Exam 70647 study material Made available by Testkingprep.com
Free 70647 Exam Preparation Questions Exam 70647 : Pro: Windows Server 2008, Enterprise Administrator
For Latest 70647 Exam Questions and study guides visit http://www.testkingprep.com/70647.html
Question:1 You are the Group Policy administrator for your company. All of the user accounts get created in the Users container and then get moved into their appropriate containers. You need to ensure that upon the creation of a new user account, it immediately receives a GPO called New Employee GPO; but other employees do not receive the settings from this GPO. How should you configure your environment? A. Create an OU called New_Employees. Create a GPO called New Employees GPO and link it to the New_Employees OU. Run the redirusr command to redirect all new user accounts to the New_Employees OU. B. Create an OU called New_Employees. Create a GPO called New Employees GPO and link it to the New_Employees OU. Run the redircmp command to redirect all new computer accounts to the New_Employees OU. C. Create an OU called New-Employees. Create a GPO called New Employees GPO and link it to the domain. In the attributes of the GPO, select Enforced. D. Create a GPO called New Employees GPO. Create a global security group called New Employees. Add all new employees to the global security group. In the Delegation tab of the GPO, accept all default entries and then add New Employees security group with the Apply group policy permission set to Allow. Link the GPO to the domain. Answer: A Question:2 You are an enterprise administrator for Hi-Tech Company. The company has a head office and nine branch offices. Each office has 10 domain controllers. The corporate network of the company consists of an Active Directory domain that runs at the functional level of Windows Server 2008. All the domain controllers in the domain run Windows Server 2008. Each office has a local administrator who has the necessary permissions to create and linkdomain-level Group Policy objects. On a Windows Vista client computer, you have recently created custom Administrative Template (.admx) files locally. You now want to implement a GPO management strategy to ensure that the administrators can access the .admx files and any future updates to these files from each office. You also need to ensure that the .admx files remain identical across the company. Which of the following options would you choose to accomplish the desired goal? (Select all that apply. Each select option will form a part of the answer) A. Create a central store in the domain. B. Create a central store on a file server in each office. C. Create and link a GPO to the domain. D. Create and link a GPO to the Domain Controllers organizational unit (OU). E. Copy the custom .admx files to the central store. F. Add the .admx files to the GPO. G. Add the custom .admx files to the GPO. Answer: A, E Question:3 You have been asked to provide an additional security system for your company??s internet activity. This system should act as an underlying cryptography system. It should enable users or computers that have never been in trusted communication before to validate themselves by referencing an association to a trusted third party (TTP). The method of security the above example is referencing is? A. Certificate Authority (CA) B. Nonrepudiation C. Cryptanalysis D. Public Key Infrastructure (PKI) Answer: D
For Latest 70647 Exam Questions and study guides visit http://www.testkingprep.com/70647.html
Question:4 You are an enterprise administrator for Hi-Tech Company. The corporate network of Hi-Tech Company consists of an Active Directory domain. The domain contains servers that run Windows Server 2008 and all client computers that run Windows Vista. All users have accounts in the domain. The network contains two servers that are configured as follows: 1 Server1 - Configured as a domain controller and run Active Directory Domain Services (AD DS). 2 Server2 - Configured as Certification authority and run Internet Information Services (IIS) and Active Directory Certificate Services (AD CS) Which of the following options would you choose to enable all client computers to automatically request and install computer certificates? A. Implement the Network Device Enrollment Service on Server2. B. Implement certification authority Web enrollment support on Server2. C. In the User Configuration section of the Default Domain, enable the Auto-enrollment Settings Policy under Public Key Policies on Server1. D. In the Computer Settings section of the Default Domain Policy, enable auto-enrollment on Server1. Answer: C Question:5 You are planning a Windows Server 2008 Active Directory infrastructure. You have a single location and there is a limited budget. During your planning process, you have determined that the members of the Domain Administrators group should have a password policy that states passwords must be changed every 24 days, and the rest of your users must change their passwords every 42 days, except for members of the Enterprise Admins group. These users must change their passwords every 14 days. What is the best way to accomplish this without going over your budget, and keeping administration to a minimum? A. Create a single forest with three domains. In the forest root domain set a domain-wide password policy that states users must change their passwords every 14 days. Ensure all enterprise-wide administrators are placed into the Enterprise Admins group in the forest root domain. Create two child domains specifying the appropriate password policy in each domain. B. Create a single forest with two domains. In the forest root domain set a domain-wide password policy that states users must change their passwords every 14 days. Place all administrative users into the Enterprise Admins group in this domain, including those specified as Domain Admins. In the child domain, create a domain-wide password policy with the appropriate attributes and ensure only nonadministrative users log on as users from this domain. C. Create a single-domain forest. Place all enterprise-wide users into the Enterprise Admins group, all domain administrators into the Domain Admins group, and all other users into the Users group. Create three password security objects (PSOs) with the appropriate attribute values set and deploy them to the appropriate security groups. D. Create a single-domain forest. Create three organizational units (OU), one for enterprise-wide administrators, one for domain administrators, and one for the rest of your users. Place all enterprise-wide users into the Enterprise Admins OU, all domain administrators into the Domain Admins OU, and all other users into the Users OU. Create three password security objects (PSOs) with the appropriate attribute values set and link them to the appropriate OU. Answer: C Question:6 You are an enterprise administrator for Hi-Tech Company. The corporate network of the company consists of an Active Directory domain that runs at the functional level of Windows Server 2008. An organizational unit (OU) called OUUsers is configured in the domain and hold all user accounts. The company has two departments Sales and Development that are headed by their respective department managers. Both the departments have their respective global security groups that contain all the users of the departments. As an enterprise administrator of the company, you have been assigned the task to
For Latest 70647 Exam Questions and study guides visit http://www.testkingprep.com/70647.html
ensure that the department managers must be allowed to manage the user accounts of only their departments. You also need to ensure that the users of both Sales and Development departments must change their passwords after the interval of 30 days and 45 days respectively. Which of the following options would you choose to accomplish the desired goal by using the minimum amount of administrative effort? (Select three. Each selected option will form a part of the answer.) A. Create a new OU for each department. B. Create a child domain for each department. C. Delegate administration of the OUUsers OU to the department manager of each department. D. Delegate administration to the department manager of each OU. E. Delegate administration to the department manager of each domain. F. Create a new Group Policy object. G. Create a new password policy for each global security group. H. Create a new password policy for each domain. I. Configure the password policy for the new GPO and link it to the OUs. Answer: A, D, G Question:7 You are the Group Policy administrator for your domain and have been tasked with creating a policy that will apply to all of the computers in your domain, except for those computers in the Accounting OU, and including the computers in the Computers container. The computers in the Accounting OU should still receive all of the settings from the Default Domain Policy. How can you design your Group Policy infrastructure to allow the GPO to apply to all computers except for those in the Accounting OU while allowing the settings from the Default Domain Policy to apply to the specified computers? A. Link the new GPO to each of the OUs except for the Accounting OU. On the Default Domain Policy, select Enforced. B. Link the new GPO to the Accounting OU. On the Accounting OU, select Block Inheritance. On the Default Domain Policy, select Enforced. C. Link the new GPO to the domain. On the Accounting OU, select Block Inheritance. On the Default Domain Policy, ensure Authenticated Users have Read and Apply group policy permissions. D. Link the new GPO to the domain. On the Accounting OU, select Block Inheritance. On the Default Domain Policy, select Enforced. Answer: D Question:8 You are in the process of planning the deployment of WSUS at a university. The university is contains five colleges, each of which has its own separate IT staff and Active Directory forest. The university has a single connection to the Internet through which all traffic passes and wants to minimize the amount of data downloaded from the Microsoft Update servers, but each college's IT staff should have responsibility to approve updates. Which of the following WSUS deployment plans should you use? A. Configure one upstream server. Configure a downstream replica server for each college. B. Configure a WSUS server in each college. Configure client computers to retrieve approvals from the WSUS server and updates from Microsoft Update. C. Configure one upstream server. Configure a WSUS server in each college to use autonomous mode but to retrieve updates from the upstream server. D. Configure an autonomous server in each college to retrieve updates from Microsoft Update. Answer: C Question:9 You are a network administrator for Hi-Tech Company. The company recently opened a branch office. The corporate network of the company consists of a single Active Directory domain. The single domain controller of the corporate network of the company runs Windows Server 2008. An organizational unit (OU) that contains all the computer accounts for the new branch office and Microsoft Windows Server Update Services (WSUS) 3.0 to deploy all approved updates to the environment has already been
For Latest 70647 Exam Questions and study guides visit http://www.testkingprep.com/70647.html
configured in the domain. Besides this, the head office contains a server that is used to test and approve all new software updates. As a network administrator of the company, you have been assigned the task to ensure that only the minimum amount of bandwidth is used to download updates from Microsoft Update updates in the branch office and only the approved updates by the head office are allowed to be installed in the new branch office. How would you install WSUS 3.0 server in the Hi-Tech Company domain so that a Group Policy can be Configured for the OU and all computers receive can receive updates from the new WSUS server? A. Install a WSUS 3.0 server as a replica server in the head office. B. Install a WSUS 3.0 server as a stand-alone server in new branch office. C. Install a WSUS 3.0 server as a replica server in the new branch office. D. Install and configure a WSUS 3.0 server as a stand-alone server in the head office. Answer: C Question:10 You are an enterprise administrator for Hi-Tech Company. The corporate network of Hi-Tech Company consists of two Active Directory forests named Hi-Tech.com and Hi-Tech Company.com that run at the functional level of Windows Server 2008. The trust relationship exists between both the forests. All the servers in both the forests run Windows Server 2008. An application server called server1.Hi-Tech.com is configured in TechMasters.com forest. The server hosts an application that is accessed by the users of a global group called Hi-Tech Company Sales in the Hi-Tech.com forest. At your normal security check, you discovered that not only the users of the Hi-Tech Company Sales log into the servers in HiTech.com domain but the users from other groups can also log on to servers in the Hi-Tech.com domain. To remove this security lapse, you decided to implement an authentication solution that would ensure that only the users in the Hi-Tech Company Sales global group are allowed to access server1.Hi-Tech.com. However, the users of this group should not be allowed to access any other server in the Hi-Tech.com forest. You also decided to make sure that the users in the Hi-Tech.com domain must be able to access only resources in the Hi-Tech.com forest. Which of the following options would you choose to accomplish this task? (Select all that apply. Each selected option will form a part of the answer) A. Configure an external trust between the Hi-Tech.com domain and the Hi-Tech.com domain. B. On the server1.Hi-Tech.com computer object, grant the Allowed to Authenticate permission to the Hi-Tech Company Sales global group. C. In the local security policy of server1.Hi-Tech.com, assign the Access this computer from the network option to the Hi-Tech Company Sales global group. D. Set the authentication scope of the existing forest trust in the Hi-Tech.com domain to Allow authentication only for selected resources in the local domain. Answer: B, C, D Question:11 You are assessing the design of an Active Directory infrastructure for a company that has several business units. For legal reasons, these business units must remain separate entities each managing its own Active Directory infrastructure. What would be the best design for this company, keeping their requirements in mind when creating the design? A. Create a single-domain forest, and place each business unit into its own organizational unit (OU). B. Create a single forest, and place each business unit into its own tree. C. Create a single forest and place each business unit into its own domain. D. Create a separate forest for each business unit. Answer: D Question:12 You are an enterprise administrator for Hi-Tech Company. The company has a head office and 10 branch offices. The corporate network of Hi-Tech Company consists of an Active Directory domain. All the domain controllers run Windows Server 2008 and are located in the main office. You have recently deployed Windows Server 2008 domain controller in each branch office. You are concerned about the security of the domain controllers in each branch office. Which of the following options would you enable to configure domain controller of each branch office to ensure that any unauthorized user should not be
For Latest 70647 Exam Questions and study guides visit http://www.testkingprep.com/70647.html
allowed to access user passwords either locally or over the network or when the server is running? A. IPsec policy. B. Windows Firewall. C. Read-only domain controller (RODC) D. Windows BitLocker Drive Encryption (BitLocker). Answer: C Question:13 You are an enterprise administrator for Hi-Tech Company. The company has a head office and two branch offices, each which is configured as an Active Directory site. The corporate network of the company consists of an Active Directory domain that runs at the functional level of Windows Server 2008. All the domain controllers in the domain run Windows Server 2008. The company has five departments. You have recently used domain-level Group Policy object (GPO) to install Microsoft Office on all client computers in the domain. You now want to use the same technique to install a custom application in one of the departments. Besides this you want to restrict access to removable storage devices for all users and implement separate IE proxy settings for each physical location while maintaining all settings applied by the existing GPOs. Which of the following options would you choose to accomplish the desired goal? A. Create a new group for each department, a new GPO for each site, and a new GPO for the domain and use the GPO created for the domain to install the custom application. B. Create a new organizational unit (OU) for each department, a new GPO for each site, a new GPO for the domain, and a GPO for one department OU and use the GPO for the department OU to install the application. C. Create a new organizational unit (OU) for each department, a single GPO for all the sites, a new GPO for the domain, and one GPO for each department OU and use the department GPOs to install the custom application. D. Create a new child domain for each department, a new GPO for each site, a new GPO for each new child domain and then create a single GPO for all the new child domains and use that GPO to install the custom application. Answer: B Question:14 As the network administrator of a large corporate enterprise, it is your responsibility to ensure that all of the machines on your network are running the most current set of approved patches and updates. It is also important you are aware of any operating system security holes that have been introduced by some of your traveling power users who take their laptops with them as they go to client sites. What steps should you take to validate that workstations are in line with company policy? A. Run the Microsoft Baseline Security Analyzer against the domain on a regular basis to poll the workstations. B. Implement WSUS to push patches to the workstations. C. Configure the lockdown settings outlined in the Windows Server 2008 Security Guide. D. Require that every machine be attached to the domain to log on. E. Turn on security auditing on the local machines. Answer: A Question:15 You are an enterprise administrator for Hi-Tech Company. The corporate network of the company consists of an Active Directory domain that runs at the functional level of Windows Server 2008. The company has 30 domain controllers and 20 administrators to manage the domain users and their accounts. You have been assigned the task to implement an audit and compliance policy and ensure that all changes made to Active Directory objects are recorded. Which of the following options would you choose to accomplish this task? A. Run the Security Configuration Wizard (SCW) on all domain controllers of the Hi-Tech Company network.
For Latest 70647 Exam Questions and study guides visit http://www.testkingprep.com/70647.html
B. Configure a Directory Services Auditing policy in the Default Domain Controller Policy. C. Configure and implement a file-level audit policy for the SYSVOL volume in the Default Domain Controller Policy. D. Create and link a GPO to the Domain Controllers OU. Configure the GPO to install the Microsoft Baseline Security Analyzer (MBSA). Answer: B Question:16 You have been hired to assess the installation of a Windows Server 2008 forest for a large company. The company will have nine business units, each using their own IT staff. For security and regulatory reasons, one of these business units must remain separate from the rest of the company. The other eight business units will need to have the ability to make their shared resources available to each other, in the need that a user from one business unit needs access to resources from another business unit. The other eight business units would also like to share a common global catalog (GC) database. Domain controllers from each business unit should not replicate user information to domain controllers outside of the business unit. How should you design Active Directory to meet the needs of this organization, with the least amount of administrative effort? A. Create two forests. In one forest place the eight business units, each in their own domain. In the other forest place the other business unit. As the resource access needs arise, create Domain Local groups in the appropriate domain for giving permissions to the resources. B. Create nine forests. For the eight business units that would like to allow access to each other's users to their resources, set up cross forest trusts. Set up connection objects in Active Directory Sites and Services to allow the GC in each forest to replicate with each other. C. Create one forest. For the business unit that would like to remain separate, create its own tree. Place the other eight business units in the same tree of the forest. D. Create two forests. In one forest place the eight business units, each into their own Organizational Unit (OU). Place all user, computer and domain controller objects into the appropriate OU. In the other forest, place the other business unit. Answer: A Question:17 You are an enterprise administrator for Hi-Tech Company. The company has a head office and 4 zonal offices for East, West, North, and South zones. For each zone separate Active Directory domains are configured. The North domain is the forest root domain. All the domain controllers in the domain run Windows Server 2008. Each domain has a local domain group and a global domain group. The local domain group contains all the local users of a domain and global domain group contains all managers of a domain. On Hi-Tech Company Server1 in East domain an application called App1 is installed that is used by the department managers of the East domain. The users of the local domain group of East domain called EastGroup also have access the application. All global groups are added to EastGroup. As an enterprise administrator of the company, which of the following options would you choose to ensure that any unauthorized member added to EastGroup is automatically removed? A. Deny the Modify permission for the EastGroup domain local group. B. Create and configure the GPO to restrict group membership to the EastGroup group and link the GPO to the East domain. C. Create and configure the GPO to restrict group membership to the global domain group and link the GPO to the North domain. D. Create and configure the GPO to restrict group membership to the global domain group and link the GPO to the North, South, and West domains. Answer: B Question:18 You have upgraded the forest root domain so that it now has Windows Server 2008 DCs. You now plan to upgrade a child domain in the same forest. Assuming that no DC in the forest hosts more than one FSMO role, on which DC in the child domain should you run the adprep /domainprep /gpprep
For Latest 70647 Exam Questions and study guides visit http://www.testkingprep.com/70647.html
command? A. DC hosting the PDC emulator role. B. DC hosting the schema master role. C. DC hosting the RID master role. D. DC hosting the infrastructure master role. E. DC hosting the domain naming master role. Answer: D Question:19 You are an enterprise administrator for Hi-Tech Company. The corporate network of Hi-Tech Company consists of an Active Directory domain. All domain controllers the domain run Windows Server 2003. HiTech Company has recently closed one of its branch offices and merged it with the head office. You have been assigned the task to provide user accounts for the employees of the branch closed and merged. Your solution must support multiple account lockout policies. Which of the following options would you choose to accomplish this task? A. Use Authorization Manager. B. Use Active Directory Federation Services (AD FS). C. Upgrade one domain controller to Windows Server 2008. D. Upgrade all domain controllers to Windows Server 2008. E. Raise the functional level of the domain to Windows Server 2003. F. Raise the functional level of the domain to Windows Server 2008. Answer: D, F Question:20 How can you ensure that replication will successfully occur to a site with only one Windows Server 2008 RODC domain controller? A. Place a Windows Server 2008 full (writable) DC in the site nearest to the RODC. B. Place a Windows Server 2008 RODC in the site nearest to the RODC. C. Make the site link cost to the adjacent site higher than all other costs on site links. D. Construct a site link bridge. Answer: A Question:21 You are an enterprise administrator for Hi-Tech Company. The company has a head office and a branch office. The corporate network of Hi-Tech Company consists of an Active Directory domain. All domain controllers the domain run Windows Server 2008. As an enterprise administrator of the company, you have been assigned the task to install a new server as a read-only domain controller (RODC) in the branch office and complete the RODC installation. You also need to ensure that the users of branch office must only be a member of the Domain Users security group. Which of the following options would you choose to accomplish this task? A. Create an installation media by using ntdsutil to install the new server as RODC. B. Install the new server as RODC and join the new server to the domain. C. Pre-create a read-only domain controller (RODC) account for the branch office server. D. Create an organizational unit (OU) for the branch office and then delegate the full control of the OU to the branch office user. Answer: C Question:22 Does SYSVOL replication work on an RODC? Click here to input the answer. Answer & Explanation Correct Answer SYSVOL replication on an RODC is no different than on normal DCs. It uses FRS and DFS-R to replicate. Explanations No more information available Answer: Pending Question:23
For Latest 70647 Exam Questions and study guides visit http://www.testkingprep.com/70647.html
Your company is implementing Read-only Domain Controllers. You install a Windows Server 2008 domain controller in your domain to support installation of RODCs. Which FSMO role should you assign to this domain controller? A. RID master B. Infrastructure master C. Schema master D. PDC emulator E. Domain naming master Answer: D Question:24 You are an enterprise administrator for Hi-Tech Company. The corporate network of Hi-Tech Company consists of a single Active Directory forest called Hi-Tech.com that contains two domains. All the domain controllers of the forest run Windows Server 2003 and all the file servers run Windows Server 2003 R2 and DFS Replication. You have recently created a new domain called corp.Hi-Tech.com by installing a new domain controller that runs Windows Server 2008. You also prepared the forest schema for the installation of domain controllers that run Windows Server 2008 accomplish this task. You have now been asked to implement an Active Directory solution that allows DFS Replication support for SYSVOL on corp.Hi-Tech.com. You also need to allow the installation of new domain controllers that run Windows Server 2003 in the forest root domain. Which of the following options would you choose to implement the solution? Select all that apply. A. Upgrade all file servers to Windows Server 2008. B. Run adprep /domainprep /gpprep on the corp.Hi-Tech.com domain. C. Run adprep /domainprep on the Hi-Tech.com domain. D. Upgrade all Windows Server 2003 domain controllers to Windows Server 2008. E. Raise the functional level of the forest to Windows Server 2008. F. Upgrade the Windows Server 2003 domain controllers in corp.Hi-Tech.com to Windows Server 2008. G. Raise the functional level of corp.Hi-Tech.com domain to Windows Server 2008. Answer: F, G
For Latest 70647 Exam Questions and study guides visit http://www.testkingprep.com/70647.html
For Latest 70647 Exam Questions and study guides visit http://www.testkingprep.com/70647.html
For complete Exam 70-647 Training kits and Self-Paced Study Material Visit: http://www.testkingprep.com/70-647.html
http://www.testkingprep.com/
For Latest 70647 Exam Questions and study guides visit http://www.testkingprep.com/70647.html