The relevant servers are configured as shown in the following table:

Your company has a department named Sales. All users in the Sales department have desktop computers that run Windows Vista Enterprise Edition. All users in the Sales department run an application named Application1 that is compatible only with Windows
95. To run Application1, each user in the Sales department has a second desktop computer that runs Windows 95. The Windows 95 computers must be removed from the network. You use the Microsoft Application Compatibility Toolkit (ACT) 5.0 to test Application1. The test confirms that the application runs only on Windows 95 computers and must be redeveloped to be compatible with Windows Vista or Windows Server 2008.
You need to recommend a solution that will enable you to remove the Windows 95 computers. Users in the Sales department must be able to continue running Application1.
What should you do?
A.Create a virtual machine that runs Windows 95 and Application1. Run the virtual machine on all computers in the Sales department by using Microsoft Virtual PC 2007.
B.Create and link a Group Policy object (GPO) that publishes Application1 to all client computers in the Sales department. Configure Application1 to run as an administrator.
C.Create and link a Group Policy object (GPO) that assigns Application1 to all client computers in the Sales department. Configure Application1 to run in compatibility mode for Windows 2000.

D.Install Application1 on Server2. Configure Application1 to run in compatibility mode for Windows 95. Configure all computers in the Sales department to run the application through Terminal Services.
Answer: A
QUESTION 53
Your network is connected to the Internet through a firewall. Remote users connect to Microsoft Windows SharePoint Services (WSS) located on the internal network by using HTTPS. Users require access to file servers located on the internal network.
You need to ensure that remote users can connect to the file servers. The solution must not require that any additional TCP ports be opened on the firewall.
What should you do?
A. Implement a PPTP virtual private network (VPN) solution.
B. Implement an L2TP virtual private network (VPN) solution.
C. Implement a Terminal Services Web Access (TS Web Access) solution.
D. Implement a Secure Socket Tunneling Protocol (SSTP) virtual private network (VPN) solution.
Answer: D
QUESTION 54
Your network consists of one Active directory domain. The functional level of the domain is Windows Server 2008. You have one organizational unit (OU) named AllUsers that contains all user accounts for the domain. Your company has two departments named Sales and Engineering. Each department has a department manager. Each department has a global security group that contains all department users.
You need to prepare the environment to manage all user accounts.
The solution must meet the following requirements:
-Sales department users must be required to reset their passwords every 30 days. -Department managers must administer only users in their respective departments. -Engineering department users must be required to reset their passwords every 45 days. -The solution must be achieved by using the minimum amount of administrative effort.

What should you do?
A.Delegate administration of the AllUsers OU to the department manager of each department. Modify the password policy for the domain. B.Create a new OU for each department. Delegate administration to the department manager of each OU. Create a new password policy for each global security group. C.Create a child domain for each department. Delegate administration to the department manager of each domain. Create a new password policy for each domain. D.Create a new OU for each department. Delegate administration to the department manager of each new OU. Create a new Group Policy object. Configure the password policy for the new GPO and link it to the OUs.
Answer: B
QUESTION 55
Your network consists of one Active Directory forest that contains four Active Directory domains named Sales, Marketing, Finance, and IT. The Finance domain contains a domain controller that runs Windows Server 2008. The Sales, Marketing, and IT domains contain only domain controllers that run Windows Server 2003.
You need to prepare the environment for the deployment of a read-only domain controller (RODC) in the Finance domain and in the IT domain. You must ensure that the RODC can advertise itself as a global catalog server.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Upgrade all DNS servers to Windows Server 2008.
B. Run adprep /domainprep on the Sales, Marketing, and IT domains.
C. Install a Windows Server 2008 writable domain controller in the IT domain.
D. Configure the Windows Server 2008 domain controller in the finance domain as a global catalog server.
Answer: BC
QUESTION 56
Your network consists of one Active directory domain. The functional level of the domain is Windows Server 2008. The domain is configured as shown in the exhibit.
You create four Group Policy objects (GPOs) as shown in the following table: You need to link the new GPOs to meet the following requirements:


-All users must have access to a USB printer device. -All users except the department managers must be denied access to USB flash drives. -Both department managers must have access to USB flash drives and a USB printer device. -Only users in the sales department must have the custom database application installed. -Only users in the engineering department must have the line-of-business application installed. -You must achieve this goal by using the minimum amount of administrative effort.
What should you do?
Exhibit:

A.Link GPO1 to the Sales Users OU. Link GPO2 to the Engineering Users OU. Link GPO3 to the All Users OU. Link GPO4 to the Managers OU.
B.Link GPO1 and GPO2 to the Sales Users OU and the Engineering Users OU. Link GPO3 to the domain and block inheritance for the Managers OU. Link GPO4 to the All Users OU.
C.Link GPO1 and GPO2 to the Sales Users OU and the Engineering Users OU. Link GPO3 to the All Users OU. Link GPO4 to the domain and block inheritance for the All Users OU.

D.Link GPO1 to the Sales Users OU. Link GPO2 to the Engineering Users OU. Link GPO3 to the All Users OU and block inheritance for the Managers OU. Link GPO4 to the Managers OU.
Answer: A
QUESTION 57
Your network consists of one Active Directory forest that contains two domains. All domain controllers run Windows Server 2003. The network contains file servers that run Windows Server 2003 R2. The files servers run DFS Replication. The forest root domain is named contoso.com and the child domain is named corp.contoso.com. You prepare the forest schema for the installation of domain controllers that run Windows Server 2008. You prepare the corp.contoso.com domain. You install a new domain controller that runs Windows Server 2008 on corp.contoso.com.
You need to plan an Active Directory implementation to meet the following requirements:
-Enable DFS Replication support for SYSVOL on corp.contoso.com. -Allow the installation of new domain controllers that run Windows Server 2003 in the forest root domain.
What should you include in your plan?
A.Upgrade all file servers to Windows Server 2008.
B.Run adprep /domainprep /gpprep on the corp.contoso.com domain and run adprep /domainprep on the contoso.com domain.
C.Upgrade all Windows Server 2003 domain controllers to Windows Server 2008. Raise the functional level of the forest to Windows Server 2008.
D.Upgrade the Windows Server 2003 domain controllers in corp.contoso.com to Windows Server 2008. Raise the corp.contoso.com domain functional level to Windows Server 2008.
Answer: D
QUESTION 58
Your company has 10 offices. Each office has 10 domain controllers that run Windows Server 2008. The network consists of one Active directory domain. Each office has a local administrator. You use domain-level Group Policy objects (GPO). Office administrators have the necessary permissions to create and link domain-level Group Policy objects. You create custom Administrative Template (.admx) files locally on a computer that runs Windows Vista.
You need to implement a GPO management strategy to ensure that the administrators can access the .admx files and any future updates to the .admx files from each office. The solution must ensure that .admx files remain identical across the company.

What should you do?
A.In the domain, create a central store. Copy the custom .admx files to the central store. B.In each office, create a central store on a file server. Copy the custom .admx files to the central store. C.Create a GPO and link it to the domain. Add the .admx files to the GPO. D.Create a GPO and link it to the Domain Controllers organizational unit (OU). Add the custom .admx files to
the GPO.
Answer: A
QUESTION 59
Your company has 50 offices. Twenty offices are in North America and 30 offices are in Europe. An Active Directory site exists for each office. The network consists of one Active directory domain. All domain controllers run Windows Server 2008. You use a domain-level Group Policy object (GPO) to install an application named App1 on all client computers.
You need to deploy a GPO solution to meet the following requirements:
-Maintain all settings applied by the existing GPOs. -Deploy shared printers based on computer location.
What should you do?
A.Create and link a GPO to each site to deploy the printers. B.Create and link the GPO to the domain to deploy the printers. C.Create a new organizational unit (OU) for Europe and a new OU for North America. Create and link the GPO
to each new OU to deploy the printers. D.Install a child domain for Europe and a child domain for North America. Create and link a GPO to each domain to deploy the printers.
Answer: A
QUESTION 60
Your network consists of 20 Active directory domains in a single forest. The functional level of the forest is Windows Server 2008. You company has 20 departments. A separate domain exists for each department. Each domain has an organizational unit (OU) named DepartmentUsers that contains the respective domain users.

Each domain has its own IT department.
You need to plan the consolidation of all the IT departments into a single IT department.
The solution must meet the following requirements:
-IT administrators must be denied from making domain-wide changes. -IT administrators must be able to administer users in all departments. -Your solution must use the minimum amount of administrative effort.
What should you include in your plan?
A.In one domain, create a universal group for all the IT administrators. Add the universal group to the Domain Admins group in each domain. B.In one domain, create a global group for all the IT administrators. Add the global group to the Domain Admins group in each domain. C.In one domain, create a universal group for all the IT administrators. Delegate administration of the DepartmentUsers OU in each domain to the universal group. D.In each domain, create a domain local group for the IT administrators. Delegate administration of the DepartmentUsers OU in each domain to the corresponding domain local group.
Answer: C
QUESTION 61
Your company has one main office and 50 branch offices. You have a wide area network (WAN) link that connects all branch offices to the main office. The network consists of 10 Active Directory domains. Users from all domains are located in the branch offices. You plan to configure each branch office as an Active Directory site. The domain is configured as shown in the exhibit.
You need to plan the deployment of domain controllers in the branch offices to meet the following requirements:
-Users must be able to log on if a WAN link fails. -Minimize replication traffic between offices.
What should you include in your plan? Exhibit:


A.Implement a domain controller in each branch office. Enable Universal Group Membership Caching. B.Implement a domain controller in each branch office. Configure DNS to use a single Active Directory-integrated zone. C.Implement a domain controller in each branch office. Configure the domain controller as a global catalog server. D.Implement a read-only domain controller (RODC) in each branch office. Configure the domain controller as a global catalog server.
Answer: A
QUESTION 62
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2003.
You need to plan the forest and domain functional levels to support the following requirements:
-Read-only domain controllers (RODC) -Windows Server 2003 domain controllers
Which functional levels should you include in your plan?
A. The forest functional level of Windows 2000 and the domain functional level of Windows Server 2003.
B. The forest functional level of Windows Server 2003 and the domain functional level of Windows Server 2003.
C. The forest functional level of Windows Server 2003 and the domain functional level of Windows Server 2008.
D. The forest functional level of Windows Server 2008 and the domain functional level of Windows Server 2008.
Answer: B QUESTION 63

Your network consists of one Active Directory domain. The network contains one Active Directory site. All domain controllers run Windows Server 2008. You create a second Active Directory site and plan to install a domain controller that runs Windows Server 2008 in the new site. You also plan to deploy a new firewall to connect the two sites.
You need to enable the domain controllers to replicate between the two sites.
Which traffic should you permit through the firewall?
A. LDAP
B. NetBIOS

C. RPC
D. SMTP
Answer: C
QUESTION 64
Your company has one main office and one branch office. An Active Directory site exists for each office. The offices are connected across a wide area network (WAN) link. Servers in both offices run Windows Server 2008.
You need to plan a failover clustering solution for servers that run Microsoft SQL Server 2005.
The solution must meet the following requirements:
-Withstand the failure of any single cluster node. -Minimize the number of servers required to implement failover clustering.
What should you include in your plan?
A. Deploy one single cluster that contains one cluster node on each site.
B. Deploy one single cluster that contains two cluster nodes on each site.
C. Deploy two separate clusters that contain one cluster node on each site.
D. Deploy two separate clusters that contain two cluster nodes on each site.
Answer: A
QUESTION 65

Your network consists of one Windows Server 2008 domain. The network contains portable computers. You configure a server that runs Windows Server 2008 as a Routing and Remote Access Service (RRAS) server. Users connect remotely to the network through a virtual private network (VPN) connection to the RRAS server from both company-issued portable computers and non-company-issued computers.
The relevant portion of the network is shown in the following diagram:

You need to prepare the environment to secure remote access to the network. The solution must meet the following requirements:
-Only computers that have Windows Firewall enabled can connect remotely. -Only computers that have the most up-to-date antivirus definitions can connect remotely. -Only computers that run Windows Vista and have the most up-to-date updates can connect remotely.
What should you do?
A.Implement Authorization Manager. B.Implement Network Access Protection (NAP) on the perimeter network. C.Install a Microsoft Internet Security and Acceleration Server (ISA) 2006 on the network. D.Create a domain Group Policy object (GPO). Enable Windows Firewall and publish updated antivirus
definitions in the GPO.
Answer: B
QUESTION 66
Your network contains two servers named Server1 and Server2 that run Windows Server 2008. Microsoft System Center Operations Manager (SCOM) 2007 is installed on Server2. The Hyper-V role is installed on Server1. Server1 hosts five child virtual machines that run Windows Server 2003.
You need to recommend a solution that enables administrators to monitor the child virtual machines. The solution must gather the following data from the virtual machines:
-Performance statistics -Event data from the application log What should you recommend?

A. On Server1, install a SCOM agent.
B. On each child virtual machine, install a SCOM agent.
C. On Server2, install the Microsoft Virtual Server 2005 R2 Management Pack.
D. On Server2, install Microsoft System Center Virtual Machine Manager (SCVMM) 2007.
Answer: B
QUESTION 67
Your network consists of one Active Directory domain that contains domain controllers that run Windows Server 2008. The relative identifier (RID) operations master role for the domain fails and cannot be restored.
You need to restore the RID master role on the network.
What should you do?
A. Run netdom query /d:contoso.com fsmo.
B. From another domain controller, seize the RID operations master role.
C. Force replication between all domain controllers, and then run the Server Manager.
D. Force replication between all domain controllers, and then run the File Server Resource Manager (FSRM).
Answer: B
QUESTION 68
Your network contains two servers named Server1 and Server2 that run Windows Server 2008. The servers have the Windows Server Hyper-V role installed. You plan to host six virtual machines on Server1 and Server2. You plan to enable host clustering on Server1 and Server2. Each virtual machine will use Pass-Through Disk Access.
You need to recommend a storage configuration solution for Server1 and Server2 to support the planned virtual machines.
What should you recommend?
A.Configure internal storage on Server1 to contain six RAID disk arrays. Configure internal storage on Server2 to contain six RAID disk arrays. B.Configure internal storage on Server1 to contain three RAID disk arrays. Configure internal storage on Server2 to contain three RAID disk arrays.

C.Configure an iSCSI device to contain a logical unit number (LUN) mapped to one RAID array. Configure Server1 and Server2 to connect to the iSCSI device.
D.Configure an iSCSI device to contain six logical unit numbers (LUN) mapped to six volumes on one RAID array. Configure Server1 and Server2 to connect to the iSCSI device.
Answer: D
QUESTION 69
Your network consists of one Active Directory forest that contains one domain. The functional level of the forest is Windows 2000. The functional level of the domain is Windows 2000 native. Two domain controllers run Windows Server 2008 and three domain controllers run Windows Server 2003. Service packs are not installed on any of the domain controllers. You plan to enable Windows BitLocker Drive Encryption (BitLocker) on all domain controllers.
You need to store all BitLocker recovery information in Active Directory Domain Services (AD DS).
What should you do first?
A. Raise the forest functional level to Windows Server 2003.
B. Raise the domain functional level to Windows Server 2003.
C. Upgrade all Windows Server 2003 domain controllers to Windows Server 2008.
D. Extend the Active Directory schema to include BitLocker and Trusted Platform Module (TPM) attributes.
Answer: C
QUESTION 70
Your network contains a server that runs Windows Server 2008. You plan to deploy a content management system on the server.
You need to recommend a content management system to meet the following requirements:
-Automatically protect documents that are uploaded to a central data store. -Protect documents by preventing users from remotely printing sensitive corporate data.
What should you recommend?
A.Enable Windows BitLocker Drive Encryption (BitLocker) on a Microsoft Windows SharePoint Services (WSS) 3.0 server.
B.Enable Windows BitLocker Drive Encryption (BitLocker) on a Microsoft Office SharePoint Server (MOSS) 2007 server.

C.Use Active Directory Rights Management Services (AD RMS) and Microsoft Office SharePoint Server (MOSS) 2007.
D.Use Active Directory Rights Management Services (AD RMS) and Microsoft Windows SharePoint Services (WSS) 3.0.
Answer: C
QUESTION 71
Your company has one main office and 100 branch offices. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008. The wide area network (WAN) links from the branch offices to the main office are unreliable. A local administrator manages each branch office. Your company plans to add a new branch office. You create a new organizational unit (OU) that contains all the computer accounts for the new branch office. You configure a server in the main office to test all new software updates. You install Microsoft Windows Server Update Services (WSUS) 3.0.
You need to implement an update management solution for the new branch office to meet the following requirements:
-Only approved updates must be installed in the branch office. -Client computers must be able to download updates if a WAN link fails. -Each branch office administrator must be able to approve updates before installation.
What should you do?
A.In each branch office, install a WSUS 3.0 server as a replica server and configure it to download updates from the main office. Configure all computers to receive updates from their local WSUS server.
B.In each branch office, install a WSUS 3.0 server as a child server and configure it to download updates from Microsoft Update. Configure all computers to receive updates from their local WSUS server.
C.In the main office, install a WSUS 3.0 server as a child server and configure it to download updates from Microsoft Update. Configure all computers to receive updates from the new WSUS server.
D.In the main office, install and configure a WSUS 3.0 server as a stand-alone server and configure it to download updates from Microsoft Update. Configure all computers to receive updates from the new WSUS server.
Answer: B
QUESTION 72
Your company has one main office and four branch offices. An Active Directory site exists for each office. The network consists of one Active Directory domain. All servers run Windows Server 2008.

The branch offices are connected to the main office by slow and unreliable wide area network (WAN) links. Users complain that WAN link failures prevent them from accessing files on remote servers.
You need to recommend a solution to maintain availability of files on the remote servers.
The solution must meet the following requirements:
-Support scheduling of WAN link traffic. -Enable the connection to resume immediately after a WAN link interruption.
What should you recommend?
A. Use DFS Replication and replicate data to each branch office.
B. Use the File Server Resource Manager (FSRM) and create file screens.
C. Use the File Replication Service (FRS) and replicate data to each branch office.
D. Configure separate DFS Namespaces on each branch office server.
Answer: A
QUESTION 73
Your network consists of one Active Directory domain. The domain contains servers that run Windows Server 2008.
The relevant servers are configured as shown in the following table:

All client computers run Windows Vista. You plan to deploy two Java-based applications on all client computers. The two applications each require a different version of the Java Runtime Environment (JRE). After testing, you notice that the two JREs prevent the applications from running on the same computer.
You need to recommend a solution that enables the two Java-based applications to run on all client computers.
What should you recommend?
A.Create two Windows Installer (MSI) packages that each contains one version of the JRE and one compatible application. On Server2, advertise both packages to all client computers.

B.Create two Windows Installer (MSI) packages that each contains one version of the JRE and one compatible application. On Server1, create a Group Policy object (GPO) that assigns both packages to all client computers.
C.Use the SoftGrid Sequencer to create two application packages that each contains one version of JRE and one compatible application. On Server3, stream both application packages to all client computers. D.Install the two JRE versions and the two Java-based applications on Server4. Configure all client computers to connect to the Java-based applications by using Terminal Services RemoteApp (TS RemoteApp).
Answer: C
QUESTION 74
Your company has a main office. The main office is configured as an Active Directory site. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008. All DNS zones are Active Directory-integrated. Administrators frequently join new client computers to the domain. You plan to deploy a new site in a new branch office. The new branch office is connected to the main office by using a single wide area network (WAN) link.
You need to enable branch office administrators to successfully join computers to the domain if a WAN link fails. The solution must provide the highest level of security for the domain controllers.
What should you do?
A.Deploy a writable domain controller in the branch office site. B.Deploy an additional writable domain controller in the main site. C.Deploy a read-only domain controller (RODC) in the new site. Configure a stub zone in the main site. D.Deploy a read-only domain controller (RODC) in the new site. Configure a primary read-only zone in the
branch office site.
Answer: A
QUESTION 75
Your network consists of one Active directory domain. All user accounts are in an organizational unit (OU) named AllUsers. All computer accounts are in an OU named AllComputers. You plan to make five line-of-business applications available to all users. The applications take two hours to install. A single application named App1 will be updated monthly by being uninstalled and then reinstalled.
You need to recommend an application delivery solution for the five line-of-business applications. The solution must meet the following requirements:

-Users must be able to access the applications as quickly as possible. -App1 must be uninstalled and reinstalled by using the minimum amount of administrative effort. -Users must be able to access the applications from the Start menu or by opening files that are associated with App1.
What should you recommend?
A.Create a new Group Policy object (GPO) to deploy the applications. Link the GPO to the AllUsers OU. B.Create a new Group Policy object (GPO) to deploy the applications. Link the GPO to the AllComputers OU. C.Install servers that run Windows Server 2008 and have the Terminal Services role installed. Install the
applications on the servers and provide access to them by using Terminal Services Web Access (TS Web Access).
D.Install servers that run Windows Server 2008 and have the Terminal Services role installed. Install the applications on the servers and provide access to them by using Terminal Services RemoteApp (TS RemoteApp).
Answer: D
QUESTION 76
Your network contains servers that run Windows Server 2008. Microsoft Windows SharePoint Services (WSS) are available on the network. WSS is only accessible from the internal network. Several users use devices that run Windows Mobile 6.0. The users can establish only HTTP and HTTPS sessions from the Internet.
You need to enable users to access WSS from the Internet by using their Windows Mobile devices. The solution must ensure that all connections from the Internet to WSS are encrypted.
What should you do?
A.Install Microsoft Internet Security and Acceleration (ISA) Server 2006 and create a HTTPS publishing rule. B.Install Microsoft Internet Security and Acceleration (ISA) Server 2006 and create a Secure RPC publishing rule. C.Install the Network Policy and Access Services (NPAS) role and enable Secure Socket Tunneling (SSTP) connections. Configure WSS to require Kerberos authentication. D.Install the Network Policy and Access Services (NPAS) role and enable Secure Socket Tunneling (SSTP) connections. Configure WSS to require IPsec encryption.
Answer: A QUESTION 77

Your network consists of one Active Directory forest. You have two servers named Server1 and Server2. Both servers run Windows Server 2008. All client computers run Windows Vista.
Hardware on the servers is installed as shown in the following table:

Client computers use the Remote Desktop client to connect to Server1 and Server2.
You need to recommend a solution to control the distribution of user requests made to Server1 and Server2. The solution must enable administrators to distribute the traffic based on the server hardware.
What should you recommend?
A.Use DNS round-robin. Set the DoNotRoundRobinTypes registry entry to ptr srv ns. B.Add the failover clustering feature. Configure Server1 as a passive node and Server2 as an active node. C.Install Network Load Balancing. In Host Parameters, set Priority to 1 for Server2 and set Priority to 2 for
Server1. D.Use Terminal Services Session Broker (TS Session Broker) Load Balancing. Assign a weight value of 100 to Server1 and a weight value of 200 to Server2.
Answer: D
QUESTION 78
Your network consists of one Active Directory domain and one IP subnet. All servers run Windows Server 2008. All client computers run Windows Vista, Windows XP Professional, and Windows 2000 Professional.
The servers are configured as shown in the following table:

Server2 is configured to support Network Access Protection (NAP) by using IPsec, DHCP, and 802.1x enforcement methods.

Users from a partner company have computers that are not joined to the domain. The computers successfully connect to the network.
You need to ensure that only computers that are joined to the domain can access network resources on the domain.
What should you do?
A.Configure all DHCP scopes on Server1 to enable NAP. B.Configure all network switches to require 802.1x authentication. C.Create a Group Policy object (GPO) and link it to the domain. In the GPO, enable a secure server IPsec
policy on all member servers in the domain. D.Create a Group Policy object (GPO) and link it to the domain. In the GPO, enable a NAP enforcement client for IPsec communications on all client computers in the domain.
Answer: C
QUESTION 79
Your network consists of one Active Directory domain. The domain contains servers that run Windows Server 2008.
The servers are configured as shown in the following table:

Server2 and Server3 are configured as RADIUS clients.
You need to plan a solution to manage all VPN connections to the network. The solution must meet the following requirements:
-Specify the allowed VPN connection protocols. -Specify the allowed VPN client authentication mechanisms. -Specify VPN client access rights based on group membership.
What should you include in your plan?

A. A Group Policy object (GPO) applied to Server2 and Server3
B. A Group Policy object (GPO) applied to the computers that must establish VPN connections
C. A local computer policy on Server2 and Server3
D. A network policy on Server4
Answer: D
QUESTION 80
Your company has one office in San Diego and one office in New York. The network consists of one Active Directory forest that contains one domain named contoso.com and one domain named newyork.contoso.com. All servers run Windows Server 2008. All domain controllers for contoso.com are located in San Diego. All domain controllers for newyork.contoso.com are located in New York. Contoso.com contains two domain controllers named Server1 and Server2. Newyork.contoso.com contains two domain controllers named Server3 and Server4. All domain controllers host Active Directory-integrated DNS zones for their respective domains.
You need to ensure that users from each office can resolve computer names for both domains from a local DNS server.
What should you do?
A.Add the contoso.com and the newyork.contoso.com DNS zones to the ForestDNSZones partition.
B.Create a stub DNS zone for contoso.com on Server3. Create a stub DNS zone for newyork.contoso. com on Server1.
C.Create a standard primary DNS zone named contoso.com on Server3. Create a standard primary DNS zone named newyork.contoso.com on Server1.
D.Configure conditional forwarders on Server1 to point to Server3. Configure conditional forwarders on Server3 to point to Server1.
Answer: A
QUESTION 81
Your network consists of one Active Directory domain. The domain contains servers that run Windows Server 2008.
The relevant servers are configured as shown in the following table:


All client computers run Windows Vista. Remote users connect to the network from the Internet by using virtual private network (VPN) connections. You plan to enable remote users to run Terminal Services RemoteApp (TS RemoteApp) applications on Server2.
You need to prepare the environment to provide users access to the applications. The solution must provide a custom Web page that contains shortcuts to authorized applications for each user.
What should you do?
A.On Server2, install the Web Server (IIS) server role. B.On Server2, install the Terminal Services server role that has the Terminal Services Gateway (TS Gateway) role service. C.On Server3, install the Terminal Services server role that has the Terminal Services Web Access (TS Web Access) role service. D.On Server2 and Server3, install the Terminal Services server role that has the Terminal Services Session Broker (TS Session Broker) role service.
Answer: C
QUESTION 82
Your network consists of one Active directory domain. All domain controllers run Windows Server 2008. The network contains both portable and desktop computers. Your company has two departments named Sales and Engineering. You create one organizational unit (OU) for each department. You move all user and computer accounts to their respective OUs.
You need to prepare the environment for the deployment of Group Policy objects (GPO) to meet the following requirements:
-Remote users in the Sales department must be able to save documents to any USB flash drive. -Remote users in the Engineering department must be able to save documents only to USB flash drives supplied by the company. -Local network users from both departments must be able to use a USB mouse and a USB keyboard.
What should you do?
A. Create a single GPO for both OUs.
B. Modify the Default Domain Policy. Create a new GPO for each OU.

C. Create a new OU for all desktop computers. Create a GPO for the new OU.
D. Modify the Default Domain Controllers Policy. Create a new GPO for each OU.
Answer: B
QUESTION 83
Your company has one office in New York and one office in Montreal. An Active Directory site exists for each office. The network consists of one Active directory domain. You create four organizational units (OUs) named NewYorkUsers, NewYorkComputers, MontrealUsers, and MontrealComputers. The offices collaborate on a company project. You create a group named Project that contains all user and computer accounts for employees working on the project. Project group users from the New York office are currently working from the Montreal office and are using their portable computers. You plan to deploy a new application to the Project group.
You need to prepare the environment for the deployment of the application. The solution must meet the following requirements:
-Only the Project group must have the application installed. -Existing Group Policy objects (GPOs) settings applied to the Project group must remain unaffected.
What should you do?
A.Create a GPO. Link the GPO to the Montreal site. Filter the application of the GPO to only the Project group. B.Create a GPO. Link the GPO to the New York site. Filter the application of the GPO to only the Project group. C.Move all Project group computers in the NewYorkComputers OU to the MontrealComputers OU. Create a
GPO. Link the GPO to the MontrealComputers OU to deploy the application. D.Move all Project group computers in the MontrealComputers OU to the NewYorkComputers OU. Create a GPO. Link the GPO to the NewYorkComputers OU to deploy the application.
Answer: A
QUESTION 84
Your network consists of one Active Directory forest. All servers run Windows Server 2008. You plan to make multiple Web applications in the perimeter network accessible to external customers and partner company users.
You need to design an access solution to meet the following requirements:
-Provide authentication and authorization for the external customers and partner company users.

-Enable single sign-on (SSO) authentication so that users can access multiple Web applications from a single Web browser session.
What should you include in your design?
A.Deploy Network Policy and Access Services (NPAS). B.Deploy Active Directory Rights Management Services (AD RMS). C.Deploy Active Directory Lightweight Directory Services (AD LDS), and then deploy Active Directory
Federation Services (AD FS). D.Deploy Active Directory Lightweight Directory Services (AD LDS), and then configure AD FS Web Agents on Internet Information Server (IIS) 7.0.
Answer: C
QUESTION 85
Your network consists of one Active Directory domain. The functional level of the forest is Windows Server 2003. All domain controllers run Windows Server 2003. The relevant portion of the network is configured as shown in the exhibit. The Bridge all site links option is enabled.
You need to ensure that domain controllers in the spoke sites can replicate with domain controllers in only the hub sites. The solution must ensure that domain controllers can replicate if a server fails in one of the hub sites.
What should you do?
Exhibit: A.Lower the site link costs between the spoke sites and the hub sites.


B.Disable the Bridge all site links option. Create site link bridges that include the site links between each spoke site and the hub sites.
C.Disable the Bridge all site links option. Install a writable domain controller that runs Windows Server 2008 in each hub site.
D.Enable the global catalog server attribute for all domain controllers in the hub sites. Upgrade all domain controllers in the spoke sites to Windows Server 2008.
Answer: B
QUESTION 86
Your network consists of one Active directory domain. The domain has 1,000 computers that run Windows XP and 1,000 computers that run Windows Vista. Your company has 10 departments. You have an organizational unit (OU) for each department. You have an OU named UsersComputers in each department OU. You create a logon script for computers that run Windows XP and a logon script for computers that run Windows Vista.
You need to prepare the environment for the deployment of the logon scripts.
The solution must meet the following requirements:
-Logon scripts must be applied based on the version of the Windows operating system. -Logon scripts must be applied to users from all departments when logging on from any computer. -The solution must use the minimum number of OUs and Group Policy objects (GPOs).
What should you do?
A.Create one GPO. Configure the logon scripts and policy refresh in the GPO. Link the GPO to the domain and apply a Windows Management Instrumentation (WMI) filter.
B.Create one GPO. Configure the logon scripts and loopback processing in the GPO. Link the GPO to the domain and apply a Windows Management Instrumentation (WMI) filter.
C.Create one GPO for each Windows operating system. Configure the logon scripts and loopback processing in the GPOs. Link both GPOs to the domain and apply a Windows Management Instrumentation (WMI) filter.
D.Create one GPO for each Windows operating system. Configure the logon script in the GPOs. Create two new child OUs in the UsersComputers OU named WinXP and WinVista. Link each GPO to the corresponding operating systems OU.
Answer: C
QUESTION 87
Your company has a main office and five branch offices. Each office contains servers that run Windows Server

2008.
You need to prepare the environment for the installation of Active Directory domain controllers in the branch offices.
The solution must meet the following requirements:
-Ensure that the minimum amount of replication traffic is sent between offices. -Ensure that users always attempt to authenticate to a domain controller in their local office, unless it is unavailable
You install the first domain controller on the network in the main office.
What should you do next?
A. Disable the Bridge all site links option.
B. Enable Universal Group Membership Caching.
C. Create a site link and a site link bridge for each office.
D. Create a subnet object and a site object for each office.
Answer: D
QUESTION 88
Your network consists of one Active directory domain. The functional level of the domain is Windows Server 2008. The organizational units (OUs) are configured as shown in the exhibit. The Human Resources OU does not contain user accounts. Help desk technicians respond to all user service requests.
You need to plan the management of all users on the network.
The solution must meet the following requirements:
-Help desk technicians must have only the minimum number of required rights in the domain. -Help desk technicians must be able to reset all user passwords except IT administrator passwords and manager passwords.
What should you include in your plan? Exhibit:


A.Delegate the Reset user passwords and force password change at next logon permission to the help desk technicians in the Employees OU.
B.Delegate the Reset inetOrgPerson passwords and force password change at next logon permission to the help desk technicians in the Employees OU.
C.Delegate the Reset user passwords and force password change at next logon permission to the help desk technicians in the Human Resources OU. Block Group Policy object (GPO) inheritance for the IT Administrators OU and the Managers OU.
D.Delegate the Reset inetOrgPerson passwords and force password change at next logon permission to the help desk technicians in the Human Resources OU. Block Group Policy object (GPO) inheritance for the IT Administrators OU and the Managers OU.
Answer: A
QUESTION 89
Your network consists of one Active Directory domain that contains domain controllers that run Windows Server 2008. You deploy Windows Server 2008 Enterprise Edition on 20 new computers. You deploy a Server Core installation of Windows Server 2008 Standard Edition on 20 old computers.

You create a new organization unit (OU) named Servers OU. You move all server computer accounts to Servers OU.
You need to recommend a patch management solution for the new computers. The solution must ensure that all computers automatically download and install updates approved by administrators.
What should you recommend?
A.Implement a new Windows Server Update Services (WSUS) 3.0 server. Manually enable the servers for Automatic Updates. B.Implement a new Windows Server Update Services (WSUS) 3.0 server. Create a new Group Policy object (GPO) for Servers OU. Configure the GPO to enable Automatic Updates from a local server. C.Create a new Group Policy object (GPO) for Servers OU. Configure the GPO to enable Automatic Updates from Microsoft Update. D.Create a new Group Policy object (GPO) for the Active Directory domain. Configure the GPO to enable Automatic Updates from Microsoft Update.
Answer: B
QUESTION 90
Your network consists of one Active Directory domain. All servers run Windows Server 2008. You need to plan access restriction policies for the network.
The plan must support the following restrictions:
-Only computers that run Windows Vista must be able to access the network. -Only computers that have Windows Firewall enabled must be able to access the network.
What should you include in your plan?
A.Implement Authorization Manager. B.Implement Network Access Protection (NAP) on a single server in the domain. C.Create a Group Policy object (GPO) linked to the domain. Enable the Windows Firewall settings in the GPO. D.Create a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU). Enable the
Windows Firewall settings in the GPO.
Answer: B
QUESTION 91
Your company has one main office and 10 branch offices. The network contains servers that run Windows Server 2008. The servers are configured as file servers and are located in the branch office.

You need to plan a security policy for the branch office.
The policy must meet the following requirements:
-Users must be able to access all files on the servers. -The operating system and the files on the servers must be inaccessible if a server is stolen.
What should you include in your plan?
A. Use Syskey on the servers.
B. Use Encrypting File System (EFS) on the servers.
C. Use Windows BitLocker Drive Encryption (BitLocker) on all servers.
D. Configure the servers as read-only domain controllers (RODCs).
Answer: C
QUESTION 92
Your network contains a server that runs Windows Server 2008. You install Microsoft Office 2007 on the server.
You need to recommend an update management solution for the server. The solution must ensure that all operating system, security updates, drivers, and Office updates are installed on the server.
What should you recommend?
A. Use Windows Update.
B. Use Microsoft Update.
C. Run the Security Configuration Wizard (SCW).
D. Run the Microsoft Baseline Security Analyzer (MBSA).
Answer: B
QUESTION 93
Your network contains a server that runs Windows Server 2008. Internal users of the network and external partners collaborate on work projects.
You need to plan a collaboration solution for the internal users and the external partners to meet the following requirements:
-Enable environment access audits.

-Enable secure access to files based on permissions. -Enable remote access to files by using a Web browser. -Enable search of data stored in database and file servers.
What should you include in your plan?
A. Install and configure the Web Server role.
B. Install and configure the Application Server role.
C. Install and configure Microsoft Windows SharePoint Services (WSS) 3.0.
D. Install and configure Microsoft Office SharePoint Server (MOSS) 2007.
Answer: D
QUESTION 94
Your company has one main office and 10 branch offices. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 and are located in the main office.
You plan to deploy one Windows Server 2008 domain controller in each branch office.
You need to recommend a security solution for the branch office domain controllers. The solution must prevent unauthorized users from copying the Active Directory database from a branch office domain controller by starting the server from an alternate startup disk.
What should you recommend on each branch office domain controller?
A. Enable the secure server IPsec policy.
B. Enable the read-only domain controller (RODC) option.
C. Enable Windows BitLocker Drive Encryption (BitLocker).
D. Enable an Encrypting File System (EFS) encryption on the %Systemroot%\NTDS folder.
Answer: C
QUESTION 95
Your company named Contoso and another company named Fabrikam establish a partnership. The Contoso network consists of one Active Directory domain named contoso.com. File servers are installed on the contoso.com domain. All file servers run Windows Server 2008. The Fabrikam network consists of one Active Directory forest named fabrikam.com.
You need to plan a solution to enable Fabrikam users to access resources on the file servers.

The solution must meet the following requirements:
-Ensure that Fabrikam users can access resources only on the file servers. -Ensure that Contoso users are denied access to Fabrikam resources.
What should you do first?
A. Create a one-way forest trust so that Contoso trusts Fabrikam. Set selective authentication on the trust.
B. Create a one-way forest trust so that Fabrikam trusts Contoso. Set selective authentication on the trust.
C. Create a one-way forest trust so that Contoso trusts Fabrikam. Set forest-wide authentication on the trust.
D. Create a one-way forest trust so that Fabrikam trusts Contoso. Set forest-wide authentication on the trust.
Answer: A
QUESTION 96
Your company has one main office and one new branch office. A local administrator manages the branch office. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008. You create a new organizational unit (OU) that contains all the computer accounts for the new branch office. You configure a server in the main office to test and approve all new software updates. You configure Microsoft Windows Server Update Services (WSUS) 3.0 to deploy all approved updates to the environment.
You need to recommend an update management solution for the new branch office to meet the following requirements:
-Only approved updates can be installed in the branch office. -The amount of network bandwidth used to download updates from Microsoft Update must be minimized. -The local administrator must be able to select which approved updates are installed on computers in the branch office.
What should you recommend?
A.In the main office, install and configure a WSUS 3.0 server as a child server. Configure a Group Policy for the new OU so that all computers receive updates from the new WSUS server. B.In the main office, install and configure a WSUS 3.0 server as a stand-alone server. Configure a new Group Policy for the new OU so that all computers receive updates from the new WSUS server. C.In the new branch office, install and configure a WSUS 3.0 server as a child server. Configure a Group Policy for the new OU so that all computers receive updates from the new WSUS server. D.In the new branch office, install and configure a WSUS 3.0 server as a stand-alone server. Configure a Group Policy for the new OU so that all computers receive updates from the new WSUS server.
Answer: C QUESTION 97

Your network consists of one Active Directory domain that contains domain controllers that run Windows Server 2008. The intranet site contains confidential documents.
You need to design an identity and access management policy for the documents to meet the following requirements:
-Record each time a document is accessed. -Protect confidential documents on the intranet site. -Place a time limit on access to documents, including documents sent outside the organization.
What should you include in your design?
A.On a domain controller, install and configure Active Directory Federation Services (AD FS). B.On a domain controller, install and configure Active Directory Rights Management Services (AD RMS). C.On all servers in the domain, ensure that the data volumes are configured to use NTFS file system and
Encrypting File System (EFS). D.On all servers in the domain, ensure that the data volumes are configured to use NTFS file system and Windows BitLocker Drive Encryption (BitLocker).
Answer: B
QUESTION 98
Your company has one main office and 10 branch offices. You plan to deploy Active Directory.
You need to recommend a solution to recover Active Directory domain objects in the event of data loss. The solution must ensure that you can recover individually deleted user accounts.
What should you recommend?
A. Install multiple domain controllers.
B. Install a server that runs Windows Server 2008 that has Active Directory Lightweight Directory Services (AD LDS).
C. Schedule regular system state backups by using Windows Server Backup.
D. Schedule regular backups of the SYSVOL folder on the existing domain controller.
Answer: C
QUESTION 99
Your network contains a six-node Microsoft Clustering Service (MSCS) cluster that has a shared quorum. Each of the six nodes runs Windows Server 2003.

You need to recommend a solution to transition the cluster to Windows Server 2008. The solution must maintain the availability of cluster services during the transition.
What should you recommend?
A.Evict one node at a time and rebuild the cluster by using Windows Server 2008. B.Evict five nodes from the cluster. Install Windows Server 2008 on the remaining node. Add five new
Windows Server 2008 nodes. C.On each node, run the Windows Server 2008 installation program. D.On the MSCS, change the quorum type to a Majority Node Set (MNS) quorum. Install Windows Server 2008
on all nodes.
Answer: A
QUESTION 100
Your company has one main office and 20 branch offices. Each office is configured as an Active Directory site. The network consists of one Active Directory domain. All servers run Windows Server 2008 and all client computers run Windows Vista. The main office contains three domain controllers.
You need to deploy one domain controller in each branch office to meet the following requirements:
-Authentication to a main office domain controller must only occur if a local domain controller fails. -Client computers in the main office must not authenticate to a domain controller in a branch office. -Client computers in a branch office must not authenticate to a domain controller in another branch office. -Client computers in each branch office must attempt to authenticate to the domain controller at their local site first.
What should you do first?
A.Associate the IP subnet of each branch office to the Active Directory site of the main office. B.Select the read-only domain controller (RODC) option and the Global Catalog option when deploying the branch office domain controllers. C.Create a Group Policy object (GPO) that applies to all branch office domain controllers and controls the registration of DNS service location (SRV) records. D.Configure only the main office domain controllers as global catalog servers. Enable Universal Group Membership Caching in the Active Directory site for each branch office.
Answer: C QUESTION 101

Your network consists of two Active Directory forests.
The Active Directory forests are configured as shown in the following table:

You need to prepare the environment to allow users to access resources in all domains from both forests. The solution must require the minimum amount of administrative effort.
What should you do first?
A.Set the functional level of the contoso.com forest to Windows Server 2008. B.Set the functional level of the fabrikam.com forest to Windows Server 2003. C.Upgrade all domain controllers in the fabrikam.com domain to Windows Server 2008. Set the domain
functional level of fabrikam.com to Windows Server 2008. D.Upgrade all domain controllers in the fabrikam.com and company2.fabrikam.com domains to Windows Server 2008. Set the functional level of the fabrikam.com forest to Windows Server 2008.
Answer: B
QUESTION 102
You are the enterprise administrator for a company named Contoso, Ltd. Contoso acquires a company named Fabrikam, Inc. Contoso and Fabrikam each have one Active Directory forest that contains two domains. All domain controllers run Windows Server 2008.
You need to migrate the Fabrikam domain resources to the Contoso forest.
What should you do?
A. Run the Active Directory Migration Tool (ADMT) from a server in Contoso.
B. Run the Active Directory Migration Tool (ADMT) from a server in Fabrikam.
C. Run the Microsoft Windows User State Migration Tool (USMT) from a server in Contoso.

D. Run the Microsoft Windows User State Migration Tool (USMT) from a server in the Fabrikam forest.
Answer: A
QUESTION 103
Your company has a main office and 10 branch offices. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 and are located in the main office. You plan to deploy one Windows Server 2008 domain controller in each branch office.
securityforthenew .\\\\\\
/\\\ .
\\\\\\\\\\\\ Youareconcernedthatthebranchoffices willfailtoprovideadequate
domain controllers.
You need to recommend a security solution to meet the following requirements:
-Prevent any unauthorized user from accessing user passwords when the server is running. -Prevent any unauthorized user from accessing user passwords either locally or over the network on each branch office domain controller.
Which configuration should you recommend for each branch office domain controller?
A. Enable an IPsec policy.
B. Enable Windows Firewall.
C. Enable the read-only domain controller (RODC) option.
D. Enable Windows BitLocker Drive Encryption (BitLocker).
Answer: C
QUESTION 104
Your network consists of an Active Directory forest that contains only domain controllers that run Windows Server 2003.
You need to prepare the environment for the implementation of a new Windows Server 2008 domain in the forest.
What should you do?
A. Run adprep /forestprep on the schema operations master.
B. Run adprep /domainprep on the schema operations master.
C. Run adprep /forestprep on the infrastructure operations master.
D. Run adprep /domainprep on the infrastructure operations master.
Answer: A QUESTION 105

Your network consists of two Active Directory forests. The Active Directory forests are configured as shown in the following table:

The servers in both forests run Windows Server 2008. A forest trust exists between the fabrikam.com forest and the contoso.com forest. Fabrikam.com has a server named server1.fabrikam.com. Contoso.com has a global group named ContosoSales. Users in the ContosoSales global group access an application on server1.fabrikam.com. You discover that users from other groups in the contoso.com domain can log on to servers in the fabrikam.com domain.
You need to implement an authentication solution to meet the following requirements:
-Users in the ContosoSales global group must be able to access server1.fabrikam.com. -Users in the ContosoSales global group must be denied access to all other servers in the fabrikam.com forest. -All other users in the contoso.com domain must be able to access only resources in the contoso.com forest.
What should you do?
A.Replace the existing forest trust with an external trust between the contoso.com domain and the fabrikam.com domain. On the server1.fabrikam.com computer object, grant the Allowed to Authenticate permission to the ContosoSales global group.
B.Replace the existing forest trust with an external trust between the contoso.com domain and the fabrikam.com domain. In the local security policy of server1.fabrikam.com, assign the Access this computer from the network user right to the ContosoSales global group.
C.Set the authentication scope of the existing forest trust in the fabrikam.com domain to Allow authentication only for selected resources in the local domain. On the server1.fabrikam.com computer object, grant the Allowed to Authenticate permission to the ContosoSales global group.
D.Set the authentication scope of the existing forest trust in the fabrikam.com domain to Allow authentication only for selected resources in the local domain. In the local security policy on server1.fabrikam.com, assign the Access this computer from the network user right to the ContosoSales global group.
Answer: C
QUESTION 106

You are the enterprise administrator for a company named Contoso, Ltd. The network consists of one Active Directory domain named contoso.com. You have a Microsoft Exchange Server 2007 organization named Contoso. All users log on to their computers by using credentials identical to their e-mail addresses. The company plans to change its name to Adatum Corporation and modify all user e-mail addresses to include a new adatum.com domain name.
You need to enable all users to log on to their computers by using the new domain name. The solution must not disrupt existing applications on the network.
What should you do first?
A. Use the Active Directory domain Rename Tool to rename the domain to adatum.com.
B. Use the DNS Management Console to create a new forward lookup zone named adatum.com.
C. Create an alternative user principal name (UPN) suffix of adatum.com.
D. Create a new accepted domain named adatum.com in the Exchange Server 2007 organization.
Answer: C
QUESTION 107
Your company has two main offices in Denver and Chicago and four branch offices in New York, Miami, Seattle, and San Francisco. Each office is configured as an Active Directory site. Site links are configured as shown in the exhibit. The network consists of one Active Directory forest. All domain controllers run Windows Server 2003. Each main office has four domain controllers. Each branch office has one domain controller. The Bridge all site links option is disabled.
You need to prepare the environment to install a read-only domain controller (RODC) in each branch office. The solution must be achieved by upgrading the minimum number of domain controllers.
What should you do? Exhibit:


A.Upgrade one domain controller in the Chicago office and one domain controller in the Denver office to Windows Server 2008. B.Upgrade one domain controllers in the Chicago office to Windows Server 2008. Create a site link that connects the Seattle and San Francisco office sites to the Chicago office site. C.Configure a site link to connect all branch office sites. Upgrade one domain controller in the Denver office to Windows Server 2008. D.Configure a site link to connect the Chicago office site and the San Francisco and Seattle office sites. Upgrade one domain controller in the Denver office to Windows Server 2008.
Answer: B
QUESTION 108
Your network contains servers that run Windows Server 2008 and client computers that run Windows Vista. All network routers support IPsec connections. Client computers and servers use IPsec to connect through network routers. You have two servers named Server1 and Server2. Server1 has Active Directory Certificate Services (AD CS) installed and is configured as a certification authority (CA). Server2 runs Internet Information Services (IIS).
You need to recommend a certificate solution for the network routers.
The solution must meet the following requirements:
-Use the Simple Certificate Enrollment Protocol (SCEP). -Enable the routers to automatically request certificates.
What should you recommend implementing?
A. Certification authority Web enrollment services on Server2
B. Network Device Enrollment Service on Server2

C. Online Responder service on Server1
D. Subordinate CA on Server1
Answer: B
QUESTION 109
Your company has a main office and three branch offices. Each office has a server that runs Windows Server 2008. The server has the DNS Server role installed. The branch offices contain client computers that run Windows 2000. You plan to deploy Active Directory Domain Services (AD DS) on the network.
You need to plan a name resolution solution for the deployment of Active Directory Domain Services (AD DS).
The solution must meet the following requirements:
-Support secure dynamic updates. -Minimize response times for users connecting to resources anywhere on the network.
What should you include in your plan?
A. A GlobalNames zone for the forest.
B. A single Active Directory-integrated DNS zone.
C. A stub zone on the DNS server in each branch office.
D. A standard primary zone in the main office and secondary zones in each branch office.
Answer: B
QUESTION 110
Your network consists of one Active Directory forest that contains one root domain and 22 child domains. All domain controllers run Windows Server 2003. All domain controllers run the DNS Server service and host Active Directory-integrated zones. Administrators report that it takes more than one hour to restart the DNS servers.
You need to reduce the time it takes to restart the DNS servers.
What should you do?
A.Upgrade all domain controllers to Windows Server 2008. B.Upgrade all domain controllers in the root domain to Windows Server 2008, and then set the functional level for the root domain to Windows Server 2008. C.Deploy new secondary zones on additional servers in each child domain.

D.Change the Active Directory-integrated DNS zones to standard primary zones.
Answer: A
QUESTION 111
Your network consists of one Active Directory domain and one IP subnet. All servers run Windows Server 2008. All client computers run Windows Vista.
The servers are configured as shown in the following table:

All network switches used for client connections are unmanaged. Some users connect to the local area network (LAN) from client computers that are joined to a workgroup. Some client computers do not have the latest Microsoft updates installed.
You need to recommend a Network Access Protection (NAP) solution to protect the network.
The solution must meet the following requirements:
-Only computers that are joined to the domain must be able to connect to servers in the domain. -Only computers that have the latest Microsoft updates installed must be able to connect to servers in the domain.
Which NAP enforcement method should you use?
A. 802.1x
B. DHCP
C. IPsec

D. VPN
Answer: C
QUESTION 112
Your company has one main office and one branch office. The branch office is connected to the main office by using a wide area network (WAN) link. The network consists of one Active directory domain. The branch office has two member servers that run Windows Server 2008. One of the servers is configured as

a file server that hosts shared folders. The branch office has a local administrator. The main office has one standard primary DNS zone that is hosted on a DNS server. The branch office grows from 100 client computers to 1,000 client computers.
You need to recommend a name resolution solution for the branch office to meet the following requirements:
-Users must be able to access file shares on the local server if a WAN link fails. -The branch office administrator must be able to modify Active Directory objects while at the branch office if a WAN link fails.
What should you recommend?
A.Promote the member server to a domain controller and configure the DNS role. Create a standard secondary zone. B.Promote the member server to a domain controller and configure the DNS role. Create a new standard primary zone. C.Promote the member server to a read-only domain controller (RODC) and configure the DNS role. Create a primary read-only zone. D.Promote the member server to a read-only domain controller (RODC) and configure the DNS role. Create a new standard secondary zone.
Answer: A
QUESTION 113
You deploy servers that run Windows Server 2008 on the network. You plan to deploy a client/server application. You plan to install the server component of the application on application servers. You plan to install the client component of the application on all computers that run Windows Vista. The client component connects to the server component by using only RPC. After testing, you discover that an RPC time-out error occurs when the client component connects to the server component through a network link that has high latency.
You need to provide a solution so that users can connect to the application through the Internet without receiving an RPC time-out error.
What should you do?
A.Install RPC over HTTP Proxy. Create a proxy connection to the application servers. B.Install Microsoft Internet Security and Acceleration (ISA) Server 2006 and enable RPC filtering. C.Install Terminal Services, Terminal Services Gateway (TS Gateway), and the client component of the
client/server application on the terminal server.

D.Configure the Routing and Remote Access Service (RRAS). Configure all users to connect to the application servers from the Internet by using virtual private network (VPN) connections.
Answer: C
QUESTION 114
Your network consists of two Active Directory forests named Forest1 and Forest2. The functional level of both forests is Windows Server 2003. Both forests contain only domain controllers that run Windows Server 2008. You install a new server named Server1 in Forest2.
You need to recommend an access solution that meets the following requirements:
-Users in Forest1 must have access to resources on Server1. -Users in Forest1 must be denied access to all other resources within Forest2.
What should you recommend?
A.Raise the forest functional level of Forest1 and Forest2 to Windows Server 2008.
B.Raise the domain functional level of all domains in both forests to Windows Server 2008.
C.Create a forest trust between Forest1 and Forest2. Set the Allowed to Authenticate right on the computer object for Server1.
D.Create a forest trust between Forest1 and Forest2. Set the Allowed to Authenticate right on the computer object for the Forest2 infrastructure operations master object.
Answer: C
QUESTION 115
Your company has one main office and 20 branch offices. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 and are located in the main office. Each branch office contains a server that runs a Server Core installation of Windows Server 2008.
You need to deploy domain controllers in the branch offices to meet the following requirements:
-The minimum number of services must run on the domain controllers. -The minimum number of Windows servers must be installed in the branch offices. -Passwords for all users must be stored on the domain controllers in the branch offices.
What should you do on each branch office server? A.Install Active Directory Domain Services (AD DS) and configure the server as a domain controller.

B.Install Active Directory Domain Services (AD DS) and configure the server as a read-only domain controller (RODC). C.Install a full installation of Windows Server 2008. Install Active Directory Domain Services (AD DS) and configure the server as a domain controller. D.Install the Windows Server virtualization role. Install a child virtual machine that runs Windows Server 2008 and Active Directory Domain Services (AD DS). Configure the virtual machine as a domain controller.
Answer: A
QUESTION 116
You network contains one Active Directory domain. All domain controllers run Windows Server 2008. The network has 100 servers and 5,000 client computers. Client computers run either Windows XP Service Pack 2 (SP2) or Windows Vista Service Pack 1 (SP1).
You need to plan the deployment of Certificate Services on the network to support the following requirements:
-Automatic certificate enrollment -Supported certificates for all client computers
What should you include in your plan?
A. Deploy a stand-alone certification authority (CA). Create V2 templates.
B. Deploy a stand-alone certification authority (CA). Create V3 templates.
C. Deploy an enterprise certification authority (CA). Create V2 templates.
D. Deploy an enterprise certification authority (CA). Create V3 templates.
Answer: C
QUESTION 117
Your company has one main office and five new branch offices. The branch offices are connected to the main office across slow network links. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008. Each office has a local server administrator.
You need to plan for the implementation of Windows Server 2008 domain controllers in each branch office. The solution must minimize the amount of network bandwidth used during the initial replication.
What should you include in your plan?
A. Create an installation media by using ntdsutil.

B. Run adprep /rodcprep on a server in each branch office.
C. Create a System State back up by using Windows Server Backup in Windows Server 2008.
D. Install Active Directory Lightweight Directory Services (AD LDS) in the branch office.
Answer: A
QUESTION 118
Your company has one main office and eight branch offices. Each branch office has one server and 20 client computers. The network consists of one Active Directory domain. All main office domain controllers run Windows Server 2008. All branch office servers are configured as domain controllers and run Windows Server 2003 Service Pack 1 (SP1).
You need to implement a security solution for the branch offices to meet the following requirements:
-The number of user passwords stored on branch office domain controllers must be minimized. -All files stored on the branch office domain controller must be protected in the event of an offline attack.
What should you do?
A.Upgrade branch office domain controllers to Windows Server 2008. Enable Windows BitLocker Drive Encryption (BitLocker). B.Replace branch office domain controllers with Windows Server 2008 read-only domain controllers (RODCs). Enable Windows BitLocker Drive Encryption (BitLocker). C.Replace branch office domain controllers with Windows Server 2008 read-only domain controllers (RODCs). Enable Encrypting File System (EFS) for all server drives. D.Add the branch office domain controller computer accounts to the read-only domain controllers (RODCs) group. Enable Encrypting File System (EFS) for all server drives.
Answer: B
QUESTION 119
Your network consists of one Active Directory domain that contains two servers that run Windows Server 2008 named Server1 and Server2. Server1 runs Active Directory Certificate Services (AD CS) and is configured as a certification authority (CA). Server2 runs Internet Information Services (IIS) and hosts a secure Web service. External users must subscribe in order to access the Web service. The Web service accepts subscriptions only from client computers that run Windows XP Service Pack 2 or Windows Vista.
The relevant portion of the network is configured as shown in the following diagram:


You need to ensure that subscribers can successfully connect to the Web service on Server2 through HTTPS. Users must not receive any certificate-related errors.
What should you do on Server2?
A. Install a server certificate issued by Server1.
B. Issue and install a self-signed server certificate.
C. Install a server certificate issued by a public CA.
D. Install the trusted root CA certificate issued by Server1.
Answer: C
QUESTION 120
Your network consists of one Active Directory domain that contains two servers named Server1 and Server2 that run Windows Server 2008. Server1 runs Active Directory Certificate Services (AD CS) and is configured as an enterprise root certification authority (CA). Server1 is only accessible from the internal network. Server1 issues certificates to both internal and external client computers that run Windows Vista. Server2 is configured as a Web server. Server2 is located in the perimeter network and is only accessible through HTTP.
The network is configured as shown in the following diagram: You need to recommend an e-mail security solution for all Windows Vista client computers that meets the following requirements:


-Users must only request status information for individual certificates. -Users must be notified when they attempt to send a secure e-mail message to a user that has an expired certificate.
What should you recommend?
A. Configure a root CA on Server2.
B. Configure a subordinate CA on Server2.
C. Configure the Online Responder service on Server2.
D. Configure a certification revocation list (CRL) distribution point on Server2.
Answer: C
QUESTION 121
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2008. You have file servers that run Windows Server 2008. Client computers run Windows Vista and UNIX-based operating systems. All users have both Active Directory user accounts and UNIX realm user accounts. Both environments follow identical user naming conventions.
You need to provide the UNIX-based client computers access to the file servers.
The solution must meet the following requirements:
-Users must only log on once to access all resources. -No additional client software must be installed on UNIX-based client computers.
What should you do?
A.Create a realm trust so that the Active Directory domain trusts the UNIX realm. B.Install an Active Directory Federation Services (AD FS) server that runs Windows Server 2008. C.Enable the subsystem for UNIX-based applications on the file servers. Enable a Network File System (NFS)
component on the client computers. D.Enable the User Name Mapping component and configure simple mapping. Enable a Network File System (NFS) component on the servers.
Answer: D
QUESTION 122
Your company has two main offices located in two countries and multiple branch offices in each country.

The wide area network (WAN) link between the offices has restricted and limited connectivity. The network consists of two Active Directory forests. The functional level of the forests is Windows 2000 Server. Each forest includes a root domain and four child domains. All resources for each forest are located only in a single country.
You plan to deploy Active Directory Domain Services (AD DS). The AD DS deployment must support the following requirements:
-Replication traffic between the main offices must be minimized. -Users in all offices must be able to access resources in all other offices. -The solution must use the minimum amount of domains.
Which migration strategy should you recommend?
A. Restructure to a two-domain, two-forest Active Directory structure.
B. Restructure to a single-domain, single-forest Active Directory structure.
C. Restructure to a multi-domain, single-forest Active Directory structure.
D. Upgrade all existing domains and maintain the existing Active Directory structure.
Answer: A
QUESTION 123
Your company has three offices. Each office is configured as an Active Directory site. The network consists of one Active directory domain. All domain controllers run Windows Server 2008. The company has five departments. You use a domain-level Group Policy object (GPO) to install Microsoft Office on all client computers.
You need to deploy a GPO strategy to meet the following requirements:
-Install a custom application in one of the departments. -Restrict access to removable storage devices for all users. -Implement separate Windows Internet Explorer proxy settings for each physical location. -The strategy must maintain all settings applied by the existing GPOs.
What should you do?
A.Create a new group for each department. Create a new GPO for each site. Create a new GPO for the domain and use the GPO to install the custom application. B.Create a new organizational unit (OU) for each department. Create a new GPO for each site and a new GPO for the domain. Create a GPO for one department OU and use the GPO to install the application. C.Create a new organizational unit (OU) for each department. Create a single GPO for all the sites and a new

GPO for the domain. Create a single GPO for each department OU and use the GPO to install the custom
application.
D.Create a new child domain for each department. Create a new GPO for each site and a new GPO for each new child domain. Create a single GPO for all the new child domains and use the GPO to install the custom application.
Answer: B
QUESTION 124
Your network consists of one Active Directory forest that contains two domains named domain1 and domain2. The functional level of the forest is Windows Server 2003. All domain controllers run Windows Server 2003. The relevant portion of the network is configured as shown in the exhibit.
All domain controllers for domain1 are in the hub sites. All domain controllers for domain2 are in the spoke sites. The Bridge all site links option is disabled. You plan to deploy a read-only domain controller (RODC) in SiteH for domain2.
You need to prepare the environment for the installation of the RODC.
What should you do? Exhibit:

A. Upgrade DC7 to Windows Server 2008.
B. Upgrade DC2 to Windows Server 2008.
C. Lower site link costs between the satellite sites (SiteF, SiteG, and SiteH) and SiteB to 80.
D. Enable the Bridge all site links option. Create a BH-AB site link bridge that includes the B-H and A-B site links.
Answer: A QUESTION 125

Your network consists of one Active Directory domain. You have a single site. You deploy a new Active Directory-integrated application on a server that runs Windows Server 2008. The application sends a large number of LDAP queries to the domain controllers. You plan to install a new domain controller to respond to the LDAP queries.
You need to reduce the number of authentication requests client computers send to the new domain controller.
What should you do?
A.Create a new site and disable the Bridge all site links option. B.Create a new site. Move the application server and the new domain controller to the new site. C.Create a new organizational unit (OU). Move the application server and the new domain controller to the new
OU. D.Create two new sites. Move the application server to one site and the new domain controller to another site. Create a new site link that connects the two sites.
Answer: B
QUESTION 126
Your network consists of four Active directory domains named East, West, North, and South. The North domain is the forest root domain. All domain controllers run Windows Server 2008. Department managers use a sales reporting application on a server named SalesServer1 in the East domain. A domain local group named SalesAppEast in the East domain has access to the application. Each domain has a global group named LocalManagers that contains all managers from the corresponding domain. All global groups are added to the SalesAppEast domain local group.
You need to ensure that any unauthorized member added to SalesAppEast is automatically removed.
What should you do?
A.Deny the Modify permission for the SalesAppEast domain local group. B.Create a Group Policy object (GPO). Configure the GPO to restrict group membership to the SalesAppEast group and link the GPO to the East domain. C.Create a Group Policy object (GPO). Configure the GPO to restrict group membership to the LocalManagers group and link the GPO to the North domain. D.Create a Group Policy object (GPO). Configure the GPO to restrict group membership to the LocalManagers

group and link the GPO to the North, South, and West domains.
Answer: B
QUESTION 127
Your company has 5,000 users. The network contains servers that run Windows Server 2008.
You need to recommend a collaboration solution for the users to meet the following requirements:
-Support tracking of document version history. -Enable shared access to documents created in Microsoft Office. -Enable shared access to documents created by using Web pages. -The solution must be achieved without requiring any additional costs.
What should you recommend?
A. Install servers that run the Web Server role.
B. Install servers that run the Application Server role.
C. Install servers that run Microsoft Windows SharePoint Services (WSS) 3.0.
D. Install servers that run Microsoft Office SharePoint Server (MOSS) 2007.
Answer: C
QUESTION 128
You network contains only servers that run Windows Server 2008. You plan to use only iSCSI for shared storage. You plan to deploy servers that run Microsoft SQL Server 2005 on the network.
You need to recommend a high-availability solution for the SQL Server 2005 servers to withstand the failure of any single hardware component.
What should you recommend?
A. Install a two node failover cluster that has multiple network cards.
B. Install a two node failover cluster that has a dual port teamed network card.
C. Install a Network Load Balancing cluster that has multiple network cards.
D. Install a Network Load Balancing cluster that has multiple teamed network cards.
Answer: A
QUESTION 129

Your network contains 200 Web servers that run Windows Server 2008.
You need to plan the management of security settings for all servers on the network.
The solution must meet the following requirements:
-Minimize administrative effort. -Maintain identical security settings for all servers. -Enable compliance audits of servers added to the network.
What should you do first?
A. On each server, configure a local security audit policy.
B. On one server, run the Security Configuration Wizard (SCW).
C. On one server, install and run the Microsoft Security Assessment Tool (MSAT).
D. On one server, install and run the Microsoft Baseline Security Analyzer (MBSA).
Answer: B
QUESTION 130
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2008.
You need to prepare the environment to provide a high-availability solution for a back-end Microsoft SQL Server 2005 data store.
What should you do?
A. Install a Windows Server 2003 Network Load Balancing cluster.
B. Install a Windows Server 2008 Network Load Balancing cluster.
C. Install a Windows Server 2008 failover cluster that has shared storage.
D. Install a Windows Server 2008 failover cluster that has direct attached storage.
Answer: C
QUESTION 131 You work as an IT professional in an international company which is named Contoso. Your major job is to translate business goals into technology decisions and plan mid-range to long-term strategies. And you are experienced in network infrastructure, security policy and business continuity. In your company, you are responsible for infrastructure design and global configuration changes.
One Active Directory domain is contained by your network. There are Three hundred client computers and 1,000 client computers.

Windows XP Service Pack 2 (SP2) is run by the three hundred client computers and Windows Vista is run by 1,000 client computers. You want to have Terminal Services deployed on new servers, and Windows Server 2008 will be run by new servers.
Since you are the technical support, you are required to design the deployment of Terminal Services RemoteApp (TS RemoteApp).
Which option should be included in your design?
A.A Group Policy object (GPO) should be Created and linked to the Active Directory domain. And then, the GPO should be changed to enable access through Terminal Services Gateway (TS Gateway). B.On the Terminal Servers, all user accounts should be added to the Remote Desktop Users local group. C.On all computers which Windows XP is run, the Remote Desktop Connection 6.0 client update should be installed.
D.In the Active Directory domain, all user accounts should be added to the Remote Desktop Users built-in local group.
Answer: C
QUESTION 132 You work as an IT professional in an international company which is named Contoso. Your major job is to translate business goals into technology decisions and plan mid-range to long-term strategies. And you are experienced in network infrastructure, security policy and business continuity. In your company, you are responsible for infrastructure design and global configuration changes.
A server which runs Windows Server 2008 is installed by you. And it is installed as the first domain controller in an Active Directory forest.
Since you are the technical support, you are required to install another server as a read-only domain controller (RODC).
To achieve the goal, which action should be performed first?
A. To achieve the goal, adprep /rodcprep should be run.
B. To achieve the goal, adprep /domainprep /gpprep should be run.
C. To achieve the goal, the functional level of the forest should be raised to Windows Server 2003.
D. To achieve the goal, the functional level of the domain should be raised to Windows Server 2008.
Answer: C
QUESTION 133 You work as an IT professional in an international company which is named Contoso. Your major job is to translate business goals into technology decisions and plan mid-range to long-term strategies. And you are experienced in network infrastructure, security policy and business continuity. In your company, you are responsible for infrastructure design and global configuration changes.

Your company has one head office named H1 and one branch office named B1. A single wide area network (WAN) link connects the offices. One Active Directory domain is contained in the network. Servers that run Windows Server 2008 are contained in this domain.
The table below shows the configuration of the relevant servers:

An organizational unit (OU) named Main1-computers is created by you. This OU contains all computer accounts in Main1. An OU named Branch1-computers is created by you. This OU contains all computer accounts in B1. A Group Policy object (GPO) named GPO1 is linked to the domain. You plan to use GPO1 to install applications on computers in both offices. The D:\Software folder on Server1 is shared as \\Server1\Software. The D:\Software folder on Server2 is shared as \\Server2\Software. DFS Replication is configured to replicate the contents of \\Server1\Software to \\Server2\Software.
Now you receive an order from the company CIO. Since you are the technical support, you are asked to prepare the environment to enable computers in both offices to allow the installation of applications if a WAN link fails.
What action should you perform?
A.The software distribution packages on GPO1 should be configured to use D:\Software as the source folder for application installation.
B.A DFS Namespace named \\Contoso.com\DFSroot\Software should be created. \\Server1\Software and \\Server2\Software should be configured as folder targets of the DFS Namespace.
C.A DFS Namespace named \\Server1\DFSroot\Software. \\Server1\Software and \\Server2\Software should be configured as folder targets of the DFS Namespace.
D.A share object should be created in the H1-computers OU that points to \\Server1\Software. A Share object should be created in the Branch1-computers OU that points to \\Server2\software.
Answer: B QUESTION 134 You work as an IT professional in an international company which is named Contoso. Your major job is to translate business goals into technology decisions and plan mid-range to long-term strategies. And you are experienced in network infrastructure, security policy and business continuity. In your company, you are responsible for infrastructure design and global configuration changes.

There is one Active Directory domain and three Network Information Services (NIS) domains in your network. Windows Server 2008 is run by all domain controllers. All NIS domain servers run UNIX-based operating systems.
Since you are the technical support, the company CIO assigns a task to you. You are asked to plan the integration of the Active Directory domain and the NIS domains. Your solution must meet the following requirements:
-Cut down the costs required to implement the solution to the least. -Cut down the number of additional Windows servers required. -Provide centralized administration of Active Directory domain objects and NIS domain objects.
What should be included in your plan?
A. The subsystem for UNIX-based applications should be installed.
B. Install Active Directory Federation Services (AD FS) should be installed.
C. The Server for Network Information Services role service should be added.
D. A Microsoft Identity Lifecycle Manager (ILM) 2007 server should be implemented.
Answer: C
QUESTION 135
Your network consists of one Active Directory domain. The functional level of the domain is Windows Server 2008. The domain has 30 domain controllers. Twenty administrators manage the domain. You plan to implement an audit and compliance policy.
You need to ensure that all changes made to Active Directory objects are recorded.
What should you do?
A.On all domain controllers, run the Security Configuration Wizard (SCW). B.In the Default Domain Controller Policy, configure a Directory Services Auditing policy. C.In the Default Domain Controller Policy, configure and implement a file-level audit policy for the SYSVOL
volume. D.Create a Group Policy object (GPO) linked to the Domain Controllers OU. Configure the GPO to install the Microsoft Baseline Security Analyzer (MBSA).

Answer: B
QUESTION 136 You work as an IT professional in an international company which is named Contoso. Your major job is to translate business goals into technology decisions and plan mid-range to long-term strategies. And you are experienced in network infrastructure, security policy and business continuity. In your company, you are responsible for infrastructure design and global configuration changes.
Two servers named Server1 and Server2 are contained by the network. Server1 is a reverse proxy. Windows Server 2008 is run by Server2. And the Web server (IIS) server role installed in Server2. A secure Web site is hosted by Server2. You want users to utilize the https://www.contoso.com URL to connect to Server2.
Since you are the technical support, you are required to have the environment for the deployment of server certificates prepared to satisfy the following requirements.
-First, users connecting from the local network must only connect directly to Server2. -Second, users must be able to get access to the Web site on Server2 when they are connected to the Internet or the internal network.
Which action should be performed to achieve the goal?
A.A server certificate for the name Server1.Contoso.com should be installed on Server1. And then, a server certificate for the name www.Contoso.com should be installed on Server2.
B.A server certificate for the name www.contoso.com should be installed on Server1. And then, a server certificate for the name Server2.Contoso.com should be installed on Server2.
C.A server certificate for the name www.contoso.com should be installed on Server1 and Server2.
D.A server certificate for the name Server1.Contoso.com should be installed on Server1 and Server2.
Answer: C
QUESTION 137 You work as an IT professional in an international company which is named Contoso. Your major job is to translate business goals into technology decisions and plan mid-range to long-term strategies. And you are experienced in network infrastructure, security policy and business continuity. In your company, you are responsible for infrastructure design and global configuration changes.
There is one Active Directory forest in your network. One root domain and two child domains are contained in this forest.

Windows Server 2008 is run by all domain controllers. The DNS Server service is run by all domain controllers that host Active Directory-integrated zones. You design a name resolution solution to support single-label names.
You have to prepare the environment to support single-label name resolution across the entire forest.
What action should you perform?
A. A resource records should be configured in the parent domain.
B. A GlobalNames zone should be deployed.
C. Stub zones in each child domain should be deployed.
D. Conditional forwarders should be configured in each child domain.
Answer: B
QUESTION 138 You work as an IT professional in an international company which is named Contoso. Your major job is to translate business goals into technology decisions and plan mid-range to long-term strategies. And you are experienced in network infrastructure, security policy and business continuity. In your company, you are responsible for infrastructure design and global configuration changes.
There is one Active Directory domain in your network. Two servers named Server01 and Server02 are contained in the domain. Windows Server 2008 is run by all servers. Server01 can be accessed only from the internal network. Server02 can be accessed from the internal network and from the Internet. Microsoft SQL Server 2005 is run by Server01. All client computers are members of the domain and run Windows Vista Service Pack 1 (SP1). All client computers run an application that uses ActiveX Data Objects (ADO) to connect to Server01. Remote users need to be enabled to run the application from the Internet.
Your solution must meet the following requirements:
-The SQL Server connection method used by the client application must not be changed. -Remote users must be able to access the application through an HTTP or HTTPS connection.
What action should you perform on Server02?
A.The Network Policy and Access Services (NPAS) server role should be installed. Secure Socket Tunneling Protocol (SSTP) connections should be enabled. B.The RPC should be installed over HTTP Proxy feature. A proxy connection should be configured to Server01. C.The Terminal Services Gateway (TS Gateway) role service should be installed. An ADO connection should

be configured to Server01. D.The Web Server (IIS) server role should be installed. A Web service that connects should be configured to SQL Server on Server01.
Answer: A
QUESTION 139
Your Network consists of one Active Directory forest that has three domains. All domains run Windows Server 2008 R2. Each domain has two domain controllers, four aplication servers, and 10 file servers.
Each domain, you create an organizational unit (OU) named OU1.
You need to plan the deployement of security policy on all application servers to meet te following requirements:
-All application servers must have identical security settings. -All security settings must be applied only to the application servers.
What should you do next?
A.Move all application servers to OU1. Create one Group Policy object (GPO) that contains the security policy settings. Link the GPO to domain. B.Move all application servers to OU1. Create three Group Policy objects (GPSs) that contain the security policy settings. Link one GPO each OU named OU1. C.Move all domain servers to OU1. Create one Group Policy object (GPO) that contains the security policy settings. Link the GPO to each named OU1. D.Move all domain servers in the domain to OU1. Create three Group Policy objects (GPSs) that contain the security policy settings. Link GPO to each domain.
Answer: B
QUESTION 140
A company has an Active Directory Domain Services (AD DS) domain. The company has 300 retail stores with a domain controller in each store. All domain controllers run Windows Server 2003. The domain controllers host an application that remote users access by using Terminal Services.
You are planning to replace the domain controllers. The retail stores do not have secure locations in which to store network equipment and servers.
You have the following requirements:

-Make the application available as a RemoteApp. -Ensure that non-administrative users can access the application. -Maximize domain security. Microsoft 70-647 Exam You need to deploy domain controllers that meet the requirements.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Deploy Windows Server 2008 R2 as a domain controller.
B. Deploy a Server Core installation of Windows Server 2008 R2 as a read-only domain controller (RODC).
C. Deploy a Server Core installation of Windows Server 2008 R2 as a domain controller.
D. Deploy Windows Server 2008 R2 as a read-only domain controller (RODC).
Answer: D
QUESTION 141
A network contains the computers described in the following table.

All users work in a Remote Desktop Services (RDS) environment.
You migrate 15 client computers that run Windows XP to Windows 7. During a license audit you discover that you are using 15 more RDS device client access licenses (CALs) than required.
You need to ensure that the number of issued RDS CALs matches the number of client devices currently in service in the least amount of time.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Wait until the RDS licensing server reclaims the unnecessary licenses.
B. Use the RDS Licensing Manager console to revoke the unnecessary Windows XP device CALs. Microsoft 70-647 Exam
C. From the Remote Desktop Session Host Configuration console, run the Licensing Diagnostics tool.
D. Reset the licensing database path by modifying the Discovery Scope configuration.
Answer: B QUESTION 142

A company has a main office and several branch offices with a 4 Mbps point-to-point connection between all offices. The corporate network contains an Active Directory Domain Services (AD DS) domain. All file servers in the domain run Windows Server 2008 R2. File servers contain a large amount of data that undergoes frequent changes.
You need to recommend a solution for replicating file server volumes between branch offices.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Configure Distributed File System Replication (DFS-R) with a bandwidth limit
B. Configure Distributed File System (DFS) and replicate data to each branch office
C. Configure File Server Resource Manager (FSRM).
D. Configure Distributed File System (DFS) Namespaces on each file server.
Answer: A
QUESTION 143
All servers in an Active Directory Domain Services (AD DS) domain run Windows Server 2008 R2. All Remote Desktop Services (RDS) servers are in an organizational unit (OU) named RDS Servers. All computer security policy settings are configured in a Group Policy Object (GPO) named Security Policy. The Security Policy GPO is linked to the domain.
You create a new GPO named RDS and link it to the RDS Servers OU. The RDS GPO overrides the Security Policy GPO settings.
You need to ensure that the Security Policy GPO settings are not overridden in any OU.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Link the Security Policy GPO to the RDS Servers OU.
B. Configure the RDS Servers OU to block inheritance.
C. Enable loopback processing in the RDS GPO.
D. Configure the domain to block inheritance.
E. Configure the Security Policy GPO to be enforced.
Answer: E
QUESTION 144

A corporate network contains an Active Directory Domain Services (AD DS) domain with 160 Microsoft 70-647 Exam domain controllers that run Windows Server 2008 R2. All client computers run Windows 7. The company has 75 geographically disparate branch offices. Each branch office is represented by an Active Directory site. The Employee organizational unit (OU) includes all employee user accounts. Many employees work from multiple branch offices. Site resource access is managed by using Group Policy Objects (GPOs) and scripts.
Each site has a network share on which users store information specific to the activities at that site.
You need to ensure that users at each site can access the appropriate network share through a single mapped drive.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A.Create a GPO for each site. Configure the GPOs to run a logon script that maps the drive to the site-specific file share. Create a Windows Management Instrumentation (WMI) filter that targets Windows Server 2008 R2. Link the GPOs to the Employee OU.
B.Create an OU for each site under the Employee OU. Place the user accounts for each site in the correct OU. Create a GPO for each site. Configure the new GPOs to run a logon script that maps the drive to the site-specific file share. Link the new GPOs to the site-specific OUs.
C.Create a single GPO for drive mapping. In the GPO, create Drive Map preference items to map the drive to the site-specific file share. Configure the targeting of the Drive Map preference item to match the specific site. Link the new GPO to the Employee OU.
D.Create a logon script for each site. Set each logon script to map the drive to the site-specific file share. Configure the user logon script option in Active Directory to run the appropriate logon script.
Answer: C
QUESTION 145
A company has 50 servers that run Windows Server 2008 R2 Enterprise or Windows Server 2003 Enterprise. You plan to deploy a large-scale wireless network. The wireless network will include 300 wireless access points (WAPs). The WAPs will use Remote Authentication Dial-In User Service (RADIUS) to authenticate devices for network access.
All passwords and shared secrets used for device authentication must be changed every 14 days.
You need to enable centralized management of the RADIUS infrastructure across the WAPs.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A.Deploy a Network Policy Server (NPS) and define individual RADIUS client settings with IEEE 802.IX authentication for each WAP.

B.Deploy a Host Credential Authorization Protocol (HCAP) server and configure it as a RADIUS proxy. C.Deploy a Network Policy Server (NPS). Create an XML file named ias.xml that defines access point settings. Then run the netsh nps import filename = "ias.xml" command. D.Deploy a Network Policy Server (NPS) and define an NPS template. Configure the RADIUS client settings for each client based on the template.
Answer: D
QUESTION 146
A company has an Active Directory Domain Services (AD DS) domain. All servers run Windows Server 2008 R2.
The company plans to add a large number of members to the Account Operators group. You create a new organizational unit (OU), move the Account Operators group to the new OU, and delegate control of the OU to a server operator.
The server operator is unable make changes to the Account Operators group.
You need to ensure that the server operator can manage the Account Operators group.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A.Set the dsHeuristic flag to include the Account Operators group in the AdminSDHolder protection. B.Make the server operator a Domain Administrator. C.Manually alter the access control lists (ACLs) on the Account Operators group to allow the server operator
control. D.Set the dsHeuristic flag to exclude the Account Operators group from the AdminSDHolder protection.
Answer: C
QUESTION 147
A company has an Active Directory Domain Services (AD DS) domain with multiple sites. All servers run Windows Server 2008 R2.
The company has multiple server operators. The server operators are members of the following Active Directory security groups:
-Server Operators -Backup Operators
The company has an application that adds attributes to Active Directory. A server operator attempts to install

the application on a server. The installation fails.
You need to ensure that the server operator can install the application. Microsoft 70-647 Exam What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Install Active Directory Lightweight Directory Services in the Active Directory partition of a new server.
B. Allow the server operator to use the default Administrator account to make the changes.
C. Make the server operator a temporary member of the Schema Admins group.
D. Make the server operator a temporary member of the Enterprise Administrators group.
E. Make the server operator a temporary member of the Domain Administrators group.
Answer: C
QUESTION 148
Fourth Coffee is merging with Fabrikam, Inc. Fourth Coffee has an Active Directory Domain Services (AD DS) domain with several child domains. Fabrikam has a UNIX-based environment that contains the Kerberos V5 protocol.
Fabrikam users must have access to only resources in the root Fourth Coffee domain. Fourth Coffee users must not have access to the Fabrikam domain.
You need to ensure that Fabrikam users can access the necessary Fourth Coffee resources.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Create a nontransitive two-way realm trust between Fourth Coffee and Fabrikam.
B. Create a transitive one-way realm trust from Fourth Coffee to Fabrikam.
C. Create a nontransitive one-way realm trust from Fourth Coffee to Fabrikam.
D. Create a transitive two-way realm trust between Fourth Coffee and Fabrikam.
Answer: C
QUESTION 149
Trey Research is merging with Proseware, Inc. Trey Research has an Active Directory Domain Services (AD DS) domain named treyresearch.net with domain controllers named DC01, DC02, and DC03. Proseware has an AD DS domain named proseware.com.
All domain controllers run Windows Server 2008 R2 and the DNS server role
When creating a forest trust from dc01.treyresearch.net, the New Trust Wizard displays the following error message:

The New Trust Wizard cannot continue because the specified domain cannot be contacted. Either the domain does not exist, or network or other problems are preventing connection.
You need to ensure that the forest trust can be created.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. On DC01, modify the host file to include proseware.com.
B. On DC01, create a Primary Zone for proseware.com.
C. On DC01, modify the TCP/IP properties to use the Proseware DNS servers.
D. On DC01, create a Conditional Forwarder for proseware.com.
Answer: D
QUESTION 150
A company has a main office and multiple branch offices. The corporate network contains an Active Directory Domain Services (AD DS) domain and servers that run Windows Server 2008 R2.
You plan to deploy 50 read-only domain controllers (RODCs) to the branch offices. You will configure the RODCs at the company's main office and then ship them to the branch offices for installation by on-site technicians.
You have the following requirements:
-Minimize network traffic related to the installation. -Ensure the security of the RODCs.
You need to create a server configuration plan that meets the requirements.
You use the Ntdsutil command-line utility to prepare an Install From Media (IFM) source, removing Microsoft 70-647 Exam any sensitive credentials.
What should you recommend next? (More than one answer choice may achieve the goal. Select the BEST answer.)
A.Perform a Server Core installation of Windows Server 2008 R2 and add the RODC server role. Run DCPROMO and specify an answer file that includes the IFM location. B.Perform a Server Core installation of Windows Server 2008 R2 and add the RODC server role.

Run DCPROMO with the /UseExistingAccount: Attach switch. C.Install Windows Server 2008 R2 and add the RODC server role. Run DCPROMO with the /ReplicationSourcePath switch and specify the IFM source. D.Install Windows Server 2008 R2 and add the RODC server role. Run DCPROMO and specify an answer file that includes the IFM location.
Answer: A
QUESTION 151
A company has an Active Directory Domain Services (AD DS) domain. All servers run Windows Server 2008 R2.
The company plans to open a branch office that will be available for the use of up to 250 traveling Sales department staff. Finance department staff will also use the office during financial audits. The branch office does not have a secure location in which to store network equipment and servers. A password policy enforces eight-character passwords across the domain.
You are designing a server deployment strategy for the new branch office. You have the following requirements:
-Minimize logon time for Sales department staff. -Maximize domain security for Finance department staff.
You need to design a deployment strategy that meets the requirements.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A.Install a read-only domain controller (RODC) and configure it as a Global Catalog Server. B.Install a read-only domain controller (RODC). Set a password replication policy to deny replication of only the Finance security group. C.Install a read-only domain controller (RODC). Set a password replication policy to allow replication of only the Sales security group. D.Install a writeable domain controller. Create a fine-grained password policy to enforce complex 15-character passwords for the Finance department.
Answer: A

QUESTION 1
Testlet 1: Northwind Traders Question 1 of 7
You are evaluating the procedures for recovering Active Directory in the event of a forest-wide failure.
You need to recommend a forest recovery startegy.
What should you include in the recommendation?
A.Recover one global catalog server from each domain in the forest, and then modify the tombstone lifetime. B.Recover all of the Domain Controllers in the forest root domain, and then modify the garbage collection interval. C.Recover one Domain Controller in the forest, and then transfer all of the operation master roles from the recovered Domain Controller. D.Recover one Domain Controller from each domain in the forest, and then seize all of the operation master roles from the recovered Domain Controllers.
Answer: D
QUESTION 2 Testlet 1: Northwind Traders Question 2 of 7
You need to recommend a solution for App1 that supports the company's planned changes.
What should you include in the recommendation?
A. Microsoft Application Virtualization (App-V).
B. Microsoft Enterprise Desktop Virtualization (MED-V).
C. Remote Desktop IP Virtualization.
D. RemoteApp.
Answer: B
QUESTION 3 Testlet 1: Northwind Traders Question 3 of 7

You are evaluating whether to deploy Read-Only Domain Controllers (RODCs) in the branch offices.
Which two technical requirements will be met by deploying the RODCs?
(Each correct answer presents a complete solution. Choose Two)
A. Ensure that only smart card authentication is used for remote access.
B. Reduce the security risk of having domain controller in an unsecure location.
C. Minimize the amount of time it takes to restore deleted Active Directory objects.
D. Prevent Active Directory attributes that contain sensetive information from being stored in the branch offices.
Answer: BD
QUESTION 4 Testlet 1: Northwind Traders Question 4 of 7
You need to recommend a solution for deploying the test computers.
The solution must meet the company's technical requirements.
What should you include in the recommendation?
A. Microsoft Application Virtualization (App-V).
B. Microsoft Enterprise Desktop Virtualization (MED-V).
C. Native-boot Virtual Hard Disks (VHDs).
D. Windows Virtual PC.
Answer: C
QUESTION 5 Testlet 1: Northwind Traders Question 5 of 7
You need to recommend the number of Active Directory sites and subnet objects that must be configured to meet the company's technical requirements.
What should you recommend?

A. One site and one subnet.
B. Two sites and two subnets.
C. Two sites and four subnets.
D. Four sites and four subnets.
Answer: D
QUESTION 6 Testlet 1: Northwind Traders Question 6 of 7
You need to recommend a remote access solution that meets the company's technical requirements.
Which VPN protocol should you include in the recommendation?
A. Internet Key Exchange version 2 (IKEv2).
B. Layer 2 Tunneling Protocol (L2TP).
C. Point-to-Point Tunneling Protocol (PPTP).
D. Secure Socket Tunneling Protocol (SSTP).
Answer: D
QUESTION 7 Testlet 1: Northwind Traders Question 7 of 7
You need to recommend a trust configuration that supports the company's palnned changes.
Which trust configuration should you include in the recommendation?
A. A federated trust.
B. A forest trust.
C. A shortcut trust.
D. An external trust.
Answer: D


QUESTION 1 Testlet 2: Proseware Inc. Question 1 of 7
You need to ensure that all of the users in proseware.com log on in an acceptable amount of time.
What should you recommend?
A.Enable universal group membership cashing in the New York office. B.Deploy an additional Domain Controller for proseware.com in the New York office. C.Remove the GPO4 link to the Proseware_Sales OU. Link GPO4 to the New York office. D.Remove the GPO4 link to the Proseware_Sales OU. Copy GPO4 to the proseware.com and link the copy to
the Proseware_Sales OU.
Answer: D
QUESTION 2 Testlet 2: Proseware Inc. Question 2 of 7
You need to identify which physical servers can be virtualized.
What should you use to identify the servers?
A. Microsoft Assessment and Planning (MAP) Toolkit.
B. Microsoft Asset Inventory Service (AIS).
C. Microsoft System Center Essentials.
D. Microsoft System Center Operations Manager.
E. Microsoft System Center Virtual Machine Manager (VMM).
Answer: A
QUESTION 3 Testlet 2: Proseware Inc. Question 3 of 7
You need to reduce the amount of time it takes for users in litwareinc.com to log on when they travel to Washington office.

Which two action should you perform?
(Each correct answer presents part of the solution. Choose Two)
A. Create site link bridge.
B. In the Washington office, deploy a Domain Controller for litwareinc.com.
C. In the Washington office, configure a Domain Controller as a global catalog server.
D. Modify the properties of the site link between the Washington office and London office.
E. Transfer the Primary Domain Controller (PDC) emulator role from proseware.com to DC3.proseware.com.
Answer: BC
QUESTION 4 Testlet 2: Proseware Inc. Question 4 of 7
You need to recommend a remote access solution that meets the company's technical requirements?
What should you include in the recommendation?
A. DirectAccess.
B. Internet Key Exchange version 2 (IKEv2).
C. Layer 2 Tunneling Protocol with Internet Protocol Security (L2TP/IPSec).
D. Secure Socket Tunnel Protocol (SSTP).
Answer: C
QUESTION 5 Testlet 2: Proseware Inc. Question 5 of 7
You need to recommend an access solution for the UNIX-based client computers that meets the company's technical requirements.
What should you include in the recommedation?
A. Password Synchronization.
B. Server for Network Information Services (NIS).

C. Services for Network File System (NFS).
D. Subsytems for UNIX-based Applications (SUA).
Answer: C
QUESTION 6 Testlet 2: Proseware Inc. Question 6 of 7
You need to recommend a reporting solution that meets the company's technical requirements.
What should you include in the recommendation?
A. Data Collector Sets (DCSs).
B. Microsoft System Center Configuration Manager 2007 R2.
C. Microsoft System Center Operation Manager 2007 R2.
D. Windows Server Update Services (WSUS) Reporting Rollup.
Answer: C
QUESTION 7 Testlet 2: Proseware Inc. Question 7 of 7
You need to recommend an Active Directory solution for the Washington office that meets the company's technical requirements.
What should you include in the recommendation?
A. Disable site link bridging for IP Inter-Site Transport.
B. Enable the Try Next Closest Site Group Policy setting.
C. Set the site link cost of the site link between the Washington office and the New York office to 1.
D. Create site link between the Washington office and the London office. Set the site link cost to 11.
Answer: B

QUESTION 1
Testlet 3: Lucerne Publishing Question 1 of 11
You to recommend changes to the Active Directory environment that support the company's planned migration of the contoso.com users.
What should you include in the recommendation?
A. Kerberos delegation.
B. Selective authentication.
C. Service Principal Names (SPNs).
D. SID History.
Answer: D
QUESTION 2 Testlet 3: Lucerne Publishing Question 2 of 11
You are evaluating raising the functinoal level of the contoso.com forest to the Windows Server 2008 R2.
You need to recommend which changes to the network must be implemented before raising the functional level of the forest.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you recommend?
A.Upgrade all of the Domain Controllers in both forests to Windows Server 2008 R2. B.Upgrade all of the Domain Controllers in contoso.com forest to Windows Server 2008 R2. C.In the contoso.com forest and lucernepublishing.com forest, install a new Domain Controller that runs
Windows Server 2008 R2. D.In the contoso.com forest, install a new Domain Controller that runs Windows Server 2008 R2. Transfer the schema master role and the domain naming mster role to the new Domain Controller.
Answer: B
QUESTION 3 Testlet 3: Lucerne Publishing Question 3 of 11

You are evaluating of the deployment of a server to host the Public DFS namespace in the branch office.
You need to recommend changes to the network to ensure that users in the branch office connect to the local DFS server when they access the Public namespace.
What should you include in the recommendation?
A. Configure the RODC as a DNS server.
B. Configure the RODC as a global catalog server.
C. Create an Active Directory site for the branch office.
D. Modify the refferals settings of the Public namespace.
Answer: C
QUESTION 4 Testlet 3: Lucerne Publishing Question 4 of 11
You need to recommend a monitoring solution for the Remote Desktop servers that meets the company's technical requirements.
What should you include in the recommendation?
A. Advanced security audit policy.
B. Event subscriptions.
C. Microsoft System Center Configuration Manager.
D. Microsoft System Center Operation Manager.
Answer: D
QUESTION 5 Testlet 3: Lucerne Publishing Question 5 of 11
You need to recommend changes to the network that support the company's planned deployment of the RODC.

You want to achieve this goal by using the minimum amount of administrative effort.
What should you recommend?
A. Upgrade all Domain Controller to Windows Server 2008 R2.
B. Deploy a new Domain Controller that runs Windows Server 2008 R2.
C. Create new Active Directory site and enable universal group membeship cashing.
D. Create new Active Directory site and move a global catalog server to the new site.
Answer: B
QUESTION 6 Testlet 3: Lucerne Publishing Question 6 of 11
You need to recommend changes to the network infrastructure that support the company's planned deployment of App5.
What should you include in the recommendation?
A. Implementation of IPSec.
B. Implementation of IPv6 tunneling.
C. Modification to the existing DHCP infrastructure.
D. Modification to the existing DNS infrastructure.
Answer: C
QUESTION 7 Testlet 3: Lucerne Publishing Question 7 of 11
You are evaluating the deployment of Exchange Server 2010 server in the new branch office.
The Exchange server will be configured as a DNS server.
You need to recommend a solution to ensure that the Exchange server can send e-mail to the Internet if the WAN link to Seattle fails.

What should you include in the recommendation?
A. Deploy a writable catalog server.
B. Enable universal group membership cashing.
C. Install the SMTP Server feature on the RODC.
D. Configure the RODC as a global catalog server.
Answer: A
QUESTION 8 Testlet 3: Lucerne Publishing Question 8 of 11
You need to recommend an access startegy for the wireless network that meets the company's security requirements.
What should you include in the recommendation?
A. IP filtering and Secure Socket Layer Protocol (SSTP).
B. IPSec and Microsoft Forefront Unified Access Gateway (UAG) 2010.
C. RADIUS authentication and Network Policy Server (NPS) policies.
D. Wired Equivalent Privacy (WEP) and Group Policy Objects (GPOs).
Answer: C
QUESTION 9 Testlet 3: Lucerne Publishing Question 9 of 11
You need to recommend an application deployment solution to ensure the App2 can run on all of the Remote Desktop servers.
What should you include in the recommendation?
A. Group Ploicy Objects (GPOs) that contain application control policies.
B. Group Ploicy Objects (GPOs) that contain software installation settings.
C. Microsoft Application Virtualization (App-V).

D. Microsoft Enterprise Desktop Virtualization (MED-V).
Answer: C
QUESTION 10 Testlet 3: Lucerne Publishing Question 10 of 11
You need to recommend changes to the network infrastructure that support the company's planned AD RMS deployment.
What should you include in the recommendation?
A. Active Directory Federation Services (AD FS) 2.0.
B. Active Directory Lightweight Directory Services (AD LDS).
C. Microsoft SharePoint Foundation 2010.
D. Microsoft SQL Server 2008 R2.
Answer: D
QUESTION 11 Testlet 3: Lucerne Publishing Question 11 of 11
You are evaluating the addition of a new domain named nwtraders.com to the contoso.com forest.
You need to ensure that all users in both forests can access the resources in nwtraders.com by using their User Principal Name (UPN).
A. Add additional UPN suffixes to the contoso.com forest.
B. Add additional UPN suffixes to the lucernepublishing.com forest.
C. Configure name suffix routing in the contoso.com forest.
D. Configure name suffix routing in the lucernepublishing.com forest.
Answer: D QUESTION 1 Testlet 4: City Power & Light Question 1 of 12

You need to recommend an access solution for App1 that supports the company's planned changes.
What should you include in the recommendation?
A. Failavor Clustering.
B. Network Load Balancing (NLB).
C. Remote Desktop Connection Broker (RD Connection Broker).
D. Remote Desktop Gateway (RD Gateway).
Answer: C
QUESTION 2 Testlet 4: City Power & Light Question 2 of 12
Which requirement can be implemented based on the current functional level of the domain?
A.Administrative accounts and non-administartive accounts must have different password policies. B.The amount of bandwidth used to replicate SYSVOL between the Domain Controllers must be minimized. C.Computer accounts for all client computers joined to a domain must be created in an Organizational Unit
(OU) named Workstations. D.All Kerberos authentication traffic must be encrypted by using the Advanced Encryption Services (AES) algorithm that has a 256-bit key size.
Answer: C
QUESTION 3 Testlet 4: City Power & Light Question 3 of 12
You need to recommend a solution to ensure that all branch office users can log on by using their smart cards after the RODCs are deployed.
What should you recommend?

A. Modify the certificate templates.
B. Modify the RODC filtered attribute set.
C. Deploy an issuing CA in each branch office.
D. Enable password cashing for each branch office user.
Answer: A
QUESTION 4 Testlet 4: City Power & Light Question 4 of 12
You need to recommend a solution for resetting forgotten user passwords.
The solution must meet the company's technical requirements.
What should you include in the recommendation?
A. Active Directory Rights Management Services (AD RMS).
B. Active Directory Web Services (AD WS).
C. Microsoft Forefront Identity Manager (FIM) 2010.
D. Microsoft Forefront Unified Access Gateway (UAG) 2010.
Answer: C
QUESTION 5 Testlet 4: City Power & Light Question 5 of 12
You need to recommend changes to the Active Directory environment to provide the university users access to the resources in the cpandl.com forest.
What should you recommend creating in the cpandl.com forest?
A. A one-way incoming external trust.
B. A one-way incoming realm trust.
C. A one-way outgoing external trust.
D. A one-way outgoing realm trust.

Answer: D
QUESTION 6 Testlet 4: City Power & Light Question 6 of 12
You need to recommend a solution for securing the communication between server1.east.cpandl.com and server22.east.contoso.com.
The solution must meet the company's security requirements.
What should you include in the recommendation?
A. IPsec AH that uses Kerberos V5 authentication.
B. IPsec AH that uses public key certificates.
C. IPsec ESP that uses Kerberos V5 authentication.
D. IPsec ESP that uses public key certificates.
Answer: D
QUESTION 7 Testlet 4: City Power & Light Question 7 of 12
You need to recommend a solution for deploying the corporate applications.
The solution must meet the company's technical requirements.
What should you include in the recommendation?
A. Group Policy.
B. Microsoft Application Virtualization (App-V).
C. Microsoft Enterprise Desktop Virtualization (MED-V).
D. RemoteApp.
Answer: A
QUESTION 8 Testlet 4: City Power & Light Question 8 of 12

You need to recommend a solution to identify which servers and workloads can be consolidated ____ to meet the company's business goals.
What should you include in the recommendation?
A. Microsoft Assessment and Planning (MAP) Toolkit.
B. Microsoft Desktop Optimization Pack (MDOP).
C. Microsoft System Center Virtual Machine Manager (VMM).
D. Windows Server Migration Tools.
Answer: A
QUESTION 9 Testlet 4: City Power & Light Question 9 of 12
You need to recommend a solution to ensure that users can open all files that they encrypt from any computer.
What should you include in the recommendation?
A. A data recovery agent.
B. Credential roaming.
C. Folder redirection.
D. Kerberos constrained delegation.
Answer: B
QUESTION 10 Testlet 4: City Power & Light Question 10 of 12
You are evaluating renaming the cpandl.com forest.
You need to recommend changes to the current network infrastructure to ensure that you can rename the forest.

What should you recommend?
A.Migrate Exchange Server 2003 to Exchange Server 2010. B.Upgrade all of the Domain Controllers to Windows Server 2008 R2. C.Publish the CRLs to a Web server and reissue all of the certificates. D.Move all user accounts, group accounts, and comuter accounts to the forest root domain and remove all of
the child domains.
Answer: C
QUESTION 11 Testlet 4: City Power & Light Question 11 of 12
You need to recommend changes to the Active Directory replication tobology that support the company's planned deployment of the new branch office.
What should you include in the recommendation?
A. IP site links.
B. IP site link bridges.
C. SMTP site links.
D. SMTP site bridges.
Answer: C
QUESTION 12 Testlet 4: City Power & Light Question 12 of 12
You need to recommend changes to the Active Directory infrastructure that support the company's planned RODC deployment.
What should you recommend?
A.In each domain, configure a Domain Controller as a global catalog server. B.In each domain, deploy a Domain Controller that runs Windows Server 2008 R2. C.Upgrade all of the Domain Controllers in the forest root domain to Windows Server 2008 R2.

D.Configure the delegation settings for the computer account of each Domain Controller and register a Service Principal Name (SPN) for each Domain Controller.
Answer: B QUESTION 1 Testlet 5: Baldwin Museum Question 1 of 11

You need to recommend changes to the Active Directory environment that support the muesum's planned subsidiary in France.
What should you recommend?
A.Deploy a new domain named france.baldwinmuseumofscience.com in the existing forest. B.Deploy a new domain named france.baldwinmuseumofscience.com and create a forest trust. C.Create a new Organizational Unit (OU) named France in the baldwinmuseumofscience.com domain. In
the France OU, create an OU for each office. D.Create a new Organizational Unit (OU) named France in the usa.baldwinmuseumofscience.com domain. In the France OU, create an OU for each office.
Answer: A
QUESTION 2 Testlet 5: Baldwin Museum Question 2 of 11
You need to recommend a solution to ensure that the branch office users in France authenticate to a local Domain Controller.
If a local Domain Controller is unavailable, the users must authenticate to a Domain Controller in the Paris office.
What should you recommend?
A. The Contact PDC on logon failure Group Policy setting for the client computers.
B. The Contact PDC on logon failure Group Policy setting for the Domain Controllers.
C. The DC Locator DNS Records Group Policy settings for the client computers.
D. The DC Locator DNS Records Group Policy settings for the Domain Controllers.
Answer: D
QUESTION 3 Testlet 5: Baldwin Museum Question 3 of 11

You need to recommend a solution for the Publuic Key Infrastructure (PKI) that meets the following requirements:
. Ensure that administrator in India can approve certificates fro users in the India domain.
. Minimize costs.
What should you recommend?
A. Deploy a standalone subordinate CA to the domain in India.
B. Deploy an enterprise subordinate CA to the domain in India.
C. Configure CA permissions and the Exit Module of the CA.
D. Configure CA permissions and Certificate Manager Restrictions.
Answer: D
QUESTION 4 Testlet 5: Baldwin Museum Question 4 of 11
You need to recommend an IP address range for the museum's planned subsidiary in France.
Which IP address range should you recommend?


A. 10.10.96.0/19
B. 10.10.160.0/20
C. 10.10.160.0/22
D. 10.10.192.0/21
Answer: A
QUESTION 5 Testlet 5: Baldwin Museum Question 5 of 11
You are evaluating the deployment of a Virtual Desktop Infrastructure (VDI) solution for personal virtual desktop on the China campus.

You need to recommend changes to the infrastructure that support the museum's planned VDI.
The solution must minimize hardware costs.
Which domain functional level should you recommend for the China domain?
A. Windows 2000 native.
B. Windows Server 2003.
C. Windows Server 2008.
D. Windows Server 2008 R2.
Answer: A
QUESTION 6 Testlet 5: Baldwin Museum Question 6 of 11
You need to recommend a solution for deploying App1.
The solution must meet the museum's technical requirements.
What should you include in the recommendation?
A. Microsoft Application Virtualization (App-V).
B. Microsoft Enterprize Desktop Virtualization (MED-V).
C. Microsoft System Center Configuration Manager.
D. RemoteApp.
Answer: A
QUESTION 7 Testlet 5: Baldwin Museum Question 7 of 11
You need to recommend changes to Active Directory to ensure that the replication between the Domain Controllers in France supports the museum's planned changes.
What should you recommend?

A. Disable site link bridging.
B. Modify the change notification delay.
C. Modify the automatic site coverage settings.
D. Disable the Knowledge Consistency Checker (KCC).
Answer: D
QUESTION 8 Testlet 5: Baldwin Museum Question 8 of 11
You need to recommend changes to the Active Directory environment that support the plan to establish Trey Research.
What should you recommend?
A.Create a new tree named treyresearch.com in the forest and modify the UPN suffixes for the forest. Migrate the research department users to the new domain. B.Create a new tree named treyresearch.baldwinmuseumofscience.com in the forest. Add a UPN suffix for treyresearch.com. Migrate the research department users to the new domain.
C.Create a new tree named treyresearch.com. Create a trust between treyresearch.com and china.baldwinmuseumofscience.com. Modify the SID filtering settings for the trust. Migrate the research department users to the new domain.
D.Create a new tree named treyresearch.com. Create a trust between treyresearch.com and china.baldwinmuseumofscience.com. Modify the selective authentication settings for the trust. Migrate the research department users to the new domain.
Answer: D
QUESTION 9 Testlet 5: Baldwin Museum Question 9 of 11
You need to recommend changes to the environment to resolve the logon issues that were reported by the users from China domain.
What should you include in the recommendation?

A. Modify the automatic site coverage settings.
B. Deploy Domain Controllers from the China domain to the India site.
C. In the India site, enable universal group membership cashing.
D. In the India site, configure another Domain Controller as a global catalog server.
Answer: B
QUESTION 10 Testlet 5: Baldwin Museum Question 10 of 11
You need to recommend a solution for the users' personal documents that meets the museum's security requirements.
What should you include in the recommendation?
A. Active Directory Rights Management Services (AD RMS).
B. Authorization Manager.
C. Encrypted File System (EFS).
D. Windows BitLocker Drive Encryption (BitLocker).
Answer: C
QUESTION 11 Testlet 5: Baldwin Museum Question 11 of 11
You need to recommend a network access solution for the remote users that meets the museum's technical requirements.
What should you include in the recommendation?
A. DirectAccess.
B. Microsoft Forefront Threat Management Gateway (TMG).
C. Network Address Translation (NAT).
D. Remote Desktop Gateway (RD Gateway).
Answer: D


QUESTION 1 Testlet 6: Woodgrove Bank Question 1 of 11
You are evaluating implementing a remote access solution for the Woodgrove Bank network.
You need to recommend a security solution for the client computers that meet the companuy's security requirements.
Waht should you include in the recommendation?
A. Microsoft Baseline Security Analyzer (MBSA).
B. Microsoft Forefront Threat Management Gateway (TMG).
C. Microsoft Forefront Unified Access Gateway (UAG).
D. Network Access Protection (NAP).
Answer: D
QUESTION 2 Testlet 6: Woodgrove Bank Question 2 of 11
You are evaluating the deployment of a separate Active Directory site in each office.
You need to recommend changes to the Active Directory Infrastructure to support the new sites.
What should you include in the recommendation?
A. IP site links.
B. IP site link bridges.
C. SMTP site links.
D. SMTP site link bridges.
Answer: A
QUESTION 3 Testlet 6: Woodgrove Bank Question 3 of 11

You need to recommend changes to the Active Directory infrastructure of Woodgrove Bank.
The changes must support the company's planned changes.
What should you include in the recommendation?
A. 11 shortcut trusts.
B. A two-way forest trust.
C. Active Directory Rights Managements Services (AD RMS).
D. Network Policy and Access Services (NPAS).
Answer: B
QUESTION 4 Testlet 6: Woodgrove Bank Question 4 of 11
You are evaluating the deployment of Read-Only Domain Controller (RODC) in the planned satellite office.
You need to ensure that the RODC can replicate changes from the Domain Controllers in the mian office.
What should you include in the recommendation?
A. Disable site link bridging.
B. Create Active Directory connection objects.
C. Upgrade one of the Domain Controllers in the main office.
D. Configure all of the Domain Controllers in the main office as global catalog servers.
Answer: C
QUESTION 5 Testlet 6: Woodgrove Bank Question 5 of 11
You need to recommend a Public Key Infrastructure (PKI) solution that meets the company's security requirements.
What should you include in the recommendation?

A. Active Directory Federation Services (AD FS) and federated trusts.
B. Certificate deployment by using Group Policy Objects (GPOs).
C. Cross-certification.
D. External trusts and realm trusts.
Answer: B
QUESTION 6 Testlet 6: Woodgrove Bank Question 6 of 11
You need to recommend a solution for App1 that meets the company's security requirements.
What should you include in the recommendation?
A. Group Policy application control policies.
B. Microsoft Application Virtualizationn (App-V).
C. RemoteApp.
D. Windows XP Mode.
Answer: C
QUESTION 7 Testlet 6: Woodgrove Bank Question 7 of 11
You are evaluating the deployment of a Domain Controller in the planned satellite office.
You need to recommend changes to the physiscal topology of Active Directory that meet the company's technical requirements.
What should you include in the recommendation?
A. A global catalog server in the satellite office.
B. A Read-Only Domain Controller (RODC) in the main office.
C. A site and subnet object in the satellite office.
D. Active Directory Lightweight Directory Services (AD LDS) in the branch office.

Answer: C
QUESTION 8 Testlet 6: Woodgrove Bank Question 8 of 11
You are evaluating implementing a high-availability solution for smart card authentication.
You need to recommend changes to the network infrastructure to ensure that all research department users can log on if a single server fails.
What should you recommend?
A. Upgrade the CA to Windows Server 2008 R2.
B. Implement a standalone subordinate CA.
C. Implement an enterprise subordinate CA.
D. Implement Network Load Balancing (NLB) on the web servers.
Answer: D
QUESTION 9 Testlet 6: Woodgrove Bank Question 9 of 11
You need to recommend a document management solution that support the company's planned changes for the department managers.
What should you inlcude in the recommendation?
A. Directory object auditing.
B. Event subscriptions.
C. File Server Resource Manager (FSRM) file screens.
D. Microsoft SharePoint Foundation 2010 alerts.
Answer: D
QUESTION 10 Testlet 6: Woodgrove Bank Question 10 of 11

You are evaluating implementing a solution for the internal auditors.
You need to recommend a solution to delegate the appropriate rights to the auditors.
What should you include in the recommendation?
A. Access-Based Enumeration (ABE).
B. Active Directory delegation.
C. Restricted Groups.
D. Selective authentication.
Answer: C
QUESTION 11 Testlet 6: Woodgrove Bank Question 11 of 11
You are evaluating implementing fine-grained password policies on the Woodgrove Bank network.
What should you recommend?
A.Enable SID filtering between all of the domains in the forest.
B.Create shortcut trust between all of the child domains and the forest root domain.
C.Upgrade all of the domain controllers to Windows Server 2008 R2, and then raise the functional level of the domain.
D.Upgrade all of the domain controllers that have the primary domain controller (PDC) emulator role to Windows Server 2008 R2, and then configure the account lockout policies.
Answer: C

QUESTION 1
Testlet 7 Litware, Inc. Question 1 of 6
You need to recommend an organizational unit (OU) structure that supports the company's planned changes.
What should you recommend?
A. Create one OU for each department. Create one OU for all of the offices.
B. Create one OU for each office. Create one OU for all of the departments.
C. Create one OU for all of the offices. In the office OU, create one OU for each department.
D. Create one OU for each department. In each department OU, create one OU for each office.
Answer: D
QUESTION 2 Testlet 7 Litware, Inc. Question 2 of 6
You need to recommend a solution for the client computers in the finance department. The solution must support the company's planned changes.
What should you include in the recommendation?
A. Microsoft Enterprise Desktop Virtualization (MED-V)
B. Microsoft System Center Virtual Machine Manager (VMM)
C. Windows Deployment Services (WDS)
D. Windows XP Mode
Answer: B
QUESTION 3 Testlet 7 Litware, Inc. Question 3 of 6
You need to recommend a backup strategy for the VMs that supports the company's planned changes.
What should you include in the recommendation?
A. Microsoft System Center Data Protection Manager
B. Microsoft System Center Virtual Machine Manager (VMM)
C. Storage Manager for SANs
D. Windows Server Backup

Answer: A
QUESTION 4 Testlet 7 Litware, Inc. Question 4 of 6
You need to recommend a Remote Desktop Services (RDS) solution for RemoteApp programs that supports the company's planned changes.
What should you include in the recommendation?
A. Remote Desktop Connection Broker (RD Connection Broker)
B. Remote Desktop Gateway (RD Gateway)
C. Remote Desktop Virtualization Host (RD Virtualization Host)
D. Remote Desktop Web Access (RD Web Acccess)
Answer: D
QUESTION 5 Testlet 7 Litware, Inc. Question 5 of 6
You need to recommend a group scope for the dedicated auditing user accounts that meets the company's security requirements.
Which group scope should you recommend?
A. Domain local
B. Global
C. Local
D. Universal
Answer: D
QUESTION 6 Testlet 7 Litware, Inc. Question 6 of 6
You need to recommend a network access solution that meets the company's security requirements.
What should you include in the recommendation?
A. A VPN and firewall solution that uses Secure Socket Tunneling Protocol (SSTP).

B. A VPN and firewall solution that uses Internet Key Exchange version 2 (IKEv2).
C. One server that has the Network Policy Server (NPS) role service installed.
D. Two servers that have the Network Policy Server (NPS) role service installed.
Answer: C QUESTION 1 Testlet 8 Wingtip Toys Question 1 of 6

You need to recommend a VPN strategy that meets the company's business goals
Which two actions should you include in the recommendation? (Each correct answer presents part of the solution. Choose two.)
A.In each forest, deploy one server that has the Network Policy Server (NPS) role service installed.
B.In each forest, deploy one server that has the Routing and Remote Access service (RRAS) role service installed.
C.In the wingtiptoys.com forest, deploy one server that has the Network Policy Server (NPS) role service installed.
D.In the wingtiptoys.com forest, deploy one server that has the Routing and Remote Access service (RRAS) role service installed.
E.In the wingtiptoys.com forest, deploy one server that has the Active Directory Federation Services (AD FS) role service installed.
Answer: BC
QUESTION 2 Testlet 8 Wingtip Toys Question 2 of 6
You need to recommend a document protection strategy that meets the company's security requirements.
What should you include in the recommendation?
A. Active Directory Certificate Services (AD CS)
B. Active Directory Rights Management Services (AD RMS)
C. Secure/Multipurpose Internet Mail Extensions (S/MIME)
D. Windows BitLocker Drive Encryption (BitLocker)
Answer: B
QUESTION 3 Testlet 8 Wingtip Toys Question 3 of 6
You are evaluating whether to create a trust relationship between tailspintoys.com and wingtiptoys.com.
You need to recommend a trust relationship configuration that supports the company's planned changes.

What should you include in the recommendation?
A. Name suffix routing
B. Selective authentication
C. SID Filtering
D. Universal group memebership caching
Answer: B
QUESTION 4 Testlet 8 Wingtip Toys Question 4 of 6
You need to ensure that you can migrate objects from tailspintoys.com by using Active Directory Migration Tool version 3.2 (ADMT v3.2).
What should you do tailspintoys.com?
A. Raise the functional level of the domain.
B. Convert all the global groups to universal groups.
C. Run the Active Directory Preparation Tool (Adprep.exe)
D. Upgrade the primary domain controller (PDC) emulator to Windows Server 2008 R2.
Answer: A
QUESTION 5 Testlet 8 Wingtip Toys Question 5 of 6
You need to recommend an IP addressing solution that meets the company's technical requirements.
Which IPv6 prefix should you include in the recommendation?
A. 2001::/10
B. FC00::/10

C. FE80::/10
D. FF00::/10
Answer: B
QUESTION 6 Testlet 8 Wingtip Toys Question 6 of 6

You need to recommend a solution for deploying the domain controllers in the branch offices. The solution must meet the company's security requirements.
What should you recommend?
A.Deploy writeable Domain controllers that run a Server Core installation of Windows Server 2008 R2. Enable universal group membership caching.
B.Deploy Read-only Domain Controllers (RODCs) that run a full installation of Windows Server 2008 R2. Enable universal group membership caching.
C.Deploy writeable Domain controllers that run a Server Core installation of Windows Server 2008 R2. Configure the domain controllers as global catalog servers.
D.Deploy Read-only Domain Controllers (RODCs) that run a full installation of Windows Server 2008 R2 Configure the domain controllers as global catalog servers.
Answer: D QUESTION 1 Testlet 9 A. Datum Coporation Question 1 of 6

You need to recommend a storage solution for the rights-protected documents that meets the company's secuirty requirements.
What should you include in the recommendation?
A. Active Directory Certificate Services (AD CS)
B. File Server Resource Manager (FSRM)
C. Microsoft System Center Data Protection Manager 2010
D. Network Policy Server (NPS)
Answer: B
QUESTION 2 Testlet 9 A. Datum Coporation Question 2 of 6
You need to recommend a storage solution for the file servers that meets the company's user requirements.
What should you include in the recommendation?
A. BranchCache
B. Distributed File System (DFS) Replication
C. Network Load Balancing (NLB)
D. Services for Network File System (NFS)
Answer: B
QUESTION 3 Testlet 9 A. Datum Coporation Question 3 of 6
You need to recommend a solution for the partner organization to access the rights-protected documents. The solution must meet the company's security requirements.
What should you include in the recommendation?
A. Active Directory Certificate Services (AD CS)
B. Active Directory Federation Services (AD FS)
C. Microsoft Forefront Indentity Manager (FIM) 2010

D. Microsoft Forefront Unified Access Gateway (UAG) 2010
Answer: B
QUESTION 4 Testlet 9 A. Datum Coporation Question 4 of 6
You need to recommend a name resolution strategy that supports the company's planned changes.
Which two DNS configurations should you include in the recommendation? (Each correct answer presents a complete solution. Choose two.)
A. A GlobalNames zone
B. A WINS proxy
C. Multiple DNS suffixes on the client computers
D. Stub zones
E. Trust Anchors
Answer: AC
QUESTION 5 Testlet 9 A. Datum Coporation Question 5 of 6
You need the recommend a solution for the deployment of App1 and App2 that supports the company's planned changes.
What should you include in the recommendation?
A. Microsoft Application Virtualization (App-V)
B. Published applications by using Group Policy Objects (GPOs)
C. RemoteApp
D. Virtual Desktop Infrastructure (VDI)
Answer: A
QUESTION 6 Testlet 9 A. Datum Coporation Question 6 of 6
You need to ensure that all the users in the Redmond office always attempt to authenticate to either DC3 or DC4 first.

What should you do?
A.Disable site link bridging. B.Enable universal group membership caching in the Seattle office. C.Create a subnet object for the Redmond office, and then assign the subnet object to the Seattle office. D.Create a site object for the Redmond office, and then assign the Subnet object of the Seattle office to the
Redmond office.
Answer: C QUESTION 1 Testlet 10: Blue Yonder Airlines Question 1 of 6

You need to recommend a software solution for App1 that supports the company's planned changes.
What should you include in the recommendation?
A. Microsoft Application Vitualization (App-V)
B. Microsoft Enterprise Desktop Virtualization (MED-V)
C. RemoteApp
D. Windows XP Mode
Answer: D
QUESTION 2 Testlet 10: Blue Yonder Airlines Question 2 of 6
You need to recommend a strategy to recover Active Directory if DC1 fails.
What should you include in the recommendation? (Each correct answer presents part of the solution. Choose two.)
A. Remove the DNS zone.
B. Reset the DC1 computer object.
C. Seize the operations master roles.
D. Transfer the operations master roles.
E. Remove the computer object for DC1 from the domain.
Answer: CE
QUESTION 3 Testlet 10: Blue Yonder Airlines Question 3 of 6
You need to recommend the configuration for a trust relationship that meets the company's technical requirements.
Which trust relationship configuration should you recommend in the blueyonderairlines.com forest?
A. a one-way, incomming forest trust that has selective authentication enabled
B. a one-way, incomming forest trust that has SID Filtering enabled

C. a one-way, outgoing forest trust that has selective authentication enabled
D. a one-way, outgoing forest trust that has SID Filtering enabled
Answer: C
QUESTION 4 Testlet 10: Blue Yonder Airlines Question 4 of 6
strategyfortheBlueYonderAirlinesadministrators .
___.
Youneedtorecommmendaninteroperability_\\\\\\\\\\\\\\\__\
that meets the company's technical requirements.
Which two tasks should you recommend? (Each correct answer presents part of the solution. Choose two)
A. Create an incomming, one-way trust in fabrikam.com
B. Create an incomming, one-way trust in blueyonderairlines.com
C. Install the Active Directory Management Gateway Service on a member server in fabrikam.com
D. Install the Active Directory Management Gateway Service on a domain controller in fabrikam.com
E. Install the Active Directory Management Gateway Service on a member server in blueyonderairlines.com
Answer: BD
QUESTION 5 Testlet 10: Blue Yonder Airlines Question 5 of 6
You need to recommend a management strategy for the planned virtualization solution. The strategy must meet the company's technical requirements.
What should you include in the recommendation?
A.Install the Hyper-V Manager console on each client computer. Configure the Authorization Manager roles. B.Install the Hyper-V Manager console on each client computer. Modify the integration services settigns for each VM. C.Deploy Microsoft System Center Virtual Machine Manager (VMM) 2007 R2 and the VMM Self-Service Portal. D.Deploy Microsoft System Center Virtual Machine Manager (VMM) 2007 R2. Install the VMM console on the client computers of the developers.
Answer: C
QUESTION 6

Testlet 10: Blue Yonder Airlines
Question 6 of 6
You need to recommend a certificate strategy that meets the company's technical requirements.
What should you recommend?
A. Modify the issuance polices of Fabrikam.
B. Modify the issuance polices of Blue Yonder Airlines.
C. Deploy the root CA certificate of fabrikam.com to all of the client computers in the blueyonderairlines.com
D. Deploy the root CA certificate of blueyonderairlines.com to all of the client computers in the fabrikam.com
Answer: C QUESTION 1 Testlet 11: School of Fine Art Question 1 of 6

You need to recommend changes to the environment that meet the company's technical requirements for auditing Active Direcotry objects.
What should you include in the recommendation?
A. Deploy Microsoft System Center Configuration Manager.
B. Run the active Directory Preparation Tool (Adprep.exe)
C. Run auditpol.exe on each domain controler that runs Windows Server 2003
D. Upgrade each domain controller that runs Windows Server 2003 to Windows Server 2008
Answer: D
QUESTION 2 Testlet 11: School of Fine Art Question 2 of 6
You need to recommend a management solution for Server1 that supports the company's planned changes.
What should you include in the recommendation?
A. Access-Based Enumeration (ABE)
B. Distrubuted File System (DFS)
C. File Server Resource Manager (FSRM)
D. Share and Storage Managment
Answer: C
QUESTION 3 Testlet 11: School of Fine Art Question 3 of 6
You need to recommend an update and compliance strategy that meets the company's technical requirements.
What should you include in the recommendation?
A. Microsoft System Center Configuration Manager and Host Credential Authorization Protocol (HCAP)
B. Microsoft System Center Configuration Manager and Network Policy Server (NPS)
C. Windows Server Update Services (WSUS) and Host Credential Authorization Protocol (HCAP)
D. Windows Server Update Services (WSUS) and Network Policy Server (NPS)

Answer: D
QUESTION 4 Testlet 11: School of Fine Art Question 4 of 6
You need to recommend a strategy to improve the PKI. The strategy must meet the company's technical requirements.
What should you include in the recommendation?
A. Standalone subordinate CA
B. The Certificate Enrollment Web Service role Service
C. The Online Responder service
D. Version 3 Certificate Templates
Answer: C
QUESTION 5 Testlet 11: School of Fine Art Question 5 of 6
You need to recommend a management solution for the virtualization technologies that supports the company's planned changes.
What should you recommend?
A. Microsoft Enterprise Desktop Virtualization (MED-V)
B. Microsoft System Center Operations Manager
C. Microsoft System Center Virtual Machine Manager (VMM)
D. Remote Server Administration Tools (RSAT)
Answer: C
QUESTION 6 Testlet 11: School of Fine Art Question 6 of 6
You need to recommend a strategy for App1 that supports the company's planned changes.
What should you include in the recommendation?
A. Create a Group Policy Object (GPO) that assigns App1 to all of the client computers.

B. Create a Group Policy Object (GPO) that publishes App1 to all of the users on the network.
C. Deploy Windows XP Mode on all of the client computers. Deploy App1 on the virtual machine (VM).
D. Deploy App1 on a server that has the Remote Desktop Session Host (RD Session Host) role service installed.
Answer: D QUESTION 1 Testlet 12: Fabrikam Inc. Question 1 of 6

You need to plan an authentication solution for remote access that meets the company's technical requirements.
What should you include in the plan?
A. Active Directory Lightweight Directory Services (AD LDS) in an internal network
B. Active Directory Lightweight Directory Services (AD LDS) in a perimeter network
C. Network Policy Server (NPS) in an internal network
D. Network Policy Server (NPS) in a perimeter network
Answer: C
QUESTION 2 Testlet 12: Fabrikam Inc. Question 2 of 6
You need to recommend a solution for the Hyper-V servers that meets the company's technical requirements.
What should you include in the recommendation?
A. Host Failover Clustering
B. Guest Failover Clustering
C. Network Load Balancing (NLB) on the Hyper-V Servers
D. Network Load Balancing (NLB) on the VMs
Answer: A
QUESTION 3 Testlet 12: Fabrikam Inc. Question 3 of 6
You need to recommend a hardware solution for the domain controllers in the branch offices. The solution must meet the company's technical requirements.
What should you recommend doing in each branch office?
A.Install Windows Server 2008 R2 on each existing domain controller. B.Install a new server as a VM that runs Windows Server 2008 R2, and then promote the server to a writable domain controller. C.Install a new server as a VM that runs Windows Server 2008 R2, and then promote the server to a Read-only

domain controller (RODC).
D.Install a new physical server that runs Windows Server 2008 R2, and then promote the server to a Read-only domain controller (RODC).
Answer: C
QUESTION 4 Testlet 12: Fabrikam Inc. Question 4 of 6
You need to plan a solution for the service accounts that meets the company's security requirements.
What should you include in the plan?
A.Modify the password expiration settings in GPO2.
B.Implement managed service accounts, and then configure all the application servers to use the managed service accounts.
C.Create a new domain for all of the service accounts, and then move the service accounts and the application servers to the new domain.
D.Create a new Password Settings object (PSO) in fabrikam.com, and then apply the PSO to a group containing all of the service account user objects.
Answer: D
QUESTION 5 Testlet 12: Fabrikam Inc. Question 5 of 6
You need to recommend an operating system for the planned Hyper-V servers in the main office. The operating system must support the company's planned changes and business requirements.
Which operating system should you recommend?
A. A full installation of Windows Server 2008 R2 Enterprise
B. A Server Core installation of Windows Server 2008 R2 Enterprise
C. Microsoft Hyper-V Server 2008 R2
D. Windows Server 2008 R2 Datacenter
Answer: D
QUESTION 6 Testlet 12: Fabrikam Inc.

Question 6 of 6
You need to recommend a solution for consolidating _\\\\\\\____ the Active Directory domains. The solution must meet the company's technical requirements.
What should you include in the recommendation?
A. Active Directory Federation Services (AD FS)
B. Active Directory Migration Tool (ADMT)
C. Active Directory Users and Computers
D. LDIF Directory Export (LDIFFE)
Answer: B QUESTION 1 Testlet 13 Humongous Insurance Question 1 of 6

You need to ensure that you can deploy the RODCs.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Add an RODC to Site2.
B. Create a site link bridge that contains Site1, Site2, Site3 and Site4.
C. Create a site link between Site1 and Site3. Create a site link between Site1 and Site4.
D. Create a site link between Site3 and Site4. Create a site link bridge that contains Site2, Site3 and Site4.
Answer: BC
QUESTION 2 Testlet 13 Humongous Insurance Question 2 of 6
You are evaluating whether to implement a virtualization solution.
You need to identify which physical servers can be converted to VMs by using a physical-to-virtual machine (P2V) conversion.
Which two servers should you identify? (Each correct answer presents part of the solution. Choose two.)
A. Server1
B. Server2
C. Server3
D. Server5
Answer: CD
QUESTION 3 Testlet 13 Humongous Insurance Question 3 of 6
You need to recommend an RDS solution that supports the company's planned changes.
Which role service should you include in the recommendation?
A. Remote Desktop Connection Broker (RD Connection Broker)
B. Remote Desktop Gateway (RD Gateway)

C. Remote Desktop Virtualization Host (RD Virtualization Host)
D. Remote Desktop Web Access (RD Web Access)
Answer: B
QUESTION 4 Testlet 13 Humongous Insurance Question 4 of 6
You need to recommend a solution for managing Group Policy that meets the company's technical requirements.
What should you include in the recommendation?
A. Group Policy Modelling
B. Microsoft Advanced Group Policy Management (AGPM)
C. Microsoft Baseline Security Analyzer (MBSA)
D. Resultant Set of Policy (RSoP)
Answer: B
QUESTION 5 Testlet 13 Humongous Insurance Question 5 of 6
You need to recommend AD DS solution that supports the company's planned changes.
A. Active Directory Federation Services (AD FS)
B. Authentication Mechanism Assurance
C. Selective Authentication
D. SID filtering
Answer: B
QUESTION 6 Testlet 13 Humongous Insurance Question 6 of 6
You need to ensure that all of the client computers can use certificates issued by Server5 if Server5 fails.
What should you do?

A. Install an enterprise subordinate CA.
B. Modify the TTL value of the DNS records.
C. Publish all of the user certificates to Active Directory.
D. Modify the certificate revocation list (CRL) overlap period.
Answer: D PLANNED CHANGES


Several applications are installed on the internal network servers. Trey Research plans to make the
applications accessible to the users who work from home. Trey Research plans to migrate all of the user accounts in the adatum.com and east.adatum.com domains to treyreseach.com.
Trey Research plans to deploy smart cards to all of the users on the network. Trey Research plans to deploy a document storage solution that meets the following requirements: -The solution must be accessible to all client computers by using a Web browser.
-The solution must be able to notify administrators when sensitive documents are modified.
Trey Research plans to deploy a Failover Clustering solution to host a Web application named WebAppl, WebAppl must meet the following requirements: -Remain available if a single server fails.
-Remain available if a single data center fails.

EXISTING ENVIRONMENT
Business Goals
Changes to the environment must require minimal hardware and software costs.
Existing Active Directory Environment
The network contains two Active Directory forests named treyresearch.com and adatum.com. A two-way forest trust exists between the forests.
Adatum.com contains two domains named adatum.com and east.adatum.com. Treyreasearch.com contains a single domain.
The network contains an internal enterprise root certification authority (CA).
Existing Network Infrastructure

The network contains client computers that run either Windows 7 or a UNIX-based operating system. Some users work from home on client computers that are members of a workgroup.
REQUIREMENTS
Technical Requirements
Trey Research must meet the following technical requirements:
-Users who work from home must be able to use local print devices. -The amount of disk space used on the users' home computers must be minimized. -Users who work from home must have the same desktop experience as users who are connected to the internal network. -Users must be able to access the shares in the adatum.com domain after their user accounts are migrated to treyresearch.com.
Security Requirements
Trey Research must meet the following security requirements:
If a user forgets his or her password, he or she must be able to reset the password on his or her own. If a user forgets his or her smart card PIN, he or she must be able to reset the PIN on his or her own.
QUESTION 1 Testlet 14 Trey Research Question 1 of 5
You need to recommend a document storage solution that supports the company's planned changes.
What should you include in the recommendation?
A. Microsoft Forefront Unified Access Gateway (UAG) 2010
B. File Server Resource Manager (FSRM)
C. Distributed File System (DFS)
D. Microsoft SharePoint Foundation 2010
Answer: D
QUESTION 2 Testlet 14 Trey Research Question 2 of 5

You need to recommend a technology that meets the company's security requirements.
What should you recommend?
A. Microsoft Forefront Endpoint Protection 2010
B. Active Directory Federation Services (AD FS)
C. Active Directory Management Gateway Service
D. Microsoft Forefront Identity Manager (FIM) 2010
Answer: D
QUESTION 3 Testlet 14 Trey Research Question 3 of 5
You need to ensure that the migration of the user accounts from adatum.com and east.adatum.com to treyresearch.com meets the company's technical requirements.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Enable name suffix routing.
B. Disable SID filtering for the forest trust.
C. Create an external trust between the two forests,
D. Enable SID filtering for the forest trust.
E. Disable name suffix routing.
F. Enable SID History for each migrated user account.
G. Disable SID History for each migrated user account.
Answer: BF
QUESTION 4 Testlet 14 Trey Research Question 4 of 5
You need to recommend an access solution for the users who work at home that meets the company's technical requirements.
What should you include in the recommendation?

A. Microsoft Enterprise Desktop Visualization (MED-V)
B. Microsoft Application Virtualization (App-V)
C. DirectAccess
D. Remote Desktop Services (RDS)
Answer: D
QUESTION 5 Testlet 14 Trey Research Question 5 of 5
You need to recommend a Failover Clustering solution that supports the company's planned changes.
What should you include in the recommendation?
A.Install a failover cluster node in Datacenter1 and Datacenter2. Configure a quorum that is set to Node Majority.
B.Install a failover cluster node in Datacenter1, Datacenter2, and Datacenter3. Configure a quorum that is set to Node Majority.
C.Install a failover cluster node in Datacenter1 and Datacenter2. Configure a quorum that is set to Node and File Share Majority. Store the file share witness on an existing server in Datacenter1.
D.Install a failover cluster node in Datacenter1 and Datacenter2. Configure a quorum that is set to Node and File Share Majority, Store the file share witness on an existing server in Datacenter3.
Answer: D



General Background
You are the Enterprise Administrator for Wingtip Toys. The company has a main office and two branch offices, as described in the following table.

Wingtip Toys is planning the acquisition of Tailspin Toys. The acquisition will add 100 users to the Los Angeles office, 10 users to the Munich office, and 6,000 users to the Jakarta office. As part of the acquisition, seven new buildings will be added to the existing Jakarta office complex.

Technical Background
Wingtip Toys has an Active Directory Domain Services (AD DS) domain with a NETBIOS name of CORP and a DNS name of wingtiptoys.com. Each office is represented by an Active Directory site. AD operational tasks such as schema changes, domain additions, and computer and user object creation are performed in the Los Angeles office.
DHCP servers are centrally located in the Los Angeles office. All DHCP servers run Windows Server 2008 R2 in a failover cluster configuration.
The company uses Windows Server Update Services (WSUS) to distribute updates.
A Remote Desktop Services (RDS) farm located in Los Angeles includes a load-balanced host named RD.wingtiptoys.com.
The company's servers include those shown in the following table.


An application named App1 is installed on RD01, RD02, and RD03. Organizational units (OUs) are created as shown in the following diagram.


The company has reserved the 172.16.0.0/16 network IP range to support a future wireless network in Jakarta.
A public web server named WEB1 is located on a dedicated subnet in the Los Angeles office. The dedicated subnet is enabled for Network Address Translation (NAT) with IP address port forwarding to WEB1. No servers on the dedicated NAT subnet are members of any domain.
Each site deploys wired network segments with class C subnets as necessary.
Business Requirements

Business requirements
You have the following business requirements:
Provide the highest possible level of security for all new computing services. All external connections must be encrypted. Utilize a single network administration topology. Centralize Active Directory administration in the Los Angeles office.
Wingtip Toys is planning to set up several retail locations around Jakarta. The retail locations do not have physically secure areas for servers and networking equipment. You must minimize logon time for retail location employees and minimize the security impact in the event of a server theft at the retail location.

Technical Requirements

Technical Requirements
To support the acquisition, you plan to deploy the following items:

A new AD DS environment. A dual-stack implementation of IPv6 networking in the Munich office. A new perimeter network dedicated for public web servers. The computing environment must meet the following requirements:

Each office must have at least one domain controller per physical location. There must be one global catalog server for every 1000 users. Computer policies for the perimeter network must be enforced without exposing internal user account
credentials. The perimeter networks must not allow connections to computers or accounts on the CORP network. All software updates must be distributed from Los Angeles. All client computers must acquire IP addresses from DHCP. Users in the Munich office must have full Internet access. All users must have remote web access to App1. Force all new users to change their password on first login.
QUESTION 1 Testlet 15 Wingtip Toys Case B Question 1 of 10
You need to add a server to the existing Remote Desktop Session Host server farm.
What should you do?
A.Install the new server with a NETBIOS name of RD. Create an A record in DNS with a name of RD.wingtiptoys.com. Add the server name in the RD Connection Broker console.
B.Install the new server with a NETBIOS name of RD4. Create an A record in DNS with a name of RD4.wingtiptoys.com and the same IP address as RD.wingtiptoys.com.
C.Install the new server with a NETBIOS name of RD4. Create an A record in DNS with a name of RD.wingtiptoys.com and the same IP address as RD.wingtiptoys.com.
D.Install the new server with a NETBIOS name of RD. Create an SRV record in DNS with a name of RD.wingtiptoys.com and the same IP address as RD.wingtiptoys.com.
Answer: A QUESTION 2 Testlet 15 Wingtip Toys Case B Question 2 of 10

You need to design the deployment for the retail locations.
What should you do? (Choose all that apply.)
A. Place a DNS and WINS server in the Jakarta office.
B. Place a DNS and WINS server in each retail location.
C. Place a read-only domain controller (RODC) in the Jakarta office.
D. Place a global catalog server in each retail location.
E. Place a read-only domain controller (RODC) in each retail location.
F. Create a password replication policy for each retail location.
G. Create a new AD DS site and place read-only domain controller (RODC) in the new site.
Answer: EF
QUESTION 3 Testlet 15 Wingtip Toys Case B Question 3 of 10
You create the new wireless network for the Jakarta office.
The network link between the Los Angeles and Jakarta offices becomes congested after users start connecting to the new wireless network.
You need to resolve the problem.
What should you do?
A. Add a DNS and global catalog server to the Jakarta office.
B. Create a static route for the IP subnet of 172.16.0.0/8 to the Jakarta router.
C. Add a new IP subnet of 172.16.0.0/16 to the Los Angeles AD site.
D. Add a new IP subnet of 172.16.0.0/16 to the Jakarta AD site.
Answer: D
QUESTION 4 Testlet 15 Wingtip Toys Case B

Question 4 of 10
You are planning to deploy the new network in Munich.
Which subnet mask should you use?
A. 2001:DB8:0:C000: /64
B. 2001:DB8:0: C000: /48
C. 2001:DB8:0:C000: /24
D. 2001:DB8:0: C000:: /16
E. 2001:DB8:0: C000:: /8
F. 200.1.8.0/128
Answer: A
QUESTION 5 Testlet 15 Wingtip Toys Case B Question 5 of 10
You need to meet the remote application and administration requirements.
On which server or servers should you install certificates?
A. RD01, RD02, and RD03 using the name rd.corp.wingtiptoys.com in the certificate request.
B. RD04 and RD05 using the name rd.wingtiptoys.com in the certificate request.
C. RD01, RD02, and RD03 using the name rd.wingtiptoys.com in the certificate request.
D. Only RD04 using the name rd.wingtiptoys.com in the certificate request.
E. Only RD05 using the name rd.corp.wingtiptoys.com in the certificate request.
Answer: D
QUESTION 6 Testlet 15 Wingtip Toys Case B Question 6 of 10
You need to minimize WAN bandwidth for the Jakarta office during the acquisition.
Which role or service should you move to the Jakarta site?
A. Global Catalog

B. Schema Master
C. Domain Naming Master
D. Infrastructure Master
E. PDC emulator
F. RID Master
Answer: E
QUESTION 7 Testlet 15 Wingtip Toys Case B Question 7 of 10
You are planning to deploy the new network in Munich.
Which address allocation should you use for the new Munich addresses?
A. 2001:777: 1d: 1dc::1
B. FEC0::1
C. FF02::1
D. FE80::1
Answer: A
QUESTION 8 Testlet 15 Wingtip Toys Case B Question 8 of 10
You need to prepare the new perimeter network and move the appropriate resources with the minimum amount of downtime.
Which actions should you perform? (Choose all that apply.)
A.Join WEB1 to the PERIMETER domain.
B.Join WEB1 to the CORP domain.
C.Create a new network segment with private addresses that have routes to the internal network. Create an AD DS site defined for the public NAT network address space.
D.Install the Active Directory Domain Services (AD DS) server role on DC1 and name the domain PERIMETER.
E.Deploy a new server that runs Windows Server 2008 R2 on the perimeter network, and name the server DC1.

F.Create a network segment with a private address space and provide NAT services to public IP addresses. Create an AD DS site defined for the perimeter network address space.
Answer: ADEF
QUESTION 9 Testlet 15 Wingtip Toys Case B Question 9 of 10
You run a Microsoft Baseline Security Analyzer scan and find that several important security updates have not been applied to Jakarta client computers.
You need to apply the updates and comply with all requirements.
What should you do?
A.Set JK02 to synchronize with Windows Update and automatically approve all security updates. Approve the updates on JK02. B.Set LA02 to synchronize with Windows Update and automatically approve all security updates. Approve the updates on JK02. C.Set JK02 to synchronize with LA02. Approve all required updates on JK02. D.Set JK02 to synchronize with LA02. Approve all required updates on LA02.
Answer: D
QUESTION 10 Testlet 15 Wingtip Toys Case B Question 10 of 10
You need to specify the location and configuration for domain controllers in the new AD DS domain.
What should you recommend?
A.1 domain controller and 10 global catalog servers in Los Angeles; 1 domain controller and 2 global catalog servers in Munich; 3 domain controller and 7 global catalog servers in Jakarta.
B.11 domain controller and 11 global catalog servers in Los Angeles; 1 domain controller and 1 global catalog servers in Munich; 3 domain controller and 3 global catalog servers in Jakarta.
C.11 servers with the Domain Controller and Global Catalog services in Los Angeles; 2 servers with the Domain Controller and Global Catalog services in Munich; 9 servers with the Domain Controller and Global Catalog services in Jakarta.
D.11 servers with the Domain Controller and Global Catalog services in Los Angeles;1 servers with the Domain Controller and Global Catalog services in Munich; 3 servers with the Domain Controller and Global Catalog services in Jakarta.

Answer: C

COMPANY OVERVIEW
Graphics Design Institute is a training company that has four offices. Graphics Design Institute recently purchased another company named Proseware, Inc.


PLANNED CHANGES
Graphics Design Institute plans to transition the internal IPv4 network to IPv6. IPv4 will be used to connect to the Internet. Only private IPv6 addresses will be used on the internal network.
Graphics Design Institute plans to deploy a remote access solution for all client computers.
Graphics Design Institute plans to deploy 10 public computers that run Windows Vista Service Pack 2 (SP2). All Windows Vista public computers will run an application named App1.
Graphics Design Institute plans to deploy 10 public computers that run Windows 7 Professional. All windows 7 public computers will run an application named App2.
You plan to deploy a virtualization solution that will host 120 virtual machines (VMs). You run performance tests and verify that you can host 20 VMs per server and still maintain adequate performance.

EXISTING ENVIRONMENT
All client computers run Windows 7 Enterprise and are joined to the Active Directory domain. All of the client
computers use wireless WAN (WWAN) network adapters to maintain permanent connections to the Internet. An application named BusinessApp is installed on a server in graphicdesigninstitute.com. BusinessApp only supports Kerberos authentication. Only users in graphicdesigninstitute.com currently use BusinessApp.
Existing Network Infrastructure The network contains four IPv4 subnets.
REQUIREMENTS
Technical Requirements

All of the client computers that use IPv4 must be able to communicate with the client computers that use IPv6.
Administrators must be able to remotely manage the client computers when users work either from the office or remotely. Administrators must be able to remotely manage the client computers if the users are not logged on to their computers.
Administrators must ensure that only App1 and App2 run on the public computers.
Graphics Design Institute must meet the following visualization requirements:
-Support Hyper-V live migration. -Minimize hardware and software costs. -Ensure that all of the VMs are available if a single server fails. -Prevent any impact on the performance of the VMs if a single server fails. -Minimize the amount of administrative effort required to manage a storage solution for the Hyper-V servers.
Security Requirements
The corporate security policy states that when an administrator modifies the permissions assigned to the members of a group named Group1, the permissions must be restored to their default settings.
QUESTION 1 Testlet 16 Graphics Design Institute Question 1 of 3
You need to recommend a remote access solution that meets the company's technical requirements.
What should you include in the recommendation?
A. Layer 2 Tunneling Protocol (L2TP)
B. DirectAccess
C. Network Access Protection (NAP)
D. Secure Socket Tunneling Protocol (SSTP)
Answer: B
QUESTION 2 Testlet 16 Graphics Design Institute Question 1 of 3
You need to recommend a visualization solution that meets the company' s technical requirements.

What should you recommend?
A.Seven Hyper-V servers and one failover cluster
B.Six Hyper-V servers and one failover cluster
C.Six Hyper-V servers and one server that has Microsoft System Center Virtual Machine Manager (VMM) installed
D.Seven Hyper-V servers and one server that has Microsoft System Center Virtual Machine Manager (VMM) installed
Answer: D
QUESTION 3 Testlet 16 Graphics Design Institute Question 1 of 3
You need to recommend a solution for the public computers that meets the company's technical requirements.
What should you include in the recommendation?
A. A software restriction policy.
B. AppLocker.
C. Microsoft Application Visualization (App-V)
D. Data Execution Prevention (DEP)
Answer: B


Planned Changes

Existing Environment


Requirements

QUESTION 1 Testlet 17 Contoso, LTD. Question 1 of 4
You need to recommend which role services must be deployed to support the planned VDI.
Which role services should you recommend?
A.
Remote Desktop Connection Broker (RD Connection Broker). Remote Desktop Virtualization Host (RD Virtualization Host). Network Policy Server (NPS).
B. Remote Desktop Session Host (RD Session Host). Remote Desktop Gateway (RD Gateway). Remote Desktop Web Access (RD Web Access).
C. Remote Desktop Session Host (RD Session Host). Remote Desktop Virtualization Host (RD Virtualization Host). Remote Desktop Connection Broker (RD Connection Broker).
D. Remote Desktop Session Host (RD Session Host). Remote Desktop Gateway (RD Gateway). Network Policy Server (NPS).

Answer:
QUESTION 2 Testlet 17 Contoso, LTD. Question 2 of 4
You need to recommend a solution for the planned VDI that meets the company's technical requirements.
What should you include in the recommendation?
A. Personal virtual desktops.
B. Virtual desktop pools.
C. Profile redirection by using Group Policy Objects (GPOs).
D. Folder redirection by using Group Policy Objects (GPOs).
Answer:
QUESTION 3 Testlet 17 Contoso, LTD. Question 3 of 4
You need to recommend a PKI strategy that meets the company's technical requirements.
What should you include in the recommendation?
A. One standalone root certification authority (CA) in each domain.
B. One enterprise root certification authority (CA) in each domain.
C. One enterprise root certification authority (CA) in the forest root domain.
D. One standalone root certification authority (CA) in the forest root domain.
Answer:
QUESTION 4 Testlet 17 Contoso, LTD. Question 4 of 4
You need to recommend an application delivery method for Office 2010 that meets the company's technical requirements.

What should you include in the recommendation?
A. Publish Office 2010 by using Microsoft System Center Configuration Manager (SCCM).
B. Publish Office 2010 by using RemoteApp.
C. Publish Office 2010 by using GPOs.
D. Publish Office 2010 by using Microsoft Application Virtualization (App-V).
Answer: QUESTION 1

DRAG DROP
A company has retail locations throughout the United States. You are planning the deployment of a server for each retail location. You will prepare the servers at the main data center and ship them to the retail locations. You will deploy a custom application and an Active Directory Domain Services (AD DS) role on each server.
Each server must meet the following security requirements:
-All application data must be encrypted on the local hard drive. -All application data must be encrypted when communicating with users. -AD DS accounts on the computer must be easily managed in case of security violations. -Retail location employees must not be able to log on to the server locally.
You need to plan the server deployment.
Which actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. (Use only actions that apply.)

Answer:


QUESTION 2
DRAG DROP
A company has an Active Directory Domain Services (AD DS) forest. The company has a wholly owned subsidiary with which it shares some IT resources. Each company has its own Active Directory domain within the forest. Each company has two Active Directory sites in its domain: one site for the company's main office and one site for the company's branch office.
You are designing a software update strategy for both companies. The strategy must meet the following requirements:
-Reduce network traffic. -Allow the deployment of unique updates within each domain. -Prevent subsidiary branch office employees from approving or denying updates. -Allow administrators in the main company to approve or deny their own updates.
You need to specify the placement and configuration of Windows Server Update Services (WSUS) servers.
What should you do?
To answer, drag the appropriate server configuration or configurations to the correct location or locations in the answer area. (Use only server configurations that apply.) Microsoft 70-647 Exam


Answer:

QUESTION 3
DRAG DROP
Tailspin Toys is merging with Wingtip Toys. Tailspin Toys uses the tailspintoys.com domain name. Wingtip Toys uses the wingtiptoys.com domain name. The companies' networks are connected by a point-to-point WAN connection. Each company has an existing IT infrastructure that includes the servers described in the following table.


The DNS servers in the perimeter network are standalone servers. None of the DNS servers in the perimeter network can initiate communication with the DNS servers in the internal network.
The DNS servers in the internal network can communicate with the DNS servers in the perimeter network.
You are designing a name resolution strategy to meet the following requirements:
-Ensure that Tailspin Toys employees can resolve internal resources in the wingtiptoys.com domain from the Tailspin Toys LAN, -Ensure that Wingtip Toys employees can resolve internal resources in the tailspintoys.com domain from the Wingtip Toys LAN. -Continue to use the Wingtip Toys DNS servers to resolve all wingtiptoys.com queries. -Reduce the administrative overhead of supporting name resolution during the merger.
You need to recommend a solution to meet the requirements.
What should you do?
To answer, drag the appropriate item or items to the correct location or locations in the answer area. (Use only items that apply.)


Answer:

QUESTION 4
DRAG DROP
A company has an Active Directory infrastructure that includes a large number of Group Policy objects (GPOs). The infrastructure includes a staging forest and a production forest. There is no trust relationship between the staging and production forests. All servers run Windows Server 200S R2 and share the same network infrastructure. Microsoft 70-647 Exam You need to create a plan for deploying GPO changes from the staging forest to the production forest.
Which actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. (Use only actions that apply.)


Answer:

QUESTION 5
DRAG DROP
A toy company has a single Active Directory forest that contains a single domain named wingtiptoys.com. All domain controllers run Windows Server 2008 R2. The company plans to split its divisions into two separate organizations, Wingtip Toys and Tailspin Toys.
Wingtip Toys users and computers will remain in the current environment.
Tailspin Toys users and computers will migrate to a new environment that includes a new Microsoft Exchange Server organization. You need to design a plan for preparing the new environment to support the new Tailspin Toys Exchange
Server organization. Which actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the
correct order. (Use only actions that apply.)


Answer:

QUESTION 6
DRAG DROP
A company has an Active Directory Domain Services (AD DS) forest. The forest has a root domain named contoso.com and a child domain named corp.contoso.com. All domain controllers run Windows Server 2003. The forest and domain functional levels are Windows Server 2003.
You are planning to migrate only the corp.contoso.com domain to Windows Server 2008 R2 and utilize read-only domain controllers (RODCs).

You need to develop a plan to deploy the first RODC with the minimum number of changes to the AD DS
environment. Which actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the
correct order. (Use only actions that apply.)

Answer:

QUESTION 7

DRAG DROP
A company has a main office and a branch office. The company has an Active Directory Domain Services (AD DS) domain. Each office is assigned to an AD DS site. All servers in the domain run Windows Server 2008 R2. All client computers run Windows 7 Enterprise.
Branch office users report delays in accessing data in the main office. You need to ensure that users can access data in a timely manner. Which actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the
correct order. (Use only actions that apply.)

Answer:

QUESTION 8

DRAG DROP
Your company uses Windows Server Update Services (WSUS) to deploy Microsoft software updates to
computers in the Madrid and Munich offices. You set a deadline for packages to be installed one week after they are approved. An update from Microsoft requires the user to consent to a new license agreement. You perform a successful manual installation of the update on client computers in the Munich office.
The update fails to deploy on Madrid client computers when using WSUS.
You need to ensure that the update is deployed to all client computers.
Which actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area, and arrange them in the
correct order. (Use only actions that apply.)

Answer:


QUESTION 9
DRAG DROP
An existing network is IPv6-enabled on all network segments. You deploy a server to an IPv6-only network segment. The following IPv6 addresses are assigned to the local interface of the network router:
-::1 -FE80::l -FEC0::1 -2001:777:ld:ldc::l
You need to ensure that the server has the correct static address information and access to the Internet.
Which addresses should you assign?
To answer, drag the appropriate address or addresses to the correct location or locations in the answer area. (Use only addresses that apply.)

Answer:


QUESTION 10
All servers in an Active Directory Domain Services (AD DS) domain run Windows Server 2008 R2. All Remote Desktop Services (RDS) servers are in an organizational unit (OU) named RDS Servers. All computer security policy settings are configured in a Group Policy object (GPO) named Security Policy. The Security Policy GPO is linked to the domain.
A new GPO named RDS Security is linked to the RDS Servers OU.
You need to ensure that domain-linked GPOs are not applied to the RDS Servers OU.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Configure the Security Policy GPO to be enforced.
B. Configure the domain to block inheritance.
C. Link the Security Policy GPO to the RDS Servers OU.
D. Configure the RDS Servers OU to block inheritance.
E. Enable loopback processing in the RDS GPO.
Answer: D
QUESTION 11
DRAG DROP
A company has retail locations throughout the United States. You are planning the deployment of a server for each retail location. You will prepare the servers at the main data center and ship them to the retail locations. You will deploy a custom application and an Active Directory Domain Services (AD DS) role on each server.

Each server must meet the following security requirements: -All application data must be encrypted on the local hard drive. -All application data must be encrypted when communicating with users. -AD DS accounts on the computer must be easily managed in case of security violations.
You need to plan the server deployment.
Which actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the
correct order. (Use only actions that apply.)

Answer:


QUESTION 12
Contoso, Ltd. is merging with Litware, Inc. Each company has an Active Directory Domain Services (AD DS) domain. All servers run Windows Server 2008 R2. A forest trust has been created between Contoso and Litware.
The Contoso domain contains an AD security group named Accounting.
You need to ensure that only members of the Accounting security group can access specific file shares on the Litware domain.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A.In the Contoso domain, enable selective authentication. Grant the Allowed to authenticate permission to the Accounting group. Grant theAccounting group access to the file shares. B.In the Contoso domain, enable forest-wide authentication. Grant theAccounting group access to the file shares. C.in the Litware domain, enable forest-wide authentication. Grant theAccounting group access to the file shares. D.In the Litware domain, enable selective authentication. Grant the Allowed to authenticate permission to the Accounting group. Grant theAccounting group access to the file shares.
Answer: D
QUESTION 13
DRAG DROP A company deploys new Remote Desktop Services (RDS) servers that run Windows Server 2008 R2. The RDS servers are in an Active Directory Domain Services (AD DS) domain. All RDS servers are in an organizational unit (OU) named RDS Servers. A security policy template is enforced by using a Group Policy object (GPO) named RDS Servers.

When users log off of a remote desktop session, they also have the option to shut down the RDS server.
You need to ensure that the option to shut down does not appear. The solution must take effect as soon as possible and must not affect other computers.
Which actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. (Use only actions that apply.)

Answer:


QUESTION 14
DRAG DROP
Litware, Inc. is merging with Contoso, Ltd. Each company has an Active Directory Domain Services (AD DS) domain. All domain controllers run Windows Server 2008 R2. Users in the Litware Support security group must access client computers on the Contoso domain. You need to ensure that only Support group members can log on to Contoso client computers. Which actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the
correct order. (Use only actions that apply.)


Answer:


QUESTION 1
Contoso, Ltd. is merging with Litware, Inc. Contoso has an Active Directory Domain Services (AD DS) domain named contoso.com with domain controllers named DCO1, DCO2, and DC03. Litware has an AD DS domain named litwareinc.com. Ail domain controllers run Windows Server 2008 R2 and the DNS server role.
When creating a forest trust from dc0l.contoso.com, the New Trust Wizard displays the following error message:The New Trust
Wizard cannot continue because the specified domain cannot be contacted. Either the domain does not exist, or network or other problems are preventing connection.
You need to ensure that the forest trust can be created.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. On DCO1, create a Primary Zone for litwareinc.com.
B. On DCO1, create a Conditional Forwarder for litwareinc.com.
C. On DCO1, modify the TCP/IP properties to use the Litware DNS servers
D. On DCO1, modify the host file to include litwareinc.com.
Answer:
QUESTION 2
A company has an Active Directory Domain Services (AD DS) domain. The company has 300 retail stores with a domain controller in each store. All domain controllers run Windows Server 2003. The domain controllers host an application that remote users access by using Terminal Services.
You are planning to replace the domain controllers. The retail stores do not have secure locations in which to store network equipment and servers.
You have the following requirements:

Make the application available as a RemoteApp.
Ensure that non-administrative users can access the application.
Maximize domain security.
You need to deploy domain controllers that meet the requirements.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Deploy a Server Core installation of Windows Server 2008 R2 as a domain controller
B. Deploy Windows Server 2008 R2 as a domain controller.

C. Deploy a Server Core installation of Windows Server 2008 R2 as a read-only domain controller (RODC).
D. Deploy Windows Server 2008 R2 as a read-only domain controller (RODC).
Answer:
QUESTION 3
A company has a main office and several branch offices with a 4 Mbps point-to-point connection between all offices. The corporate network contains an Active Directory Domain Services (AD DS) domain. All file servers in the domain run Windows Server 2008 R2. File servers contain a large amount of data that undergoes frequent changes.
You need to recommend a solution for replicating file server volumes between branch offices.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer)
A. Configure File Server Resource Manager (FSRM).
B. Configure Distributed File System Replication (DFS-R) with a bandwidth limit.
C. Configure Distributed File System (DFS) and replicate data to each branch office.
D. Configure Distributed File System (DFS) Namespaces on each file server.
Answer:
QUESTION 4
A company has retail locations throughout the United States. You are planning the deployment of a server for each retail location. You will prepare the servers at the main data center and ship them to the retail locations. You will deploy a custom application and an Active Directory Domain Services (AD DS) role on each server.
Each server must meet the following security requirements:

All application data must be encrypted on the local hard drive.
All application data must be encrypted when communicating with users.
AD DS accounts on the computer must be easily managed in case of security violations.
Retail location employees must not be able to log on to the server locally.
You need to plan the server deployment.
Which actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. (Use only actions that apply)


QUESTION 5
A company has an Active Directory forest that contains 150 domains. All domain controllers run Windows Server 2003. The forest functional level is Windows 2000. The domain functional level is Windows 2000 mixed.
You are planning to migrate the domain controllers in only one domain to Windows Server 2008 R2.
You need to ensure that you can install Windows Server 2003 domain controllers in the forest after the migration. Your solution must minimize changes to the Active Directory environment.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer)
A. Raise the forest functional level to Windows Server 2008 R2
B. Raise the forest functional level to Windows Server 2003
C. Raise the domain functional level to Windows Server 2003
D. Raise the domain functional level to Windows Server 2008
Answer:


QUESTION 1
A corporate network includes one Active Directory forest named contoso.com.
The relevant portion of the network is configured as shown in the exhibit. (Click the Exhibit button)
Users in the sales.apac.intl.contoso.com domain frequently access resources on the products.corp.contoso.com domain.
Users report slow access times when they access resources on the products.corp.contoso.com domain.
You need to minimize access times when users access resources on the products.corp.contoso.com domain.
What should you do?
A.Add products.corp.contoso.com as a DNS suffix for all users in the sales.apac.intl.contoso.com domain. B.Create a two-way shortcut trust. C.Enable Universal Group Membership Caching for all Active Directory sites. D.Create one-way non-transitive trust from the sales.apac.intl.contoso.com domain to the
products.corp.contoso.com domain.
Answer:
QUESTION 2
Your network consists of one Active Directory forest that contains one root domain and two child domains.
All domain controllers run Windows Server 2008 R2. All domain controllers run the DNS Server service and host Active Directory-integrated zones.
You design a name resolution solution to support single-label names.
You need to prepare the environment to support single-label name resolution across the entire forest.
What should you do?
A. Deploy stub zones in each child domain.
B. Deploy read-only domain controllers (RODCs) in each child domain and configure secondary DNS on the servers.
C. Deploy a GlobalNames zone.
D. Configure conditional forwarders in each child domain.
Answer:

QUESTION 3
A company network includes an Active Directory domain. All domain controllers run Windows Server 2008 R2. Other servers run either Windows Server 2008 R2 or Windows Server 2003. All client computers run Windows
7.
You need to plan the deployment of Certificate Services on the network to meet the following requirements:

Automatic certificate enrollment
Supported certificates for all computers
What should you include in your plan?
A. Deploy an enterprise certification authority (CA). Create V2 templates.
B. Deploy a stand-alone certification authority (CA). Create V2 templates
C. Deploy a stand-alone certification authority (CA). Create V3 templates.
D. Deploy an enterprise certification authority (CA). Create V3 templates.
Answer:

QUESTION 1
A company has a main office and a branch office. The company has an Active Directory Domain Services (AD DS) domain. Each office is assigned to an AD DS site. Ail servers in the domain run Windows Server 2008 R2. All client computers run Windows 7 Enterprise.
Branch office users report delays in accessing data in the main office. You need to ensure that users can access data in a timely manner. Which actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the
correct order. (Use only actions that apply)

Answer:
QUESTION 2
A company has an Active Directory Domain Services (AD DS) domain. Ail servers run Windows Server 2008 R2.
The company plans to open a branch office that will be available for the use of up to 250 traveling Sales department staff. Finance department staff will also use the office during financial audits. The branch office does not have a secure location in which to store network equipment and servers. A password policy enforces eight-character passwords across the domain.
You are designing a server deployment strategy for the new branch office. You have the following requirements:

Minimize logon time for Sales department staff.
Maximize domain security for Finance department staff.

You need to design a deployment strategy that meets the requirements. What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer)
A.Install a read-only domain controller (RODC). Set a password replication policy to allow replication of only the Sales security group. B.Install a writeable domain controller. Create a fine-grained password policy to enforce complex 15-character passwords for the Finance department. C.Install a read-only domain controller (RODC) and configure it as a Global Catalog Server. D.Install a read-only domain controller (RODC). Set a password replication policy to deny replication of only the Finance security group.
Answer:
QUESTION 3
Your company uses Windows Server Update Services (WSUS) to deploy Microsoft software updates to computers in the Madrid and Munich offices.
You set a deadline for packages to be installed one week after they are approved. An update from Microsoft requires the user to consent to a new license agreement. You perform a successful manual installation of the update on client computers in the Munich office.
The update fails to deploy on Madrid client computers when using WSUS.
You need to ensure that the update is deployed to all client computers.
Which actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area, and arrange them in the correct order. (Use only actions that apply)

Answer:


QUESTION 1
A company has an Active Directory Domain Services (AD DS) domain. All servers run Windows 2008 R2
The company plans to add a large number of members to the Account Operators group. You create a new organizational unit (OU), move the Account Operators group to the new OU, and delegate control of the OU to a server operator.
The server operator is unable to make changes to the Account Operators group.
You need to ensure that the server operator can manage the Account Operators group.
What should you recommend? (More than one answer may achieve the goal. Select the BEST answer)
A.Make the server operator a Domain Administrator B.Manually alter the access control lists (ACLs) on the Account Operators group to allow the server operator
control C.Set the dsHeuristic flag to exclude the Account Operators group from the AdminSDHolder protection D.Set the dsHeuristic flag to include the Account Operators group in the AdminSDHolder protection
Answer:
QUESTION 2
A corporate network contains an Active Directory Domain Services (AD DS) domain with 160 domain controllers that run Windows Server 2008 R2. All client computers run Windows 7. The company has 75 geographically disparate branch offices. Each branch office is represented by an Active Directory site. The Employee organizational unit (OU) includes all employee user accounts. Many employees work from multiple branch offices. Site resource access is managed by using Group Policy Objects (GPOs) and scripts.
Each site has a network share on which users store information specific to the activities at that site.
You need to ensure that users at each site can access the appropriate network share through a single mapped drive. What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A.Create a GPO for each site. Configure the GPOs to run a logon script that maps the drive to the site-specific file share. Create a Windows Management Instrumentation (WMI) filter that targets Windows Server 2008 R2. Link the GPOs to the Employee OU.
B.Create a single GPO for drive mapping. In the GPO, create Drive Map preference items to map the drive to the site-specific file share. Configure the targeting of the Drive Map preference item to match the specific site. Link the new GPO to the Employee OU.
C.Create an OU for each site under the Employee OU. Place the user accounts for each site in the correct OU.

Create a GPO for each site. Configure the new GPOs to run a logon script that maps the drive to the site-specific file share. Link the new GPOs to the site-specific OUs. D.Create a logon script for each site. Set each logon script to map the drive to the site-specific file share. Configure the user logon script option in Active Directory to run the appropriate logon script.
Answer:
QUESTION 3
A company has 50 servers that run Windows Server 2008 R2 Enterprise or Windows Server 2003 Enterprise. You plan to deploy a large-scale wireless network. The wireless network will include 300 wireless access points (WAPs). The WAPs will use Remote Authentication Dial-In User Service (RADIUS) to authenticate devices for network access.
All passwords and shared secrets used for device authentication must be changed every 14 days. You need to enable centralized management of the RADIUS infrastructure across the WAPs.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A.Deploy a Network Policy Server (NPS) and define an NPS template. Configure the RADIUS client settings for each client based on the template. B.Deploy a Network Policy Server (NPS). Create an XML file named ias.xml that defines access point settings. Then run the netsh nps import filename="ias.xml" command. C.Deploy a Host Credential Authorization Protocol (HCAP) server and configure it as a RADIUS proxy. D.Deploy a Network Policy Server (NPS) and define individual RADIUS client settings with IEEE 802.1X authentication for each WAP.
Answer:
QUESTION 4
Wingtip Toys is merging with Tailspin Toys. Each company has an Active Directory Domain Services (AD DS) domain. All servers run Windows Server 2008 R2. A forest trust has been created between Wingtip Toys and Tailspin Toys.
The Wingtip Toys domain contains an AD security group named Design.
You need to ensure that only members of the Design security group can access specific file shares on the Tailspin Toys domain. What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer)
A.In the Wingtip Toys domain, enable selective authentication. Grant the Allowed to authenticate permission to the Design group. Grant the Design group access to the file shares.

B.In the Tailspin Toys domain, enable forest-wide authentication. Grant the Design group access to the file shares.
C.In the Tailspin Toys domain, enable selective authentication. Grant the Allowed to authenticate permission to the Design group. Grant theDesign group access to the file shares.
D.In the Wingtip Toys domain, enable forest-wide authentication. Grant theDesign group access to the file shares.
Answer:
QUESTION 5
Contoso, Ltd. and Graphic Design Institute each have an Active Directory Domain Services (AD DS) domain. Ail servers run Windows Server 2008 R2. A forest trust exists between Contoso and Graphic Design Institute.
The Contoso domain includes multiple child domains, as shown in the following graphic.

Users in the graphicdesigninstitute.com domain are experiencing slow logon times in the support.athens.contoso.com domain
You need to ensure that users in the graphicdesigninstitute.com domain can log on to the support.athens.contoso.com domain in a timely manner. What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer)
A. Create a shortcut trust between graphicdesigninstitute.com and support.athens.contoso.com.
B. Create a shortcut trust between athens.contoso.com and graphicdesigninstitute.com.
C. Create a two-way trust between support.athens.contoso.com and graphicdesigninstitute.com.
D. Create a two-way trust between graphicdesigninstitute.com and athens.contoso.com.
Answer: