70-647 - PRO: Windows Server 2008, Enterprise Administrator

Go back to Microsoft

Example Questions

Your company has a main office and five branch offices. Each office contains servers that run Windows Server 2008 R2. You need to prepare the environment for the installation of Active Directory domain controllers in the branch offices. The solution must meet the following requirements: - Ensure that the minimum amount of replication traffic is sent between offices. - Ensure that users always attempt to authenticate to a domain controller in their local office, unless it is unavailable. You install the first domain controller on the network in the main office. What should you do next? You are designing the DNS name resolution strategy for the internal network. What should you do? You work as an enterprise administrator at ABC.com. The company network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. All domain controllers in the domain run Windows Server 2008 R2. The client computers run a mix of Windows XP Professional and Windows 7 Professional. All client computer accounts are located in an organizational unit (OU) named Client_Computers. All user accounts are located in an organizational unit (OU) named AllUsers. A group policy object (GPO) named Software is linked to the AllUsers OU. The Software GPO assigns standard company software to all company users. ABC has a graphics department. 50 users work in the graphics department. The company has purchased a new graphics application. The graphics application must be used by only members of the graphics department. You need to design a software deployment solution to simplify software deployment and ensure that future users receive the correct software. You create a global security group named Graphics_Users and add the members of the graphics department to the group. How should you configure the software distribution? You are designing a strategy to assign IP addresses to meet the business and technical requirements. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) You need to recommend a backup strategy for the VMs that supports the company s planned changes. What should you include in the recommendation? You are designing a migration strategy to create user IDs for all company users in the new environment. What should you do? You work as an enterprise administrator at ABC.com. The network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. All servers on the network run Windows Server 2008 R2. ABC.com has its main office in Chicago and branch offices in Boston, Atlanta, Miami and Dallas. Each office is configured as a separate Active Directory site. All offices are connected to each other by slow WAN links. Four domain controllers named ABC-DC01, ABC-DC02, ABC-DC03 and ABC-DC04 are installed in the Chicago office. The Chicago office domain controllers are located in the default Domain Controllers container in Active Directory. To improve logon times for the branch offices, you been assigned the task of deploying domain controllers in the branch offices. The domain controllers in each office must authenticate users from the local office only. Branch office users should authenticate to the head office domain controllers only if the branch office domain controller fails. Which of the following options would you choose to accomplish this task? You are designing a strategy for installing Windows Server 2003 on the new domain controllers. Which method should you use? You are designing a forest and domain structure to address the concerns of Contoso, Ltd., and to meet the business and technical requirements. You want to use the minimum number of domains and forests that are required. Which domain structure should you use? You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com with a single site named SiteA. All servers in the ABC.com network run Windows Server 2008. You reorganize the Active Directory infrastructure to include a second site named SiteB with its own domain controller. How would you configured the firewall to allow replication between SiteA and SiteB? You work as a Network Administrator at ABC.com. The network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. All servers in the domain run Windows Server 2008 R2. Two servers in the network run UNIX. The company includes a Development department. Users in the Development department use their computers to develop and test software applications for use by other company departments and customers. The Development department users each have a client computer running Windows 7 Professional and another client computer running UNIX. The Windows 7 Professional client computers are members of the ABC.com domain. The UNIX client computers and UNIX servers are configured as a UNIX realm. The UNIX realm contains user accounts that use the same naming convention as the ABC.com domain user accounts. You have been asked by the manager of the Development department to enable the development department users to access the Windows file servers in the domain from their UNIX client computers. Which two of the following steps should you perform to configure the required access from a single logon to the UNIX client computers? (Choose two) You work as a Network Administrator at ABC.com. The network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. The company has a main office and a branch office. The two offices are connected by a slow WAN link. All servers run Windows Server 2008 R2 and all client computers run Windows 7 Professional. All domain controllers are located in the main office. The number of users in the branch office has increased over the last year. The company has recently employed an IT Technician named Mia Hamm in the branch office to maintain the branch office computers and manage branch office user accounts. The branch office contains a Windows Server 2008 R2 named ABC-File1. ABC-File1 runs the File Services role and hosts shared folders for the branch office users. One day the WAN link between the two offices fails. Branch office users report that they cannot access shared folders on ABC-File1. The WAN link is repaired and the users are able to access shared folders on ABC-File1. How can you ensure that users in the branch office can access ABC-File1 in the event of another WAN link failure? You work as an enterprise administrator at ABC.com. The company network consists of a single Active Directory Domain Services (AD DS) domain named ABC.com. The company has a main office and two branch offices. The three offices are connected by fast WAN links. The main office has four domain controllers running Windows Server 2008 R2. The branch offices each have two domain controllers running Windows Server 2008 R2. An Active Directory site exists for each office. Each office has a site link to the other two offices. The site links are configured with the default cost. Site link bridging is disabled. You want to ensure that the branch office domain controllers replicate with domain controllers in the main office only. The branch office domain controllers should only replicate with the other branch office domain controllers if a WAN link fails. What should you do? You are designing the top-level organizational unit (OU) structure to meet the administrative requirements. What should you do? You are evaluating renaming the cpandl.com forest. You need to recommend changes to the current network infrastructure to ensure that you can rename the forest. What should you recommend? You are designing a VPN strategy to meet the business and technical requirements. Based on the current infrastructure, what is the maximum number of VPN connections that can be supported? You work as an enterprise administrator at ABC.com. The corporate network of ABC consists of a single Active Directory forest named ABC.com. The ABC.com forest contains a forest root domain named ABC.com and six child domains. All the domain controllers on the ABC.com network run Windows Server 2008 R2. The functional level of the ABC.com forest is Windows Server 2003. ABC.com has entered into a partnership with a company named WillowBridge Inc. Their network consists of an Active Directory forest named WillowBridge.com. The WillowBridge.com forest contains a forest root domain named WillowBridge.com and four child domains. All the domain controllers on the WillowBridge.com network run Windows Server 2003. The functional level of the WillowBridge.com forest is Windows 2000 Server Mixed Mode. Users in all seven ABC.com domains need to access resources in all five WillowBridge.com domains. Users in all five WillowBridge.com domains need to access resources in all seven ABC.com domains. What is the easiest way to prepare the environment to enable you to provide the required access? You need to recommend a certificate strategy that meets the company s technical requirements. What should you recommend? You are designing a DNS implementation strategy for the new infrastructure. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) You are designing the configuration of the external DNS server to meet the business and technical requirements. What should you do? You are designing a DNS implementation strategy for the Paris office. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) Your company has a main office and two branch offices. The network contains one Active Directory domain named contoso.com. All domain controllers and DNS servers for the contoso.com domain are located in the main office. All DNS servers are member servers. You plan to deploy two new Active Directory domains named east. contoso.com and west.contoso.com in the branch offices. You install a DNS server in each branch office. You need to prepare the environment for the installation of the new domains. What should you do next? Your network consists of one Active Directory forest named contoso.com. The functional level of the contoso.com forest is Windows Server 2008 R2. The network contains seven servers that run Internet Information Services (IIS) and host Web services. Remote users from a partner company access the Web services through HTTPS. The partner company has a separate Active Directory forest named fabrikam.com. The functional level of the fabrikam.com forest is Windows Server 2003. You need to recommend an authentication solution for the fabrikam.com users. The solution must meet the following requirements: - All communications between both forests must use only HTTPS. - Remote users must only authenticate once to access all Web services. - Users from fabrikam.com must access the Web services by using user accounts in the fabrikam.com forest. What should you recommend? You need to recommend a solution for securing the communications between server1. east.cpandl.com and server22.east.contoso.com. The solution must meet the company s security requirements. What should you include in the recommendation? You are designing a strategy to optimize the DNS name resolution for the satellite offices that connect to the branch offices by using ISDN lines. What should you do? You are designing a DNS strategy to meet the business and technical requirements. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) Your company has three offices. Each office is configured as an Active Directory site. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2. The company has five departments. You use a domain-level Group Policy object (GPO) to install Microsoft Office on all client computers. You need to deploy a GPO strategy to meet the following requirements: - Install a custom application in one of the departments. - Restrict access to removable storage devices for all users. - Implement separate Windows Internet Explorer proxy settings for each physical location. The strategy must maintain all settings applied by the existing GPOs. What should you do? Your company has one office in New York and one office in Montreal. An Active Directory site exists for each office. The network consists of one Active Directory domain. You create four organizational units (OUs) named NewYorkUsers, NewYorkComputers, MontrealUsers, and MontrealComputers. The offices collaborate on a company project. You create a group named Project that contains all user and computer accounts for employees working on the project. Project group users from the New York office are currently working from the Montreal office and are using their portable computers. You plan to deploy a new application to the Project group. You need to prepare the environment for the deployment of the application. The solution must meet the following requirements: - Only the Project group must have the application installed. - Existing Group Policy objects (GPOs) settings applied to the Project group must remain unaffected. What should you do? Your network consists of one Active Directory forest that contains one root domain and 10 child domains. Administrators of the child domains frequently modify the records for authoritative DNS servers for the child domain DNS zones. You need to recommend a solution to minimize the amount of manual configuration steps required to maintain name resolution on the network. What should you recommend? You need to recommend a public key infrastructure (PKI) solution that meets the company s security requirements. What should you include in the recommendation? You are designing a security group strategy to meet the business and technical requirements. What should you do? You work as an enterprise administrator at ABC.com. The network consists of a large single Active Directory forest that contains many domains spanning multiple countries. The root domain in the forest is named ABC.com. Every domain in the forest is a child of the ABC.com root domain. All servers in the forest run Windows Server 2003 R2. The functional level of every domain is Windows Server 2003. The functional level of the forest is Windows Server 2003. Every domain controller in the forest runs Windows Server 2003 and hosts Active Directory- integrated DNS zones. You are in the process of installing an additional Windows Server 2003 domain controller in a child domain. During the domain controller installation process, you select the option to automatically install and configure DNS. You discover that the DNS installation process takes more than an hour to complete. You restart another domain controller in the same child domain and discover that it takes over an hour to restart. You restart a domain controller in a different child domain and see that it also takes over an hour to restart. How can you reduce the startup time for the domain controllers? You are designing a WAN implementation strategy to meet the business and technical requirements. What should you do? You need to recommend a management strategy for the planned virtualization solution. The strategy must meet the company s technical requirements. What should you include in the recommendation? You work as an enterprise administrator at ABC.com. The corporate network of ABC consists of a single Active Directory Domain Services (AD DS) forest. The ABC forest contains a root domain is named ABC.com. All servers in the ABC.com domain run Windows Server 2008 R2. A partner company of ABC named Willow Bridge Ltd also consists of single Active Directory Domain Services (AD DS) forest. The Willow Bridge forest contains a root domain named WillowBridge.com. All servers in the WillowBridge.com domain run Windows Server 2008 R2. The ABC.com domain contains a Windows Server 2008 R2 server named ABC-App1. Members of a global security group named ABCAppUsers in the WillowBridge.com domain need to access ABC-App1. A forest trust exists between the two forests to cater for this need. You discover that all WillowBridge.com users can access all network resources in the ABC.com domain. You need to restrict members of the ABCAppUsers group so that they can access ABC-App1 only. All other WillowBridge.com should not be able to access network resources in the ABC.com domain. You need to configure the required access. What should you do first? You need to recommend an RDS solution that supports the company s planned changes. Which role service should you include in the recommendation? Your network consists of one Active Directory domain. Your company uses a firewall to connect to the Internet. Inbound TCP/IP port 443 is allowed on the firewall. You have Remote Desktop Services servers on the internal network. You have one server on the internal network that has Remote Desktop Gateway (RD Gateway) deployed. All servers run Windows Server 2008 R2. You need to recommend a solution that enables remote users to access network resources by using RD Gateway. What should you recommend? You are designing a DNS and DHCP implementation strategy to support the new environment. What should you do? You are designing a new NetBIOS naming strategy for the corporate environment. Which domain name should you use? Your network consists of one Active Directory domain. The functional level of the domain is Windows Server 2008 R2. Your company has three departments named Sales, Marketing, and Engineering. All users in the domain are in an organizational unit (OU) named AllUsers. You have three custom applications. You deploy all custom applications by using a Group Policy object (GPO) named AppInstall. The Sales department purchases a new application that is only licensed for use by the Sales department. You need to recommend a solution to simplify the distribution of the new application. The solution must meet the following requirements: - The application must only be distributed to licensed users. - The amount of administrative effort required to manage the users must remain unaffected. - The three custom applications must be distributed to all existing and new users on the network. What should you recommend? You work as an enterprise administrator at ABC.com. The corporate network of ABC consists of a single Active Directory forest that contains a single root domain named ABC.com and 4 child domains named Research.ABC.com, Engineering.ABC.com, Development.ABC.com and Manufacturing.ABC.com. All servers in the ABC.com root domain run Windows Server 2008 R2. All servers in the child domains run Windows Server 2003. The functional level of the ABC.com root domain is Windows Server 2008. The functional level of each child domain is Windows Server 2003. You receive reports from users in the ABC.com root domain that they are no longer able to access resources in the Research.ABC.com child domain. While investigating the issue, you discover that the IP address of the authoritative DNS servers for the Research.ABC.com domain has changed. You update the name server (NS) records on the DNS servers in the ABC.com domain and the issue is resolved. You want to ensure that this problem does not happen again. How can you ensure that name resolution is not affected in the event of child domain administrators changing the IP addresses of their DNS servers? Your network consists of one Active Directory forest. The functional level of the forest is Windows Server 2003. You upgrade all domain controllers from Windows Server 2003 SP2 to Windows Server 2008 R2. You plan to deploy the first read-only domain controller (RODC) in the forest. You need to prepare the network for the installation of the RODC. What should you do? You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers in the ABC.com network run Windows Server 2008 while the client computers run different client operating systems. The ABC.com network has a firewall that separates the internal network from the perimeter network, and another firewall that separates the perimeter network from the Internet. A server named ABC-SR07 that has the Routing and Remote Access Service (RRAS) installed is installed in the perimeter network. ABC-SR07 is used by remote users to connect to the esABCing.com network. ABC.com issues a new remote access policy that states that only Windows Vista client computers that have the latest Windows updates and virus definitions installed and have the Windows Firewall enabled may be allowed to connect to ABC-SR07. How would you implement this policy? You are designing a strategy to improve the performance and reliability of the domain controllers. What should you do? You work as an enterprise administrator at ABC.com. The corporate network of the company consists of an Active Directory forest that runs at the functional level of Windows Server 2003. The forest root domain is named ABC.com. All the domain controllers in the domain run Windows Server 2003 and the functional level of the domain is Windows Server 2003. You plan to create a child domain in the ABC.com forest. The child domain will have domain controllers running Windows Server 2008 R2. What should you do before installing the first Windows Server 2008 R2 domain controller in the new child domain? Your company has a main office and 10 branch offices. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2 and are located in the main office. Each branch office contains one member server. Branch office administrators in each branch office are assigned the necessary rights to administer only their member servers. You deploy one read-only domain controller (RODC) in each branch office. You need to recommend a security solution for the branch office Windows Server 2008 R2 domain controllers. The solution must meet the following requirements: - Branch office administrators must be granted rights on their local domain controller only. - Branch office administrators must be able to administer the domain controller in their branch office. This includes changing device drivers and running Windows updates. What should you recommend? You are designing a strategy for implementing Internet Authentication Service (IAS) to meet the business and technical requirements. What should you do? You need to ensure that all of the users in proseware.com log on in an acceptable amount of time. What should you recommend? You need to recommend a storage solution for the file servers that meets the company s user requirements. What should you include in the recommendation? You are designing an IP addressing strategy for your VPN solution. How many public IP addresses should you use?

Study Guides