A - Self Test-70-646

A 12, A 16, A 20
A_ Planning for Server Deployment

A 1_ You are a network administrator for an aerospace equipment manufacturing company. Your
company has a single Active Directory domain. You have deployed Windows Server 2008 on all
servers in your domain. You plan to implement a public key infrastructure (PKI) to implement strong
security while exchanging information across the Internet and all extranets, intranets, and
applications.
You are using an Enterprise Edition certification authority on Windows Server 2008. You have
installed the following certification authority (CA) role services on your Windows Server 2008 servers:
You have two enterprise subordinate CAs to issue certificates to domain users and domain
computers.
You have a single stand-alone subordinate CA to issue certificates to contractors who are not part of
the domain.
You need to install the Online Certificate Status Protocol (OCSP) role service on the certificate
server. What must you install before installing the OCSP role service?
Microsoft Simple Certificate Enrollment Protocol (MSCEP) role service
Internet Information Services (IIS) role services
Active Server Pages (ASP)
Certification Authority Web Enrollment (CAWE) role service
A 2_ You are the network administrator for a company that has recently purchased 20 new client
computers. You want to deploy images of Windows Vista to the new computers. You install Window
Deployment Services (WDS) on the same server that has the DHCP server. You have created a
Windows Vista image for the computers. The image has been uploaded to the WDS server.
Your DHCP server and WDS server are located on a different subnet than the clients that need
images. The router between the two subnets is RFC 1542 compliant. What must you configure to
deploy the images to the computers? (Choose two. Each correct answer is part of the solution.)
Configure the WDS server to not listen on UDP port 67
Configure the WDS server to listen on UDP port 67
Add Option 60 to the DHCP scope
Block the Trivial File Transfer Protocol (TFTP) port on the WDS server
Block UDP port 4011 on the WDS server

A 3_ You are the administrator for your company, which has a main office in Atlanta. All of your
company's servers run Windows Server 2008 and all clients run Windows Vista. You have branch
offices in Charlotte, Jacksonville, and Birmingham.
You want to share files between multiple locations. You want to ensure that users for all locations can
access the proper files. In some instances you may also have engineers in two locations that need to
modify the same files at the same time on different servers.
Which solution will meet these requirements?
Use a domain-based DFS

Use a stand-alone DFS
Use SharePoint Services
Use Windows System Resource Manager
A 4_ Your company manufactures and produces banners and signs. The company plans to deploy
images to multiple computers. You have created an image for the computers. The image has been
uploaded to the Window Deployment Services (WDS) server. Your DHCP server is located on a
different subnet than the WDS server. The router between the two subnets is RFC 1542 compliant.
What must you configure to deploy the images to the computers? (Choose two. Each correct answer
is part of the solution.)
Block the Trivial File Transfer Protocol (TFTP) port on the router
Block the Trivial File Transfer Protocol (TFTP) port on the WDS server
Block UDP port 4011 on the WDS server
Configure IP Help Tables to forward DHCP broadcasts on UDP port 67 by client computers
directly to both the DHCP server and the Windows Deployment Services PXE server.
Add DHCP Options 66 and 67 to the DHCP Server
A 5_ You are a network administrator for your company. You have deployed Windows Server 2008
on all servers in your company. You are creating a Secure Socket Tunneling Protocol (SSTP)-based
Virtual Private Network (VPN) connection.
Which certificates are required to establish the VPN tunnel? (Choose two. Each correct answer
presents part of the solution.)
Computer certificates on the VPN client

Computer certificates on the VPN server
Computer certificates on both the VPN client and VPN server
Root CA certificate on the VPN client
Root CA certificate on the VPN server
A 6_ You are a server administrator for your organization. Your organization has a mixed
environment that includes Windows Server 2008 domain controllers and UNIX-based computers. You
have deployed File Services server role on a Windows Server 2008 computer named WS_FS.
Your organization uses business-critical software that runs on the UNIX-based computers. You need
to ensure that the UNIX-based computers can access data from the Windows-based servers.
What should you do?
Install File Server Resource Manager

Install Services for Network File System
Configure DFS Replication
Configure DFS Namespace
A 7_ You are a server administrator for your organization. Your organization has a main office in
Sydney and a branch office in Melbourne. You have deployed Windows Server 2008 on all servers in
both offices. You also used Server Manager to install BitLocker on a Windows Server 2008 server in
the branch office to encrypt data that will be used by various applications.
Your organization wants you to manage the BitLocker encryption from the main office rather than
traveling to the branch office. How can you enable this functionality without enabling BitLocker
encryption on any servers at the main office?
run the ServerManagerCmd -install BitLocker command

run the ServerManagerCmd -resultPath <result.xml> command
run the ServerManagerCmd -install RSAT-BitLocker command
run the Scwcmd command
A 8_ You are a server administrator for a shipping company with a main office in Florida and branch
offices in Texas and Arkansas. You have deployed Windows Server 2008 and Windows Server Core
on the domain controllers, and all client computers use Windows Vista Service Pack 1 (SP1). You
work in the main office.
You previously configured a Windows Server Core domain controller in a branch office with the DNS
Server role. Recently you changed the IP address range on a DHCP server in the same branch
office. You need to change the reverse lookup zone on the Windows Server Core running the DNS
server role to reflect the changes in the IP address range of the DHCP server. Also, you want to
enable secure dynamic updates on the reverse lookup zone. This must be done remotely from the
main office.
What should you do?

Install Remote Server Administration Tools on a Windows Vista SP1 workstation.
Install Remote Server Administration Tools on the Windows Server Core installation.
Run the dnscmd command on a Windows Vista workstation.
Run ServerManagerCmd -q on the Windows Server Core installation.
A 9_ You are the domain administrator for your organization. You have deployed Windows Server
2008 on all servers in your organization. You need to implement Printer Location Tracking (PLT) in
your organization to provide self-assistance to users with questions about the location of their local
printer.
Which of the following do you need to enable PLT in your domain? (Choose all that apply.)
Ensure IIS is installed

Configure a GPO to enable the location tracking feature for all devices
Obtain location settings for all printers
Obtain location settings for all servers
Create a simple naming convention to represent printer locations
Ensure SSTP is configured
A 10_ You are a network administrator for your organization. You have deployed the Windows Server
2008 operating system on all servers in your organization. You need to allow Virtual Private Network
(VPN) connections from Windows Server 2008 over HTTPS. Your solution should allow user
authentication only after the SSL session is established.
Which protocol should you use?
Point-to-Point Tunneling Protocol (PPTP)

Secure Socket Tunneling Protocol (SSTP)
Layer Two Tunneling Protocol with Internet Protocol security (L2TP/IPsec)
User Datagram Protocol (UDP)
A 11_ You are the network administrator for a company that manufactures automobile parts. Users in
your warehouse office have been issued certificates for signing e-mail, encrypting and decrypting
documents, and user authentication from a subordinate enterprise certificate authority that runs
Windows Server 2008. These users are constantly logging on at different computers in the
warehouse. All client computers in the warehouse run the Windows Vista operating system, and all of
the servers run the Windows Server 2008 operating system. You need to ensure that your users can
do the following:
• Use stored user names and passwords from any workstation in the domain.
• Access their public key infrastructure (PKI) private keys and certificates from any workstation
in the domain.
What should you do to meet these requirements?
Enable roaming profiles

Configure credential roaming
Create a Group Policy Object (GPO) to enable folder redirection
Create a Group Policy Object (GPO) to enable Protected Mode on Internet Explorer
A 12_ You are the network administrator for Nutex Corporation. Users in your main office have been
issued certificates from a subordinate enterprise certificate authority (CA) that runs Windows Server
2008 for the purposes of signing e-mail, encrypting and decrypting documents, and user
authentication. You want to enable credential roaming for all users because they must be constantly
logging on at different computers in the office. All client computers in the main office run the Windows
Vista operating system. All the servers in the main office run the Windows Server 2008 operating
system.
What must you do to enable credential roaming? (Move each required step from the Choices area on
the left to the Correct Order area on the right, and arrange them in the correct order. It may not be
necessary to use all the steps provided.)
Choice :
Link the GPO to the domain
Use the GPMC to create a new GPO
Add the Credential Roaming template under subordinate
Enable X.509 Certificate and Key Roaming settings
Upgrade the forest level to Windows Server 2008

A 13_ Your company has a single Active Directory domain. All domain controllers and servers run
Windows Server 2008. All client computers have been recently upgraded to Windows Vista.
You have four 32-bit applications running on separate servers. You have two 64-bit applications
running on separate servers. You want to consolidate the different applications on as few servers as
possible.
What should you do?
Install Hyper-V on a server with an x86-based processor. Create separate virtual servers for each
application.
Install Hyper-V on a server with an x64-based processor. Create a separate virtual server
for the 32-bit applications and a separate virtual server for the 64-bit applications.
Install Hyper-V on a server with an x64-based processor, and create separate virtual servers for
each 64-bit application. Install Hyper-V on a server with an x86-based processor, and create
separate virtual servers for each 32-bit application.
Install Terminal Services on a server with an x86-based processor. Install all applications on the
terminal server
A 14_ You are a server administrator for your organization. Your organization has a single Active
Directory domain that contains multiple Windows Server 2008 domain controllers. All file servers run
Windows Server 2003 or Windows Server 2008, and all client computers use Windows XP
Professional or Windows Vista. Your organization has shared folders located on physically separate
Windows Server 2008 servers by connecting them to one or more namespaces.
You must provide for the continual availability of the shared folders. You want to ensure the following:
• If a share is not available on one file server, then a DFS referral is sent to another file server
• The DFS root is fault tolerant
• Your solution incurs minimal expense and hardware configuration changes
What should you do?
Create a stand-alone namespace on a Windows Server 2008 server and install the File Services
role.
Create a domain-based namespace on a Windows Server 2008 Server and install the File
Services role.
Create a stand-alone namespace on a Windows Server 2008 server and install Active Directory
Federation Services (AD FS).
Create a stand-alone namespace on a Windows Server 2008 server and install Active Directory
Rights Management Services (AD RMS)
A 15_ You are an administrator for a company with manufacturing plants in six cities. You plan to
deploy new application servers to the six locations that run Windows Server 2008. Some of the
computers have a 32-bit processor with an x86-based architecture; the other computers have a 64-bit
processor with x64-based architecture.
You create an image of Windows Server 2008 on a Windows Deployment Services (WDS)
server. After the image is deployed on the new computer, the computer will be sent to the appropriate
plant.
You are able to deploy the images to the servers with the x64-based architecture, but not to the
servers that have the x86-based architecture. What should you do to fix the problem?
Install WDS on a 64-bit server.

Create an x86-based image of the Windows Server 2008 application server.
Block UDP port 4011 on the WDS server.
Enable the appropriate TFTP port for the x64-based image.
A 16_ You are a server administrator for your organization. You have deployed Windows Server 2008
on all servers in your organization. You are implementing Printer Location Tracking (PLT) in your
organization. Arrange the steps to implement PLT in your organization.
Drag the applicable steps from the Task pane and arrange them in the correct order in the Action
Area. (Choose all that apply. Not every option may be required.)
Choices :
Log on as a user on the server sharing the printer and restart the spooler service
Run the gpupdate command from the command prompt
Enter location settings for computers and servers
Set locations for your subnets in AD Sited and Services
Enter location Settings for printers
Create a GPO. Enable the Pre-populate printer search location text settings
Planning for Server Deployment
A 17_ You are a network administrator for Nutex Corporation. You have deployed Windows Server
2008 on all servers in your organization. You are installing Windows BitLocker Drive Encryption
(BitLocker) using the ServerManagerCmd.exe command on a Windows Server 2008 server to
provide the operating system security and protection from unauthorized access. After the installation
procedure is complete, you need to verify that the BitLocker feature was installed successfully.
Which command-line parameter should you use with ServerManagerCmd command to display the
entire list of features installed on a Windows Server 2008 server computer?
-i
-p
-q
-v
A 18_ You are the server administrator for your organization. You have deployed Windows Server
2008 and Windows Server 2003 on all domain controllers in your organization, and all client
computers run either Windows XP Service Pack 2 (SP2) and Windows Vista SP1.
You have several Windows Server 2008 file servers in different physical locations in your
organization. You need to recommend a solution that will enable users to access file shares on these
servers. Your solution should also ensure that users can access all data on a file server, even if any
of the file servers goes offline, without requiring any new hardware be installed in the network.
What should you do? (Choose two. Each correct answer is a part of the solution.)
Configure a domain DFS root

Configure a stand-alone DFS root
Configure multiple targets for DFS referral
Install the AD FS server role on a Windows Server 2008 server
A 19_ Your company has a single Active Directory domain. All of the domain controllers run Windows
Server 2008, and all of the client computers have been recently upgraded to Windows Vista.
All user accounts have roaming profiles. Your company wants to allow users to use their certificates
on multiple computers. You want to ensure that the current version of any certificate is being used.
What must you do?
Replace the roaming profiles with mandatory roaming profiles, and enable credential roaming.
Replace the roaming profiles with mandatory roaming profiles, and add a recovery agent for each
user on each computer.
Replace the roaming profiles with Folder Redirection, and enable credential roaming.
Replace the roaming profiles with Folder Redirection, and add a recovery agent for each user on
each computer.
A 20_ You are the systems administrator for your organization. Your organization has recently
acquired a partner company, which has a single Active Directory domain. All domain controllers in the
partner company run Windows Server 2008.
You perform a migration for the Active Directory domains in the partner company to your
organization. After migrating the partner company's user account objects, you determine the following
issues:
• Users cannot log on to their accounts after migration.
• Users cannot access network resources after migration.
You decide to roll back the migration to the original domain. You need to create a rollback plan to roll
back to the pre-migration environment. Move the steps from the Choices area on the left to the
Correct Order area on the right, and arrange them in the correct order. (It may not be necessary to
use all the steps provided.)
Choice :
Change the domain membership for the server or workstation to the source domain
Enable the user accounts in the source domain
Notify the users to log on to the source domain
Notify the users to log off from the target domain
Verify that users are able to access resources
Log on as a user on the target domain and verify that you can access the resource
Verify that the logon scripts and user profiles for users work as configured in the source domain
Planning for Server Deployment
A 21_ You are a network administrator for your organization. Your organization has outsourced its
financial services to a vendor who must have access to the confidential sales information from your
organization.
You are required to configure a Public Key Infrastructure (PKI) to ensure that only authenticated
users have access to organizational resources. You plan to ensure the following rules in your
organization:
• Use certificates to authenticate requests to Active Directory for users inside the organization.
• Use certificates to authenticate external vendors accessing the organization's resources.
• Use certificate templates to create specific certificates for organization users.
• All certificates issued to users inside the organization must be approved automatically.
• The root Certificate Authority (CA) must remain offline.
What must you configure? (Choose three. Each correct answer is part of the solution.)
Configure the root CA to be a stand-alone CA

Configure the root CA to be an enterprise CA
Configure a subordinate enterprise CA to authenticate the vendors
Configure a subordinate enterprise CA to authenticate the users
Configure a subordinate stand-alone CA to authenticate the vendors
Configure a subordinate stand-alone CA to authenticate the users
A 22_ You are the administrator of a company that distributes office products. The company has a
single Active Directory Domain. All the domain controllers run Windows Server 2008. You have
several branch offices. You want to install a read-only domain controller (RODC) in a branch office
using installation media that does not contain any cached secrets.
What tool, command, and/or commands must you use to create the installation media according to
these requirements?
Use ntdsutil.exe and the move db to command.

Use ntdsutil.exe and the ifm command.
Use ntbackup and /SNAP command.
Use ntbackup and /RS command
A 23_ You are a network administrator in a tri-state news organization. Your organization has a single
Active Directory domain. You have recently installed Windows Server 2008 on a domain controller
named Long_Serv and Windows Server Core on a domain controller named Long_Core, both in the
Active Directory domain. You have installed the DNS Server and Active Directory Domain Services
(AD DS) server roles on Long_Core. Because Long_Core is located in another studio in the building
complex, you need to remotely manage the Windows Server Core server using graphics user
interface (GUI) tools.
What should you use?
Use the Computer Management snap-in on Long_Core.

Use the Computer Management snap-in on Long_Serv.
Install the Remote Server Administration Tools feature on Long_Core.
Use Windows Remote Shell on Long_Serv.
A 24_ You are an employee for a company with 100 stores across Canada, the United States (US),
and the United Kingdom (UK). You plan to send new computers to various stores in the UK. You plan
to install Windows Vista on the new computers. Some of the computers have a 32-bit processor with
an x86-based architecture, but the rest of the computers have a 64-bit processor with a x64-based
architecture. You install Windows Deployment Services (WDS) on a new 32-bit server that runs
Windows Server 2008.
What must you do to deploy Windows Vista to the new computers?
Create a single image of Windows Vista for all new computers.

Create a 32-bit image of Windows Vista and a 64-bit image of Windows Vista.
Install WDS on a 64-bit server and create a single image of Windows Vista for all new computers.
Install WDS on a 64-bit server and create a 32-bit image of Windows Vista and a 64-bit image of
Windows Vista.
A 25_ Your company has a single Active Directory domain. All client computers run Windows Vista,
and all servers run Windows Server 2008.
You have several applications that run on different servers. You want to consolidate the servers to
lower the total cost of ownership (TCO). You also want flexibility, reliability, scalability, and security.
Your solution should freely integrate 32-bit and 64-bit workloads in the same environment.
What should you do?
Install Hyper-V on a Windows Server 2008 computer with an x86-based processor.

Create a server cluster for the applications on the server.
Create a Network Load Balancing Cluster for the applications.
Install Hyper-V on a Windows Server 2008 computer with an x64-based processor, and use
Microsoft Application Virtualization.
A 26_ You are a server administrator for your company. All client computers run Windows Vista, and
all file servers run Windows Server 2008. Your domain controllers run both Windows Server 2003 and
Windows Server 2008. You have installed the File Services and Print Services server roles on a
Windows Server 2008 computer named WIN_SRV. You want to enable support for access-based
enumeration for a domain namespace on WIN_SRV to allow users to view only those files and folders
which they have permission to access.
What should you do? (Choose all that apply. Each correct answer is part of the solution.)
Create a domain-based namespace on WIN_SRV.

Create a domain-based namespace on a server running Windows 2000 Server mode.
Upgrade all domain controllers to Windows Server 2008.
Raise the domain functional level to Windows Server 2008.
Raise the forest functional level to Windows Server 2008.
A 27_ You are an administrator for Verigon Corporation. The company has a single Active Directory
domain. All domain controllers run Windows Server 2008, and all servers run Windows Server 2003.
Your company has purchased 50 new computers. You want to deploy a similarly configured operating
system on all 50 computers. You want to configure a Windows Server 2003 computer named Srv1 as
the server that will deploy images of Windows Vista to the new computers. Srv1 has a RAID 5 disk
subsystem of 2 TB. You want to ensure that services are separated on the servers and domain
controllers.
What must you configure to deploy images to the new computers?

Install Remote Installation Services (RIS) on Srv1.
Install the Windows Automated Installation Kit (AIK) on Srv1.
Install the Windows Deployment Services (WDS) on a Windows Server 2008 domain controller.
Create a Group Policy Object (GPO) to assign the Windows Vista software to the new computers.
A 28_ You are the administrator of a company that manufactures aerospace components. Your
company has a single Active Directory forest that has a tree with three domains. All servers run
Windows Server 2003 or Windows Server 2008 and all client computers use Windows XP
Professional and Windows Vista. All servers in the root domain are running Windows Server 2008.
You have several file servers in different locations that your users need to access. All of your users
actively use the file servers to store and share files. You want to do the following:
• Create quotas for a soft and hard space limit on the data volumes of all file servers
• Generate storage reports to identify duplicate files and dormant files
• Incur minimal costs for hardware or operating system upgrades
What should you configure?
Upgrade all file servers to Windows Server 2008 and install a domain DFS root.
Install a domain DFS root and use the existing servers in the tree.
Upgrade all file servers to Windows Server 2008 and install FSRM on a server in the root domain.
Install FSRM on a server in the root domain and use the existing servers in the tree.
Upgrade all file servers to Windows Server 2008 and install AD FS on a server in the root domain.
Install AD FS on a server in the root domain and use the existing servers in the tree.
A 29_ Your company has a single Active Directory domain. The domain controllers are a mixture of
Windows 2000 Server, Windows Server 2003, and Windows Server 2008 computers. All client
computers are a mixture of Windows XP Professional and Windows Vista. You have a public key
infrastructure (PKI) established for the domain.
You want to implement autoenrollment of certificates and credential roaming for the users in the
domain. You want to keep software and hardware upgrades to a minimum.
What should you configure? (Choose two. Each correct answer presents part of the solution.)
Replace all Windows 2000 Server domain controllers with Windows Server 2008 domain
controllers.
Replace all Windows XP Professional computers with Windows Vista computers.
Replace all Windows 2000 Server Server and Windows Server 2003 domain controllers with
Windows Server 2008 domain controllers.
Apply the latest service pack to all Windows 2000 Server and Windows Server 2003
domain controllers.
Apply the latest service pack to all Windows XP Professional computers.
B_ Planning for Server Mangament

B 1_ You are a server administrator for your organization. Your organization has single Active
Directory domain. You have deployed Windows Server 2008 on all domain controllers in your
organization. You have recently installed a read-only domain controller (RODC). You need to
configure the Password Replication Policy for your RODC.
dsmgmt.exe
Repadmin
Active Directory Users and Computers snap-in
Active Directory Sites and Services snap-in
B 2_ You are a server administrator for your organization. You have deployed Windows Server 2008
on all domain controllers and installed Active Directory Domain Services (AD DS) and Active
Directory Federation Services (AD FS) on a Windows Server 2008 server, named AD_Srv. You are
installing the DNS server role on another Windows Server 2008 server.
You need to grant a user permission to run Dnscmd.exe to view and modify the DNS server
configuration.
What should you do?
Add the user to the Performance Log Users group

Add the user to the Server Operators group
Add the user to the Account Operators group
Add the user to Network Configuration Operators group
B 3_ You are a server administrator for Nutex Corporation. Your organization's network has Windows
Server 2003 and Windows Server 2008 domain controllers. You have installed Windows Vista with
Service Pack 1 (SP1) on all client computers.
You create a Group Policy called AccountsPasswords that provides password policy restrictions
and account lockout restrictions for all users in the domain. You want to save the information in the
AccountsPasswords Group Policy and import it into a sister company's forest.
What should you do to save the information?
Run gpmc.msc, expand the nutex.com container, click the Default Domain Controller
container, right-click AccountsPasswords, and select Backup.
Run gpmc.msc, click the nutex.com container, right-click AccountsPasswords, and select
Backup.
Run gpedit.msc, expand the nutex.com container, expand Domains, expand nutex.com, click
the Starter GPOs container, right-click AccountsPasswords, and select Backup.
Run gpmc.msc, expand the nutex.com container, expand Domains, expand nutex.com,
click the Group Policy Objects container, right-click AccountsPasswords, and select
Backup.
B 4_ You are a server administrator for the Verigon Corporation. Your company has Windows Server
2008 domain controllers. You perform a backup of Group Policy Objects (GPOs) at regular intervals.
Another system administrator has made some changes to GPOs on a Windows Server 2008 domain
controller. You need to revert these changes and restore all GPOs to the previous state for which
latest backup is available.
What should you do to achieve the objective?
Run gpmc.msc, expand verigon.com, right-click Group Policy Objects, and select Backup All.
Run gpmc.msc, expand verigon.com, right-click Group Policy Objects, and select Manage
Backup.
Run gpmc.msc, expand verigon.com, right-click Starter GPOs, and select Manage Backup.
Run gpmc.msc, right-click verigon.com, and select Restore from Backup.
B 5_ You are the administrator for the Verigon Corporation. Your Active Directory structure is
displayed in the exhibit. (Click the Exhibit(s) button to view the Active Directory structure.)
You want to delegate permissions for user Samuel Jones to be able to create delete and manage
accounts in the domain. You also want user Jeremy Hernandez to be able to create, delete and
manage user accounts in the Finance and Accounting Organizational Units (OUs).
What should you configure do? (Choose two. Each correct answer presents part of the solution.)
Add Samuel Jones' account to the Server Operators group.

Add Jeremy Hernandez's account to the Server Operators group.
Add Samuel Jones' account to the Account Operators group.
Add Jeremy Hernandez's account to the Account Operators group.
Delegate the Reset Create, delete and manage user accounts task to Jeremy Hernandez for
the domain.
Delegate the Reset Create, delete and manage user accounts task to Jeremy Hernandez for
the Finance and Accounting OUs.
B 6_ You are the network administrator for your company. The company's logical network design
consists of a single Active Directory forest with two domains: nutex.com and verigon.com. Each
domain is in different locations that are configured as separate Active Directory sites. Each site
supports approximately 700 users. Each site is supported by four Windows Server 2008 domain
controllers. Both domains operate at the Windows Server 2003 domain functional level. All client
computers run Windows XP Professional or Windows Vista.
Organizational units (OUs) are created for departments in each domain as shown in the exhibit. (Click
the Exhibit(s) button to view the Active Directory structure.)
Departments for which OUs are created include sales (Sales), human resources (HR), accounting
(Acct), marketing (Mktg), research (Res), manufacturing (Manu), and IT administration (IT). User
accounts and computer accounts for each department are located in the associated OU. Group Policy
objects (GPOs) are linked at the site, domain, and OU levels.
A GPO is used to deploy a time management application to users throughout the organization. You
create a new GPO to assign Microsoft Excel to accounting users. All accounting users are located in
Site1. The new GPO is linked to the Acct OU container.
Help desk personnel report that users in the accounting department have complained that they are
not receiving the Excel application when they log on to their computers. You log on to a computer in
the accounting department with a department user account and run Gpresult to confirm that the GPO
linked to the Acct OU is being applied. You verify that the GPO is properly configured.
You must determine the source of the problem. You want to troubleshoot Group Policy application by
using Resultant Set of Policies (RSoP). You must determine the proper location and mode to run the
utility.
What should you do? (Choose two. Each correct answer presents part of the solution.)
Run RSoP in Logging mode.

Run RSoP in Planning mode.
Run RSoP at the site level.
Run RSoP at the domain level.
Run RSoP at the OU level.
Run RSoP to target the Accounting users and Accounting computers
B 7_ You are the enterprise administrator for your company. Your company has a single forest with
three domains. (Click the Exhibit(s) button to view the Active Directory structure.)
In each domain there are three Organizational Units (OUs), named Employees, Workstations, and
Servers. Within the Employees OU, you have global groups that contain personnel for various job
tasks, such as the Marketing, Sales, and Administration groups. You want several technical
support people from domain.com, child1.domain.com, and child2.domain.com to be able to
manage the membership list of the Marketing, Sales, and Administration groups within all three
domains.
What should you configure? (Choose four. Each correct answer presents part of the solution.)
Create a global group named TechSupportPersonnel in domain.com.

Create a universal group named TechSupportPersonnel in domain.com.
Create a global group named SupportPeople in each domain. Add the technical support
people who should manage the membership lists into the global group.
Add SupportPeople from each domain to TechSupportPersonnel.
Add the TechSupportPersonnel group as members of the Marketing, Sales, and
Administration groups in all three domains.
Use the Delegation of Control Wizard to assign the Create, delete and manage user accounts
task to the TechSupportPersonnel group at the Employees OU.
Use the Delegation of Control Wizard to assign the Modify the membership of a group task
to the TechSupportPersonnel group at the Employees OU.
B 8_ You are a network administrator for an organization that has a single Active Directory domain
and Windows Server 2008 domain controllers. A group of users in your organization is complaining
about the network performance. You decide to delegate the issue to another administrator. You need
to enable another server administrator to remotely monitor only the performance counters on domain
controllers in the domain, but not alerts.
What should you do?
Add the server administrator to the Performance Log Users group

Add the server administrator to the Server Operators group
Add the server administrator to the Account Operators group
Add the server administrator to the Performance Monitor Users group
Add the server administrator to the Network Configuration Operators group
B 9_ You are a server administrator in your organization. The domain controllers in your organization
run Windows Server 2003 and Windows Server 2008. You have installed Active Directory
Certification Services, Active Directory Federation Services, and Active Directory Domain Services on
a Windows Server 2008 server.
Your organization wants to deploy a read-only domain controller (RODC) to provide authentication
with domain controllers over a Wide Area Network (WAN). You have updated the permissions on all
the Domain Name System (DNS) application directory partitions in the forest to accomplish the task.
What else should you configure to deploy an RODC?

Set the forest functional level to Windows Server 2008.
Set the domain functional level to Windows Server 2003.
Set the domain functional level to Windows Server 2008.
Run the adprep /rodcprep command.
B 10_ You are the administrator for the Nutex Corporation, which has a single Active Directory
domain. Nutex manufactures soft drinks for worldwide distribution. All servers run Windows Server
2008, and all client computers have been upgraded to Windows Vista.
You want to ensure that the My Documents folder and the Application Data folder for all Engineers
and Marketing users working on the new soft drink project are redirected to the central file server.
You create a global group called ColaProjectEmployees that contains all Engineering and Marketing
users who are working on the new soft drink project.
What should you do next? (Choose three. Each correct answer presents part of the solution.)
Create a Group Policy object named GPO1 to enable folder redirection to the shared
folder.
Create a Group Policy object named GPO1 to specify a roaming profile to be stored on a shared
folder.
Add the ColaProjectEmployees group to the Security Filtering section of GPO1.
Edit GPO1 to specify Advanced redirection. Specify the ColaProjectEmployees group to
\\FileServer1\Share.
Link GPO1 to the domain.
B 11_ You are the administrator for the Nutex Corporation. You have linked several Group Policy
objects (GPOs) to the domain. You have several GPOs linked to the Accounting OU.
Jack, a user in the Accounting department, reports that the SoftwareDeployment GPO did not apply
to him. Jack's user account is in the Accounting OU, and the SoftwareDeployment GPO is linked at
the Accounting OU. You query other users in the Accounting department. Jill, who also has a user
account in the Accounting OU, reports the SoftwareDeployment GPO successfully applied for her.
Which command can you use to help troubleshoot the problem?
gpupdate /Target:User nutex\jack

gpupdate /Sync:nutex\jack
gpresult /H c:\GPOresults.xml /U nutex\jack /S server5
gpresult /U nutex\jack /S server5 /R
B 12_ You are a server administrator for your organization. You have installed Windows Server 2008
domain controllers in a single Active Directory domain in your organization. You have configured the
Windows Server 2008 computers to allow the installation of any device, provided that the device
driver is staged in the driver store or that the user has administrative permissions.
You need to prevent the installation of all devices except those specifically permitted by other policy
settings. You need to enable a policy setting to prevent the installation of all devices unless they are
specifically permitted.
What should you do?
Enable the Prevent installation of removable devices policy setting.

Enable the Prevent installation of devices not described by other policy settings policy
setting.
Enable the Prevent installation of devices that match any of these device IDs policy setting.
Enable the Prevent installation of devices using drivers that match these device setup
classes, policy setting.
B 13_ You are the administrator of the Nutex Corporation. All your servers run Windows Server 2008
or Windows Server 2003. All desktop computers and laptop computers run Windows XP Professional.
Your company has a sales force that is divided up into three different departments: Inside, Outside,
and Government. Each department has their own Organizational Unit (OU). (Click Exhibit(s) button
to view the Active Directory structure.)
Your supervisor has created several Group Policy objects (GPOs). GPO3 renames the
Administrator and Guest accounts on computers. GPO2 sets the desktop settings for users. GPO1
assigns a sales application to the Inside and Outside OUs. Government sales people should not
have this application.
Several of the Government sales people notice that Administrator account is displaying in Computer
Management. What should you do to fix the problem?
Remove the Block Inheritance setting on the Government OU.

Configure the Enforced setting on GPO3.
Configure the Enforced setting on GPO1.
Create a global group for the Government sales people. Add the global group to the Security
Filtering section of GPO3.
on all domain controllers in your organization. You have configured a local computer policy to prevent
the installation of removable devices in your organization, but you notice that this policy setting does
not let the administrative users update drivers for existing removable devices.
You need to ensure that users in the Administrators group can install drivers for removable devices.
You have opened the Device Installation Restrictions folder under Local Computer
Policy\Computer Configuration\Administrative Templates\ System\ Device Installation in the
Local Group Policy Object Editor.
What should you do?
Enable the Prevent installation of removable devices policy setting.

Disable the Prevent installation of removable devices policy setting.
Enable the Allow administrators to override Device Installation Restriction policies policy
setting.
Disable the Allow administrators to override Device Installation Restriction policies policy
setting.
B 15_ You are the network administrator for your company. The company's logical network design
consists of a single Active Directory domain. All servers run Windows Server 2008, and all client
computers run Windows Vista.
Organizational units (OUs) were created for each department in the domain, as shown in the exhibit.
(Click the Exhibit(s) button to view.) Multiple Group Policy objects (GPOs) were created and linked to
each OU.
You are considering moving the APayables OU into the Acct OU. However, you are concerned that
this action will result in conflicting Group Policy settings for users in the APayables OU. You want to
identify any existing policies that may cause disruptions for these users before performing this
operation.
Analyze the logged policy results for users in the OU.

Simulate the policy settings for the Acct OU.
Simulate the policy settings for the APayables OU.
From the Acct OU, run Resultant Set of Policies (RSoP) in Logging mode.
From the Acct OU, run Resultant Set of Policies (RSoP) in Planning mode.
From the APayables OU, run Resultant Set of Policies (RSoP) in Logging mode.
From the APayables OU, run Resultant Set of Policies (RSoP) in Planning mode.
B 16_ You are the enterprise administrator for the Verigon Corporation based in Memphis,
Tennessee. Your company has recently purchased the Nutex Corporation, based in Jonesboro,
Arkansas. The Nutex Corporation has been integrated into the Verigon forest. All domain controllers
in the nutex.com tree use Windows Server 2008. All domain controllers in the verigon.com tree use
a combination of Windows Server 2008 and Windows Server 2003. All domains of verigon.com are
located in the Active Directory site of Memphis, and all domains of nutex.com are located in the
Active Directory site of Jonesboro. (Click the Exhibit(s) button to view the Active Directory
structure.)
You create a Group Policy object (GPO) named GPO1 that does the following:
• Configures the Internet Explorer Settings.

• Configures Start Menu and Task Bar Settings.
You create a GPO named GPO2 that does the following:
• Renames the Guest account on the computer.

• Assigns software to the computer.
You want to apply GPO1 to all users in the verigon.com tree. You want to apply GPO2 to all
computers in the nutex.com tree. What should you do?
Link the GPO1 to the verigon.com domain, and link the GPO2 to the nutex.com domain.
Link the GPO1 to the verigon.com domain, and link the GPO2 to the nutex.com domain. Set the
Enforced setting on GPO1 and GPO2.
Link the GPO1 to the Memphis site, and link the GPO2 to the Jonesboro site.
Link the GPO1 and GPO2 to the forest. Limit GPO1 to only verigon.com, and limit GPO2 to
nutex.com by adding only the Domain Users group of the domains in the respective trees to the
respective GPOs.
B 17_ Your company manufactures motor parts for sports cars. The company has a newly installed
Active Directory domain with branch offices in three cities. Each city is configured as an Active
Directory site. All servers run Windows Server 2008, and all client computers run Windows Vista.
Each office has a file server with shared folders containing documents that are read and modified by
engineers. Engineers from all locations must be able to modify the documents in the file server's
shared folder from their local offices.
What must you do to meet these requirements? (Choose three. Each answer is part of the complete
solution.)
Install Distributed File System Namespace and Distributed File System Replication.
Update the Active Directory schema.
Deploy a namespace and add a namespace server.
Add folders to the namespace.
Bridge all site links.
B 18_ You are the administrator for the Nutex Corporation. You have created three Group Policy
objects (GPOs) and linked them to the Sales Organizational Unit (OU). (Click the Exhibit(s) button to
view the Active Directory structure.)
The policies have the following functions:

• User Environment Policy - Configures desktop settings, login scripts, and proxy server
settings.
• IE Settings Policy - Configures the browser home page and other Internet Explorer settings.
• Folder Redirection Policy - Redirects the My Documents folder to the \\FileSrv\Users share.
You notice that the proxy server settings in the User Environment Policy are conflicting with the
settings in the IE Settings Policy. You want to ensure that the settings in the IE Settings Policy are
used.
What should you do to fix the problem?

Set the Link Order setting to 3 for the IE Settings Policy.
Set the Link Order setting to 1 for the IE Settings Policy.
Set the Enforced setting on the User Environment Policy.
Remove the Authenticated Users group from the Security Filtering section of the User
Environment Policy
B 19_ You are the administrator for a company that has a single Active Directory domain with three
Active Directory sites in Atlanta, San Fransisco, and Quebec. All of the servers in the company run
the Windows Server 2008 operating system on a 64-bit platform. All client computers run the
Windows Vista operating system. Some of the client computers use a 32-bit processor and some use
a 64-bit processor.
You want to ensure that computers in two of the sites, San Fransisco and Quebec, have a legacy 32-
bit application installed on them. Employees in the two sites work on two different 10-hour shifts and
thus share the computers. You plan to deploy the software to the two sites via a Group Policy
package. You want to ensure if there is an update to the software package that it will apply to the
computer before the user logs on. Finally, the application should install on the computers in Quebec
even if the French language files are not up to date.
What must you configure? (Choose all that apply.)
Publish the software package.

Assign the software package.
Set the Ignore language when deploying this package setting on the package.
Set the Uninstall this application when it falls out of the scope of management setting on the
package.
Set the Make this 32-bit X86 application available to Win64 machines setting on the
package.
Set the Include OLE class and product information setting on the package.
B 20_ You are the enterprise administrator for your company. Your company has a single forest with
two trees that have three domains each. Each domain within the verigon.com tree contains three file
servers named dc1, dc2, and dc3. (Click the Exhibit(s) button to view the Active Directory structure.)
You want a set of technical support people from verigon.com, east.verigon.com,
west.verigon.com, nutex.com, east.nutex.com, and west.nutex.com to be able to do the following
on the file servers in each domain:
• Back up and restore data on each file server.

• Format the hard disk.
What should you do? (Choose all that apply. Each correct answer presents part of the solution.)
Create a global group called SrvAdmins in each domain of the verigon.com tree and in
each domain of the nutex.com tree.
Create a local group called SrvAdmins in each domain of the verigon.com tree and in each
domain of the nutex.com tree.
Create a universal group called NutexSrvAdmins that contains the SrvAdmins group in
each domain of the nutex.com tree group.
Create a universal group called VerigonSrvAdmins that contains the SrvAdmins group in
each domain of the verigon.com tree group.
Add the NutexSrvAdmins and VerigonSrvAdmins groups as members of the Server
Operators group on dc1, dc2, and dc3 in each domain of the verigon.com tree.
Add the NutexSrvAdmins and VerigonSrvAdmins groups as members of the Backup
Add the NutexSrvAdmins and VerigonSrvAdmins groups as members of the Account
B 21_ Your company has purchased another company in Quebec, Canada. You integrate the new
company into your Active Directory forest. You have upgraded all of the servers to Windows Server
2008. You have upgraded some workstations to Windows Vista, but the remaining workstations are
running Windows 2000 Professional with Service Pack 3.
You want to have Group Policy objects (GPOs) applied to the workstations in the domain that have
both the French and English language. How can you accomplish this? (Choose three. Each correct
answer is part of the solution.)
Upgrade all workstations to Windows Vista

Create a central store on a domain controller
Create a \Policy folder underneath \%windir%\system32
Copy all ADM files to the central store
Copy all ADM files to the local workstation's Policy folder
Copy all language-specific ADML files to the central store
Copy all language-specific ADML files to the local workstation's Policy folder
B 22_ You are the administrator of a company network that has a single Active Directory domain. All
domain controllers are a mixture of Windows Server 2003 and Windows Server 2008. All client
computers are a mixture of Windows XP Professional and Windows Vista.
Your company has recently purchased the business of a competitor. You must evaluate and inventory
what features and roles are installed on the newly purchased servers. In particular, the competitor
had deployed several Windows Server 2008 Server Core Edition servers. Which command would you
run to determine which roles and features are installed on the Server Core servers?
winrs -r:<ServerName> cmd

oclist
ocsetup.exe /log:Query.xml
odeploy.exe /logfile:file.log
B 23_ You are the server administrator for your organization. You have deployed Windows Server
2008 on all servers in your organization, which has a single forest and a single Active Directory
domain. A Windows Server 2008 server named WIN_GC is configured as a global catalog server in
your organization.
You plan to deploy a new computer to be the first read-only domain controller (RODC) in the domain,
which will host read-only partitions of the Active Directory database.
What should be your first step to install an RODC on a Windows Server 2008 computer?
Run the dcpromo / adv command

Log on to the server as a member of the Domain Admins group.
Log on to the server as a member of the Server Operators group.
Run the adprep /domainprep /gpprep command in all domains in the forest
Run the adprep /domainprep command in all domains in the forest
B 24_ You are a server administrator for your organization, which has offices in Germany, Brazil, and
the United States. Your organization has Windows Server 2008 domain controllers and client
computers which run Windows Vista. You have recently deployed a new Windows Server 2008
domain controller in your organization.
Since your organization is multi-lingual, you want to display Group Policy settings in multiple
languages on this Windows Server 2008 domain controller.
Which files do you require? (Choose two. Each choice presents part of the solution.)
.ADMX
.ADM
.ADML
.POL
.BAML
B 25_ You are a server administrator for your company that prepares tax returns for individuals and
corporations. Your company has a single Active Directory domain, and you have deployed Windows
Server 2008 domain controllers in your organization.
You plan to deploy a software application on laptops for the users in the IndividualTax
Organizational Unit (OU). Shortcuts for the application should appear on the desktop or in the Start
menu for these laptops. If the user is promoted and the user's account is moved to the CorporateTax
OU, the application should remove itself from the laptop.
What should you do? (Choose three. Each correct answer is part of a single solution.)
Create a package in a Group Policy in \Computer Configuration\Software Settings\Software

Installation and link the policy at the IndividualTax OU.
Create a package in a Group Policy in \User Configuration\Software Settings\Software
Installation and link the policy at the IndividualTax OU.
Publish the package.
Assign the package.
Configure the package to Uninstall this application when it falls out of scope of
management.
Configure the package to Install this application at logon.
B 26_ You are the administrator of your company's single Active Directory domain. Your company
has a central office headquarters and two branch offices. There is an organizational unit (OU) for
each office. The headquarters office also has three OUs for the IT, Warehouse, and the Development
departments, named IT, Warehouse, and Development, respectively. (Click the Exhibit(s) button to
view the Active Directory structure.)
You have created a Group Policy object (GPO) that sets user login scripts for users. You want this
GPO to apply to all users in the domain except the users in the Warehouse OU.
What should you do?
Link the GPO to the domain, and apply the Block inheritance setting at the Warehouse OU.
Create a global group for all of the Warehouse user accounts. Add the global group to the
Security Filtering section of the GPO.
Link the GPO to the Branch1, HQ, and Branch2 OUs only.
Create a global group for all the Warehouse user accounts. Under the Delegation tab, grant the
Read permission to the global group for the GPO.
B 27_ You are the administrator for the GlobeComm Corporation. You have recently migrated from a
multi-domain Windows 2000 Server environment to a single domain Windows Server 2008
environment. All client computers have been upgraded from Windows 2000 Professional to Windows
XP Professional or Windows Vista.
You plan to make some changes to the users' environment. You create a shared network folder on a
file server to store users' data. You want to ensure the following:
• When a user logs on to various computers on the network, the user's documents are always
available.
• Contents of the user's My Documents folder do not have to be copied between the client
computer and the server each time the user logs on or off.

Create a Group Policy object to enable folder redirection to the shared folder.
Create a Group Policy object to specify the user's home directory to the shared folder.
Create a saved LDAP query of the user accounts. Export the results to a tab-delimited file, modify
the home directory in the file, and use the LDIFDE utility to import the file into Active Directory.
Create a saved LDAP query of the user accounts. Export the results to a tab-delimited file, enable
folder redirection in the file, and use the LDIFDE utility to import the file into Active Directory.
B 28_ You are the administrator of your company. Your company has a single Active Directory
domain. All domain controllers are a mixture of Windows Server 2003 and Windows Server 2008. All
client computers are a mixture of Windows XP Professional and Windows Vista. Several file servers
are Windows Server 2008 Server Core servers.
You need to install a DHCP server on a Windows Server 2008 Server Core installation. Which
command can you use?
Oclist | install "DHCPServer"

winrs /install:DHCP /Server:local
ServerManagerCmd.exe -install DHCPServer
odeploy.exe -install DHCPServer
start /w ocsetup DHCPServer
B 29_ You are the administrator for your company's Active Directory domain. You have the task of
creating, deleting, and managing all the user accounts on the domain. You want to give a select set of
users the ability to create computer and contact objects in all Organizational Units (OUs) in the
domain. These are the only permissions that should be granted to the users. You create a global
group for the users named SupportHelp.
What else must you configure to ensure that SupportHelp can create computer objects and contact
objects?
Delegate the Create, delete and manage user accounts task to SupportHelp at each OU in the
domain.
Add SupportHelp to the Account Operators group.
Use the Delegation of Control Wizard to delegate control of Computer Objects and Contact
Objects at each OU in the domain.
Add SupportHelp to the Server Operators group.
B 30_ Your company has a single Active Directory domain with branch offices in three cities. Each
city is configured as an Active Directory site. All servers run Windows Server 2008, and all client
computers run Windows Vista.
Each office has a file server with shared folders. You want users in each office to be able to access
and update the data in each file server's shared folder on a local server in each office. You also want
to prevent a server that was offline for a long time from overwriting fresh data when it comes back
online with stale data.
Your solution should minimize hardware expenses. What should you configure?
Implement Distributed File System (DFS) Namespaces and DFS Replication.

Implement Cluster Continuous Replication (CCR).
Implement a Network Load Balancing cluster.
Implement a single copy cluster (SCC).
on all domain controllers. Your organization has a main office and a branch office in different cities.
You have deployed a read-only domain controller (RODC) in the branch office.
There is no local administrator role defined on the RODC server after Active Directory Domain
Services (AD DS) installation. You need to add a user in the branch office to the administrator role on
an RODC server to allow the user to configure Administrator Role Separation for RODC.
What command should you run?
Ldp.exe
Adsiedit.msc
dsmgmt.exe
repadmin /add
C_ Monitoring and Maintaining Servers

C 1_ You are a network administrator of GlobeComm, a company that develops software for the tax
accounting industry. Your organization has Windows Server 2008 domain controllers and Windows
Vista client computers. You need to recommend a solution to ensure that an installed WSUS server
applies updates only on the developers' portable computers, and not on any other computers in the
GlobeComm domain. Your solution should enable WSUS to assign the developers' portable
computers to a computer group automatically.
What should you do?
Create a computer group using the WSUS Management console.

Create a computer group using the Group Policy Management console (GPMC).
Enable server-side targeting.
Enable client-side targeting.
C 2_ You are the administrator of your company's application servers. One application server is used
by a group of four users in a department. Recently you have noticed that the four users are opening
many processes on the server, and that the processor load on the server is exceeding 70%.
You want to give equal access to the users and ensure minimum resource availability, while also
ensuring that the processor load is not too great.
Implement Windows System Resource Manager (WSRM) and configure an Equal_Per_Process

resource allocation policy.
Implement WSRM and configure an Equal_Per_User resource allocation policy.
Implement WSRM and configure an Equal_Per_Session resource allocation policy.
Use Windows Remote Management. Configure the service in a GPO. Add the users into the
Security Filtering of the GPO.
Use Windows Remote Management. Configure the service in a GPO. Add the users' computers
into the Security Filtering of the GPO.
C 3_ You are a server administrator for your organization. You have deployed Windows Server 2008
domain controllers in the Active Directory domain. You have deployed Windows XP Service Pack 2
(SP2) and Windows Vista SP1 on client computers in your organization.
There is a computer that runs Windows Vista SP1 in the Sales group that is used by most of the
sales executives. Users in the Sales group store sensitive information on the operating system
volume of this computer. You must recommend a solution to ensure that the sensitive information
stored on this computer is safe from unauthorized access. Your solution should also protect system
files.
What should you do?
Implement Internet Protocol Security (IPsec).

Implement encrypting file system (EFS).
Implement BitLocker drive encryption.
Implement transparent data encryption (TDE).
on all domain controllers and Windows Vista on all client computers. You also deployed Windows
Server Update Services (WSUS) 3.0 on a Windows Server 2008 domain controller in your
organization.
You have set up a test lab with three computers, and created a computer group named Lab on the
WSUS server for the lab computers. The hardware configuration on the lab computers matches the
client computers in the network. You have installed legacy software applications on the lab computers
that are also installed on the client computers in the network.
You need to ensure that all updates will be immediately tested on the Lab computer group before
they can be deployed on client computers in the organization's network. Your solution should require
the least amount of administrative effort.
Which option on the WSUS Administration console should you select for the Lab group?
Select the Approved for Install option in the Approve Updates dialog box.
Select the Deadline option in the Approve Updates dialog box.
Choose the Critical Updates from the Updates dialog box.
Choose the Security Updates from the Updates dialog box.
C 5_ You are the network administrator for the Verigon Corporation. Users must access a Web-based
time attendant system to enter the hours that they worked on a project. Some users work from home
and some work from the office.
You must ensure that all remote users that connect to the corporate LAN via a VPN have the latest
security updates from the WSUS server. A Group Policy that is linked to the domain specifies the
Window Update server as wsus.verigon.com. The following is a partial list of servers that you have
on the network:
You implement Network Access Protection (NAP) and configure a Network Protection Server named
nps.verigon.com to provide centralized health policy configuration and evaluation of NAP client
health state. You configure a Windows Security Health Validator. You enable the Quarantine Clients
that do not have all available security updates installed setting and the Automatic updating
setting. You configure a Remediation Server group for the clients that do not meet the health policy.
Which IP addresses should be included in the Remediation Server group? (Choose all that apply.
Each correct answer is part of the solution.)
10.0.0.5
10.0.0.7
10.0.0.2
10.0.0.15
C 6_ You are the administrator of a company that manufacturers engine parts for racing cars and
boats. Your company has a single Active Directory domain. All servers run Windows Server 2008,
and all desktop computers run Windows Vista.
The company has decided to implement Network Access Protection (NAP) to ensure that all clients
meet the health and security policies set forth by the company. You install the following roles:
• Network Policy Server

• Routing and Remote Access Server
• DHCP Server
You must ensure that all traveling employees have the latest anti-spyware updates and security
patches. The traveling employees have portable computers that run Windows Vista, Windows XP
Professional, and Windows 2000 Professional. Financial resources are constrained, so you do not
want to spend any unnecessary funds.
What should you recommend to ensure that these employees meet the health validation standards
before connecting to the network via a VPN?
Upgrade or replace all old portable computers with those that run Windows Vista.
Upgrade or replace all Windows 2000 Professional portable computers with Windows Vista.
Upgrade or replace all Windows 2000 Professional portable computers with Windows
Vista, and install Service Pack 3 on all Windows XP Professional computers.
Install Service Pack 6 on all Windows 2000 Professional portable computers, and install Service
Pack 3 on all Windows XP Professional computers.
C 7_ You are a network administrator for your organization. You have recently upgraded computers
in your organization to Windows Server 2008 servers and Windows Vista client computers. You are
using a legacy application on a Windows Server 2008 server named 2K8SRV-AS. The legacy
application, when executed, creates image files on the server that require a large amount of space.
Almost 15 users from the Development group access this legacy application on a daily basis. The
server response time is slow when all users in the Development group access the legacy application
at the same time.
Which performance counter should you verify to determine the cause of the problem?
Memory: Available Bytes

Processor: % Processor time
Processor: % User time
Physical Disk: Avg. Disk Queue Length
C 8_ You are the administrator for your network. All servers in your domain run Windows Server
2008, and all desktop and portable computers run Windows Vista.
You have implemented a Network Policy Server to authorize connections to your network. You want
to configure a Network Access Protection (NAP) policy to specify that wireless portable
computers can only connect to the network during business hours. Also, these computers must have
a valid NAP statement of health (SoH).
Which conditions must you place in the policy? (Choose three. Each correct answer is part of the
solution.)
NAS Port Type

Client IPv4 Address
Service Type
Date and Time Restrictions
Identity Type
domain controllers and Windows Vista client computers in your organization.
You are planning to implement Network Access Protection (NAP) in your organization to protect the
computers on the network from unauthorized access.
Which component should you install and configure on a NAP-capable client to ensure that the client
computer can verify its health status to the Network Policy server (NPS)?
Statement of health response (SoHR)

Statement of health (SoH)
System health validator (SHV)
Health policies
C 10_ You are the network administrator for the Verigon Company. The company's network has a
single domain with a main office and four branch offices. All domain controllers and servers run
Windows Server 2008, and the functional level of the domain is Windows Server 2008. Each location
is a separate Active Directory site.
You have configured a Group Policy object (GPO) that starts the Windows Event Collector service on
all computers. You link the GPO to the domain. The Windows Remote Management (WinRM) service
is running on all Windows Server 2008 file servers and Web servers. You would like to collect all
replication errors from the domain controllers in all sites and view them on a file server in the main
office.
What should you do?
On all domain controllers, start the WinRM service and configure its start mode to
Automatic.
On all domain controllers, start the Windows Error Reporting service and configure its start mode
to Automatic.
On the server in the main office, start the WSRM service and configure its start mode to
Automatic.
On all domain controllers, start the WSRM service and configure its start mode to Automatic.
C 11_ You are a server administrator for your organization. Your organization provides on-site
training services to partner companies. You have deployed Windows Server 2008 on domain
controllers and Windows Vista on client computers in your organization.
On-site trainers use a portable computer to provide training within the organization. They use the
same portable computers to access internal network resources. You plan to deploy a Network Access
Protection (NAP) platform to impose health requirements for these computers.
You need to prepare a NAP server in your organization for NAP deployment. What do you need?
(Choose all that apply.)
Statement of health (SoH)

Statement of health response (SoHR)
System health validator (SHV)
Health policies
NAP enforcement client (NAP EC)
C 12_ You are a network administrator for an organization that provides consulting services to its
partner companies. Your organization has Windows Server 2008 domain controllers and Windows
Vista client computers.
Zachary is the Manager for the Human Resources Department. You need to recommend a solution to
ensure that his personal files are protected from other users who access his computer using their own
user accounts. Your solution should not require any special hardware.
What should you do?

Create an Internet Protocol Security (IPsec) policy.
Enable Encrypting File System (EFS) on Zachary's computer.
Enable BitLocker drive encryption on Zachary's computer.
Enable transparent data encryption (TDE) on Zachary's computer.
Enable transparent data encryption (TDE) on all computers in the organization.
C 13_ You are a network administrator for your organization, which has a main office and one branch
office. The branch office does not have Internet access; only the main office has Internet access.
Users in the branch office must access their e-mail using a WAN link to the main office.
Your organization is using Windows Server 2008 domain controllers, Windows Vista client computers,
and an Exchange Server 2007 messaging system. You have deployed Windows Server Update
Services (WSUS) 3.0 on Windows Server 2008 domain controllers in the main office as well as in the
branch office. The WSUS server at the main office is named WSUS-ADMIN, and the one at branch
office is named WSUS-BRANCH.
You have added computers to both the computer group on WSUS-ADMIN and the computer group
on WSUS-BRANCH. You have also configured the WSUS-ADMIN server to receive and store all
updates from Microsoft. You need to recommend a solution for updating the WSUS-BRANCH server
to provide updates to branch office computers. Your solution should use the least administrative
effort.
What should you do?
Export the update files and metadata from WSUS-ADMIN to a DVD, and then import the content
from the DVD to WSUS-BRANCH.
Configure WSUS-BRANCH as a replica server.
Configure WSUS-BRANCH as a downstream server.
Configure WSUS-BRANCH as an upstream server.
C 14_ You are the administrator for a company that has a single domain with forty Windows 2008
Servers and 200 Windows Vista client machines.
You notice that a proprietary application takes up a large amount of memory on the Windows Vista
client computers. In certain instances, the application consumes all of the client workstation's
memory. You cannot deploy an upgrade for the application for two weeks. Until the new application is
ready to deploy, you want to use Reliability and Performance Monitor to create a performance alert
on each computer that will monitor and terminate the memory consumption when it exceeds a set
level. You will use Microsoft System Center Operations Manager 2007 to manage multiple
computers.
What should you configure in your performance alert? (Choose two. Each correct answer is part of
the solution.)
Monitor the Memory\Pages/Sec counter. Set an alert when the counter is above 20 for 10
seconds.
Monitor the Memory\Pages/Sec counter. Set an alert when the counter is below 20 for 10
seconds.
Monitor the Memory\Pages/Sec counter. Set an alert when the counter is above 20 for 45
seconds.
When the alert is triggered, run TSKILL to stop the application.
When the alert is triggered, run SHUTDOWN /R to stop the application
C 15_ You are the administrator for the GlobeComm Corporation. Your company has recently
implemented a schedule that allows employees to work from home part of the time.
All employees connect from home through a VPN. You must ensure that all employee home
computers are in compliance with health standards and have the latest security patches. What should
you implement?
Implement a Network Policy Server (NPS).

Implement an IPSec tunnel from the employee's computer to the VPN server.
Implement an SSTP tunnel from the employee's computer to the VPN server.
Implement an ISA server.
C 16_ You are the enterprise administrator for a company that manufactures airplane engines and
parts. You have a single Active Directory domain with several office locations. All of your servers use
Windows Server 2008. All of the desktop computers and mobile computers in the network use
Windows Vista. The main office and all of the other locations have a Windows Server Update
Services (WSUS) server. Your company employs salespeople who move from location to location.
These salespeople also connect to the company locations from customer sites.
You want to ensure that all computers that attach to the network have the latest anti-virus software
updates, anti-spam software updates, and security updates. Which server roles must you have
installed in each location to ensure this? (Choose three. Each correct answer presents part of the
solution.)
Routing and Remote Access

Certificate Server
Internet Information Server (IIS)
Dynamic Host Configuration Protocol (DHCP) Server service
Read-Only Domain Controller (RODC)
Network Policy Server (NPS)
C 17_ You are the administrator for a company that manufactures plastics. You have a central office
that contains 5,000 computers. You have established a SQL Server 2005 failover cluster and installed
three WSUS servers called WSUS1, WSUS2, and WSUS3. You want to ensure that client computers
are able to receive updates and security patches even if one or more of the WSUS servers go offline.
What should you do? (Choose four. Each correct answer presents part of the solution.)
Configure three WSUS servers to be front-end servers, and configure the SQL Server 2005
server to be a back-end server.
Configure RAID-1 disk subsystems on WSUS1, WSUS2 and WSUS3.
Create a single file location to store updates for the WSUS servers on a DFS share.
Create a file location locally for each WSUS server to store updates on the RAID-1 disk
subsystem.
Configure the WSUS servers to be in an NLB cluster.
In a Group Policy, configure the Specify intranet Microsoft update service location setting for
the client computers as WSUS1, WSUS2, and WSUS3.
In a Group Policy, configure the Specify intranet Microsoft update service location setting
for the client computers as the virtual address of the NLB cluster.
C 18_ You are the network administrator for the Nutex Company. Nutex's network has a single
domain with several locations. All domain controllers and servers run Windows Server 2008. All
clients run Windows Vista. The functional level of the domain is Windows Server 2008.
You have noticed that the same problem occurs on multiple Windows Server 2008 servers. You need
to analyze log data from more than one server for troubleshooting. You want to consolidate events
from each server into a single log and sort it by time stamp to get a better idea of what may be
causing the problem.
You want a file server in main office, called Srv1, to collect all errors from all servers in the main
office and in other locations. What should you do? (Choose two. Each correct answer presents part of
the solution.)
On all servers, start the Windows Remote Management (WinRM) service and configure its
start mode to Automatic.
On all servers, start the Windows Error Reporting service and configure its start mode to
Automatic.
On SRV1, start the Windows Event Collector service and configure its start mode to
Automatic.
On SRV1, open Windows Reliability and Performance Monitor and start the Reliability Monitor.
On all servers, open Windows Reliability and Performance Monitor and start the Reliability
Monitor.
C 19_ You are the network administrator for your organization. Your organization's network has a
single Active Directory domain. You have deployed Windows Server 2008 domain controllers and
Windows Vista client computers in your organization.
You have installed the Terminal Services and Application Server role services on a Windows Server
2008 server named WS08-TAS. You notice that the performance of WS08-TAS is noticeably slower
when remote users are accessing the server or when multiple applications are opened on the server.
The Reliability and Performance Monitor shows the following information:
• Processor: %Processor Time - 85

• Memory: Pages/Sec - 9
• System: Processor Queue Length - 1
• Paging File: % Usage - 50
• Paging File\: Usage Peak - 50
• PhysicalDisk: % Disk Time - 45
• PhysicalDisk: Avg. Disk Queue Length - 1
What should you do to improve system performance?
Upgrade the processor.
Upgrade the disk subsystem to RAID1.
Increase the amount of RAM.
Upgrade disk subsystem to RAID5.
C 20_ You are a server administrator in your company. Your company has a single Active Directory
domain that includes Windows Server 2003 and Windows Server 2008 domain controllers. The client
computers in your organization run Windows Vista Service Pack 1 (SP1) or Windows XP.
You are planning to implement Network Access Protection (NAP) in your organization to protect your
network from unauthorized access.
What should you do? (Choose all compatible operating systems that apply.)
Upgrade the Windows XP computers to Windows Vista.

Upgrade the Windows XP computers to Windows XP SP2.
Upgrade the Windows XP computers to Windows XP SP2 RC2.
Upgrade the Windows XP computers to Windows XP SP3.
Upgrade the Windows Server 2003 domain controllers to Windows Server 2008 domain
controllers.
C 21_ You are the administrator of your company's application servers. One application server is
used by a group of users in the accounting department. Processes on the server are causing the
processor load to exceed 70%. Some processes are taking up more resources than other processes.
Most users open the same number of processes on the server.
You want to give equal access to each process and maintain minimum resource availability while
ensuring that the processor load is not too great. What should you configure?
Implement Windows System Resource Manager (WSRM) and configure an
Equal_Per_Process resource allocation policy.
Implement WSRM and configure an Equal_Per_User resource allocation policy.
Implement WSRM and configure an Equal_Per_Session resource allocation policy.
Use Windows Remote Management. Configure the service in a GPO. Add the users into the
Security Filtering of the GPO.
Use Windows Remote Management. Configure the service in a GPO. Add the users' computers
into the Security Filtering of the GPO.
C 22_ You are the network administrator for your company. The company's network consists of
Windows Server 2008 and Windows Vista computers. The company has a main office and a branch
office. The main office contains a Windows Server Update Services (WSUS) server.
You install WSUS 3.0 on one of the Windows Server 2008 computers in the branch office. You want
to create a computer group to target the portable computers in the branch office to receive specific
updates. However, when you go to the Computers page of the WSUS Administration console to
create the group, groups have already been created. You are unable to create new groups.
What did you do wrong?
You installed the incorrect version of WSUS.

You installed the WSUS server as a replica in the branch office.
You lack the appropriate permissions to perform the procedure.
You installed the WSUS server as a downstream server
C 23_ You are the administrator for the Verigon Corporation. Your company has purchased another
company, the Nutex Corporation. Verigon and Nutex have separate Active Directory forests.
The server5.nutex.com application server must exchange data with the server7.verigon.com
database server. The data transfer must be secure. Users in the Nutex domain must be able to
communicate with server5.nutex.com. Users in the Verigon domain must communicate with
server7.verigon.com.
You use the Windows Firewall with Advance Security to create a connection rule. What must you
configure? (Choose two. Each correct answer presents part of the solution.)
Tunnel Rule with Kerberos authentication

Server-to-Server rule with Kerberos authentication
Server-to-Server rule with PreShared Key authentication
Request authentication for inbound and outbound connections
Require authentication for inbound and outbound connections
on the domain controllers. The client computers in your organization run Windows XP Service Pack 3
(SP3) or Windows Vista SP1. You have deployed Active Directory Domain Services (AD DS) and
Active Directory Certificate Services (AD CS) on a Windows Server 2008 domain controller.
You are setting up AD DS auditing. You need to enable and view all four directory service policy
subcategories on a Windows Server 2008 domain controller.
What should you do?
Enable the global Audit directory service access audit policy, and run GPedit.msc to view the
audit policy subcategories.
Enable the Audit object access audit policy, and run GPedit.msc to view the audit policy
subcategories.
Enable the Directory Service Changes audit policy subcategory, and run Auditpol.exe to view
the audit policy subcategories.
Enable the Directory Service Access audit policy subcategory, and run Auditpol.exe to
view the audit policy subcategories.
C 25_ You are the network administrator for your company's Atlanta office. Your company has a
branch office in Miami. The company has deployed Windows Server 2008 on domain controllers and
Windows Vista on client computers. In the Miami office, Windows Server Update Services (WSUS)
3.0 has been installed on a Windows Server 2008 domain controller.
You network experienced an application failure of the entire site in the Atlanta office caused by the
installation of an untested update. You decide to implement a test lab containing a representation of
all computer types in the Atlanta office. Your goal is for these computers to receive updates first, and
for the other computers in the Atlanta site to receive the updates after testing.
Which of the following approaches would achieve this goal in the most efficient manner with the least
amount of administrative effort? (Choose all that apply.)
Use client-side targeting to populate a group with the test lab computers.
Use server-side targeting to populate a group with the test lab computers.
Create a replica server of the Miami WSUS server in the Atlanta office.
Create the Miami WSUS server as a downstream server of the Atlanta office.
Only approve updates for the All Computers group after testing them on the test lab
computers.
Only approve updates for the test lab computers after testing them on the All Computers group.
C 26_ You are the administrator for a company that manufactures automobiles. All servers in your
domain run Windows Server 2008, and all computers run Windows Vista. For guest use, you have a
set of desktop computers in the lobby of your building and a desktop computer on a desk near the
elevator on each floor of the building.
Employees and guests use the same version of Windows Vista. You want to ensure that these
computers comply with health and security compliance policies before getting an IP address to
connect to the network. You have installed a Network Policy Server. Which condition should you
include in your Network Access Policy (NAP) to ensure the computers meet health and standard
compliance policies?
Create a Machine Groups condition

Create an MS-Service Class condition
Create an Operating System condition
Create a Client IPv4 Address condition and specify the subnet of the guest computers
C 27_ You are the network administrator for your company. The company's network consists of
Windows Server 2008 domain controllers and Windows Vista client computers. You have installed
Windows Server Update Services (WSUS) 3.0 on a Windows Server 2008 domain controller named
MS_WSUS.
Your organization also has a branch office. You are configuring another Windows Server 2008
machine, named BR_WSUS, as a WSUS server in the branch office. You need to recommend a
solution to ensure that a WSUS server in the branch office will automatically pull the configuration
information from the MS_WSUS server installed in the main office every time there is an update.
What should you do?
Export the update metadata and content from MS_WSUS to a DVD, and then import the content
from the DVD to BR_WSUS.
On MS_WSUS, select BR_WSUS as the source server on the Choose Upstream Server page
of the WSUS Administration console, and click Next.
On BR_WSUS, select MS_WSUS as the source server on the Choose Upstream Server
page of the WSUS Administration console, and click Next.
On BR_WSUS, configure the Microsoft Update server as the source server on the Choose
Upstream Server page of the WSUS Administration console, and click Next.
C 28_ Your company has a main office and two branch offices. All offices have connections to the
Internet. The two branch offices have a low-bandwidth link to the main office, but a high-bandwidth
link to the Internet.
You are in responsible for managing updates and security patches for computers in your company.
You want to centrally manage which updates get installed on each computer in all offices.
Install WSUS servers in each branch location only.

Install a central WSUS server in the main office and a downstream WSUS server in each
branch office.
Configure downstream servers to obtain information on which updates to download from a
central WSUS server.
Configure downstream servers to pull updates from the Microsoft Update Web site.
Configure downstream servers to pull updates from a central WSUS server.
Configure clients to pull updates from the WSUS server in their location.
Configure clients to pull updates from the WSUS server in the main office.
C 29_ You are a server administrator for your organization, where you deployed Windows Server
2008 on the domain controllers and Windows Vista on the client computers. You have deployed
Active Directory Domain Services (AD DS) and Active Directory Certificate Services (AD CS) on a
Windows Server 2008 domain controller. You are setting up AD DS auditing to audit changes to
objects in AD DS.
Which audit subcategory should you enable to audit such changes without enabling other policy
subcategories?
Directory Service Access

Directory Service Changes
Directory Service Replication
Detailed Directory Service Replication
D_ Planning Application and Data Provisioning

D 1_ You are a server manager for your company. Your organization has a single Active Directory
domain that contains Windows Server 2008 domain controllers. You have installed Windows Vista
Service Pack 1 (SP1) on the client computers in your organization.
You have deployed a third-party anti-virus software on all computers in your organization. You need
to ensure that all client computers in your organization receive updates for the anti-virus software as
soon as the software updates are released. You have implemented Windows Server Update Services
(WSUS) 3.0 to download updates from the Microsoft Update Web site.
What should you use with WSUS to scan and apply updates on client computers?
Courier Sender Manager

System Center Configuration Manager 2007
System Manager Server
Windows Installer 2.0
D 2_ You are the administrator for the Verigon Corporation. You want to allow users who work from
home or on the road to access computers on the Active Directory domain securely over using
Remote Desktop Protocol (RDP). You install a Windows Server 2008 computer in a screened subnet
with Terminal Services and the TS Gateway role service installed. (Click the Exhibit(s) button to view
the network structure.)
You want to ensure that the TS Gateway server performance is optimized. What else must you do to
configure all remote office workers to securely connect to the computers on the Verigon domain
through a TS Gateway? (Choose six. Each answer presents part of the solution.)
Open port 3389 on the external firewall.

Open port 3389 on the internal firewall.
Open port 443 on the external firewall.
Obtain and configure a certificate for the TS Gateway server.
Create a Terminal Services resource authorization policy (TS RAP).
Create a Terminal Services connection authorization policy (TS CAP).
Limit the maximum number of simultaneous connections though the TS Gateway server.
D 3_ You are a server manager for your organization. Your organization has a single Active Directory
domain that contains Windows Server 2008 domain controllers and Windows Vista client computers.
You have recently installed Microsoft System Center Configuration Manager 2007 on a Windows
Server 2008 server. You plan to use Configuration Manager 2007 to apply software updates to client
computers in your organization.
What must you do to apply software updates on client computers?
Install Windows Installer 2.0.

Configure the software Distribution component settings.
Install Windows Server Update Services (WSUS) 3.0.
Configure a distribution point.
D 4_ You are the server administrator for your organization. You have deployed Windows Server
2008 domain controllers and Windows Vista client computers in an Active Directory domain. You
have deployed the Terminal Services role on a Windows Server 2008 domain controller named WS-
TS. You have installed a legacy application on WS-TS. You need to recommend a solution to ensure
that users can access legacy application installed on WS-TS using their client computers.
What should you do?
Create a Windows Installer (.msi) package for the legacy application.

Create an .rdp file for the legacy application.
Add the legacy application to the RemoteApp programs list on WS-TS.
Configure the TS Web Access feature on WS-TS.
D 5_ You are the administrator for your company. Your company has a single Active Directory
domain. All the servers run Windows Server 2008, and all the clients run Windows Vista or Windows
XP with Service Pack 2.
You have a Web site running on server called Web1. You want to have an application accessed
remotely via a link to the program on the Web site of Web1 by using the Terminal Services Web
Access features in Windows Server 2008 Terminal Services. The application should appear as if it is
running local on the user's machine. What should you do? (Choose three. Each correct answer
presents part of the solution.)
Install the Terminal Server and TS Web Access roles on Web1.

Install the Terminal Server and TS Session Broker roles on Web1.
Ensure that the Windows Process Activation Service feature of the Web Server (IIS) role is
installed on Web1.
Install the Web Server (IIS) role and Windows Deployment Services on Web1.
Use the TS RemoteApp Manager MMC snap-in to add a program the RemoteApp program's
list.
Upgrade all Windows XP client computers to Windows Vista.
D 6_ You are a server administrator for your organization. You have recently upgraded the domain
controllers to Windows Server 2008 in the Active Directory domain. All client computers run Windows
Vista.
You install the File Services role on a Windows Server 2008 domain controller named W2K8-FS. You
share a folder that contains several important reports on W2K8-FS. You configure files and programs
in the shared folder on W2K8-FS to be available even if the server goes down. Users still complain
that they cannot access files stored in the shared folder when the server is not available.
What should you do?
Click the Enable Offline Files button in the General tab of the Offline Files window on W2K8-
FS.
Click the Enable Offline Files button in the General tab of the Offline Files window on the
client computers.
Select the Enable Offline Files check box in the Offline Files tab in the Folder Options window
on the client computers.
Select the Enable Offline Files check box in the Offline Files tab in the Folder Options window
on W2K8-FS
D 7_ You are the administrator for the Nutex Corporation. You have configured a TS Gateway server
to allow users to work from home and securely connect to internal computers via Remote Desktop
Protocol (RDP). You have configured a Terminal Services communication authorization policy (TS
CAP) and a Terminal Services resource authorization policy (TS RAP). All of the desktop computers
run Windows Vista, and all of the servers run Windows Server 2008. All computers on the domain
have static IP addresses.
A user in the office, Michelle Smith, sometimes connects via Remote Desktop to another computer on
the network by using its IP address. When Michelle tries to connect to the computer from her home
through the TS Gateway server, she cannot access the target computer. She can successfully
connect to the target computer from her home using the target computer's computer name.
What could you do to fix the problem?
Reconfigure the TS CAP.

Add the computer to a TS-Gateway-managed computer group by computer name and then
by IP address.
Add A records in DNS.
Add PTR records in DNS.
D 8_ You are the administrator for your company. You have a Windows Server 2008 server with the
IIS role installed. There is an ASP.NET application running on the Web site that is used by all
employees in the company.
You notice that the performance of the Web site slows down at peak times during the day. You want
to ensure that you have improved performance during peak times of the day and that the potential for
denial of service attacks is reduced. What should you configure? (Choose two. Each correct answer
is part of the solution.)
Ensure that the HTTP Keep - Alives setting is disabled.

Ensure that the HTTP Keep - Alives setting is enabled.
Configure the Connection Time-out setting to 90 seconds.
Configure the Connection Time-out setting to 180 seconds.
Configure the Maximum Number of Tracing files setting to 50.
Configure the Maximum Number of Tracing files setting to 100.
D 9_ You are the domain administrator for Nutex Corporation. All servers in your organization run
Windows Server 2008, and all client computers run Windows Vista. A terminal server with the TS
Gateway role is installed on a screened subnet. You want to ensure that engineers in the
ColaProjectEmployees group can securely connect via Remote Desktop Protocol (RDP) to
computers on the internal network when they are working from home. You configure a Terminal
Services Connection Authorization Policy (TS CAP) and a Resource Authorization Policy (TS RAP).
(Click the Exhibit(s) button to view the policies.)
David, a member of the ColaProjectEmployees group, connects remotely to some internal
computers with smart card authentication, and to others with password authentication. David reports
to you that he cannot connect to the cola75 computer with either smart card authentication or
password authentication.
What should you do? (Choose two.)
Ensure that the ColaProjectEmployees group is added to the User Groups tab on the TS
RAP.
Ensure that the Domain Users group is added to the User Groups tab on the TS RAP.
Add the cola75 computer to the ColaProjectComputers group.
Configure David's account to use smart card authentication only.
Configure the cola75 computer to use password authentication only.
Configure smart card authentication only in the TS CAP
D 10_ You are the administrator for your company. Your parent company has upgraded the domain.
All servers run Windows Server 2008, all desktop clients run Windows Vista, and all portable client
computers run Windows XP Professional. You have configured a domain-based Distributed File
System (DFS) namespace. The functional level of your domain is Windows Server 2008.
Several salespeople complain that their portable computers take an excessively long time to
synchronize their offline files when they return to the office. What should you do to fix the problem
while incurring the least possible expense?
Ensure that Service Pack 2 is installed on the portable computers.

Upgrade or replace all portable computers with Windows Vista.
Ensure the Volume Shadowing is enabled on the file servers.
Ensure that the File Replication Service is used.
D 11_ You are a server administrator for your organization. You have recently upgraded the domain
controllers to Windows Server 2008 in the Active Directory domain. All client computers run Windows
XP Service Pack 2 (SP2).
You install the Terminal Services and File Services roles on a Windows Server 2008 domain
controller named W2K8-TFS. On that domain controller, you have shared a folder that contains
several important reports. You take the server offline for maintenance once a week. Users complain
that they cannot access files stored in the shared folder during the maintenance window.
You need to recommend a solution to ensure that users can access shared files and folders on the
server, even if the server is taken offline for maintenance.
What should you do?

Click Edit in the Security tab to change access permissions for the shared folder.
Click Permissions in the Advanced Sharing window to change access permissions for the
shared folder.
Click Advanced in the General tab to change advanced settings for the shared folder.
Click Caching in the Advanced Sharing window to change settings for the shared folder.
D 12_ You are a network administrator for an organization. Your organization has a single Active
Directory domain that contains Windows Server 2008 domain controllers. You have deployed the
Terminal Services role on a Windows Server 2008 domain controller named SRV-TS. You have
installed a legacy application on SRV-TS. You want to ensure that remote users can access the
legacy application through TS RemoteApp.
You need to recommend a solution to create a shortcut icon for the RemoteApp program in the Start
menu for client computers. What should you do?
Create an .rdp file, and specify the location for the program's shortcut icon on the Specify
Package Settings page.
Create an .msi file, and specify the location for the program's shortcut icon on the Specify
Package Settings page.
Create an .rdp file, and specify the location for the program's shortcut icon on the Configure
Distribution Package page.
Create an .msi file, and specify the location for the program's shortcut icon on the
Configure Distribution Package page.
D 13_ You are a server administrator for your organization. Your organization has a single Active
Directory domain that includes Windows Server 2008 domain controllers. You have deployed
Windows Vista on client computers. You have shared folders on a Windows Server 2008 Server Core
computer.
John is a new employee in your organization and needs to add documents to the shared folder in the
c:\documents directory. The Domain Users group has been granted the Allow - Change
permission to the share.
Which command should you use to assign the appropriate permissions to John?
Icacls c:\documents /R John

Icacls c:\documents /R John:w
Icacls c:\documents /G John
Icacls c:\documents /G John:w
D 14_ You are a network administrator for Nutex Corporation. You have deployed Windows Server
2008 domain controllers and Windows Vista Service Pack 1 (SP1) client computers in your
organization. You have installed several server applications on a Windows Server 2008 named
WS08-HP.
You are using Windows System Resource Manager (WSRM) to control CPU utilization for
applications on WS08-HP. You notice that a line of business (LOB) application named nutex.exe is
consuming excessive CPU. All other applications are being administered for CPU and memory usage
using custom and built-in policies of WSRM.
What should you do to control CPU usage for nutex.exe?
Create a built-in resource allocation policy.

Create a custom resource allocation policy.
Remove the application from the user-defined exclusion list.
Add the application to the user-defined exclusion list.
D 15_ You are a network administrator in an organization. You have deployed Windows Server 2008
on domain controllers and Windows Vista Service Pack 1 (SP1) on client computers. You have
installed the Terminal Services role and the File Server role on a Windows Server 2008 computer
named WS08-SEV. You have also installed Windows System Resource Manager (WSRM) on WS08-
SEV to ensure that each user and each session is allocated an equal share of CPU and memory.
Finally, you have configured an accounting database for WSRM to store accounting information.
You notice that the accounting database is reaching its storage limit. You need to defragment the
accounting database to reduce the disk space.
What should you do first to defragment the accounting database for WSRM?
esentutl /d
net stop wsrm
net start wsrm
defrag.exe
D 16_ You are the administrator of a company that produces parts for the aerospace industry. You
have a single domain. All servers use Windows Server 2003 or Windows Server 2008. Most of your
client computers run Windows Vista, but a few still run Windows XP Professional. You have a
Distributed File System (DFS) namespace to help distribute shares throughout the domain.
Several of the Windows XP clients receive the following error message:

"Reconnecting to the network causes a synchronization to occur. In order
to begin synchronizing, all your files and folders must be closed."
You investigate the problem and do not find anything wrong with the bandwidth between the clients
and the servers. You want to prevent the problem from occurring. What should you do? (Choose two.
Each correct answer presents part of the solution.)
Upgrade all Windows XP clients to Service Pack 2.
Ensure that all Windows XP clients have the RDP client 6.x installed.
Upgrade or replace all Windows XP clients with Windows Vista.
Ensure that all Windows Server 2003 file servers have Service Pack 2.
Upgrade all servers to Windows Server 2008.
D 17_ You are a network administrator for your company. You have recently upgraded the domain
controllers to Windows Server 2008 and the client computers to Windows Vista in the company's
network. You have installed the Terminal Services role on a Windows Server 2008 server named
WS08-TS. You need to recommend a solution to ensure that users connecting to WS08-TS get an
equal share of memory resources from WS08-TS.
Click Features in the Server Manager console.

Click Roles in the Server Manager console.
Click the Add Features link, and install Windows System Resource Manager (WSRM).
Click the Add Features link, and install Connection Manager Administration Kit.
Click the Add Roles link, and install the Application Server role service.
Click the Add Roles link, and install the UDDI Services role service.
D 18_ You are the server administrator for your organization. Your organization has multiple Active
Directory domains that include Windows Server 2008 domain controllers. You have deployed
Windows Vista on all client computers. Your organization has multiple Windows Server 2008 servers
configured with the File Services role.
You need to recommend a solution to ensure that multiple shared folders located on different file
servers appear as a single shared folder to users in the organization.
What should you do?
Enable offline caching.

Implement Distributed File System (DFS) replication.
Implement a DFS namespace.
Implement volume shadowing.
D 19_ You are the administrator of your company's single Active Directory domain. You want to
consolidate several line-of-business (LOB) applications on a single terminal server named TS1.
You want to ensure that users are able to access the LOB applications through Internet Explorer. The
users should interact with the program that is running on the terminal server as if it were running
locally.
What must you install on TS1?
Terminal Services Session Broker service

TS Web Access service
TS Gateway Service
Network Policy and Access Service
D 20_ You are a network administrator for your organization. Your organization has a single Active
Directory domain that contains Windows Server 2008 domain controllers. You have deployed the
Terminal Services role and the Web Server (IIS) role on a Windows Server 2008 domain controller
named SRV-TWS.
You need to recommend a solution to ensure that remote users can run legacy applications available
in the RemoteApp list on SRV-TWS. You have created a remote desktop protocol (.rdp) file to enable
remote users to access the legacy applications in the RemoteApp programs list.
What should you use to distribute the .rdp file to remote users? (Choose all that apply.)
Windows Server Update Services (WSUS)

File share
Software Metering feature in Configuration Manager
Collections feature in Configuration Manager
Terminal Services Session Broker
D 21_ You are the administrator for your company's single Active Directory domain. All servers in
your company run Windows Server 2008, and all clients run Windows Vista. You want to virtualize
different applications so that they are never installed on client computers and are dynamically
delivered on demand.
What must you install?
Microsoft Application Virtualization for Terminal Services

Hyper-V
Microsoft Virtual Server
Microsoft Virtual PC
D 22_ You are the server administrator for your organization. You have deployed Windows Server
2008 domain controllers in your Active Directory domain. The client computers in your organization
run Windows XP Service Pack 2 (SP2) or Windows Vista SP1.
The Sales group is using a line-of-business application. You have recently implemented Microsoft
System Configuration Manager 2007. Your organization needs the line-of-business application
installed on computers in the Sales group.
Which feature of Configuration Manager 2007 should you use?
Software Metering
Software Distribution
Software Updates
Collections
D 23_ You are the administrator of the Nutex Corporation. Nutex has just purchased its rival, the
Verigon Corporation. Verigon has several line-of-business (LOB) applications on a variety of
Windows operating system versions and configurations.
You plan to integrate Verigon as a subdomain in the Nutex Active Directory tree. All of the Verigon
servers run either Windows Server 2003 or Windows Server 2008. All client computers run either
Windows 2000 Professional with Service Pack 6 or Windows XP with Service Pack 2.
You need to reduce the costs associated with Verigon's client computers and Verigon's LOB
applications. You decide to reduce the number of servers that run the LOB applications.
Install the LOB applications on a Windows Server 2008 terminal server.

Make the applications available through TS RemoteApp.
Configure the Telnet service to be Automatic on the Terminal Service.
Make the applications available through the Terminal Services Session Broker service.
Upgrade the Windows 2000 Professional Computers to Windows Vista.
Upgrade all client computers to Windows Vista.
Install the Remote Desktop Client 6.x on all client computers.
D 24_ You are the administrator for your company which imports goods from Ireland to the United
States. You have several branch offices located in the United States, configured as separate sites. All
clients run Windows Vista. The domain controllers are a combination of Windows Server 2003 and
Windows Server 2008 servers. The file servers all run Windows Server 2003.
You have multiple shares on file servers at different locations which are connected via a domain-
based namespace. You notice an occasional problem when a server that was taken offline for
maintenance overwrites fresh data when it comes back online. What can you do to prevent stale data
from appearing?
Upgrade all servers to Windows Server 2008, and use volume shadowing.
Disable offline caching on the client computers.
Upgrade all servers to Windows Server 2008, and use DFS replication.
Upgrade all servers to Windows Server 2008, and use File Server Resource Manager
D 25_ You are the administrator of your company's domain. You have users that need access to the
Software share. The software share allows all users to read files. The SoftwareTesters group
should have permission to add files to the folder. (Click the Exhibit(s) button to view the
permissions.)
When Michelle Smith of the SoftwareTesters group attempts to copy a file to the Software share,
she receives an error.
What could be the problem?
Michelle has an explicit permission of Deny - Change on the share.

The SoftwareTesters group has an explict permission of Allow - Modify to the folder.
The Domain Users group has an explicit permission of Allow - Read to the folder.
The Everyone group has an explicit permission of Allow - Read on the share.
D 26_ You are the administrator for your company. The company has a single Active Directory
domain with three branch offices in separate locations. In one of the branch offices, there is limited
local IT support and limited bandwidth.
You want to deploy multiple versions of an application, but you do not want these multiple versions to
conflict with any version already installed locally. What should you do?
Use the Terminal Services Session Broker.

Use Terminal Servers RemoteApp.
Enable Remote Assistance on all client computers in the branch offices.
Install and use the TS Licensing role.
E_ Planning for Business Continuity and Hight Availability

E 1_ Your company consists of two offices in different cities. The offices are connected through a
private WAN link. All servers in both offices run Windows Server 2008 and are assigned static IP
addresses.
You are planning a DHCP infrastructure for the network. There are several thousand client computers
in each office. All client computers must be configured as DHCP clients. The DHCP infrastructure
must be fault tolerant. Failure of any one component should not disrupt DHCP services. You must
implement a solution that requires the minimum number of computers and that will minimize the
volume of TCP/IP configuration traffic on the WAN connection.
What should you do?
In each office, install two DHCP servers, and configure them as a server cluster.
In each office, install one DHCP server with two scopes.
Install a DHCP server with two scopes in one office, and install a DHCP relay agent in the other
office.
In one office, install two DHCP servers, and configure them as a server cluster. In the other office,
install two DHCP relay agents, and configure them as a server cluster
E 2_ You are a network administrator for an organization that provides training to IT professionals.
You have to deliver a class that requires you to load several virtual machines running Windows
Server 2008 on a single computer. Your computer must support at least 48 GB of memory. None of
the virtual hard drives will be larger than 4 GB.
Which editions of Windows Server 2008 can you install to achieve the objective? (Choose two.)
Windows Server 2008 Standard edition on a 64-bit computer

Windows Server 2008 Standard edition on a 32-bit computer
Windows Server 2008 Datacenter edition on a 64-bit computer
Windows Server 2008 Enterprise edition on a 64-bit computer
E 3_ You are the administrator for a single Active Directory domain. You have to upgrade all client
computers to Windows Vista. All servers in the network run either Windows Server 2003 or Windows
Server 2008. You want to create a storage design infrastructure that can use block-based storage
over an existing IP network infrastructure.
What should you implement?
Implement iSCSI.
Implement Fiber Channel.
Implement Virtual Disk Service.
Implement Serial ATA.
E 4_ You are the network administrator for the Verigon Corporation. All your domain controllers run
You want to create multiple snapshots of the Active Directory Domain Services (AD DS). You want to
be able to choose which snapshot to use to restore deleted data with the Active Directory database
mounting tool.
What should you use to create different snapshots of the AD DS?
ntdsutil snapshot
ntbackup /snap
ldp.exe
dsmod.exe
E 5_ You are the administrator for your company's domain. All your servers run Windows Server
2008, and all your clients run Windows Vista. You plan to create a failover cluster with iSCSI disks.
You are using third-party software to configure the iSCSI target.
What should use to test whether your system, storage, and network configuration is suitable for a
cluster?
Install the Cluster Validation Tool.

Run nlb.exe.
Run wlbs.exe.
Run verclsid.exe.
E 6_ You are the administrator for your company's Active Directory domain. All of your domain
controllers run Windows Server 2008. All your file servers are a mixture of Windows Server 2003 and
Windows Server 2008. You have several Exchange 2007 Servers and SQL Server 2005 servers. You
clients are a mixture of Windows XP Professional with Service Pack 2 and Windows Vista Business
edition.
You want to ensure that you will be able to do the following:
• Provide protection from network outages and hardware failures.

• Provide backups of all servers on the network.

File Resource Manager
System Center Data Protection Manager (DPM) 2007
Windows System Resource Manager (WSRM)
SyncToy 1.4
E 7_ You are the server administrator for your organization. Your organization has a single Active
Directory domain where you have deployed Windows Server 2008 domain controllers. You have
installed Windows SharePoint Services (WSS) and Windows Server Update Services (WSUS) on a
Windows Server 2008 domain controller named W2K8-WS.
Which feature should you install or enable to collect information for these service roles?
Install the failover clustering feature.

Install the Windows Internal Database feature.
Install the Removable Storage Manager (RSM) feature.
Install the Storage Manager for Storage Area Networks (SAN) feature.
Enable the network adapter in multicast mode.
E 8_ You are the administrator of your company's single Active Directory domain. You want to
improve the performance and fault tolerance of your current file system.
You upgrade all file servers to Windows Server 2008. Your company has purchased several Network
Attached Storage devices. You want to have a Storage Area Network (SAN) solution that has data
redundancy and data security and can run over the current IP network.
Which type of solution should you implement? (Choose all that apply.)
Implement a Fiber Channel RAID-0 disk subsystem

Implement a Fiber Channel RAID-1 disk subsystem
Implement an iSCSI RAID-0 disk subsystem
Implement an iSCSI RAID-1 disk subsystem
Implement IPsec on the network
Implement SMB signing on clients and servers
E 9_ You are a server administrator for your organization. Your organization has a single Active
Directory domain that includes only Windows Server 2008 domain controllers.
Your organization manages confidential data. You need to perform a full backup of domain controllers
in your organization to ensure that full server recovery can be done in event of domain controller
failures.
Which command should you use while scheduling a backup?
Wbadmin start sysrecovery -version:<MM/DD/YYYY-HH:MM>

Wbadmin get disks
Dsamain.exe enable backup -addtarget:DiskIdentifier
Ntdsutil.exe get disks
E 10_ You are the administrator for your company's domain. You want to set up a Web site that is
available for customers to order products. Customers should be able to browse the inventory and
search all products in the inventory database.
The inventory database is kept on a SQL Server 2005 server. You want to ensure that customers can
order products even when the database server fails. You also want to ensure that performance of the
Web site does not deteriorate as demand increases. What should you do? (Choose two. Each correct
answer presents part of the solution.)
Install multiple IIS servers as front-end servers, and configure them in a NLB cluster.
Install multiple IIS servers, and configure them in a cluster.
Install multiple SQL Server 2005 servers, and configure them in a server cluster.
Install multiple SQL Server 2005 servers as front-end servers, and configure them in a NLB
cluster.
Install IIS on a server. and configure a Web garden.
E 11_ You are the administrator for the www.globecomm.com domain. You have an application
server named App1 that runs Windows Server 2008. App1 has the file server role installed. You
have enabled shadow copies for all volumes and installed the Windows Server Backup Features.
A backup is configured to back up all the server volumes each day. You have recently downloaded
security updates that copied newer .DLL files to App1. Soon after this, users report errors with the
application running on App1. You want to return to the previous versions of the .DLL files until the
application vendor resolves the problem. What should you do to solve the problem?
Use shadow copies to retrieve the previous versions of the .DLL files.
Use wbadmin to retrieve the .DLL files.
Use ntbackup.exe to retrieve the .DLL files.
Use Xcopy to copy the previous versions of the .DLL files from the shadow copy.
E 12_ You are the administrator for your company's Active Directory domain. You have a file server
that contains confidential data. The hardware on the server will soon be upgraded. The file server
runs Windows Server 2008 and has two volumes: the Windows operating system volume and the
Data volume. You want to ensure that the data stored on the Data volume is secure since the Data
volume is currently stored on a portable hard drive. You want to ensure that if the server or the drive
is stolen from the company premises, the confidential data cannot be retrieved.
What should you do?
Encrypt the Data volume with BitLocker.

Use Encrypting File System (EFS) to encrypt the data on the Data volume.
Run cipher *.* /I /H /S from the root of the Data volume.
Run certuil *.* /hashfile from the root of the Data volume
E 13_ You are the network administrator for a company that is an Original Equipment Manufacturer
(OEM). The company has a main office and three branch offices. The company's network consists of
a single Active Directory domain. The branch offices have static IP addresses.
The current DHCP addressing solution for the company uses a split scope between two DHCP
servers in the main office. (Click the Exhibit(s) button to view the DHCP address solution.)
You want to use leased addresses in all your branch offices and eliminate the 80/20 split scope for
the main office. You want to have a leased scope for each subnet in the main office and branch
offices. You need to recommend a DHCP addressing solution for all offices that does not use the
80/20 split scopes. Your recommendation must meet the following requirements:
• Minimizes network traffic between offices.

• Allows clients in each office to automatically obtain IP addresses even if a single DHCP server
fails
What method will you recommend?
Configure the DHCP Server service on a failover cluster.

Configure the DHCP Server service on a network load balancing cluster.
Configure a DHCP relay agent in the main office.
Configure a standby DHCP server in each office
E 14_ You are the administrator of your company's single Active Directory domain. The domain
controllers run Windows Server 2008. The file servers are a mixture of Windows Server 2003 and
Recently you were not able to recover deleted and different versions of files for the Accounting
department. You want to recover deleted files or different versions of files from multiple points in time
on a group of eight file servers in your accounting department. You also want to be able to review
different versions of tax department records from the different file servers if a file is changed.
System Center Data Protection Manager (DPM) 2007.

Windows System Resource Manager (WSRM).
Implement domain-based DFS namespace.
Implement standalone DFS namespace.
E 15_ You are the administrator of a company that sells tickets for sporting events. You have several
clients that need access to Terminal Services. You need to provide a solution to provide load
balancing and to distribute the session load between servers.
What must you install on the terminal server?
Install the TS Web Access role service.

Install the TS Session Broker role service.
Install the TS Licensing role.
Install Windows System Resource Manager 2007 (WSRM).
E 16_ You are the administrator for a single Active Directory domain. All servers in the domain run
Windows Server 2008, and all clients run Windows Vista. You have many clients that use Terminal
Services. You want to create a Terminal Services Farm that provides some fault tolerance in the
event that a server is unavailable. To achieve this, you do the following:
• Install several Terminal Services (TS) servers.

• Install the TS Session Broker Role Service.
• Populate the Session Broker Computers Local Group.
• Join the terminal servers to the Session Broker group, and configure them to participate in the
load balancing.
You want to provide load balancing for the application with the capability to detect offline servers for
initial connectivity. You also want to minimize expenses.
What should you configure next?

Configure Network Load Balancing (NLB) between the terminal servers
Configure DNS round robin and Session Broker Load Balancing (SBLB)
Configure Network Load Balancing (NLB) and Session Broker Load Balancing (SBLB)
Configure a hardware load balancer
E 17_ You are the administrator for a company that manufactures industrial chemicals. All servers in
the single domain run Windows Server 2008, and all clients run Windows Vista. You want to create a
Terminal Services Farm that provides fault tolerance in the event that a server is unavailable. What
must you configure to provide load balancing? (Choose all that apply.)
Install the TS Session Broker role service.

Install the TS Licensing role.
Install Windows System Resource Manager 2007 (WSRM).
Populate the Session Broker Computers Local Group.
Populate the TS Web Access Computers Group.
Populate the TS Web Access Administrators group.
Manage the terminal servers with WSRM and configure them to participate in the load balancing.
Add the DNS entries for the terminal servers.
E 18_ You are the administrator for the Nutex Corporation. The company's domain is a single Active
Directory domain. All domain controllers run either Windows Server 2003 or Windows Server 2008,
and all file servers run Windows Server 2008. All client computers run either Windows XP
Professional with Service Pack 2 or Windows Vista.
You want to install System Center Data Protection Manager (DPM) 2007 to ensure rapid and reliable
data recovery. What must you do?
Install the DPM 2007 on a Windows Server 2008 domain controller.

Ensure that Service Pack 2 is installed on any Windows Server 2003 server before
installing DPM 2007 on the server.
Upgrade all Windows Server 2003 domain controllers to Windows Server 2008. Raise the
functional level of the domain to Windows Server 2008.
Configure an NTFS volume of 1 GB or less on each protected computer.
E 19_ You are the administrator of a company that manufactures consumer pharmaceutical products.
You have a head office in Austin, Texas, and several branch offices across the southeastern United
States. The company has a single Active Directory domain, and each branch office is configured as a
separate site. All of your servers run Windows Server 2008. All of your desktop computers run
Windows XP Professional. All laptop computers run Windows Vista.
You have many employees that visit different offices in the company. You want to make sure that all
clients have the latest patches and security updates. You have a domain-based DFS and DFS
replicas in each location. To ensure the availability of the WSUS servers, you move the patch content
files off each WSUS server to a DFS share that is commonly available to other WSUS servers.
What else must you do to ensure that your WSUS infrastructure is highly available? (Choose all that
apply.)
Create a single DNS entry that points to the IP address of each WSUS server.
Configure the DNS entry as the Windows Update Server in Group Policy, and link the
policy to each site.
Configure the DNS entry along with http : //update.microsoft.com as the Windows Update Server
in Group Policy, and link the policy to each site.
Create a Network Load Balancing cluster for the file servers that contain shares for DFS.
Disable netmask ordering on the DNS server.
E 20_ You are the server administrator for your organization. You have deployed Windows Server
2008 on all servers in your organization.
You want to provide fault tolerance on a Windows Server 2008 computer named SQL_SRV1 that
contains a SQL server instance. You want to ensure that the SQL instance can continue if a single
physical disk fails. You have installed six physical hard drives on SQL_SRV1 :
Disk 0 500 GB
Disk 1 500 GB
Disk 2 600 GB
Disk 3 600 GB
Disk 4 600 GB
Disk 5 600 GB
You mirror the operating and system files for Windows Server 2008 on a RAID-1 volume containing
Disk0 and Disk1 . What should you do to provide fault tolerance and performance for the SQL Server
instance?
Create a RAID-0 volume containing Disk2, Disk3, Disk4 and Disk5. Place the database files on
this volume. Place the transaction logs on the RAID-1 volume of Disk0 and Disk1.
Create a RAID-5 volume containing Disk2, Disk3, Disk4 and Disk5 Place the database files and
transaction logs on the volume.
Create a RAID-0 volume containing Disk2, Disk3, Disk4 and Disk5. Place the transaction logs
and database files on the volume.
Create a RAID-1 volume with Disk2 and Disk3. Place the database files on this RAID-1
volume. Create a RAID-1 volume with Disk4 and Disk5. Place the transaction log files on
this volume.
E 21_ You are the administrator for the Verigon Corporation. Your company has three Active
Directory domains with two branch locations which are configured as separate Active Directory sites.
All servers run Windows Server 2008. You employ several people who travel to different branch
offices. Each of these employee's portable computers is configured in the MobileMachine
Organizational Unit (OU) belonging to the employee's home domain.
Each domain has a GPO that configures local clients to get updates from the local WSUS server. You
have a DFS domain-based namespace with DFS servers in each location that contain replicas. (Click
the Exhibit(s) button to see the Active Directory structure.)
You want to ensure that your roaming clients are configured to get patches and security updates from
the local Windows Server Update Services (WSUS) of the location they are currently in, not the
WSUS server in their original location. You also want to ensure that the WSUS servers are highly
available.
What should you configure? (Choose all that apply.)
Configure an A (host) DNS record for a single fully-qualified domain name that points to
the IP addresses of wsus1.verigon.com, wsus2.bhm.verigon.com, and
wsus3.chl.verigon.com.
Configure a SRV DNS record for a single fully-qualified domain name that points to the IP
addresses of wsus1.verigon.com, wsus2.bhm.verigon.com, and wsus3.chl.verigon.com.
Configure a single GPO that sets the Windows Update server to the single fully-qualified
domain name and link it to each domain.
Configure a single GPO that sets the Windows Update server to be wsus1.verigon.com,
wsus2.bhm.verigon.com, and wsus3.chl.verigon.com.
Set the patch content files for wsus1.verigon.com, wsus2.bhm.verigon.com, and
wsus3.chl.verigon.com to use DFS Shares.
Set the patch content files for wsus1.verigon.com, wsus2.bhm.verigon.com, and
wsus3.chl.verigon.com to use Volume Shadowing.
E 22_ You are the server administrator for your organization. Your organization has a single Active
Directory domain that contains Windows Server 2003 domain controllers. You want to deploy a
Windows Server 2008 domain controller in your organization to provide high availability. You plan to
install the Hyper-V and Windows Clustering features on Windows Server 2008.
Which edition of Windows Server 2008 should you deploy?
Windows Server 2008 Standard edition

Windows Server 2008 Web edition
Windows Server 2008 Datacenter edition
Windows Server 2008 Itanium edition
Directory domain where you have deployed Windows Server 2008 domain controllers.
You are configuring failover clustering for database servers on two Windows Server 2008 servers
named W2K8-FCs and W2K8-FC1. You have configured W2K8-FCs and W2K8-FC1 as clustered
servers for failover clustering. You need to validate the Active Directory configuration for W2K8-FCs
and W2K8-FC1.
What should you do?
Perform a network test using the Validate a Configuration wizard.

Perform an inventory test using the Validate a Configuration wizard.
Perform a storage test using the Validate a Configuration wizard.
Perform a system configuration test using the Validate a Configuration wizard.
Add a second network adapter, and run the Network Load Balancing (NLB) administration tools
Set the network adapter to use multicast mode, and run the Network Load Balancing (NLB)
administration tools
E 24_ You are a network administrator for your organization. Your company has an Active Directory
forest that runs at the Windows Server 2008 functional level.
You plan to implement RAID 5 on a Windows Server 2008 server named W2K8_SR. There are four
disk drives installed on W2K8_SR: DSK-0, DSK-1, DSK-2, and DSK-3. DSK-0, DSK-1, DSK-2, and
DSK-3 have 10 GB, 15 GB, 15 GB, and 20 GB of available disk space, respectively. You have stored
the operating system and the boot files on DSK-0.
What should you do to implement a volume on W2K8_SR that can support a single drive failure?
Create a striped volume using DSK-1, DSK-2, and DSK-3.
Create a striped volume using DSK-0, DSK-1, and DSK-2.
Create a stripe set with parity using DSK-0, DSK-1, and DSK-2.
Create a stripe set with parity using DSK-1, DSK-2, and DSK-3.
E 25_ You are the administrator for your company' network. You implement a disk storage system on
your network that uses block-based storage on a Storage Area Network (SAN) over the existing IP
network. The storage system performs well and does not require any special hardware.
After upgrading several servers to Windows Server 2008, you notice some communication failures
with the storage system. What must you load on the Windows Server 2008 server to fix the problem?
The latest version of the initiator from the manufacturer of Fiber Channel
The latest version of the Microsoft iSCSI initiator
The latest initiator for the Virtual Disk Service
The latest version of the initiator from the manufacturer to implement Serial ATA
E 26_ You are the administrator for the Nutex Corporation's single Active Directory domain. All the
servers in the domain run Windows Server 2008. All client computers run either Windows Vista or
Windows XP.
You have a group of file servers in the Accounting Organizational Unit (OU) that contain secure
data. You configure the operating system volume on each file server to be encrypted by using
BitLocker. You encrypt confidential data on the Data volume with Encrypted File System (EFS). You
create backups of the Data volume and store them on another volume, called Backup.
How do you ensure that designated users in the Accounting OU are able to restore the encrypted
files to the servers?
Create a global group for the designated users, and add them to the Account Operators group
on the servers.
Create a global group for the designated users, and add them to the Backup Operators
group on the servers.
Create a global group for the designated users, and grant them the Create all child objects
permission on the servers in the Accounting OU.
Create a global group for the designated users, and grant them the Take Ownership permission
in the root of the Data volume.
E 27_ You are the administrator of your company's network. All the servers in your domain run
Windows Server 2008, and all your clients run Windows Vista. You have added computers in the
warehouse for the workers who work the morning and evening shifts. After installing the computers,
you receive several requests from warehouse workers to restore files to the server that were
accidently changed by the previous shift. You want to allow these workers to retrieve the changed
files without administrative intervention and assign the least permissions possible for them to do so.
What should you do? (Choose two. Each correct answer is part of a single solution.)
Create a global group called WarehouseWorkers that contains all users in the warehouse.
Create a Group Policy that adds WarehouseWorkers to the HelpServices group.
Create a Group Policy that adds WarehouseWorkers to the Power Users group.
Ensure that shadow copies are enabled on the servers.
Ensure that a shadow copy is created every four hours.
E 28_ You are a server administrator of your organization. You have deployed a Windows Server
2008 domain controller in your organization. Another server administrator in your organization has
mistakenly deleted an organizational unit (OU) containing users from the Sales group. You need to
restore the domain controller.
What should you do before you start the authoritative restore procedure?
Run the wbadmin start systemstaterecovery <otheroptions> -authsysvol command.

Perform a nonauthoritative restore.
Perform a restoration from backup media.
Perform a full server backup.
Directory domain that contains only Windows Server 2008 domain controllers.
A Windows Server 2008 domain controller named W2K8-SRV has crashed, and you need to perform
a full server recovery.
What should you do?
Perform a nonauthoritative restore of AD DS.

Perform an authoritative restore of AD DS.
Run Dsamain.exe to perform a full server recovery of W2K8-SRV.
Run Ntdsutil.exe to perform a full server recovery of W2K8-SRV.
E 30_ You are the administrator of a company with a single Active Directory domain. All your servers
run Windows Server 2008, and all your clients run Windows Vista.
You have employees from different locations who must find parts and part descriptions for customers.
You have a Web server that employees can interface with and use their Web browsers to generate a
query. The Web server sends the query request to a SQL Server 2005 database server that is in a
two-node cluster configuration.
You want to ensure that users can retrieve information from the SQL server even when the Web
server fails. What must you configure?
Install the IIS server role on several servers, and configure the servers into a Microsoft server
cluster (MSCS).
Install the IIS server role on several servers, and configure the servers into a Network Load
Balancing (NLB) cluster.
Install the IIS server role and TS Session Broker role on several servers, and configure the
servers to use the Session Broker service.
Install the IIS server role, and use Windows System Resource Manager 2007 (WSRM) to manage
traffic.

A - Self Test-70-646

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

A - Self Test-70-646

Uploaded by

Copyright:

Available Formats

A 12, A 16, A 20

A_ Planning for Server Deployment

Microsoft Simple Certificate Enrollment Protocol (MSCEP) role service

Internet Information Services (IIS) role services

Active Server Pages (ASP)

Certification Authority Web Enrollment (CAWE) role service

Configure the WDS server to not listen on UDP port 67

Configure the WDS server to listen on UDP port 67

Add Option 60 to the DHCP scope

Block UDP port 4011 on the WDS server

Which solution will meet these requirements?

Use a domain-based DFS

Computer certificates on the VPN client

What should you do?

Install File Server Resource Manager

run the ServerManagerCmd -install BitLocker command

What should you do?

Ensure IIS is installed

Point-to-Point Tunneling Protocol (PPTP)

Enable roaming profiles

Link the GPO to the domain

Use the GPMC to create a new GPO

Add the Credential Roaming template under subordinate

Enable X.509 Certificate and Key Roaming settings

Upgrade the forest level to Windows Server 2008

What should you do?

What should you do?

Install WDS on a 64-bit server.

Run the gpupdate command from the command prompt

Enter location settings for computers and servers

Set locations for your subnets in AD Sited and Services

Enter location Settings for printers

Configure a domain DFS root

What must you do?

Enable the user accounts in the source domain

Notify the users to log on to the source domain

Notify the users to log off from the target domain

Verify that users are able to access resources

Planning for Server Deployment

Configure the root CA to be a stand-alone CA

Use ntdsutil.exe and the move db to command.

What should you use?

Use the Computer Management snap-in on Long_Core.

What must you do to deploy Windows Vista to the new computers?

Create a single image of Windows Vista for all new computers.

What should you do?

Install Hyper-V on a Windows Server 2008 computer with an x86-based processor.

Create a domain-based namespace on WIN_SRV.

What must you configure to deploy images to the new computers?

What should you configure?

B_ Planning for Server Mangament

What should you use?

What should you do?

Add the user to the Performance Log Users group

What should you do to save the information?

What should you do to achieve the objective?

Add Samuel Jones' account to the Server Operators group.

Run RSoP in Logging mode.

Create a global group named TechSupportPersonnel in domain.com.

What should you do?

Add the server administrator to the Performance Log Users group

What else should you configure to deploy an RODC?