70-649 - TS: Upgrading Your MCSE on Windows Server 2003 to Windows Server 2008, Technology Specialist

Go back to Microsoft

Example Questions

Your company has a single Active Directory domain named contoso.com. All servers in the domain run Windows Server 2008 R2. The DNS Server server role is installed on two domain controllers named DC1 and DC2. Both DNS servers host Active Directory-integrated zones that are configured to allow the most secure updates only. DC1 has Key Management Service (KMS) installed and activated. You discover that the service locator records from the contoso.com zone hosted on DC1 and DC2 are missing. You need to force registration of the KMS service locator records in the contoso.com zone. What should you do? Your network contains an Active Directory domain named Contoso.com. Contoso.com contains an enterprise certification authority (CA) named CA1. You enable Secure Socket Tunneling Protocol (SSTP) on a server named Server1. A user named User1 attempts to establish an SSTP connection to Server1 and receives the following error message: "Error 0x80092013: The revocation function was unable to check revocation because the revocation server was offline." You verify that all certificates services are online. You need to ensure that User1 can connect to Server1 by using SSTP. What should you do first? You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named 82 ABC.com. The ABC.com network has a Windows Server 2008 R2 computer named ABC-SR03 that functions as an Enterprise Root certificate authority (CA). A new ABC.com security policy requires that revoked certificate information should be available for examination at all times. What action should you take adhere to the new policy? Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 and Server2 have the Hyper server role and the Failover Clustering feature installed. You deploy a new virtual machine (VM) named VM1 on Server1. You need to ensure that VM1 is available if one of the Hyper-V servers fails. What should you do? You work as an administrator at ABC.com. The ABC.com network has an Active Directory forest with two domains, named eu.ABC.com, and us.ABC.com. Each domain has two domain controllers that have Windows Server 2008 R2 installed. The domain controllers in the eu.ABC.com domain are named ABC-DC01 and ABC-DC02, and are each configured to host the eu.ABC.com DNS zone. The domain controllers in the us.ABC.com domain are named ABC-DC03 and ABC-DC04, and are each configured to host the us.ABC.com DNS zone. The zones have been configured as Active Directory-integrated zones. You have received instructions to make sure that data from the eu.ABC.com domain is accessible on ABC-DC03. Which of the following actions should you take? Your network has Network Access Protection (NAP) deployed. The network contains two servers named Server1 and Server2. Server1 is a Network Policy Server (NPS). Server2 has a third-party antivirus solution installed. Server1 is configured to use a custom system health validator provided by the antivirus vendor. The system health validator uses Server2 to identify the version of the current antivirus definition. You need to ensure that NAP clients are considered noncompliant if Server1 cannot connect to Server2. Which error code resolution setting should you configure? Your network contains an Active Directory domain named contoso.com. The domain contains the servers shown in the following table. Server name Operating system Role DC1 Windows Server 2008 Domain controller DC2 Windows Server 2008 R2 Domain controller DNS1 Windows Server 2008 DNS server DNS2 Windows Server 2008 R2 DNS server The functional level of the forest is Windows Server 2003. The functional level of the domain is Windows Server 2003. DNS1 and DNS2 host the contoso.com zone. All client computers run Windows 7 Enterprise. You need to ensure that all of the names in the contoso.com zone are secured by using DNSSEC. What should you do first? Your network is configured as a single Active Directory domain. You deploy a read-only domain controller (RODC) in a branch office. You need to specify a user to manage the RODC locally. The user should have permissions for that RODC only. You are currently logged on at the RODC as a member of the Domain Admins group. What should you do? Your network contains a Windows Server Update Services (WSUS) server. All computers on the network are configured to download and install updates once a week. You need to deploy a critical update to a WSUS client as soon as possible. Which command should you run? You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista. ABC.com has a computer named ABC-SR10 configured to host the Internet Information Services (IIS) Web server role and a public web site. ABC.com has a Marketing division which accesses the public web site from the Internet. How would you configure the web site in IIS to provide traffic statistics? Your network contains two Active Directory forests named contoso.com and adatum.com. Active Directory Rights Management Services (AD RMS) is deployed in contoso.com. An AD RMS trusted user domain (TUD) exists between contoso.com and adatum.com. From the AD RMS logs, you discover that some clients that have IP addresses in the adatum.com forest are authenticating as users from contoso.com. You need to prevent users from impersonating contoso.com users. What should you do? You work as a systems administrator at ABC.com. The ABC.com network has a domain named internal.ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed. ABC.com has acquired another company, named Weyland Industries, that contains an Active Directory domain named internal.weyland.com. The transfer of internal DNS zone data is not allowed for zones outside the Weyland Industries network. During the course of the day you receive an instruction from the CIO to grant employees of ABC.com the necessary name resolution permissions for resolving names from intranet.weyland.com. Which of the following actions should you take? Your network consists of a single Active Directory domain. User accounts for engineering department are located in an OU named Engineering. You need to create a password policy for the engineering department that is different from your domain password policy. What should you do? Your network has Network Access Protection (NAP) policies deployed. You need to identify the health agent compliance status of a client computer. Which command should you run? Your network contains a single Active Directory domain. Active Directory Rights Management Services (AD RMS) is deployed on the network. A user named User1 is a member of only the AD RMS Enterprise Administrators group. You need to ensure that User1 can change the service connection point (SCP) for the AD RMS installation. The solution must minimize the administrative rights of User1. To which group should you add User1? Your network contains a server named Server1 that has the Hyper-V server role installed. Server1 hosts a virtual machine (VM) named VM1 that runs Windows Server 2003 Service Pack 2 (SP2). VM1 is configured to use a 127-GB dynamically-expanding virtual hard disk (VHD). You need to add 500 GB of disk space to VM1. The solution must minimize the amount of downtime for VM1. What should you do? You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do? You create a Password Settings object (PSO). You need to apply the PSO to a domain user named User1. What should you do? You work as a Network Administrator for Net World International Inc. The company has a large Windows Server 2008 network environment. It is configured as a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2008. You are required to install Windows Server 2008 Enterprise edition on fifty new computers. You want to deploy the operating system through Windows Deployment Services (WDS). Which of the following are the requirements for using WDS to deploy an operating system? Each correct answer represents a part of the solution. Choose all that apply. Your company's security policy requires complex passwords. You have a comma delimited file named import.csv that contains user account information. You need to create user accounts in the domain by using the import.csv file. You also need to ensure that the new user accounts are set to use default passwords and are disabled. What should you do? Your network contains an Active Directory domain named contoso.com. A partner organization has an Active Directory domain named fabrikam.com. Your company plans to provide VPN access for fabrikam.com users. You need to configure Network Policy Server (NPS) to forward authentication requests to fabrikam.com. What should you configure on the NPS server? Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com. The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone. You install a new domain controller named DC2 in the branch office. You install DNS on DC2. You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails. What should you do? Your company has an Active Directory domain. You install an Enterprise Root certification authority (CA) on a member server named Server1. You need to ensure that only the Security Manager is authorized to revoke certificates that are supplied by Server1. What should you do? Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. You upgrade all domain controllers to Windows Server 2008 R2. You need to ensure that the Sysvol share replicates by using DFS Replication (DFS-R). What should you do? Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company runs an Enterprise Root certification authority (CA). You need to ensure that only administrators can sign code. Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.) You create a Data Collector Set (DCS). You need prevent the DCS from logging data if the server has less than 1 GB of available disk space. What should you do? You are configuring a server running Windows Server 2008 and Internet Information Services (IIS). You are deploying a Web site and need to be able to restrict access to the SalesTotals.aspx page to members of the Managers group by adding an authorization rule in IIS Manager. You need to enable the necessary feature. What should you do? Your network contains an Active Directory forest. The functional level of the forest is Windows Server 2008 R2. You plan to deploy DirectAccess. You need to configure the DNS servers on your network to support DirectAccess. What should you do? Your network contains a server named Server1 that has two volumes named C and D. You add a new volume. You need to ensure that you can access data on the new volume by using the path D:\data. What should you do? You have a server named Server1 that runs Windows Server 2008 R2. Server1 has the Key Management Service (KMS) installed. You need to identify how many computers were activated by Server1. What should you run? You work as an administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed. You have configured one of ABC.com's servers to run the Active Directory Rights Management Services (AD RMS) server role. You are then instructed to reconfigure the AD RMS user account password. Subsequent to the reconfiguration, you are instructed to make sure that AD RMS makes use of the reconfigured password. Which of the following actions should you take? You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista. ABC.com has a computer named ABC-SR01 configured to host Windows Server virtualization service and hosts a virtual machine using the physical network interface card (NIC). ABC.com has a Marketing division which uses the virtual machines to access physical network resources. 19 How would you configure the virtual host, when unable to access physical network resources using the virtual machine? Your network contains an Active Directory domain. The domain contains a server named Server1 that has the Remote Desktop Licensing (RD Licensing) role service installed. On Server1, you enable the License server security group Group Policy setting. You need to ensure that Server1 can issue Remote Desktop Services client access licenses (RDS CALs) to a server named Server3. What should you do on Server3? Two users, Dave and Dixine, wish to communicate privately. Dave and Dixine each own a key pair consisting of a public key and a private key. A public key was used to encrypt a message and the corresponding private key was used to decrypt. What is the major security issue with this scenario? Your company has a main office and 40 branch offices. Each branch office is configured as a separate Active Directory site that has a dedicated read-only domain controller (RODC). An RODC server is stolen from one of the branch offices. You need to identify the user accounts that were cached on the stolen RODC server. Which utility should you use? Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7. You need to forward the logon events of all the domain controllers in contoso.com to Computer1. All new domain controllers must be dynamically added to the subscription. What should you do? You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do? You work as an administrator at ABC.com. ABC.com has a single Active Directory domain named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed and all workstations have Windows 7 installed. After making use of a Multiple Activation Key (MAK) key to activate Windows 7 and Microsoft Office 2010 on ABC.com's workstations, you run the Volume Activation Management Tool (VAMT). Which of the following is TRUE with regards to this tool? (Choose all that apply.) You work as an administrator at ABC.com. The ABC.com network has an Active Directory domain named ABC.com. All servers on the ABC.com network, including domain controllers, have Windows Server 2008 R2 installed and all workstations have Windows 7 installed. A domain controller, named ABC-DC02, runs the Windows Server Backup feature. When ABC- DC02 experiences problems, you decide to make use of a current backup file to restore ABC- DC02 non-authoritatively. Which of the following actions should you take? Your network consists of a single Active Directory domain. The network contains a Remote Desktop Session Host Server that runs Windows Server 2008 R2, and client computers that run Windows 7. All computers are members of the domain. You deploy an application by using the RemoteApp Manager. The Remote Desktop Session Host Server's security layer is set to Negotiate. You need to ensure that domain users are not prompted for credentials when they access the application. What should you do? Your network contains a virtual machine (VM) named VM1. VM1 contains two virtual hard disks (VHDs). One VHD is a dynamically expanding disk and the other VHD is a fixed disk. You need to manually copy the VHDs. The solution must minimize the amount of downtime for VM1. What should you do first? You have deployed Windows Server 2008 on all servers in the organization. The Web Server role, Windows SharePoint services, and Network Policy and Access Services are installed on the Windows Server 2008 servers. Your organization wants to allow computer and domain administrators to remotely manage the Web sites and Web applications on each Web server by using Internet Information Services (IIS) Manager. The user account that will be used to delegate the permission to the domain administrators should be a member of which group to achieve the objective? Your network contains an Active Directory domain. All domain controllers run Windows Server 2008. The functional level of the domain is Windows Server 2003. All client computers run Windows 7. You install Windows Server 2008 R2 on a server named Server1. You need to perform an offline domain join of Server1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. The ABC.com has a Windows Server 2008 R2 domain controller named ABC-DC01. You log on as the Domain Administrator on ABC-DC01 to view the Active Directory Schema console. However, you cannot locate the Active Directory Schema console. What action should you take to locate the console? You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement a certification authority (CA) server that meets the following requirements: Allows the certification authority to automatically issue certificates .Integrates with Active Directory Domain Services What should you do? You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista. ABC.com has virtual machines configurated on a computer named ABC- SR01 configured to host Microsoft Hyper-V. How would you configure the virtual machines for restoring to the original state in the event of a system failure? You are the Web administrator for ABC.com. The network has three Web servers Web1, Web2, and Web3. Your company has a Web site named ABC that is used as a company bulletin board. Web3 also contains external Web sites. You want to enable logging for all sites that are configured on the Web3. Which of the following commands would enable logging for Web3? Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 and Server2 have the Windows Deployment Services (WDS) server role installed. You need to prestage a computer. The solution must ensure that when the prestaged computer is deployed, it downloads a boot image from Server2. What should you do? Your network contains a Routing and Remote Access server named RRAS1 and a DHCP server named DHCP1. RRAS1 and DHCP1 are located in different subnets. RRAS1 is configured to support VPN connections from the Internet. DHCP1 has a scope that provides IP addresses for the VPN connections. You need to ensure that VPN clients that connect to RRAS1 can receive IP addresses from DHCP1. What should you do? Your network contains a domain controller that is configured as a DNS server. The server hosts an Active Directory-integrated zone for the domain. You need to reduce how long it takes until stale records are deleted from the zone. What should you do?

Study Guides