[FREE]Braindump2go 70-646 Dumps Questions Download (31-40)
MICROSOFT NEWS: 70-646 Exam Questions has been Updated Today! Get Latest 70-646 VCE and 70-646 PDF Instantly! Welcome to Download the Newest Braindump2go 70-646 VCE&70-646 PDF Dumps: http://www.braindump2go.com/70-646.html (283 Q&As)
New Braindump2go 70-646 Exam Questions Updated Today! Want to know New Questions in 2015 70-646 Exam? Download Free Braindump2go 70-646 Exam Preparation Materials Now!
Exam Code: 70-646
Exam Name Windows Server 2008, Server Administrator
Certification Provider: Microsoft
Corresponding Certifications: MCSA, MCSA: Windows Server 2008, MCSE, MCSE: Private Cloud Windows Server 2008
70-646 Dumps,70-646 Study Guide,70-646 Exam Questions,70-646 eBook,70-646 eBook PDF,70-646 Dumps PDF,70-646 Dumps Latest,70-646 Book,70-646 Braindumps,70-646 Braindump PDF,70-646 Braindump Free,70-646 Practice Test,70-646 Practice Questions,70-646 PDF eBook,70-646 PDF,70-646 VCE
QUESTION 31
Your network consists of a single Active Directory domain.
The domain contains a file server named Server1 that runs Windows Server 2008 R2.
The file server contains a shared folder named UserDocs.
Each user has a subfolder in UserDocs that they use to store personal data.
You need to design a data management solution that meets the following requirements:
– Limits the storage space that is available to each user in UserDocs
– Sends a notification to the administrator if a users attempts to save multimedia files in UserDocs
– Minimizes administrative effort
What should you include in your design?
A. Configure NTFS quotas on UserDocs.
Configure a task in Event Viewer to send an email notification.
B. Configure NTFS quotas on UserDocs.
Schedule a script to monitor the contents of UserDocs and send an email notification if a
multimedia file is found.
C. Install the File Server Resource Manager (FSRM) role service on Server1.
Configure event subscriptions.
D. Install the File Server Resource Manager (FSRM) role service on Server1.
Configure hard quotas and file screening.
Answer: D
Explanation:
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration:
Creating Quotas
If the FSRM File Services server role is installed, you can use FSRM to create quotas.
The Create Quota dialog box is shown in Figure 6-13. Note that you will be unable to access this box if you have not installed the appropriate server role, which you will do in the practice session later in this lesson.
Figure 6-13
The Create Quota dialog box
You specify a path to the volume or folder for which you want to create the quota and then specify whether you want to create a quota only on that path or whether a template-based quota will be automatically generated and applied to existing and new subfolders on the path of the parent volume or folder. To specify the latter action, select Auto Apply Template And Create Quotas On Existing And New Subfolders. Typically you would select Derive Properties From This Quota Template (Recommended) and select a template. You can, if you want, define custom quota properties, but this is not recommended. You can select templates that specify the quota size that is allocated to each user and whether the quota is hard or soft. A hard quota cannot be exceeded. A user can exceed a soft quota, but typically exceeding the quota limit generates a report in addition to sending an e-mail notification and logging the event.
Soft quotas are used for monitoring.
Quota templates include the following:
100 MB Limit This is a hard quota. It e-mails the user and specified administrators if the100 percent quota limit has been reached and writes an event to the event log.
200 MB Limit Reports to User This is a hard quota. It generates a report, sends e-mails, and writes an event to the event log if the 100 percent quota limit has been reached.
200 MB Limit with 50 MB Extension Technically this is a hard quota because it performs an action when the user attempts to exceed the limit, rather than merely monitoring the exceeded limit.
The action is to run a program that applies the 250 MB Extended Limit template and effectively gives the user an additional 50 MB.
E-mails are sent and the event is logged when the limit is extended.
250 MB Extended Limit The 250 MB limit cannot be exceeded.
E-mails are sent and the event is logged when the limit is reached.
Monitor 200 GB Volume Usage This is a soft quota that can be applied only to volumes.
It is used for monitoring.
Monitor 50 MB Share Usage This is a soft quota that can be applied only to shares.
It is used for monitoring.
Managing File Screens
You can use FSRM to create and manage file screens that control the types of files that users can
save, and generate notifications when users attempt to save unauthorized files. You can also define file screening templates that you can apply to new volumes or folders and use across your organization.
FSRM also enables you to create file screening exceptions that extend the flexibility of the file
screening rules.
You could, for example, ensure that users do not store music files in personal folders, but you
could allow storage of specific types of media files, such as training files that comply with company
policy. You could also create an exception that allows members of the senior management group to save any type of file they want to (provided they comply with legal restrictions).
You can also configure your screening process to notify you by e-mail when an executable file is stored on a shared folder. This notification can include information about the user who stored the file and the file’s exact location.
Exam Tip File screens are not specifically included on the objectives for the 70-646 examination.
You should know what they are, what they do, and that you can manage them from FSRM.
You probably will not come across detailed questions about file screen configuration.
QUESTION 32
Your company has two branch offices that connect by using a WAN link.
Each office contains a server that runs Windows Server 2008 R2 and that functions as a file server.
Users in each office store data on the local file server.
Users have access to data from the other office.
You need to plan a data access solution that meets the following requirements:
– Folders that are stored on the file servers must be available to users in both offices.
– Network bandwidth usage between offices must be minimized.
– Users must be able to access all files in the event that a WAN link fails.
What should you include in your plan?
A. On both servers, implement DFS Replication.
B. On both servers, install and configure File Server Resource Manager (FSRM) and File
Replication Service (FRS).
C. On one server, install and configure File Server Resource Manager (FSRM).
On the other server, install and configure File Replication Service (FRS).
D. On one server, install and configure Distributed File System (DFS).
On the other server, install and configure the Background Intelligent Transfer Service (BITS).
Answer: A
Explanation:
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration:
DFS Replication provides a multimaster replication engine that lets you synchronize folders on multiple servers across local or WAN connections. It uses the Remote Differential Compression (RDC) protocol to update only those files that have changed since the last replication.
You can use DFS Replication in conjunction with DFS Namespaces or by itself.
File Replication Service (FRS) The File Replication Service (FRS) enables you to synchronize folders with file servers that use FRS. Where possible you should use the DFS Replication (DFSR) service. You should install FRS only if your Windows Server 2008 server needs to synchronize folders with servers that use FRS with the Windows Server 2003 or Windows 2000 Server implementations of DFS.
The main tool for implementing shared folder replication in a Windows Server 2008 network is
DFS Replication.
Using DFS Namespace to Plan and Implement a Shared Folder Structure and Enhance Data Availability
When you add the DFS Management role service to the Windows Server 2008 File Services
Server role, the DFS Management console is available from the Administrative Tools menu or from within Server Manager. This console provides the DFS Namespaces and DFS Replication tools as shown in Figure 6-31 DFS Namespaces lets you group shared folders that are located on different servers into one or more logically structured namespaces. Each namespace appears to users as a single shared folder with a series of subfolders.
This structure increases availability. You can use the efficient, multiple-master replication engine provided by DFSR to replicate a DFS Namespace within a site and across WAN links. A user connecting to files within the shared folder structures contained in the DFS Namespace will automatically connect to shared folders in the same AD DS site (when available) rather than across a WAN. You can have several DFS Namespace servers in a site and spread over several sites, so if one server goes down, a user can still access files within the shared folder structure.
Because DFSR is multimaster, a change to a file in the DFS Namespace on any DFS Namespace server is quickly and efficiently replicated to all other DFS Namespace servers that hold that namespace. Note that DFSR replaces the File Replication Service (FRS) as the replication engine for DFS Namespaces, as well as for replicating the AD DS SYSVOL folder in domains that use the
Windows Server 2008 domain functional level. You can install FRS Replication as part of the
Windows Server 2003 File Services role service, but you should use it only if you need to synchronize with servers that use FRS with the Windows Server 2003 or Windows 2000 Server implementations of DFS.
QUESTION 33
Your network consists of a single Active Directory domain.
All servers run Windows Server 2008 R2.
All client computers run Windows 7.
Users store all of their files in their Documents folder.
Many users store large files.
You plan to implement roaming user profiles for all users by using Group Policy.
You need to recommend a solution that minimizes the amount of time it takes users to log on and log off of the computers that use the roaming user profiles.
What should you recommend?
A. Modify the Group Policy object (GPO) to include folder redirection.
B. Modify the Group Policy object (GPO) to include Background Intelligent Transfer Service
(BITS) settings.
C. On the server that hosts the roaming user profiles, enable caching on the profiles share.
D. On any server, install and configure the Background Intelligent Transfer Service (BITS)
server extensions.
Answer: A
Explanation:
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration:
Planning and Managing Group Policy
Planning your Group Policy is in part planning your organizational structure. If you have a huge number of OUs—some inheriting policies, others blocking inheritance, several OUs linking to the same GPO, and several GPOs linking to the same OU—you have a recipe for disaster. While too few OUs and GPOs is also a mistake, most of us err on the side of having too many. You’re your structures simple. Do not link OUs and GPOs across site boundaries. Give your OUs and GPOs meaningful names.
When you are planning Group Policy you need to be aware of the Group Policy settings that are provided with Windows Server 2008. These are numerous and it is not practical to memorize all of them, but you should know what the various categories are. Even if you do not edit any policies, exploring the Group Policy structure in Group Policy Management Editor is worthwhile. You will develop a feel for what is available and whether you need to generate custom policies by creating ADMX files.
You also need a good understanding of how Group Policy is processed at the client. This happens in the following two phases:
Core processing When a client begins to process Group Policy, it must determine whether it can reach a DC, whether any GPOs have been changed, and what policy settings must be processed.
The core Group Policy engine performs the processing of this in the initial phase.
Client-side extension (CSE) processing In this phase, Group Policy settings are placed in various categories, such as Administrative Templates, Security Settings, Folder Redirection, Disk Quota, and Software Installation. A specific CSE processes the settings in each category, and each CSE has its own rules for processing settings. The core Group Policy engine calls the CSEs that are required to process the settings that apply to the client.
CSEs cannot begin processing until core Group Policy processing is completed. It is therefore important to plan your Group Policy and your domain structure so that this happens as quickly and reliably as possible. The troubleshooting section later in this lesson discusses some of the problems that can delay or prevent core Group Policy processing.
QUESTION 34
Your network contains a Windows Server 2008 R2 server that functions as a file server.
All users have laptop computers that run Windows 7.
The network is not connected to the Internet.
Users save files to a shared folder on the server.
You need to design a data provisioning solution that meets the following requirements:
– Users who are not connected to the corporate network must be able to access the files and the folders in the corporate network.
– Unauthorized users must not have access to the cached files and folders.
What should you do?
A. Implement a certification authority (CA).
Configure IPsec domain isolation.
B. Implement a certification authority (CA).
Configure Encrypting File System (EFS) for the drive that hosts the files.
C. Implement Microsoft SharePoint Foundation 2010.
Enable Secure Socket Layer (SSL) encryption.
D. Configure caching on the shared folder.
Configure offline files to use encryption.
Answer: D
Explanation:
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration:
Lesson 2: Provisioning Data
Lesson 1 in this chapter introduced the Share And Storage Management tool, which gives you access to the Provision Storage Wizard and the Provision A Shared Folder Wizard. These tools allow you to configure storage on the volumes accessed by your server and to set up shares.
When you add the Distributed File System (DFS) role service to the File Services server role you can create a DFS Namespace and go on to configure DFSR. Provisioning data ensures that user files are available and remain available even if a server fails or a WAN link goes down.
Provisioning data also ensures that users canwork on important files when they are not connected to the corporate network.
In a well-designed data provisioning scheme, users should not need to know the network path to their files, or from which server they are downloading them. Even large files should typically download quickly—files should not be downloaded or saved across a WAN link when they are available from a local server. You need to configure indexing so that users can find information quickly and easily. Offline files need to be synchronized quickly and efficiently, and whenever possible without user intervention. A user should always be working with the most up-to-date information (except when a shadow copy is specified) and fast and efficient replication should ensure that where several copies of a file exist on a network they contain the same information and latency is minimized.
You have several tools that you use to configure shares and offline files, configure storage, audit file access, prevent inappropriate access, prevent users from using excessive disk resource, and implement disaster recovery. However, the main tool for provisioning storage and implementing a shared folder structure is DFS Management, specifically DFS Namespaces. The main tool for implementing shared folder replication in a Windows Server 2008 network is DFS Replication.
QUESTION 35
Your network consists of a single Active Directory domain.
All servers run Windows Server 2008 R2.
All client computers run Windows 7.
Some users have laptop computers and work remotely from home.
You need to plan a data provisioning infrastructure to secure sensitive files.
Your plan must meet the following requirements:
– Files must be stored in an encrypted format.
– Files must be accessible by remote users over the Internet.
– Files must be encrypted while they are transmitted over the Internet.
What should you include in your plan?
A. Deploy one Microsoft SharePoint Foundation 2010 site. Require users to access the
SharePoint site by using a Secure Socket Transmission Protocol (SSTP) connection.
B. Deploy two Microsoft SharePoint Foundation 2010 sites.
Configure one site for internal users.
Configure the other site for remote users.
Publish the SharePoint sites by using HTTPS.
C. Configure a Network Policy and Access Services (NPAS) server to act as a VPN server.
Require remote users to access the files by using an IPsec connection to the VPN server.
D. Store all sensitive files in folders that are encrypted by using Encrypting File System (EFS).
Require remote users to access the files by using Secure Socket Transmission Protocol
(SSTP).
Answer: D
Explanation:
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration:
Encrypting File System Encrypting File System (EFS) is another method through which you can ensure the integrity of data. Unlike BitLocker, which encrypts all data on a volume using a single encryption key that is tied to the computer, EFS allows for the encryption of individual files and folders using a public encryption key tied to a specific user account. The encrypted file can only be decrypted using a private encryption key that is accessible only to the user. It is also possible to encrypt documents to other user’s public EFS certificates. A document encrypted to another user’s public EFS certificate can only be decrypted by that user’s private certificate.
Security Groups cannot hold encryption certificates, so the number of users that can access an encrypted document is always limited to the individual EFS certificates that have been assigned to the document. Only a user that originally encrypts the file or a user whose certificate is already assigned to the file can add another user’s certificate to that file. With EFS there is no chance that an encrypted file on a departmental shared folder might be accessed by someone who should not have access because of incorrectly configured NTFS or Shared Folder permissions. As many administrators know, teaching regular staff to configure NTFS permissions can be challenging.
The situation gets even more complicated when you take into account Shared Folder permissions.
Teaching staff to use EFS to limit access to documents is significantly simpler than explaining NTFS ACLs.
If you are considering deployment of EFS throughout your organization, you should remember that the default configuration of EFS uses self-signed certificates. These are certificates generated by the user’s computer rather than a Certificate Authority and can cause problems with sharing documents because they are not necessarily accessible from other computers where the user has not encrypted documents. A more robust solution is to modify the default EFS Certificate Template that is provided with a Windows Server 2008 Enterprise Certificate Authority to enable autoenrollment. EFS certificates automatically issued by an Enterprise CA can be stored in Active Directory and applied to files that need to be shared between multiple users.
Another EFS deployment option involves smart cards. In organizations where users authenticate using smart cards, their private EFS certificates can be stored on a smart card and their public certificates stored within Active Directory. You can learn more about configuring templates for autoenrollment in Chapter 10, “Certificate Services and Storage Area Networks.”
MORE INFO More on EFS
For more information on Encrypting File System in Windows Server 2008, consult the following TechNet article:
http://technet2.microsoft.com/windowsserver2008/en/library/f843023b-bedd-40dd9e5bf1619eebf7821033.mspx?mfr=true.
Quick Check
1. From a normal user’s perspective, in terms of encryption functionality, how does EFS differ from BitLocker?
2. What type of auditing policy should you implement to track access to sensitive files?
Quick Check Answers
1. BitLocker works on entire volumes and is transparent to the user.
EFS works on individual files and folders and be configured by the user.
2. Auditing Object Access.
Windows Server 2008 VPN Protocols
Windows Server 2008 supports three different VPN protocols: Tunneling Protocol (PPTP), Layer
Two Tunneling Protocol over IPsec (L2TP/IPsec), and Secure Socket Tunneling Protocol (SSTP).
The factors that will influence the protocol you choose to deploy in your own network environment include client operating system, certificate infrastructure, and how your organization’s firewall is deployed.
Windows XP remote access clients, because these clients cannot use SSTP
SSTP Secure Socket Tunneling Protocol (SSTP) is a VPN technology that makes its debut with
Windows Server 2008. SSTP VPN tunnels allow traffic to pass across firewalls that block traditional PPTP or L2TP/IPsec VPN traffic. SSTP works by encapsulating Point-to-Point Protocol (PPP) traffic over the Secure Sockets Layer (SSL) channel of the Secure Hypertext Transfer Protocol (HTTPS) protocol. Expressed more directly, SSTP piggybacks PPP over HTTPS.
This means that SSTP traffic passes across TCP port 443, which is almost certain to be open on any firewall between the Internet and a public-facing Web server on an organization’s screened subnet.
When planning for the deployment of SSTP, you need to take into account the following considerations:
SSTP is only supported with Windows Server 2008 and Windows Vista with Service Pack 1.
SSTP requires that the client trust the CA that issues the VPN server’s SSL certificate.
The SSL certificate must be installed on the server that will function as the VPN server prior to the installation of Routing and Remote Access; otherwise, SSTP will not be available.
The SSL certificate subject name and the host name that external clients use to connect to the
VPN server must match, and the client Windows Vista SP1 computer must trust the issuing CA. SSTP does not support tunneling through Web proxies that require authentication.
SSTP does not support site-to-site tunnels. (PPTP and L2TP do.)
MORE INFO More on SSTP
To learn more about SSTP, see the following SSTP deployment walkthrough document at
http://download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea-3fb9d1f37063/
Deploying%20SSTP %20Remote%20Access%20Step%20by%20Step%20Guide.doc.
QUESTION 36
Your company has a main office and a branch office.
Your network contains a single Active Directory domain.
You install 25 Windows Server 2008 R2 member servers in the branch office.
You need to recommend a storage solution that meets the following requirements:
– Encrypts all data on the hard disks
– Allows the operating system to start only when the authorized user is present
What should you recommend?
A. Encrypting File System (EFS)
B. File Server Resource Manager (FSRM)
C. Windows BitLocker Drive Encryption (BitLocker)
D. Windows System Resource Manager (WSRM)
Answer: C
QUESTION 37
Your company plans to deploy eight file servers that run Windows Server 2008 R2.
All file servers will connect to Ethernet switches.
You need to plan a data storage solution that meets the following requirements:
– Allocates storage to the servers as needed
– Utilizes the existing network infrastructure
– Maximizes performance
– Maximizes fault tolerance
Which actions should you include in your plan?
A. Install Windows Server 2008 R2 Datacenter on each server.
Deploy the servers in a failover cluster.
Deploy an iSCSI storage area network (SAN).
B. Install Windows Server 2008 R2 Standard on each server.
Deploy the servers in a Network Load Balancing (NLB) cluster.
Implement RAID?5 on each server.
C. Install Windows Server 2008 R2 Enterprise on each server.
Deploy the servers in a failover cluster.
Deploy a Fibre Channel (FC) storage area network (SAN).
D. Install Windows Server 2008 R2 Enterprise on each server.
Deploy the servers in a Network Load Balancing (NLB) cluster.
Map a network drive on each server to an external storage array.
Answer: A
Explanation:
DataCenter has Failover Cluster and of course a SAN with ISCSI will utilize the existing network topology.
QUESTION 38
You plan to deploy a distributed database application that runs on multiple Windows Server 2008 R2 servers.
You need to design a storage strategy that meets the following requirements:
– Allocates storage to servers as required
– Uses the existing network infrastructure
– Uses standard Windows management tools
– Ensures that data is available if a single disk fails
What should you include in your design?
A. An iSCSI disk storage subsystem that supports Microsoft Multipath I/O.
Configure the storage subsystem as a RAID?0 array.
B. An iSCSI disk storage subsystem that supports Virtual Disk Service (VDS).
Configure the storage subsystem as a RAID?5 array.
C. A Fibre Channel (FC) disk storage subsystem that supports Microsoft Multipath I/O.
Configure the storage subsystem as a RAID?0 array.
D. A Fibre Channel (FC) disk storage subsystem that supports the Virtual Disk Service (VDS).
Configure the storage subsystem as a RAID?5 array.
Answer: B
QUESTION 39
You plan to deploy a distributed database application that runs on Windows Server 2008 R2.
You need to design a storage strategy that meets the following requirements:
– Allocates storage to servers as required
– Isolates storage traffic from the existing network
– Ensures that data is available if a single disk fails
– Ensures that data is available if a single storage controller fails
What should you include in your design?
A. An iSCSI disk storage subsystem that uses Microsoft Multipath I/O.
Configure a RAID 0 array.
B. An iSCSI disk storage subsystem that uses Virtual Disk Service (VDS).
Configure a RAID 5 array.
C. A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O.
Configure a RAID 5
D. A Fibre Channel (FC) disk storage subsystem that uses Virtual Disk Service (VDS).
Configure a RAID 0 array.
Answer: C
QUESTION 40
Your company has a main office and a branch office.
Your network contains a single Active Directory domain.
The functional level of the domain is Windows Server 2008 R2.
An Active Directory site exists for each office.
All servers run Windows Server 2008 R2.
You plan to deploy file servers in each office.
You need to design a file sharing strategy to meet the following requirements:
– Users in both offices must be able to access the same files.
– Users in both offices must use the same Universal Naming Convention (UNC) path to access files.
– The design must reduce the amount of bandwidth used to access files.
– Users must be able to access files even if a server fails.
What should you include in your design?
A. A standalone DFS namespace that uses replication.
B. A domainbased DFS namespace that uses replication.
C. A multisite failover cluster that contains a server located in the main office and another
server located in the branch office.
D. A Network Load Balancing cluster that contains a server located in the main office and
another server located in the branch office.
Answer: B
Explanation:
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration:
Domain-Based Namespaces
You can create domain-based namespaces on one or more member servers or DCs in the same domain.
Metadata for a domain-based namespaces is stored by AD DS. Each server must contain an NTFS volume to host the namespace. Multiple namespace servers increase the availability of the namespace and ensure failover protection. A domain-based namespace cannot be a clustered resource in a failover cluster. However, you can locate the namespace on a server that is also a node in a failover cluster provided that you configure the namespace to use only local resources on that server. A domain-based namespace in Windows Server 2008 mode supports access-based enumeration. Windows Server 2008 mode is discussed later in this lesson.
You choose a domain-based namespace if you want to use multiple namespace servers to ensure the availability of the namespace, or if you want to make the name of the namespace server invisible to users.
When users do not need to know the UNC path to a namespace folder it is easier to replace the namespace server or migrate the namespace to another server.
If, for example, a stand-alone namespace called \\Glasgow\Books needed to be transferred to a server called Brisbane, it would become \\Brisbane\Books. However, if it were a domain-based namespace (assuming Brisbane and Glasgow are both in the Contoso.internal domain), it would be \\Contoso.internal\Books no matter which server hosted it, and it could be transferred from one server to the other without this transfer being apparent to the user, who would continue to use \\Contoso.internal\Books to access it.
100% 70-646 Complete Success & Money Back Guarantee!
By utilizing Braindump2go high quality Microsoft 70-646 Exam Dumps Products, You can surely pass 70-646 certification 100%! Braindump2go also offers 100% money back guarantee to individuals in case they fail to pass Microsoft 70-646 in one attempt.
FREE DOWNLOAD: NEW UPDATED 70-646 PDF Dumps & 70-646 VCE Dumps from Braindump2go: http://www.braindump2go.com/70-646.html (283 Q&As)