[Newest Version] Free CertBus Microsoft 70-647 PDF and Exam Questions Download 100% Pass Exam

Which certification is the most popular and worthy to get? No doubt the 70-647 Windows Server 2008,Enterprise Administrator exam is a worth challenging task but you should take among all the IT certifications . CertBus is providing the latest version of 70-647 PDF and VCE dumps now. Comprehensive understanding on 70-647 Windows Server 2008,Enterprise Administrator exam syllabus through CertBus 100% pass guarantee of the success on your 70-647 Windows Server 2008,Enterprise Administrator exam taking.

We CertBus has our own expert team. They selected and published the latest 70-647 preparation materials from Microsoft Official Exam-Center: http://www.certbus.com/70-647.html

QUESTION NO:3

Your network consists of one Active Directory domain. Your company uses a firewall to connect to

the Internet. Inbound TCP/IP port 443 is allowed on the firewall. You have terminal servers on the

internal network. You have one server on the internal network that has Terminal Services Gateway

(TS Gateway) deployed. All servers run Windows Server 2008. You need to recommend a solution

that enables remote users to access network resources by using TS Gateway. What should you

recommend?

A. Change the firewall rules to permit traffic through port 3389 from the Internet.

B. Install the Terminal Services server role with the Terminal Services Web Access (TS Web Access)

services role.

C. Install the Terminal Services server role with the Terminal Services Session Broker (TS Session

Broker) services role.

D. Create a Terminal Services connection authorization policy (TS CAP) and a Terminal Services

resource authorization policy (TS RAP).

Answer: D

Explanation:

To implement a solution that enables remote users to access network resources by using TS

Gateway, you need to create a Terminal Services connection authorization policy (TS CAP) and a

Terminal Services resource authorization policy (TS RAP). TS CAPs allow you to specify who can

connect to a TS Gateway server. Users are granted access to a TS Gateway server if they meet the

conditions specified in the TS CAP. You must also create a Terminal Services resource authorization

policy (TS RAP). A TS RAP allows you to specify the internal network resources that users can connect

to through TS Gateway. Until you create both a TS CAP and a TS RAP, users cannot connect to

internal network resources through this TS Gateway server.

Reference: Terminal Services Gateway (TS Gateway) / Why are TS CAPs important?

http://technet2.microsoft.com/windowsserver2008/en/library/9da3742f-699d-4476-b050-

c50aa14aaf081033.mspx?mfr=true

QUESTION NO:29

Your network consists of one Active Directory domain and one IP subnet. All servers run Windows

Server 2008 R2. All client computers run Windows 7. The servers are configured as shown in the

following table. (Click the Exhibit)

All network switches used for client connections are unmanaged. Some users connect to the local

area network (LAN) from client computers that are joined to a workgroup. Some client computers do

not have the latest Microsoft updates installed. You need to recommend a Network Access

Protection (NAP) solution to protect the network. The solution must meet the following

requirements:

. Only computers that are joined to the domain must be able to connect to servers in the domain.

. Only computers that have the latest Microsoft updates installed must be able to connect to servers

in the domain.

Which NAP enforcement method should you use?

A. 802.1 x

B. DHCP

C. IPsec

D. virtual private network (VPN)

Answer: C

Explanation:

To ensure that only the computers that have the latest Microsoft updates installed must be able to

connect to servers in the domain and only the computers that are joined to the domain must be able

to connect to servers in the domain, you need to use IPSec NAP enforcement method. IPsec domain

and server isolation methods are used to prevent unmanaged computers from accessing network

resources. This method enforces health policies when a client computer attempts to communicate

with another computer using IPsec.

Reference: Protecting a Network from Unmanaged Clients / Solutions

http://www.microsoft.com/technet/security/midsizebusiness/topics/serversecurity/unmanagedclie

nts.mspx

Reference: Network Access Protection (NAP) Deployment Planning / Choosing Enforcement

Methods

http://blogs.technet.com/nap/archive/2007/07/28/network-access-protection-deploymentplanning.

aspx

QUESTION NO:31

Your company has one office in Montreal and one office in New York. Each office has 2,000 client

computers configured as DHCP clients. DHCP relay is not supported on the network routers. The

network consists of one Active Directory domain. You need to recommend a DHCP addressing

solution for both offices. The solution must meet the following requirements:

Minimize traffic between offices.

Be available if a single server fails.

What should you recommend?

A. In each office, install a DHCP server that has two scopes.

B. In each office, install a DHCP instance on a two node failover cluster.

C. In the Montreal office, install a DHCP server. In the New York office, install a DHCP Relay Agent.

D. In the Montreal office, install a DHCP instance on a two node failover cluster. In the New York

office, install a DHCP Relay Agent.

Answer: B

Explanation:

To configure a DHCP addressing solution for both the offices that would minimize the traffic

between the offices and is available in case any one of the DHCP server fails, you need to install a

DHCP instance on a two node failover cluster in each office, the head office and the branch office.

The two node failover cluster in each office will ensure that the DHCP server is always available even

if one of the DHCP servers fails. Because DHCP relay is not supported on the network, both the

offices need to have a separate DHCP failover clustering solution. Having two scopes of DHCP servers

will not help because DHCP relay is not supported on the network. Installing a DHCP server and

DHCP Relay Agent in the branch office and installing a DHCP instance on a two node failover cluster

and in the branch office and a DHCP Relay Agent will not help because this solution would increase

the traffic between the offices in case any one of the DHCP server fails.

Reference: Step-by-Step Guide for Configuring Two-Node File Server Failover Cluster in Windows

Server 2008

http://209.85.175.104/search?q=cache:9usnEWIUtgJ:

download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea-

3fb9d1f37063/Step-by-Step%20Guide%20for%20Configuring%20a%20Two-

Node%20File%20Server%20Failover%20Cluster%20in%20Windows%20Server%2

02008.doc DHCP instance on a two node failover cluster server 2008andhl=enandct=clnkandcd=1andg

l=in

Reference: DHCP Relay Agent Overview

http://www.tech-faq.com/dhcp-relay-agent.shtml

QUESTION NO:16

Your network consists of one Active Directory forest that contains four Active Directory domains

named Sales, Marketing, Finance, and IT. The Finance domain contains a domain controller that runs

Windows Server 2008. The Sales, Marketing, and IT domains contain only domain controllers that

run Windows Server 2003. You need to prepare the environment for the deployment of a read-only

domain controller (RODC) in the Finance domain and in the IT domain. You must ensure that the

RODC can advertise itself as a global catalog server. Which two actions should you perform? (Each

correct answer presents part of the solution. Choose two.)

A. Upgrade all DNS servers to Windows Server 2008.

B. Run adprep /domainprep on the Sales, Marketing, and IT domains.

C. Install a Windows Server 2008 writable domain controller in the IT domain.

D. Configure the Windows Server 2008 domain controller in the finance domain as a global catalog

server.

Answer: B, C

Explanation:

To deploy the read-only domain controller (RODC) in the Development domain and in the HR

domain, you need to run adprep /domainprep on the Sales, Marketing, and HR domains to prepare

your infrastructure to upgrade. Because this domain controller is the first Windows Server 2008

domain controller in Windows Server 2003 domains, you must prepare the domains by running

adprep /domainprep on the infrastructure master. Before you deploy the read-only domain

controller (RODC) in the HR domain, you need to first install a Windows Server 2008 writable domain

controller in the HR domain because the first Windows Server 2008 domain controller in an existing

Windows Server 2003 domain cannot be created as an RODC. After a Windows Server 2008 domain

controller exists in the domain, additional Windows Server 2008 domain controllers can be created

as RODCs.

Reference: Scenarios for Installing AD DS

http://207.46.196.114/windowsserver2008/en/library/708da9f7-aaad-4fa1-bccb-

76ea8569da501033.mspx?mfr=true

QUESTION NO:21

Your network consists of one Active Directory domain. The functional level of the domain is

Windows Server 2008. The domain has 30 domain controllers. Twenty administrators manage the

domain. You plan to implement an audit and compliance policy. You need to ensure that all changes

made to Active Directory objects are recorded. What should you do?

A. On all domain controllers, run the Security Configuration Wizard (SCW).

B. In the Default Domain Controller Policy, configure a Directory Services Auditing policy.

C. In the Default Domain Controller Policy, configure and implement a file-level audit policy for the

SYSVOL volume.

D. Create a Group Policy object (GPO) linked to the Domain Controllers OU. Configure the GPO to

install the Microsoft Baseline Security Analyzer (MBSA).

Answer: B

Explanation:

To implement an audit and compliance policy and ensure that all changes made to Active Directory

objects are recorded, you need to configure a Directory Services Auditing policy in the Default

Domain Controller Policy. In Windows Server 2008, you can enable Audit Directory Service Access

policy to log events in the Security event log whenever certain operations are performed on objects

stored in Active Directory. Enabling the global audit policy, Audit directory service access, enables all

directory service policy subcategories. You can set this global audit policy in the Default Domain

Controllers Group Policy (under Security Settings\Local Policies\Audit Policy).

Reference: Windows Server 2008 Auditing AD DS Changes Step-by-Step Guide

http://technet2.microsoft.com/windowsserver2008/en/library/a9c25483-89e2-4202-881cea8e02b4b2a51033.

mspx?mfr=true

QUESTION NO:36

Your network consists of one Active Directory domain that contains domain controllers that run

Windows Server 2008. The intranet site contains confidential documents. You need to design an

identity and access management policy for the documents to meet the following requirements:

Record each time a document is accessed.

Protect confidential documents on the intranet site.

Place a time limit on access to documents, including documents sent outside the organization.

What should you include in your design?

A. On a domain controller, install and configure Active Directory Federation Services (AD FS).

B. On a domain controller, install and configure Active Directory Rights Management Services (AD

RMS).

C. On all servers in the domain, ensure that the data volumes are configured to use NTFS file system

and Encrypting File System (EFS).

D. On all servers in the domain, ensure that the data volumes are configured to use NTFS file system

and Windows BitLocker Drive Encryption (BitLocker).

Answer: B

Explanation:

To place a time limit on access to documents and the documents that are sent outside the

organization and record each time a document is accessed, you need to use Active Directory Rights

Management Services (AD RMS). AD RMS helps you to prevent sensitive information

QUESTION NO:10

Your network consists of one Active Directory domain. The network contains one Active Directory

site. All domain controllers run Windows Server 2008. You create a second Active Directory site and

plan to install a domain controller that runs Windows Server 2008 in the new site. You also plan to

deploy a new firewall to connect the two sites. You need to enable the domain controllers to

replicate between the two sites. Which traffic should you permit through the firewall?

A. LDAP

B. NetBIOS

C. RPC

D. SMTP

Answer: C

Explanation:

You should permit RPC traffic through the firewall to enable the domain controllers to replicate

between the two sites because the Active Directory relies on remote procedure call (RPC) for

replication between domain controllers. You can open the firewall wide to permit RPC\’s native

dynamic behavior.

Reference: Active Directory Replication over Firewalls

http://technet.microsoft.com/en-us/library/bb727063.aspx

QUESTION NO:28

Your company has one main office and eight branch offices. Each branch office has one server and

20 client computers. The network consists of one Active Directory domain. All main office domain

controllers run Windows Server 2008. All branch office servers are configured as domain controllers

and run Windows Server 2003 Service Pack 1 (SP1). You need to implement a security solution for

the branch offices to meet the following requirements:

The number of user passwords stored on branch office domain controllers must be minimized.

All files stored on the branch office domain controller must be protected in the event of an offline

attack. What should you do?

A. Upgrade branch office domain controllers to Windows Server 2008. Enable Windows BitLocker

Drive Encryption (BitLocker).

B. Replace branch office domain controllers with Windows Server 2008 read-only domain controllers

(RODCs).Enable Windows BitLocker Drive Encryption (BitLocker).

C. Replace branch office domain controllers with Windows Server 2008 read-only domain controllers

(RODCs).Enable Encrypting File System (EFS) for all server drives.

D. Add the branch office domain controller computer accounts to the read-only domain controllers

(RODCs) group. Enable Encrypting File System (EFS) for all server drives.

Answer: B

Explanation:

To ensure that only minimum numbers of user passwords are stored on the branch office domain

controllers, you need to replace branch office domain controllers with Windows Server 2008 readonly

domain controllers (RODCs) because an RODC can be configured to store only the passwords of

specified users and computers. This limitation reduces the risks in case an RODC is compromised. To

ensure that all files stored on the domain controller must be protected from any kind of an offline

attack, you need to use Windows BitLocker Drive Encryption. BitLocker allows you to encrypt all data

stored on the Windows operating system volume and use the security of using a Trusted Platform

Module (TPM) that helps protect user data and to ensure that a computer running Windows Server

Vista or Server 2008 have not been tampered with while the system was offline.

Reference: Active Directory Enhancements in Windows Server 2008

http://windowsitpro.com/articles/print.cfm?articleid=98061

Reference: BitLocker Drive Encryption Technical Overview

http://technet2.microsoft.com/windowsserver2008/en/library/a2ba17e6-153b-4269-bc46-

6866df4b253c1033.mspx?mfr=true

QUESTION NO:40

Your network consists of one Active Directory forest that contains 20 domain trees. All DNS servers

run Windows Server 2008 R2. The network is configured as an IPv4 network. Users connect to

network applications in all domains by using a NetBIOS name. You plan to migrate to an IPv6-

enabled only network. You need to recommend a solution to migrate the network to IPv6. The

solution must not require any changes to client computers. What should you recommend?

A. On the DNS servers, configure GlobalNames zones.

B. On the DNS servers, add all domain zones to the ForestDNSZones partition.

C. On a new server, install and configure a Windows Server 2008 WINS server.

D. On a new server, install and configure a Windows Server 2003 WINS server.

Answer: A

Explanation:

To migrate the network from IPv4-enabled to an IPv6-enabled only network without affecting any

client computer, you need to configure GlobalNames zones on the DNS servers running Windows

Server 2008. To help customers migrate to DNS for all name resolution, the DNS Server role in

Windows Server 2008 supports a special GlobalNames Zone (also known as GNZ) feature. The client

and server name resolution depends on DNS. A DNS Client is able to resolve single-label names by

appending an appropriate list of suffixes to the name. The correct DNS suffix depends on the

domain membership of the client but can also be manually configured in the advanced TCP/IP

properties for the computer. The problem occurs managing a suffix search list when there are many

domains. For environments that require both many domains and single-label name resolution of

corporate server resources, GNZ provides a more scalable solution. GNZ is designed to enable the

resolution of the single-label, static, global names for servers using DNS. WINS cannot be used

because it does not support IPv6 protocols and both are entering legacy mode for Windows Server

2008. ForestDNSZones partition cannot help to migrate a IPv4-enabled network to an IPv6-enabled

only network

Reference: Understanding GlobalNames Zone in Windows Server 2008

http://www.petri.co.il/windows-DNS-globalnames-zone.htm

Reference: Using GlobalNames Zone in Windows Server 2008

http://www.petri.co.il/using-globalnames-zone-window-server-2008.htm

QUESTION NO:45

Your network consists of one Active Directory forest. All servers run Windows Server 2008 R2. You

plan to make multiple Web applications in the perimeter network accessible to external customers

and partner company users. You need to design an access solution to meet the following

requirements:

Provide authentication and authorization for the external customers and partner company users.

Enable single sign-on (SSO) authentication so that users can access multiple Web applications from a

single Web browser session.

What should you include in your design?

A. Deploy Network Policy and Access Services (NPAS).

B. Deploy Active Directory Rights Management Services (AD RMS).

C. Deploy Active Directory Lightweight Directory Services (AD LDS), and then deploy Active Directory

Federation Services (AD FS). \’

D. Deploy Active Directory Lightweight Directory Services (AD LDS), and then configure AD FS Web

Agents on Internet Information Server (IIS) 7.0.

Answer: C

To implement single sign-on (SSO) authentication so that users can access multiple Web applications

from a single Web browser session, you need to install Active Directory Federation Services (AD FS)

on your Windows Server 2008 Server. You also need Active Directory Lightweight Directory Services

(AD LDS) because AD FS requires at least one directory service: either Active Directory Domain

Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) to implement single

sign-on (SSO) authentication.

Reference: Windows Server 2008 Domain Services – Part 2: Active Directory Federation Services /

How AD FS works

http://www.windowsnetworking.com/articles_tutorials/Windows-Server-2008-Domain-Services-

Part2.html

CertBus exam braindumps are pass guaranteed. We guarantee your pass for the 70-647 exam successfully with our Microsoft materials. CertBus Windows Server 2008,Enterprise Administrator exam PDF and VCE are the latest and most accurate. We have the best Microsoft in our team to make sure CertBus Windows Server 2008,Enterprise Administrator exam questions and answers are the most valid. CertBus exam Windows Server 2008,Enterprise Administrator exam dumps will help you to be the Microsoft specialist, clear your 70-647 exam and get the final success.

70-647 Latest questions and answers on Google Drive(100% Free Download): https://drive.google.com/file/d/0B_3QX8HGRR1mSl9Pd3J1Nm8wYlk/view?usp=sharing

70-647 Microsoft exam dumps (100% Pass Guaranteed) from CertBus: http://www.certbus.com/70-647.html [100% Exam Pass Guaranteed]

Why select/choose CertBus?

Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.

Brand Certbus Testking Pass4sure Actualtests Others
Price $45.99 $124.99 $125.99 $189 $69.99-99.99
Up-to-Date Dumps
Free 365 Days Update
Real Questions
Printable PDF
Test Engine
One Time Purchase
Instant Download
Unlimited Install
100% Pass Guarantee
100% Money Back
Secure Payment
Privacy Protection