[PDF and VCE] Format Version for Free CertBus Microsoft 70-647 Dumps With Exam Questions Download

As a leading IT exam study material provider, CertBus not only provides you the 70-647 exam questions and answers but also the most comprehensive knowledge of the whole 70-647 Windows Server 2008,Enterprise Administrator certifications. We provide our users with the most accurate 70-647 Windows Server 2008,Enterprise Administrator study material about the 70-647 exam and the guarantee of pass. We assist you to get well prepared for 70-647 certification which is regarded valuable the IT sector.

We CertBus has our own expert team. They selected and published the latest 70-647 preparation materials from Microsoft Official Exam-Center: http://www.certbus.com/70-647.html

QUESTION NO:11

Your network consists of one Active Directory domain. All domain controllers run Windows Server

2008. You need to prepare the environment to provide a high-availability solution for a back-end

Microsoft SQL Server 2005 data store. What should you do?

A. Install a Windows Server 2003 Network Load Balancing cluster.

B. Install a Windows Server 2008 Network Load Balancing cluster.

C. Install a Windows Server 2008 failover cluster that has shared storage.

D. Install a Windows Server 2008 failover cluster that has direct attached storage.

Answer: C

Explanation:

To ensure the high availability of the data store, you need to use Windows Server 2008 failover

cluster having a shared storage. Failover clustering can help you build redundancy into your network

and eliminate single points of failure. Administrators have better control and can achieve better

performance with storage than was possible in previous releases. Failover clusters now support

GUID partition table (GPT) disks that can have capacities of larger than 2 terabytes, for increased

disk size and robustness. Administrators can now modify resource dependencies while resources are

online, which means they can make an additional disk available without interrupting access to the

application that will use it. And administrators can run tools in Maintenance Mode to check, fix, back

up, or restore disks more easily and with less disruption to the cluster. You should not use Network

Load Balancing (NLB) because it only allows you to distribute TCP/IP requests to multiple systems in

order to optimize resource utilization, decrease computing time, and ensure system availability.

Reference: High Availability

http://www.microsoft.com/windowsserver2008/en/us/high-availability.aspx


QUESTION NO:7

Your network consists of one Active Directory domain. The functional level of the forest is Windows

Server 2003. All domain controllers run Windows Server 2003. The relevant portion of the network is

configured as shown in the exhibit. (Click the Exhibit button.)

The Bridge all site links option is enabled.

You need to ensure that domain controllers in the spoke sites can replicate with domain controllers

in only the hub sites. The solution must ensure that domain controllers can replicate if a server fails

in one of the hub sites.

What should you do?

A. Lower the site link costs between the spoke sites and the hub sites.

B. Disable the Bridge all site links option. Create site link bridges that include the site links between

each spoke site and the hub sites.

C. Disable the Bridge all site links option. Install a writable domain controller that runs Windows

Server 2008 in each hub site.

D. Enable the global catalog server attribute for all domain controllers in the hub sites. Upgrade all

domain controllers in the spoke sites to Windows Server 2008.

Answer: B

Explanation:

By default, all site links are bridged so that all the sites that are not connected by an explicit site link

can communicate directly, through a chain of intermediary site links and sites. However, if you want

to ensure that domain controllers in the spoke sites do not replicate with other spoke sites when a

server fails in one of the hub sites, you need to disable the Bridge all site links option. You need to

then create site link bridges to create the site links between each spoke site and the hub sites to

ensure that domain controllers in the spoke sites can replicate with domain controllers in the hub

sites.

Reference: Configuring site link bridges

http://technet2.microsoft.com/windowsserver/en/library/b42bb443-c5cd-4539-8dfa-

917dbddb087a1033.mspx?mfr=true


QUESTION NO:36

Your network consists of one Active Directory domain that contains domain controllers that run

Windows Server 2008. The intranet site contains confidential documents. You need to design an

identity and access management policy for the documents to meet the following requirements:

Record each time a document is accessed.

Protect confidential documents on the intranet site.

Place a time limit on access to documents, including documents sent outside the organization.

What should you include in your design?

A. On a domain controller, install and configure Active Directory Federation Services (AD FS).

B. On a domain controller, install and configure Active Directory Rights Management Services (AD

RMS).

C. On all servers in the domain, ensure that the data volumes are configured to use NTFS file system

and Encrypting File System (EFS).

D. On all servers in the domain, ensure that the data volumes are configured to use NTFS file system

and Windows BitLocker Drive Encryption (BitLocker).

Answer: B

Explanation:

To place a time limit on access to documents and the documents that are sent outside the

organization and record each time a document is accessed, you need to use Active Directory Rights

Management Services (AD RMS). AD RMS helps you to prevent sensitive information


QUESTION NO:2

Your network contains servers that run Windows Server 2008 R2 and client computers that run

Windows 7. All network routers support IPsec connections. Client computers and servers use IPsec

to connect through network routers. You have two servers named Server1 and Server2. Server1 has

Active Directory Certificate Services (AD CS) installed and is configured as a certification authority

(CA). Server2 runs Internet Information Services (IIS).

You need to recommend a certificate solution for the network routers. The solution must meet the

following requirements:

. Use the Simple Certificate Enrollment Protocol (SCEP).

. Enable the routers to automatically request certificates.

What should you recommend implementing?

A. certification authority Web enrollment services on Server2

B. Network Device Enrollment Service on Server2

C. Online Responder service on Server1

D. subordinate CA on Server1

Answer: B

Explanation:

To recommend a certificate solution for the network routers that would enable the routers to

automatically request certificates and that would use Simple Certificate Enrollment Protocol (SCEP),

you need to implement Network Device Enrollment Service on Server2. The Network Device

Enrollment Service allows routers and other network devices to obtain certificates based on the

Simple Certificate Enrollment Protocol (SCEP) from Cisco Systems Inc.

Reference: Windows Server Active Directory Certificate Services Step-by-Step Guide/ AD CS

Technology Review

http://technet2.microsoft.com/windowsserver2008/en/library/f7dfccc0-4f65-4d6f-a801-

ae6a87fd174c1033.mspx?mfr=true


QUESTION NO:37

Your company named Contoso, Ltd. and another company named Fabrikam, Inc. establish a

partnership. The Contoso network consists of one Active Directory forest named contoso.com. The

Fabrikam network consists of one Active Directory forest named fabrikam.com. Users from

contoso.com plan to share files with users from fabrikam.com. You need to prepare the

environment so that users from contoso.com can protect confidential files from being copied or

forwarded to unauthorized users. What should you do?

A. Create a one-way forest trust from Contoso. Set the NTFS permissions to read-only for all

confidential files.

B. Create a one-way forest trust from Fabrikam. Set the NTFS permissions to read-only for all

confidential files.

C. Deploy Active Directory Federation Services (AD FS). Deploy Active Directory Rights Management

Services (AD RMS).

D. Deploy Active Directory Federation Services (AD FS). Publish the files by using Microsoft Windows

SharePoint Services (WSS).

Answer: C

Explanation:

To prepare an environment for the users of contoso.com so that the users from Contoso.com can

protect their confidential files from being accessed by unauthorized users while they share their

files, you need to deploy Active Directory Federation Services (AD FS) and Active Directory Rights

Management Services (AD RMS) on the Contoso.com network You can use Active Directory

Federation Services (ADFS) to enable efficient and secure online transactions between Partner

organizations that are joined by federation trust relationships. AD RMS helps you to prevent

sensitive information


QUESTION NO:27

Your Company has one main office and 100 branch offices. The network consists of one Active

Directory domain. All domain controllers run Windows Server 2008 R2. The wide area network

(WAN) links from the branch offices to the main office are unreliable. A local administrator manages

each branch office. Your company plans to add a new branch office. You create a new organizational

unit (OU) that contains all the computer accounts for the new branch office. You configure a server

in the main office to test all new software updates. You install Microsoft Windows Server Update

Services (WSUS) 3.0. You need to implement an update management solution for the new branch

office to meet the following requirements:

. Only approved updates must be installed in the branch office.

. Client computers must be able to download updates if a WAN link fails.

. Each branch office administrator must be able to approve updates before installation.

What should you do?

A. In each branch office, install a WSUS 3.0 server as a replica server and configure it to download

updates from the main office. Configure all computers to receive updates from their local WSUS

server.

B. In each branch office, install a WSUS 3.0 server as a child server and configure it to download

updates from Microsoft Update. Configure all computers to receive updates from their local WSUS

server.

C. In the main office, install a WSUS 3.0 server as a child server and configure it to download updates

from Microsoft Update. Configure all computers to receive updates from the new WSUS server.

D. In the main office, install and configure a WSUS 3.0 server as a stand-alone server and configure it

to download updates from Microsoft Update. Configure all computers to receive updates from the

new WSUS server.

Answer: B

Explanation:

To ensure that only the approved updates by the head office are allowed to be installed in the new

branch office and to ensure that each branch office administrator must be able to approve the

updates before their installation, you need to install a WSUS 3.0 server as a child server in each

branch office. A child server can be configured as a replica or as an autonomous server. You should

not install/configure replica server because you don


QUESTION NO:41

Your network consists of one Active Directory domain. Your company has an intranet. You deploy

Terminal Services terminal servers that run Windows Server 2008. You plan to make applications

available to users on the intranet. You need to recommend a solution to ensure that each user

session receives an equal share of the CPU resources on the terminal servers. What should you

recommend?

A. Install and configure the Network Load Balancing feature on all terminal servers.

B. Install and configure the Terminal Services server role with the Terminal Services Session Broker

(TS Session Broker) services role on all terminal servers.

C. Install the Windows System Resource Manager (WSRM) feature on all terminal servers. Set the

resource-allocation policy.

D. Install the Network Policy and Access Services (NPAS) server role on another server. Define and

apply a new policy by using Network Policy Server (NPS).

Answer: C

Explanation:

To ensure that each user session receives an equal share of the CPU resources on the terminal

servers, you need to install the Windows System Resource Manager (WSRM) feature on all terminal

servers and configure a resource-allocation policy. Windows System Resource Manager (WSRM) on

Windows Server 2008 allows you to control how CPU and memory resources are allocated to

applications, services, and processes on the computer. WSRM uses resource-allocation policies to

determine how computer resources, such as CPU and memory, are allocated to processes running

on the computer. Network Load Balancing and TS Session Load Balancing allows you to balance

client requests and use sessions load but not allow you to control the CPU and memory resources

allocated to applications on a Terminal server. Network Policy Server allows you to configure health

policies for network access and therefore cannot be used here.

Reference: Terminal Services and Windows System Resource Manager

http://technet2.microsoft.com/windowsserver2008/en/library/36edff58-463f-466e-9c9bcd7b82422d3c1033.

mspx?mfr=true


QUESTION NO:50

Your network contains one Active Directory forest that has a root domain and three child domains.

All domain controllers run Windows Server 2003 Service Pack 1 (SP1). Each domain has a different

password policy. The domain is configured as shown in the exhibit. (Click the Exhibit button.)

You plan to reduce the number of domains in the forest. You need to plan the restructuring of the

forest to meet the following requirements:

Maintain all existing password policies.

Maintain all existing user account attributes.

What should you include in your plan?

A. Upgrade all domains to Windows Server 2008. Redirect the users container in the root domain by

using the redirusr.exe tool, and then remove the child domains. Enable fine-grained password

policies.

B. Upgrade all domains to Windows Server 2008 and enable SID history. Move all user accounts from

the child domains to the root domain by using the movetree.exe tool, and then remove the child

domains.

C. Upgrade the forest root domain to Windows Server 2008. Use the Active Directory Migration Tool

(ADMT) to migrate user accounts that contain SID history from the child domains to the forest root

domain. Remove the child domains.

D. Upgrade the forest root domain to Windows Server 2008. Use the Active Directory Migration Tool

(ADMT) to migrate user accounts from the child domains to the forest root domain, and then

remove the child domains. Enable fine-grained password policies.

Answer: D

Explanation:

To reduce the number of domains from the forest without loosing existing user account attributes

and existing password policies, you need to Use the Active Directory Migration Tool (ADMT) to

migrate user accounts that contain SID history from the child domains to the forest root domain.

Remove the child domains

SID history enables you to maintain user access to resources during the process of restructuring

Active Directory domains. When you migrate an object to another domain, the object is assigned a

new SID. Because you assign permissions to objects based on SIDs, when the SID changes, the user

loses access to that resource until you can reassign permissions. When you use ADMT to migrate

objects between domains, the SID history is automatically retained. In this way, the SID from the

source domain remains as an attribute of the object after the object is migrated to the target

domain.

Enable fine-grained password policies to keep existing password policies.

Reference: Restructuring Active Directory Domains Within a Forest SID History

http://209.85.175.104/search?q=cache:IIJntFlGlVcJ:download.microsoft.com/download/5/2/f/52f23

d76-7d56-44d6-ad25-

a95bf0be5516/15_CHAPTER_12_Restructuring_Active_Directory_Domains_Within_a_Forest.doc re

duce the number of domains ADMTandhl=enandct=clnkandcd=10andgl=in


QUESTION NO:12

Your company has one main office and 10 branch offices. The network consists of one Active

Directory domain. All domain controllers run Windows Server 2008 and are located in the main

office. You plan to deploy one Windows Server 2008 domain controller in each branch office. You

need to recommend a security solution for the branch office domain controllers. The solution must

prevent unauthorized users from copying the Active Directory database from a branch office domain

controller by starting the server from an alternate startup disk. What should you recommend on

each branch office domain controller?

A. Enable the secure server IPsec policy.

B. Enable the read-only domain controller (RODC) option.

C. Enable Windows BitLocker Drive Encryption (BitLocker).

D. Enable an Encrypting File System (EFS) encryption on the %Systemroot%\NTDS folder.

Answer: C

Explanation:

To configure domain controller of each branch office to ensure to no unauthorized user should be

allowed to copy the Active Directory database from a branch office domain controller by starting the

server from an alternate startup disk, you need to use Windows BitLocker Drive Encryption

(BitLocker)

BitLocker allows you to encrypt all data stored on the Windows operating system volume and use

the security of using a Trusted Platform Module (TPM) that helps protect user data and to ensure

that a computer running Windows Vista or Server 2008 have not been tampered with while the

system was offline. In addition, BitLocker offers the option to lock the normal startup process until

the user supplies a personal identification number (PIN) or inserts a removable USB device, such as a

flash drive, that contains a startup key. This process will ensure that all the users can access all files

on the servers if they have the PIN. You cannot use an alternate startup disk to boot the disk.

Reference: BitLocker Drive Encryption Technical Overview

http://technet2.microsoft.com/windowsserver2008/en/library/a2ba17e6-153b-4269-bc46-

6866df4b253c1033.mspx?mfr=true


QUESTION NO:43

Your network consists of two Active Directory forests. The Active Directory forests are configured as

shown in the following table. (Click the Exhibit)

The contoso.com and fabrikam.com domains each contain one server that runs Active Directory

Federation Services (AD FS). Users in the company1.contoso.com domain require access to an

application server in the company2.fabrikam.com domain. The application server is configured to

allow only Kerberos authentication. You need to ensure that users in the company1.contoso.com

domain can access the application server in the company2.fabrikam.com domain. What should you

do first?

A. Create a forest trust between the contoso.com forest and the fabrikam.com forest.

B. Create an external trust between the contoso.com domain and the fabrikam.com domain.

C. Create an AD FS federation trust between the contoso.com forest and the fabrikam.com forest.

D. Create an external trust between the company1.contoso.com domain and the

company2.fabrikam.com domain.

Answer: A


CertBus exam braindumps are pass guaranteed. We guarantee your pass for the 70-647 exam successfully with our Microsoft materials. CertBus Windows Server 2008,Enterprise Administrator exam PDF and VCE are the latest and most accurate. We have the best Microsoft in our team to make sure CertBus Windows Server 2008,Enterprise Administrator exam questions and answers are the most valid. CertBus exam Windows Server 2008,Enterprise Administrator exam dumps will help you to be the Microsoft specialist, clear your 70-647 exam and get the final success.

70-647 Latest questions and answers on Google Drive(100% Free Download): https://drive.google.com/file/d/0B_3QX8HGRR1mSl9Pd3J1Nm8wYlk/view?usp=sharing

70-647 Microsoft exam dumps (100% Pass Guaranteed) from CertBus: http://www.certbus.com/70-647.html [100% Exam Pass Guaranteed]

Why select/choose CertBus?

Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.

Brand Certbus Testking Pass4sure Actualtests Others
Price $45.99 $124.99 $125.99 $189 $69.99-99.99
Up-to-Date Dumps
Free 365 Days Update
Real Questions
Printable PDF
Test Engine
One Time Purchase
Instant Download
Unlimited Install
100% Pass Guarantee
100% Money Back
Secure Payment
Privacy Protection