Exam : Microsoft 70-647
Title : Pro: Windows Server 2008,Enterprise Administrator
Version : Demo
1. Your company has a main office and a new branch office. The network consists of one Active directory
domain.
The branch office contains two member servers that run Windows Server 2008. One of the servers is
configured as a file server that hosts shared folders. An administrator in the branch office is responsible for
maintaining the servers.
You have a single DNS zone that is hosted on a DNS server located in the main office.
A wide area network (WAN) link between the branch office and the main office is unreliable.
You need to recommend a network services solution for the new branch office. The solution must meet the
following requirements:
Users must be able to log on to the domain if a WAN link fails.
Users must be able to access file shares on the local server if a WAN link fails.
Branch office administrators must be prevented from initiating changes to Active Directory.
Branch office administrators must be able to make configuration changes to the servers in the branch office.
What should you recommend?
A. Promote the member server to a domain controller and add the branch office administrators to the
Domain Admins group.
B. Promote the member server to a read-only domain controller (RODC) and add the branch office
administrators to the Domain Admins group.
C. Promote the member server to a read-only domain controller (RODC) and configure the DNS role.
Delegate administrative rights to the local branch office administrator.
D. Promote the member server to a domain controller and configure the DNS role. Create an organizational
unit (OU) for each branch office and delegate administrative rights to the local branch office administrator.
Answer: C
2. Your company has one office in San Diego and one office in New York.
The network consists of one Active Directory forest that contains one domain named contoso.com and one
domain named newyork.contoso.com. All servers run Windows Server 2008. All domain controllers for
contoso.com are located in San Diego. All domain controllers for newyork.contoso.com are located in New
York.
Contoso.com contains two domain controllers named Server1 and Server2. Newyork.contoso.com contains
two domain controllers named Server3 and Server4. All domain controllers host Active Directory-integrated
DNS zones for their respective domains.
You need to ensure that users from each office can resolve computer names for both domains from a local
DNS server.
What should you do?
A. Add the contoso.com and the newyork.contoso.com DNS zones to the ForestDNSZones partition.
B. Create a stub DNS zone for contoso.com on Server3. Create a stub DNS zone for newyork.contoso.com
on Server1.
C. Create a standard primary DNS zone named contoso.com on Server3. Create a standard primary DNS
zone named newyork.contoso.com on Server1.
D. Configure conditional forwarders on Server1 to point to Server3. Configure conditional forwarders on
Server3 to point to Server1.
Answer: A
3. Your company has a main office and three branch offices.
Each office has a server that runsWindows Server 2008. The server has the DNS Server role installed. The
branch offices contain client computers that run Windows 2000.
You plan to deploy Active Directory Domain Services (AD DS) on the network.
You need to plan a name resolution solution for the deployment of Active Directory Domain Services (AD
DS). The solution must meet the following requirements:
Support secure dynamic updates.
Minimize response times for users connecting to resources anywhere on the network.
What should you include in your plan?
A. A GlobalNames zone for the forest.
B. A single Active Directory-integrated DNS zone.
C. A stub zone on the DNS server in each branch office.
D. A standard primary zone in the main office and secondary zones in each branch office.
Answer: B
4. Your company has one office in Montreal and one office in New York. Each office has 2,000 client
computers configured as DHCP clients. DHCP relay is not supported on the network routers.
The network consists of one Active Directory domain.
You need to recommend a DHCP addressing solution for both offices. The solution must meet the following
requirements:
Minimize traffic between offices.
Be available if a single server fails.
What should you recommend?
A. In each office, install a DHCP server that has two scopes.
B. In each office, install a DHCP instance on a two node failover cluster.
C. In the Montreal office, install a DHCP server. In the New York office, install a DHCP Relay Agent.
D. In the Montreal office, install a DHCP instance on a two node failover cluster. In the New York office,
install a DHCP Relay Agent.
Answer: B
5. Your network consists of one Active Directory forest that contains 20 domain trees. All DNS servers run
Windows Server 2008. The network is configured as an IPv4 network.
Users connect to network applications in all domains by using a NetBIOS name.
You plan to migrate to an IPv6-enabled only network.
You need to recommend a solution to migrate the network to IPv6. The solution must not require any
changes to client computers.
What should you recommend?
A. On the DNS servers, configure GlobalNames zones.
B. On the DNS servers, add all domain zones to the ForestDNSZones partition.
C. On a new server, install and configure a Windows Server 2008 WINS server.
D. On a new server, install and configure a Windows Server 2003 WINS server.
Answer: A
6. Your company has a main office and two branch offices. The network contains one Active Directory
domain named contoso.com.
All domain controllers and DNS servers for the contoso.com domain are located in the main office. All DNS
servers are member servers.
You plan to deploy two new Active Directory domains named east.contoso.com and west.contoso.com in
the branch offices.
You install a DNS server in each branch office.
You need to prepare the environment for the installation of the new domains.
What should you do next?
A. Create a new standard primary zone on each branch office DNS server for the new domains. Configure
forwarders on the main office DNS servers to point to the branch office servers.
B. Create a new stub zone on each branch office DNS server for the new domains. Configure conditional
forwarders on the main office DNS servers to point to the branch office DNS servers.
C. Configure a delegation subdomain DNS record on the main office DNS server for each new domain.
Configure a stub zone on each branch office DNS server for the new domains. Configure zone transfer for
the contoso.com zone to the branch office DNS servers.
D. Configure a delegation subdomain DNS record on the main office DNS server for each new domain.
Create a new standard primary zone on each branch office DNS server for the new domains. Configure
zone transfer for the contoso.com zone to the branch office DNS servers.
Answer: D
7. Your company has one main office and one branch office. The branch office is connected to the main
office by using a wide area network (WAN) link. The network consists of one Active directory domain.
The branch office has two member servers that run Windows Server 2008. One of the servers is configured
as a file server that hosts shared folders.
The branch office has a local administrator. The main office has one standard primary DNS zone that is
hosted on a DNS server.
The branch office grows from 100 client computers to 1,000 client computers.
You need to recommend a name resolution solution for the branch office to meet the following
requirements:
Users must be able to access file shares on the local server if a WAN link fails.
The branch office administrator must be able to modify Active Directory objects while at the branch office if
a WAN link fails.
What should you recommend?
A. Promote the member server to a domain controller and configure the DNS role. Create a standard
secondary zone.
B. Promote the member server to a domain controller and configure the DNS role. Create a new standard
primary zone.
C. Promote the member server to a read-only domain controller (RODC) and configure the DNS role.
Create a primary read-only zone.
D. Promote the member server to a read-only domain controller (RODC) and configure the DNS role.
Create a new standard secondary zone.
Answer: A
8. Your network consists of one Active Directory forest that contains one root domain and 22 child domains.
All domain controllers run Windows Server 2003. All domain controllers run the DNS Server service and
host Active Directory-integrated zones.
Administrators report that it takes more than one hour to restart the DNS servers.
You need to reduce the time it takes to restart the DNS servers.
What should you do?
A. Upgrade all domain controllers to Windows Server 2008.
B. Upgrade all domain controllers in the root domain to Windows Server 2008, and then set the functional
level for the root domain to Windows Server 2008.
C. Deploy new secondary zones on additional servers in each child domain.
D. Change the Active Directory-integrated DNS zones to standard primary zones.
Answer: A
9. Your network consists of one Active Directory forest that contains one root domain and 10 child domains.
Administrators of the child domains frequently modify the records for authoritative DNS servers for the child
domain DNS zones.
You need to recommend a solution to minimize the amount of manual configuration steps required to
maintain name resolution on the network.
What should you recommend?
A. On the child domain DNS servers, create stub zones for the root domain zone.
B. On the child domain DNS servers, configure conditional forwarders for the parent domain.
C. On the root domain DNS servers, create stub zones for the child domain zones.
D. On the root domain DNS servers, configure delegation subdomain records for the child domains.
Answer: C
10. Your network consists of one Active Directory domain and one IP subnet. All servers run Windows
Server 2008. All client computers run Windows Vista.
The servers are configured as shown in the following table.
All network switches used for client connections are unmanaged.
Some users connect to the local area network (LAN) from client computers that are joined to a workgroup.
Some client computers do not have the latest Microsoft updates installed.
You need to recommend a Network Access Protection (NAP) solution to protect the network. The solution
must meet the following requirements:
Only computers that are joined to the domain must be able to connect to servers in the domain.
Only computers that have the latest Microsoft updates installed must be able to connect to servers in the
domain.
Which NAP enforcement method should you use?
A. 802.1x
B. DHCP
C. IPsec
D. virtual private network (VPN)
Answer: C
11. Your network consists of one Active Directory domain and one IP subnet. All servers run Windows
Server 2008. All client computers run Windows Vista, Windows XP Professional, and Windows 2000
Professional.
The servers are configured as shown in the following table.
Server2 is configured to support Network Access Protection (NAP) by using IPsec, DHCP, and 802.1x
enforcement methods.
Users from a partner company have computers that are not joined to the domain. The computers
successfully connect to the network.
You need to ensure that only computers that are joined to the domain can access network resources on the
domain.
What should you do?
A. Configure all DHCP scopes on Server1 to enable NAP.
B. Configure all network switches to require 802.1x authentication.
C. Create a Group Policy object (GPO) and link it to the domain. In the GPO, enable a secure server IPsec
policy on all member servers in the domain.
D. Create a Group Policy object (GPO) and link it to the domain. In the GPO, enable a NAP enforcement
client for IPsec communications on all client computers in the domain.
Answer: C
12. Your network consists of a single IP subnet. All servers and client computers connect to managed
switches. All servers run Windows Server 2008. All client computers run Windows Vista.
The servers on the network are configured as shown in the following table.
You need to prepare the Network Access Protection (NAP) environment to meet the following requirements:
Computers that have the required Microsoft updates installed must be able to access all computers on the
network.
Network switches must first allow client computers to communicate to only Server1 and Server2 when the
computers connect to the network.
Which NAP enforcement method should you use?
A. 802.1x
B. DHCP
C. IPsec communications
D. VPN
Answer: A
13. Your network consists of one Active Directory domain. The domain contains servers that run Windows
Server 2008.
The servers are configured as shown in the following table.
Server2 and Server3 are configured as RADIUS clients.
You need to plan a solution to manage all VPN connections to the network. The solution must meet the
following requirements:
Specify the allowed VPN connection protocols.
Specify the allowed VPN client authentication mechanisms.
Specify VPN client access rights based on group membership.
What should you include in your plan?
A. a Group Policy object (GPO) applied to Server2 and Server3
B. a Group Policy object (GPO) applied to the computers that must establish VPN connections
C. a local computer policy on Server2 and Server3
D. a network policy on Server4
Answer: D
14. Your network consists of one Active Directory domain. The domain contains servers that run Windows
Server 2008.
The servers are configured as shown in the following table.
All client computers run Windows Vista Service Pack 1 (SP1).
Remote domain users at a customer site report that they can access Server2 from the Internet by using the
URL xyz They also report that a firewall at the customer site prevents all other
outbound connections.
You need to implement a solution to enable remote users to access files on Server3 from a VPN
connection.
Which connection should you enable on Server1?
A. IPsec tunnel mode
B. L2TP
C. PPTP
D. Secure Socket Tunneling Protocol (SSTP)
Answer: D
15. Your network contains servers that run Windows Server 2008.
Microsoft Windows SharePoint Services (WSS) are available on the network. WSS is only accessible from
the internal network.
Several users use devices that run Windows Mobile 6.0. The users can establish only HTTP and HTTPS
sessions from the Internet.
You need to enable users to access WSS from the Internet by using their Windows Mobile devices. The
solution must ensure that all connections from the Internet to WSS are encrypted.
What should you do?
A. Install Microsoft Internet Security and Acceleration (ISA) Server 2006 and create a HTTPS publishing
rule.
B. Install Microsoft Internet Security and Acceleration (ISA) Server 2006 and create a Secure RPC
publishing rule.
C. Install the Network Policy and Access Services (NPAS) role and enable Secure Socket Tunneling (SSTP)
connections. Configure WSS to require Kerberos authentication.
D. Install the Network Policy and Access Services (NPAS) role and enable Secure Socket Tunneling (SSTP)
connections. Configure WSS to require IPsec encryption.
Answer: A
16. Your network is connected to the Internet through a firewall.
Remote users connect to Microsoft Windows SharePoint Services (WSS) located on the internal network
by using HTTPS.
Users require access to file servers located on the internal network.
You need to ensure that remote users can connect to the file servers. The solution must not require that any
additional TCP ports be opened on the firewall.
What should you do?
A. Implement a PPTP virtual private network (VPN) solution.
B. Implement an L2TP virtual private network (VPN) solution.
C. Implement a Terminal Services Web Access (TS Web Access) solution.
D. Implement a Secure Socket Tunneling Protocol (SSTP) virtual private network (VPN) solution.
Answer: D
17. Your network consists of one Active Directory domain.
Your company has a department named Sales. Some employees in the Sales department work from home
and require access to applications and file servers on the corporate network.
The corporate security policy includes the following requirements:
Remote computers must only connect to the network by using Secure Socket Layer (SSL).
Computers that connect to the network must have an up-to-date antivirus application and all available
security updates installed.
You need to plan a remote access solution for the Sales department employees.
What should you include in your plan?
A. Configure a virtual private network (VPN) solution that uses PPTP.
B. Configure a virtual private network (VPN) solution that uses L2TP.
C. Configure a Terminal Services solution that uses Terminal Services Gateway (TS Gateway).
D. Configure a Terminal Services solution that uses Terminal Services Web Access (TS Web Access).
Answer: C
18. Your network consists of one Active Directory domain. The domain contains servers that run Windows
Server 2008.
The relevant servers are configured as shown in the following table.
All client computers run Windows Vista.
You plan to deploy two Java-based applications on all client computers. The two applications each require a
different version of the Java Runtime Environment (JRE). After testing, you notice that the two JREs
prevent the applications from running on the same computer.
You need to recommend a solution that enables the two Java-based applications to run on all client
computers.
What should you recommend?
A. Create two Windows Installer (MSI) packages that each contains one version of the JRE and one
compatible application. On Server2, advertise both packages to all client computers.
B. Create two Windows Installer (MSI) packages that each contains one version of the JRE and one
compatible application. On Server1, create a Group Policy object (GPO) that assigns both packages to all
client computers.
C. Use the SoftGrid Sequencer to create two application packages that each contains one version of JRE
and one compatible application. On Server3, stream both application packages to all client computers.
D. Install the two JRE versions and the two Java-based applications on Server4. Configure all client
computers to connect to the Java-based applications by using Terminal Services RemoteApp (TS
RemoteApp).
Answer: C
19. Your network consists of one Active Directory domain. The domain contains servers that run Windows
Server 2008.
The relevant servers are configured as shown in the following table.
You install an application named Application1 on Server3. User-specific settings for the application are
stored in a configuration file named Application1.ini.
When multiple users run Application1 concurrently, Application1.ini is overwritten and the application fails.
You need to recommend a solution that enables users to successfully run Application1 on Server3.
What should you recommend?
A. On Server3, deploy Terminal Services Session Broker (TS Session Broker).
B. On Server2, stream a SoftGrid application package containing Application1 to Server3.
C. On Server3, configure Application1 as a Terminal Services RemoteApp (TS RemoteApp).
D. On Server1, create and link a Group Policy object (GPO) to publish Application1 to all users who
establish a Terminal Services session on Server3.
Answer: B
20. Your network consists of one Active Directory domain. The domain contains servers that run Windows
Server 2008.
The relevant servers are configured as shown in the following table.
Your company has a department named Sales. All users in the Sales department have desktop computers
that run Windows Vista Enterprise Edition. All users in the Sales department run an application named
Application1 that is compatible only with Windows 95. To run Application1, each user in the Sales
department has a second desktop computer that runs Windows 95.
The Windows 95 computers must be removed from the network. You use the Microsoft Application
Compatibility Toolkit (ACT) 5.0 to test Application1. The test confirms that the application runs only on
Windows 95 computers and must be redeveloped to be compatible with Windows Vista or Windows Server
2008.
You need to recommend a solution that will enable you to remove the Windows 95 computers. Users in the
Sales department must be able to continue running Application1.
What should you do?
A. Create a virtual machine that runs Windows 95 and Application1. Run the virtual machine on all
computers in the Sales department by using Microsoft Virtual PC 2007.
B. Create and link a Group Policy object (GPO) that publishes Application1 to all client computers in the
Sales department. Configure Application1 to run as an administrator.
C. Create and link a Group Policy object (GPO) that assigns Application1 to all client computers in the
Sales department. Configure Application1 to run in compatibility mode for Windows 2000.
D. Install Application1 on Server2. Configure Application1 to run in compatibility mode for Windows 95.
Configure all computers in the Sales department to run the application through Terminal Services.
Answer: A
Title : Pro: Windows Server 2008,Enterprise Administrator
Version : Demo
1. Your company has a main office and a new branch office. The network consists of one Active directory
domain.
The branch office contains two member servers that run Windows Server 2008. One of the servers is
configured as a file server that hosts shared folders. An administrator in the branch office is responsible for
maintaining the servers.
You have a single DNS zone that is hosted on a DNS server located in the main office.
A wide area network (WAN) link between the branch office and the main office is unreliable.
You need to recommend a network services solution for the new branch office. The solution must meet the
following requirements:
Users must be able to log on to the domain if a WAN link fails.
Users must be able to access file shares on the local server if a WAN link fails.
Branch office administrators must be prevented from initiating changes to Active Directory.
Branch office administrators must be able to make configuration changes to the servers in the branch office.
What should you recommend?
A. Promote the member server to a domain controller and add the branch office administrators to the
Domain Admins group.
B. Promote the member server to a read-only domain controller (RODC) and add the branch office
administrators to the Domain Admins group.
C. Promote the member server to a read-only domain controller (RODC) and configure the DNS role.
Delegate administrative rights to the local branch office administrator.
D. Promote the member server to a domain controller and configure the DNS role. Create an organizational
unit (OU) for each branch office and delegate administrative rights to the local branch office administrator.
Answer: C
2. Your company has one office in San Diego and one office in New York.
The network consists of one Active Directory forest that contains one domain named contoso.com and one
domain named newyork.contoso.com. All servers run Windows Server 2008. All domain controllers for
contoso.com are located in San Diego. All domain controllers for newyork.contoso.com are located in New
York.
Contoso.com contains two domain controllers named Server1 and Server2. Newyork.contoso.com contains
two domain controllers named Server3 and Server4. All domain controllers host Active Directory-integrated
DNS zones for their respective domains.
You need to ensure that users from each office can resolve computer names for both domains from a local
DNS server.
What should you do?
A. Add the contoso.com and the newyork.contoso.com DNS zones to the ForestDNSZones partition.
B. Create a stub DNS zone for contoso.com on Server3. Create a stub DNS zone for newyork.contoso.com
on Server1.
C. Create a standard primary DNS zone named contoso.com on Server3. Create a standard primary DNS
zone named newyork.contoso.com on Server1.
D. Configure conditional forwarders on Server1 to point to Server3. Configure conditional forwarders on
Server3 to point to Server1.
Answer: A
3. Your company has a main office and three branch offices.
Each office has a server that runsWindows Server 2008. The server has the DNS Server role installed. The
branch offices contain client computers that run Windows 2000.
You plan to deploy Active Directory Domain Services (AD DS) on the network.
You need to plan a name resolution solution for the deployment of Active Directory Domain Services (AD
DS). The solution must meet the following requirements:
Support secure dynamic updates.
Minimize response times for users connecting to resources anywhere on the network.
What should you include in your plan?
A. A GlobalNames zone for the forest.
B. A single Active Directory-integrated DNS zone.
C. A stub zone on the DNS server in each branch office.
D. A standard primary zone in the main office and secondary zones in each branch office.
Answer: B
4. Your company has one office in Montreal and one office in New York. Each office has 2,000 client
computers configured as DHCP clients. DHCP relay is not supported on the network routers.
The network consists of one Active Directory domain.
You need to recommend a DHCP addressing solution for both offices. The solution must meet the following
requirements:
Minimize traffic between offices.
Be available if a single server fails.
What should you recommend?
A. In each office, install a DHCP server that has two scopes.
B. In each office, install a DHCP instance on a two node failover cluster.
C. In the Montreal office, install a DHCP server. In the New York office, install a DHCP Relay Agent.
D. In the Montreal office, install a DHCP instance on a two node failover cluster. In the New York office,
install a DHCP Relay Agent.
Answer: B
5. Your network consists of one Active Directory forest that contains 20 domain trees. All DNS servers run
Windows Server 2008. The network is configured as an IPv4 network.
Users connect to network applications in all domains by using a NetBIOS name.
You plan to migrate to an IPv6-enabled only network.
You need to recommend a solution to migrate the network to IPv6. The solution must not require any
changes to client computers.
What should you recommend?
A. On the DNS servers, configure GlobalNames zones.
B. On the DNS servers, add all domain zones to the ForestDNSZones partition.
C. On a new server, install and configure a Windows Server 2008 WINS server.
D. On a new server, install and configure a Windows Server 2003 WINS server.
Answer: A
6. Your company has a main office and two branch offices. The network contains one Active Directory
domain named contoso.com.
All domain controllers and DNS servers for the contoso.com domain are located in the main office. All DNS
servers are member servers.
You plan to deploy two new Active Directory domains named east.contoso.com and west.contoso.com in
the branch offices.
You install a DNS server in each branch office.
You need to prepare the environment for the installation of the new domains.
What should you do next?
A. Create a new standard primary zone on each branch office DNS server for the new domains. Configure
forwarders on the main office DNS servers to point to the branch office servers.
B. Create a new stub zone on each branch office DNS server for the new domains. Configure conditional
forwarders on the main office DNS servers to point to the branch office DNS servers.
C. Configure a delegation subdomain DNS record on the main office DNS server for each new domain.
Configure a stub zone on each branch office DNS server for the new domains. Configure zone transfer for
the contoso.com zone to the branch office DNS servers.
D. Configure a delegation subdomain DNS record on the main office DNS server for each new domain.
Create a new standard primary zone on each branch office DNS server for the new domains. Configure
zone transfer for the contoso.com zone to the branch office DNS servers.
Answer: D
7. Your company has one main office and one branch office. The branch office is connected to the main
office by using a wide area network (WAN) link. The network consists of one Active directory domain.
The branch office has two member servers that run Windows Server 2008. One of the servers is configured
as a file server that hosts shared folders.
The branch office has a local administrator. The main office has one standard primary DNS zone that is
hosted on a DNS server.
The branch office grows from 100 client computers to 1,000 client computers.
You need to recommend a name resolution solution for the branch office to meet the following
requirements:
Users must be able to access file shares on the local server if a WAN link fails.
The branch office administrator must be able to modify Active Directory objects while at the branch office if
a WAN link fails.
What should you recommend?
A. Promote the member server to a domain controller and configure the DNS role. Create a standard
secondary zone.
B. Promote the member server to a domain controller and configure the DNS role. Create a new standard
primary zone.
C. Promote the member server to a read-only domain controller (RODC) and configure the DNS role.
Create a primary read-only zone.
D. Promote the member server to a read-only domain controller (RODC) and configure the DNS role.
Create a new standard secondary zone.
Answer: A
8. Your network consists of one Active Directory forest that contains one root domain and 22 child domains.
All domain controllers run Windows Server 2003. All domain controllers run the DNS Server service and
host Active Directory-integrated zones.
Administrators report that it takes more than one hour to restart the DNS servers.
You need to reduce the time it takes to restart the DNS servers.
What should you do?
A. Upgrade all domain controllers to Windows Server 2008.
B. Upgrade all domain controllers in the root domain to Windows Server 2008, and then set the functional
level for the root domain to Windows Server 2008.
C. Deploy new secondary zones on additional servers in each child domain.
D. Change the Active Directory-integrated DNS zones to standard primary zones.
Answer: A
9. Your network consists of one Active Directory forest that contains one root domain and 10 child domains.
Administrators of the child domains frequently modify the records for authoritative DNS servers for the child
domain DNS zones.
You need to recommend a solution to minimize the amount of manual configuration steps required to
maintain name resolution on the network.
What should you recommend?
A. On the child domain DNS servers, create stub zones for the root domain zone.
B. On the child domain DNS servers, configure conditional forwarders for the parent domain.
C. On the root domain DNS servers, create stub zones for the child domain zones.
D. On the root domain DNS servers, configure delegation subdomain records for the child domains.
Answer: C
10. Your network consists of one Active Directory domain and one IP subnet. All servers run Windows
Server 2008. All client computers run Windows Vista.
The servers are configured as shown in the following table.
All network switches used for client connections are unmanaged.
Some users connect to the local area network (LAN) from client computers that are joined to a workgroup.
Some client computers do not have the latest Microsoft updates installed.
You need to recommend a Network Access Protection (NAP) solution to protect the network. The solution
must meet the following requirements:
Only computers that are joined to the domain must be able to connect to servers in the domain.
Only computers that have the latest Microsoft updates installed must be able to connect to servers in the
domain.
Which NAP enforcement method should you use?
A. 802.1x
B. DHCP
C. IPsec
D. virtual private network (VPN)
Answer: C
11. Your network consists of one Active Directory domain and one IP subnet. All servers run Windows
Server 2008. All client computers run Windows Vista, Windows XP Professional, and Windows 2000
Professional.
The servers are configured as shown in the following table.
Server2 is configured to support Network Access Protection (NAP) by using IPsec, DHCP, and 802.1x
enforcement methods.
Users from a partner company have computers that are not joined to the domain. The computers
successfully connect to the network.
You need to ensure that only computers that are joined to the domain can access network resources on the
domain.
What should you do?
A. Configure all DHCP scopes on Server1 to enable NAP.
B. Configure all network switches to require 802.1x authentication.
C. Create a Group Policy object (GPO) and link it to the domain. In the GPO, enable a secure server IPsec
policy on all member servers in the domain.
D. Create a Group Policy object (GPO) and link it to the domain. In the GPO, enable a NAP enforcement
client for IPsec communications on all client computers in the domain.
Answer: C
12. Your network consists of a single IP subnet. All servers and client computers connect to managed
switches. All servers run Windows Server 2008. All client computers run Windows Vista.
The servers on the network are configured as shown in the following table.
You need to prepare the Network Access Protection (NAP) environment to meet the following requirements:
Computers that have the required Microsoft updates installed must be able to access all computers on the
network.
Network switches must first allow client computers to communicate to only Server1 and Server2 when the
computers connect to the network.
Which NAP enforcement method should you use?
A. 802.1x
B. DHCP
C. IPsec communications
D. VPN
Answer: A
13. Your network consists of one Active Directory domain. The domain contains servers that run Windows
Server 2008.
The servers are configured as shown in the following table.
Server2 and Server3 are configured as RADIUS clients.
You need to plan a solution to manage all VPN connections to the network. The solution must meet the
following requirements:
Specify the allowed VPN connection protocols.
Specify the allowed VPN client authentication mechanisms.
Specify VPN client access rights based on group membership.
What should you include in your plan?
A. a Group Policy object (GPO) applied to Server2 and Server3
B. a Group Policy object (GPO) applied to the computers that must establish VPN connections
C. a local computer policy on Server2 and Server3
D. a network policy on Server4
Answer: D
14. Your network consists of one Active Directory domain. The domain contains servers that run Windows
Server 2008.
The servers are configured as shown in the following table.
All client computers run Windows Vista Service Pack 1 (SP1).
Remote domain users at a customer site report that they can access Server2 from the Internet by using the
URL xyz They also report that a firewall at the customer site prevents all other
outbound connections.
You need to implement a solution to enable remote users to access files on Server3 from a VPN
connection.
Which connection should you enable on Server1?
A. IPsec tunnel mode
B. L2TP
C. PPTP
D. Secure Socket Tunneling Protocol (SSTP)
Answer: D
15. Your network contains servers that run Windows Server 2008.
Microsoft Windows SharePoint Services (WSS) are available on the network. WSS is only accessible from
the internal network.
Several users use devices that run Windows Mobile 6.0. The users can establish only HTTP and HTTPS
sessions from the Internet.
You need to enable users to access WSS from the Internet by using their Windows Mobile devices. The
solution must ensure that all connections from the Internet to WSS are encrypted.
What should you do?
A. Install Microsoft Internet Security and Acceleration (ISA) Server 2006 and create a HTTPS publishing
rule.
B. Install Microsoft Internet Security and Acceleration (ISA) Server 2006 and create a Secure RPC
publishing rule.
C. Install the Network Policy and Access Services (NPAS) role and enable Secure Socket Tunneling (SSTP)
connections. Configure WSS to require Kerberos authentication.
D. Install the Network Policy and Access Services (NPAS) role and enable Secure Socket Tunneling (SSTP)
connections. Configure WSS to require IPsec encryption.
Answer: A
16. Your network is connected to the Internet through a firewall.
Remote users connect to Microsoft Windows SharePoint Services (WSS) located on the internal network
by using HTTPS.
Users require access to file servers located on the internal network.
You need to ensure that remote users can connect to the file servers. The solution must not require that any
additional TCP ports be opened on the firewall.
What should you do?
A. Implement a PPTP virtual private network (VPN) solution.
B. Implement an L2TP virtual private network (VPN) solution.
C. Implement a Terminal Services Web Access (TS Web Access) solution.
D. Implement a Secure Socket Tunneling Protocol (SSTP) virtual private network (VPN) solution.
Answer: D
17. Your network consists of one Active Directory domain.
Your company has a department named Sales. Some employees in the Sales department work from home
and require access to applications and file servers on the corporate network.
The corporate security policy includes the following requirements:
Remote computers must only connect to the network by using Secure Socket Layer (SSL).
Computers that connect to the network must have an up-to-date antivirus application and all available
security updates installed.
You need to plan a remote access solution for the Sales department employees.
What should you include in your plan?
A. Configure a virtual private network (VPN) solution that uses PPTP.
B. Configure a virtual private network (VPN) solution that uses L2TP.
C. Configure a Terminal Services solution that uses Terminal Services Gateway (TS Gateway).
D. Configure a Terminal Services solution that uses Terminal Services Web Access (TS Web Access).
Answer: C
18. Your network consists of one Active Directory domain. The domain contains servers that run Windows
Server 2008.
The relevant servers are configured as shown in the following table.
All client computers run Windows Vista.
You plan to deploy two Java-based applications on all client computers. The two applications each require a
different version of the Java Runtime Environment (JRE). After testing, you notice that the two JREs
prevent the applications from running on the same computer.
You need to recommend a solution that enables the two Java-based applications to run on all client
computers.
What should you recommend?
A. Create two Windows Installer (MSI) packages that each contains one version of the JRE and one
compatible application. On Server2, advertise both packages to all client computers.
B. Create two Windows Installer (MSI) packages that each contains one version of the JRE and one
compatible application. On Server1, create a Group Policy object (GPO) that assigns both packages to all
client computers.
C. Use the SoftGrid Sequencer to create two application packages that each contains one version of JRE
and one compatible application. On Server3, stream both application packages to all client computers.
D. Install the two JRE versions and the two Java-based applications on Server4. Configure all client
computers to connect to the Java-based applications by using Terminal Services RemoteApp (TS
RemoteApp).
Answer: C
19. Your network consists of one Active Directory domain. The domain contains servers that run Windows
Server 2008.
The relevant servers are configured as shown in the following table.
You install an application named Application1 on Server3. User-specific settings for the application are
stored in a configuration file named Application1.ini.
When multiple users run Application1 concurrently, Application1.ini is overwritten and the application fails.
You need to recommend a solution that enables users to successfully run Application1 on Server3.
What should you recommend?
A. On Server3, deploy Terminal Services Session Broker (TS Session Broker).
B. On Server2, stream a SoftGrid application package containing Application1 to Server3.
C. On Server3, configure Application1 as a Terminal Services RemoteApp (TS RemoteApp).
D. On Server1, create and link a Group Policy object (GPO) to publish Application1 to all users who
establish a Terminal Services session on Server3.
Answer: B
20. Your network consists of one Active Directory domain. The domain contains servers that run Windows
Server 2008.
The relevant servers are configured as shown in the following table.
Your company has a department named Sales. All users in the Sales department have desktop computers
that run Windows Vista Enterprise Edition. All users in the Sales department run an application named
Application1 that is compatible only with Windows 95. To run Application1, each user in the Sales
department has a second desktop computer that runs Windows 95.
The Windows 95 computers must be removed from the network. You use the Microsoft Application
Compatibility Toolkit (ACT) 5.0 to test Application1. The test confirms that the application runs only on
Windows 95 computers and must be redeveloped to be compatible with Windows Vista or Windows Server
2008.
You need to recommend a solution that will enable you to remove the Windows 95 computers. Users in the
Sales department must be able to continue running Application1.
What should you do?
A. Create a virtual machine that runs Windows 95 and Application1. Run the virtual machine on all
computers in the Sales department by using Microsoft Virtual PC 2007.
B. Create and link a Group Policy object (GPO) that publishes Application1 to all client computers in the
Sales department. Configure Application1 to run as an administrator.
C. Create and link a Group Policy object (GPO) that assigns Application1 to all client computers in the
Sales department. Configure Application1 to run in compatibility mode for Windows 2000.
D. Install Application1 on Server2. Configure Application1 to run in compatibility mode for Windows 95.
Configure all computers in the Sales department to run the application through Terminal Services.
Answer: A
Comments
Post a Comment
Please avoid link comments