[PDF and VCE] Format Version for Free CertBus Microsoft 70-647 Dumps With Exam Questions Download
As a leading IT exam study material provider, CertBus not only provides you the 70-647 exam questions and answers but also the most comprehensive knowledge of the whole 70-647 Windows Server 2008,Enterprise Administrator certifications. We provide our users with the most accurate 70-647 Windows Server 2008,Enterprise Administrator study material about the 70-647 exam and the guarantee of pass. We assist you to get well prepared for 70-647 certification which is regarded valuable the IT sector.
We CertBus has our own expert team. They selected and published the latest 70-647 preparation materials from Microsoft Official Exam-Center: http://www.certgod.com/70-647.html
QUESTION NO:11
Your network consists of one Active Directory domain. All domain controllers run Windows Server
2008. You need to prepare the environment to provide a high-availability solution for a back-end
Microsoft SQL Server 2005 data store. What should you do?
A. Install a Windows Server 2003 Network Load Balancing cluster.
B. Install a Windows Server 2008 Network Load Balancing cluster.
C. Install a Windows Server 2008 failover cluster that has shared storage.
D. Install a Windows Server 2008 failover cluster that has direct attached storage.
Answer: C
Explanation:
To ensure the high availability of the data store, you need to use Windows Server 2008 failover
cluster having a shared storage. Failover clustering can help you build redundancy into your network
and eliminate single points of failure. Administrators have better control and can achieve better
performance with storage than was possible in previous releases. Failover clusters now support
GUID partition table (GPT) disks that can have capacities of larger than 2 terabytes, for increased
disk size and robustness. Administrators can now modify resource dependencies while resources are
online, which means they can make an additional disk available without interrupting access to the
application that will use it. And administrators can run tools in Maintenance Mode to check, fix, back
up, or restore disks more easily and with less disruption to the cluster. You should not use Network
Load Balancing (NLB) because it only allows you to distribute TCP/IP requests to multiple systems in
order to optimize resource utilization, decrease computing time, and ensure system availability.
Reference: High Availability
http://www.microsoft.com/windowsserver2008/en/us/high-availability.aspx
QUESTION NO:7
Your network consists of one Active Directory domain. The functional level of the forest is Windows
Server 2003. All domain controllers run Windows Server 2003. The relevant portion of the network is
configured as shown in the exhibit. (Click the Exhibit button.)
The Bridge all site links option is enabled.
You need to ensure that domain controllers in the spoke sites can replicate with domain controllers
in only the hub sites. The solution must ensure that domain controllers can replicate if a server fails
in one of the hub sites.
What should you do?
A. Lower the site link costs between the spoke sites and the hub sites.
B. Disable the Bridge all site links option. Create site link bridges that include the site links between
each spoke site and the hub sites.
C. Disable the Bridge all site links option. Install a writable domain controller that runs Windows
Server 2008 in each hub site.
D. Enable the global catalog server attribute for all domain controllers in the hub sites. Upgrade all
domain controllers in the spoke sites to Windows Server 2008.
Answer: B
Explanation:
By default, all site links are bridged so that all the sites that are not connected by an explicit site link
can communicate directly, through a chain of intermediary site links and sites. However, if you want
to ensure that domain controllers in the spoke sites do not replicate with other spoke sites when a
server fails in one of the hub sites, you need to disable the Bridge all site links option. You need to
then create site link bridges to create the site links between each spoke site and the hub sites to
ensure that domain controllers in the spoke sites can replicate with domain controllers in the hub
sites.
Reference: Configuring site link bridges
http://technet2.microsoft.com/windowsserver/en/library/b42bb443-c5cd-4539-8dfa-
917dbddb087a1033.mspx?mfr=true
QUESTION NO:36
Your network consists of one Active Directory domain that contains domain controllers that run
Windows Server 2008. The intranet site contains confidential documents. You need to design an
identity and access management policy for the documents to meet the following requirements:
Record each time a document is accessed.
Protect confidential documents on the intranet site.
Place a time limit on access to documents, including documents sent outside the organization.
What should you include in your design?
A. On a domain controller, install and configure Active Directory Federation Services (AD FS).
B. On a domain controller, install and configure Active Directory Rights Management Services (AD
RMS).
C. On all servers in the domain, ensure that the data volumes are configured to use NTFS file system
and Encrypting File System (EFS).
D. On all servers in the domain, ensure that the data volumes are configured to use NTFS file system
and Windows BitLocker Drive Encryption (BitLocker).
Answer: B
Explanation:
To place a time limit on access to documents and the documents that are sent outside the
organization and record each time a document is accessed, you need to use Active Directory Rights
Management Services (AD RMS). AD RMS helps you to prevent sensitive information
QUESTION NO:2
Your network contains servers that run Windows Server 2008 R2 and client computers that run
Windows 7. All network routers support IPsec connections. Client computers and servers use IPsec
to connect through network routers. You have two servers named Server1 and Server2. Server1 has
Active Directory Certificate Services (AD CS) installed and is configured as a certification authority
(CA). Server2 runs Internet Information Services (IIS).
You need to recommend a certificate solution for the network routers. The solution must meet the
following requirements:
. Use the Simple Certificate Enrollment Protocol (SCEP).
. Enable the routers to automatically request certificates.
What should you recommend implementing?
A. certification authority Web enrollment services on Server2
B. Network Device Enrollment Service on Server2
C. Online Responder service on Server1
D. subordinate CA on Server1
Answer: B
Explanation:
To recommend a certificate solution for the network routers that would enable the routers to
automatically request certificates and that would use Simple Certificate Enrollment Protocol (SCEP),
you need to implement Network Device Enrollment Service on Server2. The Network Device
Enrollment Service allows routers and other network devices to obtain certificates based on the
Simple Certificate Enrollment Protocol (SCEP) from Cisco Systems Inc.
Reference: Windows Server Active Directory Certificate Services Step-by-Step Guide/ AD CS
Technology Review
http://technet2.microsoft.com/windowsserver2008/en/library/f7dfccc0-4f65-4d6f-a801-
ae6a87fd174c1033.mspx?mfr=true
QUESTION NO:37
Your company named Contoso, Ltd. and another company named Fabrikam, Inc. establish a
partnership. The Contoso network consists of one Active Directory forest named contoso.com. The
Fabrikam network consists of one Active Directory forest named fabrikam.com. Users from
contoso.com plan to share files with users from fabrikam.com. You need to prepare the
environment so that users from contoso.com can protect confidential files from being copied or
forwarded to unauthorized users. What should you do?
A. Create a one-way forest trust from Contoso. Set the NTFS permissions to read-only for all
confidential files.
B. Create a one-way forest trust from Fabrikam. Set the NTFS permissions to read-only for all
confidential files.
C. Deploy Active Directory Federation Services (AD FS). Deploy Active Directory Rights Management
Services (AD RMS).
D. Deploy Active Directory Federation Services (AD FS). Publish the files by using Microsoft Windows
SharePoint Services (WSS).
Answer: C
Explanation:
To prepare an environment for the users of contoso.com so that the users from Contoso.com can
protect their confidential files from being accessed by unauthorized users while they share their
files, you need to deploy Active Directory Federation Services (AD FS) and Active Directory Rights
Management Services (AD RMS) on the Contoso.com network You can use Active Directory
Federation Services (ADFS) to enable efficient and secure online transactions between Partner
organizations that are joined by federation trust relationships. AD RMS helps you to prevent
sensitive information
QUESTION NO:27
Your Company has one main office and 100 branch offices. The network consists of one Active
Directory domain. All domain controllers run Windows Server 2008 R2. The wide area network
(WAN) links from the branch offices to the main office are unreliable. A local administrator manages
each branch office. Your company plans to add a new branch office. You create a new organizational
unit (OU) that contains all the computer accounts for the new branch office. You configure a server
in the main office to test all new software updates. You install Microsoft Windows Server Update
Services (WSUS) 3.0. You need to implement an update management solution for the new branch
office to meet the following requirements:
. Only approved updates must be installed in the branch office.
. Client computers must be able to download updates if a WAN link fails.
. Each branch office administrator must be able to approve updates before installation.
What should you do?
A. In each branch office, install a WSUS 3.0 server as a replica server and configure it to download
updates from the main office. Configure all computers to receive updates from their local WSUS
server.
B. In each branch office, install a WSUS 3.0 server as a child server and configure it to download
updates from Microsoft Update. Configure all computers to receive updates from their local WSUS
server.
C. In the main office, install a WSUS 3.0 server as a child server and configure it to download updates
from Microsoft Update. Configure all computers to receive updates from the new WSUS server.
D. In the main office, install and configure a WSUS 3.0 server as a stand-alone server and configure it
to download updates from Microsoft Update. Configure all computers to receive updates from the
new WSUS server.
Answer: B
Explanation:
To ensure that only the approved updates by the head office are allowed to be installed in the new
branch office and to ensure that each branch office administrator must be able to approve the
updates before their installation, you need to install a WSUS 3.0 server as a child server in each
branch office. A child server can be configured as a replica or as an autonomous server. You should
not install/configure replica server because you don
QUESTION NO:41
Your network consists of one Active Directory domain. Your company has an intranet. You deploy
Terminal Services terminal servers that run Windows Server 2008. You plan to make applications
available to users on the intranet. You need to recommend a solution to ensure that each user
session receives an equal share of the CPU resources on the terminal servers. What should you
recommend?
A. Install and configure the Network Load Balancing feature on all terminal servers.
B. Install and configure the Terminal Services server role with the Terminal Services Session Broker
(TS Session Broker) services role on all terminal servers.
C. Install the Windows System Resource Manager (WSRM) feature on all terminal servers. Set the
resource-allocation policy.
D. Install the Network Policy and Access Services (NPAS) server role on another server. Define and
apply a new policy by using Network Policy Server (NPS).
Answer: C
Explanation:
To ensure that each user session receives an equal share of the CPU resources on the terminal
servers, you need to install the Windows System Resource Manager (WSRM) feature on all terminal
servers and configure a resource-allocation policy. Windows System Resource Manager (WSRM) on
Windows Server 2008 allows you to control how CPU and memory resources are allocated to
applications, services, and processes on the computer. WSRM uses resource-allocation policies to
determine how computer resources, such as CPU and memory, are allocated to processes running
on the computer. Network Load Balancing and TS Session Load Balancing allows you to balance
client requests and use sessions load but not allow you to control the CPU and memory resources
allocated to applications on a Terminal server. Network Policy Server allows you to configure health
policies for network access and therefore cannot be used here.
Reference: Terminal Services and Windows System Resource Manager
http://technet2.microsoft.com/windowsserver2008/en/library/36edff58-463f-466e-9c9bcd7b82422d3c1033.
mspx?mfr=true
QUESTION NO:50
Your network contains one Active Directory forest that has a root domain and three child domains.
All domain controllers run Windows Server 2003 Service Pack 1 (SP1). Each domain has a different
password policy. The domain is configured as shown in the exhibit. (Click the Exhibit button.)
You plan to reduce the number of domains in the forest. You need to plan the restructuring of the
forest to meet the following requirements:
Maintain all existing password policies.
Maintain all existing user account attributes.
What should you include in your plan?
A. Upgrade all domains to Windows Server 2008. Redirect the users container in the root domain by
using the redirusr.exe tool, and then remove the child domains. Enable fine-grained password
policies.
B. Upgrade all domains to Windows Server 2008 and enable SID history. Move all user accounts from
the child domains to the root domain by using the movetree.exe tool, and then remove the child
domains.
C. Upgrade the forest root domain to Windows Server 2008. Use the Active Directory Migration Tool
(ADMT) to migrate user accounts that contain SID history from the child domains to the forest root
domain. Remove the child domains.
D. Upgrade the forest root domain to Windows Server 2008. Use the Active Directory Migration Tool
(ADMT) to migrate user accounts from the child domains to the forest root domain, and then
remove the child domains. Enable fine-grained password policies.
Answer: D
Explanation:
To reduce the number of domains from the forest without loosing existing user account attributes
and existing password policies, you need to Use the Active Directory Migration Tool (ADMT) to
migrate user accounts that contain SID history from the child domains to the forest root domain.
Remove the child domains
SID history enables you to maintain user access to resources during the process of restructuring
Active Directory domains. When you migrate an object to another domain, the object is assigned a
new SID. Because you assign permissions to objects based on SIDs, when the SID changes, the user
loses access to that resource until you can reassign permissions. When you use ADMT to migrate
objects between domains, the SID history is automatically retained. In this way, the SID from the
source domain remains as an attribute of the object after the object is migrated to the target
domain.
Enable fine-grained password policies to keep existing password policies.
Reference: Restructuring Active Directory Domains Within a Forest SID History
http://209.85.175.104/search?q=cache:IIJntFlGlVcJ:download.microsoft.com/download/5/2/f/52f23
d76-7d56-44d6-ad25-
a95bf0be5516/15_CHAPTER_12_Restructuring_Active_Directory_Domains_Within_a_Forest.doc re
duce the number of domains ADMTandhl=enandct=clnkandcd=10andgl=in
QUESTION NO:12
Your company has one main office and 10 branch offices. The network consists of one Active
Directory domain. All domain controllers run Windows Server 2008 and are located in the main
office. You plan to deploy one Windows Server 2008 domain controller in each branch office. You
need to recommend a security solution for the branch office domain controllers. The solution must
prevent unauthorized users from copying the Active Directory database from a branch office domain
controller by starting the server from an alternate startup disk. What should you recommend on
each branch office domain controller?
A. Enable the secure server IPsec policy.
B. Enable the read-only domain controller (RODC) option.
C. Enable Windows BitLocker Drive Encryption (BitLocker).
D. Enable an Encrypting File System (EFS) encryption on the %Systemroot%NTDS folder.
Answer: C
Explanation:
To configure domain controller of each branch office to ensure to no unauthorized user should be
allowed to copy the Active Directory database from a branch office domain controller by starting the
server from an alternate startup disk, you need to use Windows BitLocker Drive Encryption
(BitLocker)
BitLocker allows you to encrypt all data stored on the Windows operating system volume and use
the security of using a Trusted Platform Module (TPM) that helps protect user data and to ensure
that a computer running Windows Vista or Server 2008 have not been tampered with while the
system was offline. In addition, BitLocker offers the option to lock the normal startup process until
the user supplies a personal identification number (PIN) or inserts a removable USB device, such as a
flash drive, that contains a startup key. This process will ensure that all the users can access all files
on the servers if they have the PIN. You cannot use an alternate startup disk to boot the disk.
Reference: BitLocker Drive Encryption Technical Overview
http://technet2.microsoft.com/windowsserver2008/en/library/a2ba17e6-153b-4269-bc46-
6866df4b253c1033.mspx?mfr=true
QUESTION NO:43
Your network consists of two Active Directory forests. The Active Directory forests are configured as
shown in the following table. (Click the Exhibit)
The contoso.com and fabrikam.com domains each contain one server that runs Active Directory
Federation Services (AD FS). Users in the company1.contoso.com domain require access to an
application server in the company2.fabrikam.com domain. The application server is configured to
allow only Kerberos authentication. You need to ensure that users in the company1.contoso.com
domain can access the application server in the company2.fabrikam.com domain. What should you
do first?
A. Create a forest trust between the contoso.com forest and the fabrikam.com forest.
B. Create an external trust between the contoso.com domain and the fabrikam.com domain.
C. Create an AD FS federation trust between the contoso.com forest and the fabrikam.com forest.
D. Create an external trust between the company1.contoso.com domain and the
company2.fabrikam.com domain.
Answer: A
CertBus exam braindumps are pass guaranteed. We guarantee your pass for the 70-647 exam successfully with our Microsoft materials. CertBus Windows Server 2008,Enterprise Administrator exam PDF and VCE are the latest and most accurate. We have the best Microsoft in our team to make sure CertBus Windows Server 2008,Enterprise Administrator exam questions and answers are the most valid. CertBus exam Windows Server 2008,Enterprise Administrator exam dumps will help you to be the Microsoft specialist, clear your 70-647 exam and get the final success.
70-647 Latest questions and answers on Google Drive(100% Free Download): https://drive.google.com/file/d/0B_3QX8HGRR1mSl9Pd3J1Nm8wYlk/view?usp=sharing
70-647 Microsoft exam dumps (100% Pass Guaranteed) from CertBus: http://www.certgod.com/70-647.html [100% Exam Pass Guaranteed]
Why select/choose CertBus?
Millions of interested professionals can touch the destination of success in exams by certgod.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.