Free Download Microsoft 70-647 Practice Tests with PDF & VCE (21-30)

QUESTION 21
Your network consists of one Active Directory domain. The functional level of the domain is Windows Server 2008. The domain has 30 domain controllers. Twenty administrators manage the domain. You plan to implement an audit and compliance policy. You need to ensure that all changes made to Active Directory objects are recorded. What should you do?

A.    On all domain controllers, run the Security Configuration Wizard (SCW).
B.    In the Default Domain Controller Policy, configure a Directory Services Auditing policy.
C.    In the Default Domain Controller Policy, configure and implement a file-level audit policy for the SYSVOL
volume.
D.    Create a Group Policy object (GPO) linked to the Domain Controllers OU. Configure the GPO to install
the Microsoft Baseline Security Analyzer (MBSA).

Answer: B

QUESTION 22
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2003. You need to plan the forest and domain functional levels to support the following requirements:
– Read-only domain controllers (RODC)
– Windows Server 2003 domain controllers
Which functional levels should you include in your plan?

A.    the forest functional level of Windows 2000 and the domain functional level of Windows Server 2003.
B.    the forest functional level of Windows Server 2003 and the domain functional level of Windows Server 2003.
C.    the forest functional level of Windows Server 2003 and the domain functional level of Windows Server 2008.
D.    the forest functional level of Windows Server 2008 and the domain functional level of Windows Server 2008.

Answer: B

QUESTION 23
Your network contains servers that run Windows Server 2008 and client computers that run Windows Vista. All network routers support IPsec connections. Client computers and servers use IPsec to connect through network routers. You have two servers named Server1 and Server2. Server1 has Active Directory Certificate Services (AD CS) installed and is configured as a certification authority (CA). Server2 runs Internet Information Services (IIS). You need to recommend a certificate solution for the network routers. The solution must meet the following requirements:
– Use the Simple Certificate Enrollment Protocol (SCEP).
– Enable the routers to automatically request certificates.
What should you recommend implementing?

A.    certification authority Web enrollment services on Server2
B.    Network Device Enrollment Service on Server2
C.    Online Responder service on Server1
D.    subordinate CA on Server1

Answer: B

QUESTION 24
Your network consists of two Active Directory forests named Forest1 and Forest2. The functional level of both forests is Windows Server 2003. Both forests contain only domain controllers that run Windows Server 2008. You install a new server named Server1 in Forest2. You need to recommend an access solution that meets the following requirements:
?Users in Forest1 must have access to resources on Server1. ?Users in Forest1 must be denied access to all other resources within Forest2.
What should you recommend?

A.    Raise the forest functional level of Forest1 and Forest2 to Windows Server 2008.
B.    Raise the domain functional level of all domains in both forests to Windows Server 2008.
C.    Create a forest trust between Forest1 and Forest2. Set the Allowed to Authenticate right on the
computer object for Server1.
D.    Create a forest trust between Forest1 and Forest2. Set the Allowed to Authenticate right on the
computer object for the Forest2 infrastructure operations master object.

Answer: C

QUESTION 25
Your network contains a server that runs Windows Server 2008. Internal users of the network and external partners collaborate on work projects. You need to plan a collaboration solution for the internal users and the external partners to meet the following requirements:
– Enable environment access audits.
– Enable secure access to files based on permissions.
– Enable remote access to files by using a Web browser.
– Enable search of data stored in database and file servers.
What should you include in your plan?

A.    Install and configure the Web Server role.
B.    Install and configure the Application Server role.
C.    Install and configure Microsoft Windows SharePoint Services (WSS) 3.0.
D.    Install and configure Microsoft Office SharePoint Server (MOSS) 2007.

Answer: D

QUESTION 26
Your company has a main office and a new branch office. The network consists of one Active directory domain. The branch office contains two member servers that run Windows Server 2008 R2. One of the servers is configured as a file server that hosts shared folders. An administrator in the branch office is responsible for maintaining the servers. You have a single DNS zone that is hosted on a DNS server located in the main office. A wide area network (WAN) link between the branch office and the main office is unreliable. You need to recommend a network services solution for the new branch office. The solution must meet the following requirements:
– Users must be able to log on to the domain if a WAN link fails.
– Users must be able to access file shares on the local server if a WAN link fails.
– Branch office administrators must be prevented from initiating changes to Active Directory.
– Branch office administrators must be able to make configuration changes to the servers in the branch office.
What should you recommend?

A.    Promote the member server to a domain controller and add the branch office administrators to the
Domain Admins group.
B.    Promote the member server to a read-only domain controller (RODC) and add the branch office
administrators to the Domain Admins group.
C.    Promote the member server to a read-only domain controller (RODC) and configure the DNS role.
Delegate administrative rights to the local branch office administrator.
D.    Promote the member server to a domain controller and configure the DNS role. Create an organizational
unit (OU) for each branch office and delegate administrative rights to the local branch office administrator.

Answer: C

QUESTION 27
Your Company has one main office and 100 branch offices. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2. The wide area network (WAN) links from the branch offices to the main office are unreliable. A local administrator manages each branch office. Your company plans to add a new branch office. You create a new organizational unit (OU) that contains all the computer accounts for the new branch office. You configure a server in the main office to test all new software updates. You install Microsoft Windows Server Update Services (WSUS) 3.0. You need to implement an update management solution for the new branch office to meet the following requirements:
– Only approved updates must be installed in the branch office.
– Client computers must be able to download updates if a WAN link fails.
– Each branch office administrator must be able to approve updates before installation.
What should you do?

A.    In each branch office, install a WSUS 3.0 server as a replica server and configure it to download
updates from the main office. Configure all computers to receive updates from their local WSUS server.
B.    In each branch office, install a WSUS 3.0 server as a child server and configure it to download updates
from Microsoft Update. Configure all computers to receive updates from their local WSUS server.
C.    In the main office, install a WSUS 3.0 server as a child server and configure it to download updates
from Microsoft Update. Configure all computers to receive updates from the new WSUS server.
D.    In the main office, install and configure a WSUS 3.0 server as a stand-alone server and configure it to
download updates from Microsoft Update. Configure all computers to receive updates from the new
WSUS server.

Answer: B

QUESTION 28
Your company has one main office and eight branch offices. Each branch office has one server and 20 client computers. The network consists of one Active Directory domain. All main office domain controllers run Windows Server 2008. All branch office servers are configured as domain controllers and run Windows Server 2003 Service Pack 1 (SP1). You need to implement a security solution for the branch offices to meet the following requirements:
The number of user passwords stored on branch office domain controllers must be minimized. All files stored on the branch office domain controller must be protected in the event of an offline attack. What should you do?

A.    Upgrade branch office domain controllers to Windows Server 2008. Enable Windows BitLocker Drive
Encryption (BitLocker).
B.    Replace branch office domain controllers with Windows Server 2008 read-only domain controllers
(RODCs).Enable Windows BitLocker Drive Encryption (BitLocker).
C.    Replace branch office domain controllers with Windows Server 2008 read-only domain controllers
(RODCs).Enable Encrypting File System (EFS) for all server drives.
D.    Add the branch office domain controller computer accounts to the read-only domain controllers
(RODCs) group. Enable Encrypting File System (EFS) for all server drives.

Answer: B

QUESTION 29
Your network consists of one Active Directory domain and one IP subnet. All servers run Windows Server 2008 R2. All client computers run Windows 7. The servers are configured as shown in the following table. (Click the Exhibit)
291
All network switches used for client connections are unmanaged. Some users connect to the local area network (LAN) from client computers that are joined to a workgroup. Some client computers do not have the latest Microsoft updates installed. You need to recommend a Network Access Protection (NAP) solution to protect the network. The solution must meet the following requirements:
– Only computers that are joined to the domain must be able to connect to servers in the domain.
– Only computers that have the latest Microsoft updates installed must be able to connect to servers in the domain.
Which NAP enforcement method should you use?

A.    802.1 x
B.    DHCP
C.    IPsec
D.    virtual private network (VPN)

Answer: C

QUESTION 30
Your network consists of one Active Directory forest. You have two servers named Server1 and Server2. Both servers run Windows Server 2008. All client computers run Windows Vista. Hardware on the servers is installed as shown in the following table. (Click the Exhibit)
301
Client computers use the Remote Desktop client to connect to Server1 and Server2. You need to recommend a solution to control the distribution of user requests made to Server1 and Server2. The solution must enable administrators to distribute the traffic based on the server hardware. What should you recommend?

A.    Use DNS round-robin. Set the DoNotRoundRobinTypes registry entry to ptr srv ns.
B.    Add the failover clustering feature. Configure Server1 as a passive node and Server2 as an active node.
C.    Install Network Load Balancing. In Host Parameters, set Priority to 1 for Server2 and set Priority to 2
for Server1.
D.    Use Terminal Services Session Broker (TS Session Broker) Load Balancing. Assign a weight value
of 100 to Server1 and a weight value of 200 to Server2.

Answer: D

Free Download Microsoft 70-647 Practice Tests with PDF & VCE