This is a note. Please give me your attention if you are preparing for your Microsoft 70-646 exam. It is really a tough task to pass MCSA 70-646 exam. However, CertBus will help you on that with the most comprehensive PDF and VCEs of the latest MCSA 70-646 exam questions, covering each and every aspect of MCSA 70-646 Windows Server 2008, Server Administrator exam curriculum.
We CertBus has our own expert team. They selected and published the latest 70-646 preparation materials from Microsoft Official Exam-Center: http://www.certgod.com/70-646.html
QUESTION NO:7
Your company has 250 branch offices. Your network contains an Active Directory domain. The
domain controllers run Windows Server 2008 R2. You plan to deploy Readonly Domain
Controllers (RODCs) in the branch offices.
You need to plan the deployment of the RODCs to meet the following requirements:
-Build each RODC at the designated branch office.
-Ensure that the RODC installation source files do not contain cached secrets.
-Minimize the bandwidth used during the initial synchronization of Active Directory Domain
Services (AD?DS).
What should you include in your plan?
A. Use Windows Server Backup to perform a full backup of an existing domain controller. Use the
backup to build the new RODCs.
B. Use Windows Server Backup to perform a custom backup of the critical volumes of an existing
domain controller. Use the backup to build the new RODCs.
C. Create a DFS namespace that contains the Active Directory database from one of the existing
domain controllers. Build the RODCs by using an answer file.
D. Create an RODC installation media. Build the RODCs from the RODC installation media.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc770654(WS.10).aspx
Installing AD DS from Media
Applies To: Windows Server 2008, Windows Server 2008 R2
You can use the Ntdsutil.exe tool to create installation media for additional domain controllers that
you are creating in a domain. By using the Install from Media (IFM) option, you can minimize the
replication of directory data over the network. This helps you install additional domain controllers in
remote sites more efficiently.
Ntdsutil.exe can create four types of installation media, as described in the following table.
You must use read-only domain controller (RODC) installation media to install an RODC. For
RODC installation media, the ntdsutil command removes any cached secrets, such as passwords.
You can create RODC installation media either on an RODC or on a writeable domain controller.
You must use writeable domain controller installation media to install a writeable domain
controller. You can create writeable domain controller installation media only on a writeable
domain controller.
If the source domain controller where you create the installation media and the destination server
where you plan to install ActiveDirectory Domain Services (ADDS) both run Windows Server2008
with Service Pack2 or later or Windows Server2008R2, and if you are using Distributed File
System (DFS) Replication for SYSVOL, you can run the ntdsutil ifm command with an option to
include the SYSVOL shared folder in the installation media. If the installation media includes
SYSVOL, you must use Robocopy.exe to copy the installation media from the source domain
controller to the destination server. For more information, see Installing an Additional Domain
Controller by Using IFM.
QUESTION NO:25
Your network consists of a single Active Directory forest that contains a root domain and two child
domains.
All servers run Windows Server 2008 R2. A corporate policy has the following requirements:
-All local guest accounts must be renamed and disabled.
-All local administrator accounts must be renamed.
-You need to recommend a solution that meets the requirements of the corporate policy.
What should you recommend?
A. Implement a Group Policy object (GPO) for each domain.
B. Implement a Group Policy object (GPO) for the root domain.
C. Deploy Network Policy and Access Services (NPAS) on all domain controllers in each domain
D. Deploy Active Directory Rights Management Services (AD RMS) on the root domain
controllers.
Answer: A
Explanation:
http://www.windowsecurity.com/articles/protecting-administrator-account.html
http://www.pctips3000.com/enable-or-disable-group-policy-object-in-windows-server-2008/
http://blogs.technet.com/b/chenley/archive/2006/07/13/441642.aspx
QUESTION NO:16
Your network contains two servers that run the Server Core installation of Windows Server 2008
R2. The two servers are part of a Network Load Balancing cluster.
The cluster hosts a Web site. Administrators use client computers that run Windows 7.
You need to recommend a strategy that allows the administrators to remotely manage the Network
Load Balancing cluster. Your strategy must support automation.
What should you recommend?
A. On the servers, enable Windows Remote Management (WinRM).
B. On the servers, add the administrators to the Remote Desktop Users group.
C. On the Windows 7 client computers, enable Windows Remote Management (WinRM).
D. On the Windows 7 client computers, add the administrators to the Remote Desktop Users
group.
Answer: A
Explanation:
http://support.microsoft.com/kb/968929
http://msdn.microsoft.com/en-us/library/aa384291(VS.85).aspx
WinRM 2.0
WinRM is the Microsoft implementation of WS-Management Protocol, a standard Simple Object
Access Protocol (SOAP)-based, firewall-friendly protocol that allows for hardware and operating
systems from different vendors to interoperate. The WS-Management Protocol specification
provides a common way for systems to access and exchange management information across an
IT infrastructure.
WinRM 2.0 includes the following new features:
. The WinRM Client Shell API provides functionality to create and manage shells and shell
operations, commands, and data streams on remote computers.
. The WinRM Plug-in API provides functionality that enables a user to write plug-ins by
implementing certain APIs for supported resources and operations.
. WinRM 2.0 introduces a hosting framework. Two hosting models are supported. One is Internet
Information Services (HS)-based and the other is WinRM service-based.
. Association traversal lets a user retrieve instances of Association classes by using a standard
filtering mechanism.
. WinRM 2.0 supports delegating user credentials across multiple remote computers.
. Users of WinRM 2.0 can use Windows PowerShell cmdlets for system management.
. WinRM has added a specific set of quotas that provide a better quality of service and allocate
server resources to concurrent users. The WinRM quota set is based on the quota infrastructure
that is implemented for the IIS service.
USAGE
=====
(ALL UPPER-CASE = value that must be supplied by user.)
winrs [-/SWITCH[:VALUE]] COMMAND
COMMAND – Any string that can be executed as a command in the cmd.exe shell.
SWITCHES
========
(All switches accept both short form or long form. For example both -r and
-remote are valid.)
-r[emote]:ENDPOINT – The target endpoint using a NetBIOS name or the standard connect
ion URL: [TRANSPORT://]TARGET[:PORT]. If not specified
-r:localhost is used.
-un[encrypted] – Specify that the messages to the remote shell will not be encrypted. This is useful
for troubleshooting, or when the network traffic is already encrypted using ipsec, or when physical
security is enforced. By default the messages are encrypted
using Kerberos or NTLM keys. This switch is ignored when HTTPS transport is selected.
-u[sername]:USERNAME – Specify username on command line. If not specified the tool will
use Negotiate authentication or prompt for the name.
If -username is specified, -password must be as well.
-p[assword]:PASSWORD – Specify password on command line. If -password is not specified but username
is the tool will prompt for the password. If -password is specified, -user must be
specified as well.
-t[imeout]:SECONDS – This option is deprecated.
-d[irectory]:PATH – Specifies starting directory for remote shell. If not specified the remote shell will
start in the user\’s home directory defined by the environment variable %USERPROFILE%.
-env[ironment]:STRING=VALUE – Specifies a single environment variable to be set when shell
starts, which allows changing default environment for shell. Multiple occurrences of this switch
must be used to specify multiple environment variables.
-noe[cho] – Specifies that echo should be disabled. This may be necessary to ensure that user\’s
answers to remote prompts are not displayed locally. By default echo is “on”.
-nop[rofile] – Specifies that the user\’s profile should not be loaded. By default the server will
attempt to load the user profile. If the remote user is not a local administrator on the target system
then this option will be required (the default will result in error).
-a[llow]d[elegate] – Specifies that the user\’s credentials can be used to access a remote share, for
example, found on a different machine than the target endpoint.
-comp[ression] – Turn on compression. Older installations on remote machines may not support
compression so it is off by default.
-[use]ssl – Use an SSL connection when using a remote endpoint. Specifying this instead of the
transport “https:” will use the default WinRM default port.
-? – Help
To terminate the remote command the user can type Ctrl-C or Ctrl-Break, which will be sent to the
remote shell. The second Ctrl-C will force termination of winrs.exe.
To manage active remote shells or WinRS configuration, use the WinRM tool. The URI alias to
manage active shells is shell/cmd. The URI alias for WinRS configuration is winrm/conf
ig/winrs. Example usage can be found in the WinRM tool by typing “WinRM -?”.
Examples:
winrs -r:https://myserver.com command
winrs -r:myserver.com -usessl command
winrs -r:myserver command
winrs -r:http://127.0.0.1 command
winrs -r:http://169.51.2.101:80 -unencrypted command
winrs -r:https://[::FFFF:129.144.52.38] command
winrs -r:http://[1080:0:0:0:8:800:200C:417A]:80 command
winrs -r:https://myserver.com -t:600 -u:administrator -p:$%fgh7 ipconfig
winrs -r:myserver -env:PATH=^%PATH^%;c:\tools -env:TEMP=d:\temp config.cmd
winrs -r:myserver netdom join myserver /domain:testdomain /userd:johns /passwordd:$%fgh789
winrs -r:myserver -ad -u:administrator -p:$%fgh7 dir \\anotherserver\share
QUESTION NO:13
Your network contains two DHCP servers. The DHCP servers are named DHCP1 and DHCP2.
The internal network contains 1,000 DHCP client computers that are located on a single subnet. A
router separates the internal network from the Internet. The router has a single IP address on the
internal interface.
DHCP1 has the following scope information:
-Starting IP address: 172.16.0.1
-Ending IP address: 172.16.7.255
-Subnet mask: 255.255.240.0
You need to provide a fault tolerant DHCP infrastructure that supports the client computers on the
internal network. In the event that a DHCP server fails, all client computers must be able to obtain
a valid IP address.
How should you configure DHCP2?
A. Create a scope for the subnet 172.16.0.0/20. Configure the scope to use a starting IP address
of 172.16.8.1 and an ending IP address of 172.16.15.254.
B. Create a scope for the subnet 172.16.0.0/21. Configure the scope to use a starting IP address
of 172.16.0.1 and an ending IP address of 172.16.15.254.
C. Create a scope for the subnet 172.16.8.0/21. Configure the scope to use a starting IP address
of 172.16.8.1 and an ending IP address of 172.16.10.254.
D. Create a scope for the subnet 172.17.0.0/16. Configure the scope to use a starting IP address
of 172.17.0.1 and an ending IP address of 172.17.255.254.
Answer: A
Explanation:
Create a scope for the subnet 172.16.0.0/20.
Configure the scope to use a starting IP address of 172.16.8.1 and an ending IP address of
172.16.15.254.
Subnet 255.255.240.0 is a /20 subnet in CIDR notation, this allows for 4096 client IPs, ranging
from 172.16.0.1 all the way to 172.16.15.254 as DHCP1 only used half of the available IPs then
you should configure DHCP2 to use the other half.
http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing as an aside you could consider the
80/20 design rule for balancing scope distribution of addresses where multiple DHCP servers are
deployed to service the same scope.
Using more than one DHCP server on the same subnet provides increased fault tolerance for
servicing DHCP clients located on it. With two DHCP servers, if one server is unavailable, the
other server can take its place and continue to lease new addresses or renew existing clients.
A common practice when balancing a single network and scope range of addresses between two
DHCP servers is to have 80 percent of the addresses distributed by one DHCP server and the
remaining 20 percent provided by a second.
QUESTION NO:10
Your network consists of a single Active Directory domain. All domain controllers run Windows
Server 2008 R2.
You need to implement a Certificate Services solution that meets the following requirements:
-Automates the distribution of certificates for internal users
-Ensures that the network\’s certificate infrastructure is as secure as possible
-Gives external users access to resources that use certificate based authentication
What should you do?
A. Deploy an online standalone root certification authority (CA). Deploy an offline standalone root
CA.
B. Deploy an offline enterprise root certification authority (CA). Deploy an offline enterprise
subordinate CA.
C. Deploy an offline standalone root certification authority (CA). Deploy an online enterprise
subordinate CA. Deploy an online standalone subordinate CA.
D. Deploy an online standalone root certification authority (CA). Deploy an online enterprise
subordinate CA. Deploy an online standalone subordinate CA.
Answer: C
Explanation:
Certification authority hierarchies
The Microsoft public key infrastructure (PKI) supports a hierarchical certification authority (CA)
model. A certification hierarchy provides scalability, ease of administration, and consistency with a
growing number of commercial and other CA products.
In its simplest form, a certification hierarchy consists of a single CA. However, in general, a
hierarchy will contain multiple CAs with clearly defined parent-child relationships. In this model, the
child subordinate certification authorities are certified by their parent CA-issued certificates, which
bind a certification authority\’s public key to its identity. The CA at the top of a hierarchy is referred
to as the root authority, or root CA. The child CAs of the root CAs are called subordinate
certification authorities (CAs).
A root certification authority (CA) is the top of a public key infrastructure (PKI) and generates a
self-signed certificate. This means that the root CA is validating itself (self-validating). This root CA
could then have subordinate CAs that effectively trust it. The subordinate CAs receive a certificate
signed by the root CA, so the subordinate CAs can issue certificates that are validated by the root
CA. This establishes a CA hierarchy and trust path.
http://social.technet.microsoft.com/wiki/contents/articles/2900.offline-root-certification-authorityca.
aspx
Certification authority hierarchies
The Microsoft public key infrastructure (PKI) supports a hierarchical certification authority (CA)
model. A certification hierarchy provides scalability, ease of administration, and consistency with a
growing number of commercial and other CA products.
In its simplest form, a certification hierarchy consists of a single CA. However, in general, a
hierarchy will contain multiple CAs with clearly defined parent-child relationships. In this model, the
child subordinate certification authorities are certified by their parent CA-issued certificates, which
bind a certification authority\’s public key to its identity. The CA at the top of a hierarchy is referred
to as the root authority, or root CA. The child CAs of the root CAs are called subordinate
certification authorities (CAs).
Authentication and Authorization
Stand-alone CAs use local authentication for certificate requests, mainly through the Web
enrollment interface.
Stand-alone CAs provide an ideal service provider or commercial PKI provider platform for issuing
certificates to users outside of an Active Directory environment where the user identity is
separately verified and examined before the request is submitted to the CA.
Offline and Online CAs
Traditionally, the decision of whether to use either an online or offline CAs involves a compromise
between availability and usability versus security. The more sensitive that the key material is and
the higher the security requirements are, the less accessible the CA should be to users.
Specifying CA Roles
An ideal PKI hierarchy design divides the responsibility of the CAs. A topology that is designed
with requirements that have been carefully considered provides the most flexible and scalable
enterprise configuration. In general, CAs are organized in hierarchies. Single tier hierarchies might
not provide adequate security compartmentalization, extensibility and flexibility. Hierarchies with
more than three tiers might not provide additional value regarding security, extensibility and
flexibility.
The most important consideration is protecting the highest instance of trust as much as possible.
Single-tier hierarchies are based on the need to compartmentalize risk and reduce the attack
surface that is available to users who have malicious intent. A larger hierarchy is much more
difficult to administer, with little security benefit.
Depending on the organization\’s necessities, a PKI should consist of two or three logical levels
that link several CAs in a hierarchy. Administrators who understand the design requirements for a
three-level topology may also be able to build a two-level topology.
A three-tier CA hierarchy consists of the following components:
A root CA that is configured as a stand-alone CA without a network connection
One or more intermediate CAs that are configured as stand-alone CAs without a network
connection
One or more issuing CAs that are configured as enterprise CAs that are connected to the network
Also worth a look though it refers to windows 2003
http://technet.microsoft.com/en-us/library/cc779714(WS.10).aspx
QUESTION NO:8
Your network consists of a single Active Directory domain. The network is located on the
172.16.0.0/23 subnet.
The company hires temporary employees. You provide user accounts and computers to the
temporary employees. The temporary employees receive computers that are outside the Active
Directory domain. The temporary employees use their computers to connect to the network by
using wired connections and wireless connections.
The company\’s security policy specifies that the computers connected to the network must have
the latest updates for the operating system.
You need to plan the network\’s security so that it complies with the company\’s security policy.
What should you include in your plan?
A. Implement a Network Access Protection (NAP) strategy for the 172.16.0.0/23 subnet.
B. Create an extranet domain within the same forest. Migrate the temporary employees\’ user
accounts to the extranet domain. Install the necessary domain resources on the 172.16.0.0/23
subnet.
C. Move the temporary employees\’ user accounts to a new organizational unit (OU). Create a new
Group Policy object (GPO) that uses an intranet Microsoft Update server. Link the new GPO to the
new OU.
D. Create a new subnet in a perimeter network. Relocate the wireless access point to the
perimeter network. Require authentication through a VPN server before allowing access to the
internal resources.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/dd125338(WS.10).aspx
Network Access Protection Design Guide
Updated: October 6, 2008
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
Network Access Protection (NAP) is one of the most anticipated features of the
WindowsServer.2008 operating system. NAP is a new platform that allows network
administrators to define specific levels of network access based on a client
QUESTION NO:11
Your network contains an Active Directory forest named contoso.com.
You plan to deploy a new child domain named branch.contoso.com. The child domain will contain
two domain controllers. Both domain controllers will have the DNS Server server role installed. All
users and computers in the branch office will be members of the branch.contoso.com domain.
You need to plan the DNS infrastructure for the child domain to meet the following requirements:
-Ensure resources in the root domain are accessible by fully qualified domain names.
-Ensure resources in the child domain are accessible by fully qualified domain names.
-Provide name resolution services in the event that a single server fails for a prolonged period of
time.
-Automatically recognize when new DNS servers are added to or removed from the contoso.com
domain.
What should you include in your plan?
A. On both domain controllers, add a conditional forwarder for contoso.com and create a standard
primary zone for branch.contoso.com.
B. On both domain controllers, modify the root hints to include the domain controllers for
contoso.com. On one domain controller, create an Active Directory-integrated zone for
branch.contoso.com.
C. On one domain controller create an Active Directory-integrated zone for branch.contoso.com
and create an Active Directory-integrated stub zone for contoso.com.
D. On one domain controller, create a standard primary zone for contoso.com. On the other
domain controller, create a standard secondary zone for contoso.com.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc772101.aspx
http://technet.microsoft.com/en-us/library/cc771898.aspx
Understanding DNS Zone Replication in Active Directory Domain Services
Applies To: Windows Server 2008, Windows Server 2008 R2
You can store Domain Name System (DNS) zones in the domain or application directory partitions
of Active Directory Domain Services (AD DS). A partition is a data structure in AD DS that
distinguishes data for different replication purposes. For more information, see Understanding
Active Directory Domain Services Integration.
The following table describes the available zone replication scopes for AD DS-integrated DNS
zone data.
When you decide which replication scope to choose, consider that the broader the replication
scope, the greater the network traffic caused by replication. For example, if you decide to have AD
DS-integrated DNS zone data replicated to all DNS servers in the forest, this will produce greater
network traffic than replicating the DNS zone data to all DNS servers in a single AD DS domain in
that forest.
AD DS-integrated DNS zone data that is stored in an application directory partition is not
replicated to the global catalog for the forest The domain controller that contains the global catalog
can also host application directory partitions, but it will not replicate this data to its global catalog.
AD DS-integrated DNS zone data that is stored in a domain partition is replicated to all domain
controllers in its AD DS domain, and a portion of this data is stored in the global catalog. This
setting is used to support Windows 2000.
If an application directory partition\’s replication scope replicates across AD DS sites, replication
will occur with the same intersite replication schedule as is used for domain partition data.
By default, the Net Logon service registers domain controller locator (Locator) DNS resource
records for the application directory partitions that are hosted on a domain controller in the same
manner as it registers domain controller locator (Locator) DNS resource records for the domain
partition that is hosted on a domain controller.
Primary zone
When a zone that this DNS server hosts is a primary zone, the DNS server is the primary source
for information about this zone, and it stores the master copy of zone data in a local file or in AD
DS. When the zone is stored in a file, by default the primary zone file is named rone_name.dns
and it is located in the %windir%\System32\Dns folder on the server.
Secondary zone
When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary
source for information about this zone. The zone at this server must be obtained from another
remote DNS server computer that also hosts the zone. This DNS server must have network
access to the remote DNS server that supplies this server with updated information about the
zone. Because a secondary zone is merely a copy of a primary zone that is hosted on another
server, it cannot be stored in AD DS.
Stub zone
When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for
information about the authoritative name servers for this zone. The zone at this server must be
obtained from another DNS server that hosts the zone. This DNS server must have network
access to the remote DNS server to copy the authoritative name server information about the
zone.
You can use stub zones to:
. Keep delegated zone information current. By updating a stub zone for one of its child zones
regularly, the DNS server that hosts both the parent zone and the stub zone will maintain a current
list of authoritative DNS servers for the child zone.
. Improve name resolution. Stub zones enable a DNS server to perform recursion using the stub
zone\’s list of name servers, without having to query the Internet or an internal root server for the
DNS namespace.
. Simplify DNS administration. By using stub zones throughout your DNS infrastructure, you can
distribute a list of the authoritative DNS servers for a zone without using secondary zones.
However, stub zones do not serve the same purpose as secondary zones, and they are not an
alternative for enhancing redundancy and load sharing.
There are two lists of DNS servers involved in the loading and maintenance of a stub zone:
. The list of master servers from which the DNS server loads and updates a stub zone. A master
server may be a primary or secondary DNS server for the zone. In both cases, it will have a
complete list of the DNS servers for the zone.
. The list of the authoritative DNS servers for a zone. This list is contained in the stub zone using
name server (NS) resource records.
When a DNS server loads a stub zone, such as widgets.tailspintoys.com, it quenes the master
servers, which can be in different locations, for the necessary resource records of the authoritative
servers for the zone widgets.tailspintoys.com. The list of master servers may contain a single
server or multiple servers, and it can be changed anytime.
QUESTION NO:18
Your network consists of a single Active Directory domain. The network contains five Windows
Server 2008 R2 servers that host Web Applications. You need to plan a remote management
strategy to manage the Web servers.
Your plan must meet the following requirements:
-Allow Web developers to configure features on the Web sites
-Prevent Web developers from having full administrative rights on the Web servers
What should you include in your plan?
A. Configure request filtering on each Web server.
B. Configure authorization rules for Web developers on each Web server.
C. Configure the security settings in Internet Explorer for all Web developers by using a Group
Policy.
D. Add the Web developers to the Account Operators group in the domain.
Answer: B
Explanation:
http://mscerts.programming4.us/windows_server/windows server 2008 contro
lling access to web services (part 5) %
20managing url authorization rules.aspx
Managing URL Authorization Rules
Authorization is a method by which systems administrators can determine which resources and
content are available to specific users Authorization relies on authentication to validate the identity
of a user. Once the identity has been proven, authorization rules determine which actions a user
or computer can perform IIS provides methods of securing different types of content using URL-
based authorization. Because Web content is generally requested using a URL that includes a full
path to the content being requested, you can configure authorization settings easily, using IIS
Manager
Creating URL Authorization Rules
To enable URL authorization, the UrlAuthorizationModule must be enabled Authorization rules can
be configured at the level of the Web server for specific Web sites, for specific Web applications,
and for specific files (based on a complete URL path). URL authorization rules use inheritance so
that lower-level objects inherit authorization settings from their parent objects (unless they are
specifically overridden).
To configure authorization settings, select the appropriate object in the left pane of IIS Manager,
and then select Authorization Rules in Features View. Figure 6 shows an example of multiple rules
configured for a Web site.
Figure 6. Viewing authorization rules for a Web site
There are two types of rules: Allow and Deny. You can create new rules by using the Add Allow
Rule and Add Deny Rule commands in the Actions pane The available options for both types of
rules are the same.
(See Figure 7) When creating a new rule, the main setting is to determine to which users the rule
applies. The options are:
. All Users
. All Anonymous Users
. Specific Roles Or User Groups
. Specific Users
When you choose to specify users or groups to which the rule applies, you can type the
appropriate names in a command-separated list. The specific users and groups are defined using
NET role providers. This is a standard feature that is available to ASP NET Web developers.
Developers can create their own roles and user accounts and can define permissions within their
applications. Generally, information about users and roles is stored in a relational database or
relies on a directory service such as Active Directory.
In addition to user and role selections, you can further configure an authorization rule based on
specific HTTP verbs. For example, if you want to apply a rule only for POST commands (which are
typically used to send information from a Web browser to a Web server), add only the POST verb
to the rule
Managing Rule Inheritance
As mentioned earlier in this section, authorization rules are inherited automatically by lower-level
objects This is useful when your Web site and Web content is organized hierarchically based on
intended users or groups The Entry Type column shows whether a rule has been inherited from a
higher level or whether it has been defined locally IIS Manager automatically will prevent you from
creating duplicate rules. You can remove rules at any level, including both Inherited and Local
entry types
QUESTION NO:15
Your network consists of a single Active Directory domain. The network contains two Windows
Server 2008 R2 computers named Server1 and Server2. The company has two identical print
devices. You plan to deploy print services.
You need to plan a print services infrastructure to meet the following requirements:
-Manage the print queue from a central location.
-Make the print services available, even if one of the print devices fails.
What should you include in your plan?
A. Install and share a printer on Server1. Enable printer pooling.
B. Install the Remote Desktop Services server role on both servers. Configure Remote Desktop
Connection Broker (RD Connection Broker).
C. Install and share a printer on Server1. Install and share a printer on Server2. Use Print
Management to install the printers on the client computers.
D. Add Server1 and Server2 to a Network Load Balancing cluster. Install a printer on each node of
the cluster.
Answer: A
Explanation:
http://www.techrepublic.com/blog/datacenter/configure-printer-pooling-in-windows-server2008/
964
Managing printers can be the bane of a Windows administrator. One feature that may assist you
with this task is the Windows printer pooling feature. Windows Server 2008 offers functionality that
permits a collection of multiple like-configured printers to distribute the print workload.
Printer pooling makes one share that clients print to, and the jobs are sent to the first available
printer. Configuring print pooling is rather straightforward in the Windows printer configuration
applet of the Control Panel. Figure A shows two like-modeled printers being pooled.
To use pooling, the printer models need to be the same so that the driver configuration is
transparent to the end device; this can also help control costs of toner and other supplies. But plan
accordingly
QUESTION NO:9
Your company has a main office and two branch offices. The main office is located in London. The
branch offices are located in New York and Paris.
Your network consists of an Active Directory forest that contains three domains named
contoso.com, paris.contoso.com, and newyork.contoso.com. All domain controllers run Windows
Server 2008 R2 and have the DNS Server server role installed.
The domain controllers for contoso.com are located in the London office. The domain controllers
for paris.contoso.com are located in the Paris office. The domain controllers for
newyork.contoso.com are located in the New York office.
A domain controller in the contoso.com domain has a standard primary DNS zone for
contoso.com. A domain controller in the paris.contoso.com domain has a standard primary DNS
zone for paris.contoso.com. A domain controller in the newyork.contoso.com domain has a
standard primary DNS zone for newyork.contoso.com.
You need to plan a name resolution strategy for the Paris office that meets the following
requirements:
-If a WAN link fails, clients must be able to resolve hostnames for contoso.com.
-If a WAN link fails, clients must be able to resolve hostnames for newyork.contoso.com.
-The DNS servers in Paris must be updated when new authoritative DNS servers are added to
newyork.contoso.com.
What should you include in your plan?
A. Configure conditional forwarding for contoso.com. Configure conditional forwarding for
newyork.contoso.com.
B. Create a standard secondary zone for contoso.com. Create a standard secondary zone for
newyork.contoso.com.
C. Convert the standard zone into an Active Directoryintegrated zone. Add all DNS servers in the
forest to the root hints list.
D. Create an Active Directoryintegrated stub zone for contoso.com. Create an Active
Directoryintegrated stub zone for newyork.contoso.com.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc771640.aspx
http://technet.microsoft.com/en-us/library/cc771898.aspx
Understanding Zone Delegation
Applies To: Windows Server 2008, Windows Server 2008 R2
Domain Name System (DNS) provides the option of dividing up the namespace into one or more
zones, which can then be stored, distributed, and replicated to other DNS servers. When you are
deciding whether to divide your DNS namespace to make additional zones, consider the following
reasons to use additional zones:
. You want to delegate management of part of your DNS namespace to another location or
department in your organization.
. You want to divide one large zone into smaller zones to distribute traffic loads among multiple
servers, improve DNS name resolution performance, or create a more-fault-tolerant DNS
environment.
. You want to extend the namespace by adding numerous subdomains at once, for example, to
accommodate the opening of a new branch or site.
Secondary zone
When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary
source for information about this zone. The zone at this server must be obtained from another
remote DNS server computer that also hosts the zone. This DNS server must have network
access to the remote DNS server that supplies this server with updated information about the
zone. Because a secondary zone is merely a copy of a primary zone that is hosted on another
server, it cannot be stored in AD DS.
CertBus exam braindumps are pass guaranteed. We guarantee your pass for the 70-646 exam successfully with our Microsoft materials. CertBus Windows Server 2008, Server Administrator exam PDF and VCE are the latest and most accurate. We have the best Microsoft in our team to make sure CertBus Windows Server 2008, Server Administrator exam questions and answers are the most valid. CertBus exam Windows Server 2008, Server Administrator exam dumps will help you to be the Microsoft specialist, clear your 70-646 exam and get the final success.
70-646 Latest questions and answers on Google Drive(100% Free Download): https://drive.google.com/file/d/0B_3QX8HGRR1mYlZ0VmhMc2JaTlE/view?usp=sharing
70-646 Microsoft exam dumps (100% Pass Guaranteed) from CertBus: http://www.certgod.com/70-646.html [100% Exam Pass Guaranteed]
Why select/choose CertBus?
Millions of interested professionals can touch the destination of success in exams by certgod.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.
 |  |  |  |  | |
|---|---|---|---|---|---|
 |  | | |  | |
| Brand | Certbus | Testking | Pass4sure | Actualtests | Others |
| Price | $45.99 | $124.99 | $125.99 | $189 | $69.99-99.99 |
| Up-to-Date Dumps |  |  | | | |
| Free 365 Days Update | | | | | |
| Real Questions | | | | | |
| Printable PDF | | | | | |
| Test Engine | | | | | |
| One Time Purchase | | | | | |
| Instant Download | | | | | |
| Unlimited Install | | | | | |
| 100% Pass Guarantee | | | | | |
| 100% Money Back | | | | | |
| Secure Payment | | | | | |
| Privacy Protection | | | | | |