Daily Archives: October 13, 2011

Tech

Report: A Third of Organizations Use SharePoint as an Enterprise CMS

While we have seen over the week just gone by the massive interest in SharePoint and a steady increase in the deployment of SharePoint 2010, how it is being used across the enterprise varies. A new EMC-sponsored AIIM report shows that one of those uses is as an enterprise content management system.
SharePoint Deployments

The report — entitled Using SharePoint for ECM: How well is it meeting expectations? by Doug Miles and based on the results of 674 surveys carried out across AIIM members between April 15 and May 5 — confirms that, already, SharePoint 2010 is being used by a large number of enterprises for content management.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Recently published, it shows, in fact, that over a third of organizations are using SharePoint to manage content across the enterprise, and over half believe that SharePoint will become their primary enterprise CMS in the future.

While it is debatable whether this is a good or bad thing, it also shows that over 60% of users are showing strong interest in third-party additions and integrations, which can fill perceived functionality gaps.

Behind those figures, though, there are some notable caveats. While many are using it for content management, traditional enterprise CMS applications such as scanning and capture, forms processing, document workflow and records management have yet to be widely adopted.

There are other problems too. While we have noted before that planning deployments is still a major issue for many enterprises, both this research and other research released by OpenText during the SharePoint Anaheim conference shows that deployment still appears to be haphazard.
Where is SharePoint Now?

It is not really surprising that interest in SharePoint as an enterprise content management system is as high as it is, given adoption rates across all verticals and in all business segments from SMBs to Fortune 100 companies.

Over the past ten years, since the first release, it has moved from being an intranet and basic collaboration application to something that is now used for portals, collaboration, forms processing, business intelligence, business process management and content management.

According to Miles, who heads AIIM’s Market Intelligence Division, its adoption is in the region of 60-70%, and with the improved functionality in SharePoint 2010 of content management, records management and business process management capabilities of SharePoint, this is set to increase.

While there is still no agreement as to whether it provides true enterprise CMS capabilities in comparison to traditional suites, there is no doubt from this research that where it is deemed to be lacking by enterprises, third-party add-ons are being used instead.

While the popularity of SharePoint is indisputable, and despite much talk about upgrading to the 2010 version since it was released in May last year, it seems enterprises have been slow to make the jump, the research shows.

According to Miles, only 8% of SharePoint users have completed the upgrade to 2010, while the rest are either happy to stay with the 2007 version, or just haven’t got around to moving yet.

That said, 21% have deployed SharePoint 2010 as a first use with 6% of those live already and a further 28% moving from 2007 to 2010, with half of those expecting to be fully live by the end of the year.

MCITP, mcitp certification, MCITP Training, MCSE, MCSE Certification, MCSE Training, MCTS, MCTS Certification, MCTS Training, Microsoft

Microsoft looks to business tools for health care

Craig Mundie, Microsoft’s chief research and strategy officer, demonstrated some applications on Thursday that apply current technologies to problems facing the health care industry.

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

He spoke at the Pacific Health Summit in Seattle.

Technology developments aimed at businesses can help the medical field more than many people in health care may think, he said. For example, health care organizations often say that they have so much data, including patients’ medical, billing and insurance information, that it will be a challenge for technology companies to build applications around the data, Mundie said.

But Mundie discovered that, in fact, the data collected by some businesses far surpasses that of health care groups. His researchers found that every five hours, consumers upload enough video to YouTube to match all data that the Beth Israel hospital system in Boston has collected in total over the past 27 years. Similarly, every day, consumers upload a volume of data in Facebook photos that equals all of the hospital’s data, he said.

Beth Israel was the largest single health care system in terms of data that Microsoft could find in the U.S. in order to make this comparison, he said.

“While yes, medical data is big and complicated, by today’s standard it’s actually not very big,” Mundie said.

The volume of medical data is set to grow, though, as an increasingly tech-savvy population begins to use devices that collect health information and transmit it to back-end databases. For example, bathroom scales and hearth monitors can automatically send data to databases.

By combining such user-generated data with information produced in the clinical care environment, “we’ll be enlightened,” Mundie said.

His researchers are working on ways to analyze that data and apply machine learning to improve care and reduce costs in health care. Microsoft did one experiment in which it used machine learning to look at 10 years of data from a hospital to try to predict whether a patient was likely to be readmitted to the hospital. It used all the data from the hospital, including clinical data and billing information.

“We set about to answer the question of, if you look at things that are expensive in medicine, is there a way to not ask doctors what the answers are, but can you ask the data instead and would you get a different answer,” he said.

Microsoft’s tool looked at data for people who had congestive heart failure and found many of the same correlations that doctors look for to determine if the person was likely to require readmittance. But the tool also found new scenarios. For example, it found that patients who were given drugs for gastric disorders and those with depressive issues had higher incidences of return visits.

The idea is to use machine learning to identify patients who are likely to have additional problems, and then doctors can decide to intervene in advance, he said.

“We think we’re just scratching the surface of what can be done using machine learning technology,” Mundie said.

Microsoft uses machine learning for a number of its own products, such as its Bing search engine.

He also showed off ways that health workers could use Microsoft’s Kinect sensor, currently used in conjunction with the Xbox 360 game console. Kinect lets users move their arms, bodies and voices rather than a game controller to interact with games.

Mundie showed an example where a health care worker could use voice commands to sift through patients to identify those who might be eligible to be entered into a new program. He was presented with photographs of the patients and could choose one in order to see visual representations of clinical data. For example, a chart showed one patient’s weight, and Mundie could drag an incident where the patient sprained her ankle onto the chart to see how that incident correlated with changes in weight.

He also showed a scenario where diabetes patients could be part of a virtual support group. The group appeared as avatars sitting in a room, and members used Kinect sensors to interact in the virtual group. The application uses avatars for individuals because some people would prefer not to use their true image, as they would in a video chat. But the avatars move and reflect facial expressions just like the real person does. That could allow a health care worker to review a recorded video of the session to look for clues that individuals may not be engaged by the sessions, Mundie said.

Mundie has spoken at the Pacific Health Summit many times in the past, and often the futuristic technologies he demonstrates become commercial, he said. For example, he once discussed ways that inkjet printers could inject medicines onto pills or other surfaces, and this year a major drug company is completing a trial doing just that. He also once showed off robots that could be used in health care, and there are now 400 of them being used commercially.

MCITP, mcitp certification, MCITP Training, MCSE, MCSE Certification, MCSE Training, MCTS, MCTS Certification, MCTS Training, Tech

Certkingdom 70-647 Exam Q & A

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

QUESTION 1
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2008.
The Certkingdom.com network has a file server named ABC-SR07 that hosts a shared folder named
ABCDocs. Several Microsoft Word documents are stored in the ABCDocs share. You want to
enable document version history on these documents. You also want the documents in the
ABCDocs share to be accessed through a Web page.
Which of the following roles or services would you install on ABC-SR07 to achieve the desired
results cost effectively?

A. FTP Server role.
B. Application Server role.
C. Microsoft Windows SharePoint Services (WSS) 3.0.
D. File and Print Services role.
E. Microsoft Office SharePoint Server (MOSS) 2007.
F. SMTP Server role.

Answer: C

Explanation:
To achieve the desired results without requiring any additional cost, you need to use Microsoft
Windows SharePoint Services (WSS) 3.0.
Reference: Microsoft Windows SharePoint Services 3.0 and the Mobile Workplace
http://download.microsoft.com/download/b/b/6/bb6672dd-252c-4a21-89de-
78cfc8e0b69e/WSS%20Mobile%20Workplace.doc

QUESTION 2
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com with a single site named Site
A. All servers in the Certkingdom.com network run Windows Server
2008.
You reorganize the Active Directory infrastructure to include a second site named SiteB with its
own domain controller.
How would you configured the firewall to allow replication between SiteA and SiteB?

A. Enable IPSec traffic to pass through the firewall.
B. Enable RPC traffic to pass through the firewall.
C. Enable SMTP traffic to pass through the firewall.
D. Enable NNTP traffic to pass through the firewall.
E. Enable FTP traffic to pass through the firewall.

Answer: B

Explanation:
You should permit RPC traffic through the firewall to enable the domain controllers to replicate
between the two sites because the Active Directory relies on remote procedure call (RPC) for
replication between domain controllers. You can open the firewall wide to permit RPC’s native
dynamic behavior.
Reference: Active Directory Replication over Firewalls
http://technet.microsoft.com/en-us/library/bb727063.aspx

QUESTION 3
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2008.
Certkingdom.com runs a critical application that accesses data that is stored in a Microsoft SQL Server
2005 database server named ABC-DB02. Which of the following options would you choose to
ensure that the database is always available?

A. Two Windows Server 2008 servers running MS SQL Server 2005 Standard Edition in a
Network Load Balancing (NLB) cluster.
B. Two Windows Server 2008 servers running MS SQL Server 2005 Enterprise Edition in a
Network Load Balancing (NLB) cluster
C. Two Windows Server 2008 servers running MS SQL Server 2005 Standard Edition in a failover
cluster.
D. Two Windows Server 2008 servers running MS SQL Server 2005 Enterprise Edition in a
failover cluster.

Answer: D

Explanation:
To ensure the high availability of the data store, you need to use a Windows Server 2008 failover
cluster with shared storage.
Failover clustering can help you build redundancy into your network and eliminate single points of
failure.
Administrators have better control and can achieve better performance with storage than was
possible in previous releases. Failover clusters now support GUID partition table (GPT) disks that
can have capacities of larger than 2 terabytes, for increased disk size and robustness.
Administrators can now modify resource dependencies while resources are online, which means
they can make an additional disk available without interrupting access to the application that will
use it. And administrators can run tools in Maintenance Mode to check, fix, back up, or restore
disks more easily and with less disruption to the cluster
You should not use Network Load Balancing (NLB) because it only allows you to distribute TCP/IP
requests to multiple systems in order to optimize resource utilization, decrease computing time,
and ensure system availability.
Reference: High Availability
http://www.microsoft.com/windowsserver2008/en/us/high-availability.aspx

QUESTION 4
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2008. Certkingdom.com has its
headquarters in Chicago and sub-divisions in Boston, Atlanta, Miami and Dallas. All domain
controllers are currently installed in the Chicago.
You need to have new domain controllers installed in the Boston, Atlanta, Miami and Dallas subdivisions.
Certkingdom.com issues a security policy for the new domain controllers that states the
following:
• Unauthorized user must not be able to access the Active Directory database.
• Unauthorized user must not be able to boot a domain controller from an alternate boot disk.
Which of the following options would you choose to implement the security policy?

A. Modify the permissions of the ntds.dat file.
B. Configure a read-only domain controller (RODC) in the Boston, Atlanta, Miami and Dallas.
C. Disable replication of the Sysvol folder on the new domain controllers.
D. Configure Windows BitLocker Drive Encryption (BitLocker) on the new domain controllers.
E. Disable the Global Catalog role on the new domain controllers.
F. Configure EFS encryption on the new domain controllers.

Answer: D

Explanation:
To configure domain controller at each branch office to ensure that no unauthorized user should
be allowed to copy the Active Directory database from a branch office domain controller by starting
the server from an alternate startup disk, you need to use Windows BitLocker Drive Encryption
(BitLocker)
BitLocker allows you to encrypt all data stored on the Windows operating system volume and use
the security of using a Trusted Platform Module (TPM) that helps protect user data and to ensure
that a computer running Windows Vista or Server 2008 have not been tampered with while the
system was offline.
In addition, BitLocker offers the option to lock the normal startup process until the user supplies a
personal identification number (PIN) or inserts a removable USB device, such as a flash drive, that
contains a startup key. This process will ensure that users can only access all files on the servers
if they have the PIN. You cannot use an alternate startup disk to boot the server.
Reference: BitLocker Drive Encryption Technical Overview
http://technet2.microsoft.com/windowsserver2008/en/library/a2ba17e6-153b-4269-bc46-
6866df4b253c1033.mspx?mfr=true

QUESTION 5
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com that runs at the domain functional level of Windows Server 2008.
Which of the following options can be used for tracking any modification to Active Directory
Objections?

A. Configure a Group Policy to run the Security Configuration Wizard on all computers in the ABC
network.
B. Configure the Default Domain Controllers Group Policy to audit Directory Services.
C. Configure the Default Domain Group Policy to audit Directory Services.
D. Enable auditing of the ntds.dat file in the Default Domain Group Policy.
E. Enable auditing of the ntds.dat file in the Default Domain Group Policy.

Answer: B

Explanation:
To implement an audit and compliance policy and ensure that all changes made to Active
Directory objects are recorded, you need to configure a Directory Services Auditing policy in the
Default Domain Controller Policy
In Windows Server 2008, you can enable Audit Directory Service Access policy to log events in
the Security event log whenever certain operations are performed on objects stored in Active
Directory.
Enabling the global audit policy, Audit directory service access, enables all directory service policy
subcategories. You can set this global audit policy in the Default Domain Controllers Group Policy
(under Security Settings\Local Policies\Audit Policy).
Reference: Windows Server 2008 Auditing AD DS Changes Step-by-Step Guide
http://technet2.microsoft.com/windowsserver2008/en/library/a9c25483-89e2-4202-881cea8e02b4b2a51033.
mspx?mfr=true

QUESTION 6
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2003.
You want to install a read-only domain controller (RODC) without uABCrading the existing domain
controllers Windows Server 2008.
What action should you take? (Each correct option will form a part of the answer. Select TWO.)

A. Raise the forest functional level to Windows 2000.
B. Raise the forest functional level to Windows 2003.
C. Raise the forest functional level to Windows 2008.
D. Raise the domain functional level to Windows Server 2000
E. Raise the domain functional level to Windows Server 2003
F. Raise the domain functional level to Windows Server 2008

Answer: B,E

Explanation:
To create an Active Directory forest and domain functional levels to support Read-only domain
controllers (RODC) and Windows Server 2003 domain controllers, you need to create both the
forest and domain functional levels of Windows Server 2003. This is because only when you use
both the forest and domain functional levels of Windows Server 2003, you will be able to support
Read-only domain controllers (RODC) and Windows Server 2003 domain controllers.
Reference: Appendix of Functional Level Features
http://technet2.microsoft.com/windowsserver2008/en/library/34678199-98f1-465f-9156-
c600f723b31f1033.mspx?mfr=true

QUESTION 7
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a forest named
and Certkingdom.com that runs at the forest functional level of Windows Server 2003. Certkingdom.com has a
subsidiary company named TestLabs, Inc. The TestLabs, Inc. network has a forest named and
testlabs.com that runs at the forest functional level of Windows Server 2003. All domain controllers
on both the Certkingdom.com network and the TestLabs, Inc. network run Windows Server 2008.
Certkingdom.com users do not have access to network resources in TestLabs, Inc.
TestLabs, Inc. has a file server named TESTLABS-SR07. Certkingdom.com users must be able to access
shared folders on TESTLABS-SR07. However, Certkingdom.com users must not be able to access any
other network resources in TestLabs, Inc.
Which of the following options would you choose to accomplish this task? (Each correct option will
form a part of the answer. Select TWO.)

A. By raising the forest functional level of Certkingdom.com and testlabs.com to Windows Server 2008.
B. By raising the domain functional level of all domains in Certkingdom.com and testlabs.com to Windows
Server 2008.
C. By creating a forest trust between Certkingdom.com and testlabs.com.
D. By setting the Allowed to Authenticate for TESTLABS-SR07.
E. By setting the Allowed to Authenticate right on the computer object for the testlabs.com
infrastructure operations master object.

Answer: C,D

Explanation:
To ensure that the users in ABC-south.com are denied access to all the resources ABC-north.com
except the resources on ABC-SR07, you need to create a forest trust between ABC-south.com
and ABC-north.com so that resources can be shared between both the forests. You can however
set the trust authentication setting to selective authentication so that only selected authentication
is allowed.
Next you need to set the Allowed to Authenticate right on the computer object for ABC-SR07 so
that each user must be explicitly granted the Allowed to Authenticate permission to access
resources on ABC-SR07.
You should not set the Allowed to Authenticate right on the computer object for the ABC-north.com
infrastructure operations master object because Allowed to Authenticate right is set for the users in
a trusted Windows Server 2003 domain or forest to be able to access resources in a trusting
Windows Server 2003 domain or forest, where the trust authentication setting has been set to
selective authentication, each user must be explicitly granted the ‘Allowed to Authenticate’
permission on the security descriptor of the computer objects (resource computers) that reside in
the trusting domain or forest.
Reference: Grant the Allowed to Authenticate permission on computers in the trusting domain or
forest
http://technet2.microsoft.com/windowsserver/en/library/b4d96434-0fde-4370-bd29-
39e4b3cc7da81033.mspx?mfr=true

QUESTION 8
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2008. Certkingdom.com has its
headquarters in Chicago and branch offices in Boston. The Boston office is connected to the
Chicago by a WAN link. The Chicago office has a DNS Sever named ABC-SR04 that is configured
as a single DNS zone. The Boston office has two servers named ABC-SR07 and ABC-SR08.
ABC-SR08 hosts shared folders that are only accessed by Certkingdom.com users in the Boston office.
You work in the Chicago office while a network administrator named Rory Allen works in the
Boston office.
Certkingdom.com wants you to ensure that users at the Boston office can log on to the Certkingdom.com domain
and can connect to the shared folders on ABC-SR08 even when the WAN link is down. You must
allow Rory Allen to configure the servers in the Boston office without allowing him to modify the
Active Directory configuration.
Which actions should you take to accomplish this task? (Each correct option will form a part of the
answer. Choose THREE.)

A. By promoting ABC-SR07 to a domain controller.
B. By promoting ABC-SR07 to a read-only domain controller (RODC).
C. By installing USMT role on ABC-SR07.
D. By installing ADMT role on ABC-SR07.
E. By installing DNS role on ABC-SR07.
F. By adding Rory Allen to the Domain Admins group.
G. By creating an organizational unit (OU) for the Boston office.
H. By assigning administrative rights to Rory Allen.

Answer: B,E,H

Explanation:
To ensure that the users in the branch office are able to log on to the domain even if the WAN link
fails, you need to promote the member server to a read-only domain controller (RODC) because
the RODC works as a domain controller and allows log in to the domains except allowing
modifications and changes to the Active directory domain.
Delegating administrative rights to the local branch office administrator after promoting a member
server to a RODC will make sure that branch office administrator is not allowed to initiate any
changes to Active Directory but should be allowed to make configuration changes to the servers in
the branch office.
Configuring the DNS role to the member server, will ensure that the users are allowed to access
file shares on the local server in the absence of the WAN link. Without name resolution and the
other services that are provided by DNS servers, client access to remote host computers would be
prohibitively difficult. DNS servers need to be configured because in intranets computer users
rarely know the IP addresses of computers on their local area network (LAN).
Reference: DNS Server Role: Read-only domain controller support/ Who will be interested in this
server role?
http://technet2.microsoft.com/windowsserver2008/en/library/533a1cfc-5173-4248-914c-
433bd018f66d1033.mspx?mfr=true

QUESTION 9
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com and a workgroup named ABCGROUP. All servers in the Certkingdom.com network run Windows
Server 2008 and all the client computers run Windows Vist
A. The Certkingdom.com network has
unmanaged network switches and has two servers named ABC-SR07 and ABC-SR08. ABC-SR07
is configured with the Active Directory Domain Services (AD DS), the Active Directory Certificate
Services (AD CS) and the Dynamic Host Configuration Protocol (DHCP) service while ABC-SR08
is configured with the Routing and Remote Access Service (RRAS), the Network Policy Service
(NPS) and Health Registration Authority (HRA).
You notice that the latest Microsoft updates have not been applied to all client computers that are
part of the ABCGROUP workgroup. You are concerned that Certkingdom.com users are accessing the
local area network (LAN) from these client computers.
You want to implement Network Access Protection (NAP) to secure the network by preventing
client computers that are not members of the Certkingdom.com network or do not have the latest Microsoft
updates from accessing any network servers that are members of the Certkingdom.com domain.
Which of the following option would you choose?

A. TCP/IP
B. 802.1z
C. PPTP
D. DHCP
E. L2TP
F. IPsec

Answer: F

Explanation:
To ensure that only the computers that have the latest Microsoft updates installed should be able
to connect to servers in the domain and that only the computers that are joined to the domain
should be able to connect to servers in the domain, you need to use the IPSec NAP enforcement
method. IPsec domain and server isolation methods are used to prevent unmanaged computers
from accessing network resources. This method enforces health policies when a client computer
attempts to communicate with another computer using IPsec.
Reference: Protecting a Network from Unmanaged Clients / Solutions
http://www.microsoft.com/technet/security/midsizebusiness/topics/serversecurity/unmanagedclient
s.mspx
Reference: Network Access Protection (NAP) Deployment Planning / Choosing Enforcement
Methods
http://blogs.technet.com/nap/archive/2007/07/28/network-access-protection-deploymentplanning.
aspx

QUESTION 10
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2008. The Certkingdom.com network
has two web servers named ABC-SR07 and ABC-SR08. Certkingdom.com wants to hosts the company’s
e-commerce Web site named sales.Certkingdom.com on the two web servers. You receive instructions
from the CEO to ensure that the Web site is available even when one of the Web servers is offline.
The CEO also wants the session state of the web site to be available should one of the web
servers be offline. Additionally, you must be able to support the Web site on up to six Web servers
with each Web server having a dedicated IP address.
What action should you take?

A. Configure a two-failover cluster on ABC-SR07 and ABC-SR08.
B. Configure multiple ports for the sales.Certkingdom.com web site.
C. Configure Network Load Balancing on ABC-SR07 and ABC-SR08.
D. Configure the sales.Certkingdom.com web site on each server with the site content on a network share.
E. Configure multiple host headers for the sales.Certkingdom.com website.
F. Configure multiple IP addresses for the sales.Certkingdom.com website.

Answer: C

Explanation:
To ensure that the users of the website would be able to access the Web site if a single server
fails. The website should be scalable to as many as seven Web servers and the web servers
should be able to store session-state information for all users. It should also provide support for
multiple dedicated IP addresses for each Web server.
The Network Load Balancing (NLB) feature in Windows Server 2008 enhances the availability and
scalability of Internet server applications such as those used on Web, FTP, firewall, proxy, virtual
private network (VPN), and other mission-critical servers. NLB provides high availability of a
website by detecting and recovering from a cluster host that fails or goes offline.
You should not use failover clustering in this scenario because failover clustering requires shared
storage which is not mentioned in this question.
Reference: Overview of Network Load Balancing
http://technet2.microsoft.com/windowsserver2008/en/library/11dfa41c-f49e-4ee5-8664-
8b81f6fb8af31033.mspx?mfr=true

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

Uncategorized

Certkingdom 70-647 Exam Q & A

Leave a comment

QUESTION 1
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2008.
The Certkingdom.com network has a file server named ABC-SR07 that hosts a shared folder named
ABCDocs. Several Microsoft Word documents are stored in the ABCDocs share. You want to
enable document version history on these documents. You also want the documents in the
ABCDocs share to be accessed through a Web page.
Which of the following roles or services would you install on ABC-SR07 to achieve the desired
results cost effectively?

A. FTP Server role.
B. Application Server role.
C. Microsoft Windows SharePoint Services (WSS) 3.0.
D. File and Print Services role.
E. Microsoft Office SharePoint Server (MOSS) 2007.
F. SMTP Server role.

Answer: C

Explanation:
To achieve the desired results without requiring any additional cost, you need to use Microsoft
Windows SharePoint Services (WSS) 3.0.
Reference: Microsoft Windows SharePoint Services 3.0 and the Mobile Workplace
http://download.microsoft.com/download/b/b/6/bb6672dd-252c-4a21-89de-
78cfc8e0b69e/WSS%20Mobile%20Workplace.doc

 

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

QUESTION 2
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com with a single site named Site
A. All servers in the Certkingdom.com network run Windows Server
2008.
You reorganize the Active Directory infrastructure to include a second site named SiteB with its
own domain controller.
How would you configured the firewall to allow replication between SiteA and SiteB?

A. Enable IPSec traffic to pass through the firewall.
B. Enable RPC traffic to pass through the firewall.
C. Enable SMTP traffic to pass through the firewall.
D. Enable NNTP traffic to pass through the firewall.
E. Enable FTP traffic to pass through the firewall.

Answer: B

Explanation:
You should permit RPC traffic through the firewall to enable the domain controllers to replicate
between the two sites because the Active Directory relies on remote procedure call (RPC) for
replication between domain controllers. You can open the firewall wide to permit RPC’s native
dynamic behavior.
Reference: Active Directory Replication over Firewalls
http://technet.microsoft.com/en-us/library/bb727063.aspx

QUESTION 3
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2008.
Certkingdom.com runs a critical application that accesses data that is stored in a Microsoft SQL Server
2005 database server named ABC-DB02. Which of the following options would you choose to
ensure that the database is always available?

A. Two Windows Server 2008 servers running MS SQL Server 2005 Standard Edition in a
Network Load Balancing (NLB) cluster.
B. Two Windows Server 2008 servers running MS SQL Server 2005 Enterprise Edition in a
Network Load Balancing (NLB) cluster
C. Two Windows Server 2008 servers running MS SQL Server 2005 Standard Edition in a failover
cluster.
D. Two Windows Server 2008 servers running MS SQL Server 2005 Enterprise Edition in a
failover cluster.

Answer: D

Explanation:
To ensure the high availability of the data store, you need to use a Windows Server 2008 failover
cluster with shared storage.
Failover clustering can help you build redundancy into your network and eliminate single points of
failure.
Administrators have better control and can achieve better performance with storage than was
possible in previous releases. Failover clusters now support GUID partition table (GPT) disks that
can have capacities of larger than 2 terabytes, for increased disk size and robustness.
Administrators can now modify resource dependencies while resources are online, which means
they can make an additional disk available without interrupting access to the application that will
use it. And administrators can run tools in Maintenance Mode to check, fix, back up, or restore
disks more easily and with less disruption to the cluster
You should not use Network Load Balancing (NLB) because it only allows you to distribute TCP/IP
requests to multiple systems in order to optimize resource utilization, decrease computing time,
and ensure system availability.
Reference: High Availability
http://www.microsoft.com/windowsserver2008/en/us/high-availability.aspx

QUESTION 4
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2008. Certkingdom.com has its
headquarters in Chicago and sub-divisions in Boston, Atlanta, Miami and Dallas. All domain
controllers are currently installed in the Chicago.
You need to have new domain controllers installed in the Boston, Atlanta, Miami and Dallas subdivisions.
Certkingdom.com issues a security policy for the new domain controllers that states the
following:
• Unauthorized user must not be able to access the Active Directory database.
• Unauthorized user must not be able to boot a domain controller from an alternate boot disk.
Which of the following options would you choose to implement the security policy?

A. Modify the permissions of the ntds.dat file.
B. Configure a read-only domain controller (RODC) in the Boston, Atlanta, Miami and Dallas.
C. Disable replication of the Sysvol folder on the new domain controllers.
D. Configure Windows BitLocker Drive Encryption (BitLocker) on the new domain controllers.
E. Disable the Global Catalog role on the new domain controllers.
F. Configure EFS encryption on the new domain controllers.

Answer: D

Explanation:
To configure domain controller at each branch office to ensure that no unauthorized user should
be allowed to copy the Active Directory database from a branch office domain controller by starting
the server from an alternate startup disk, you need to use Windows BitLocker Drive Encryption
(BitLocker)
BitLocker allows you to encrypt all data stored on the Windows operating system volume and use
the security of using a Trusted Platform Module (TPM) that helps protect user data and to ensure
that a computer running Windows Vista or Server 2008 have not been tampered with while the
system was offline.
In addition, BitLocker offers the option to lock the normal startup process until the user supplies a
personal identification number (PIN) or inserts a removable USB device, such as a flash drive, that
contains a startup key. This process will ensure that users can only access all files on the servers
if they have the PIN. You cannot use an alternate startup disk to boot the server.
Reference: BitLocker Drive Encryption Technical Overview
http://technet2.microsoft.com/windowsserver2008/en/library/a2ba17e6-153b-4269-bc46-
6866df4b253c1033.mspx?mfr=true

QUESTION 5
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com that runs at the domain functional level of Windows Server 2008.
Which of the following options can be used for tracking any modification to Active Directory
Objections?

A. Configure a Group Policy to run the Security Configuration Wizard on all computers in the ABC
network.
B. Configure the Default Domain Controllers Group Policy to audit Directory Services.
C. Configure the Default Domain Group Policy to audit Directory Services.
D. Enable auditing of the ntds.dat file in the Default Domain Group Policy.
E. Enable auditing of the ntds.dat file in the Default Domain Group Policy.

Answer: B

Explanation:
To implement an audit and compliance policy and ensure that all changes made to Active
Directory objects are recorded, you need to configure a Directory Services Auditing policy in the
Default Domain Controller Policy
In Windows Server 2008, you can enable Audit Directory Service Access policy to log events in
the Security event log whenever certain operations are performed on objects stored in Active
Directory.
Enabling the global audit policy, Audit directory service access, enables all directory service policy
subcategories. You can set this global audit policy in the Default Domain Controllers Group Policy
(under Security Settings\Local Policies\Audit Policy).
Reference: Windows Server 2008 Auditing AD DS Changes Step-by-Step Guide
http://technet2.microsoft.com/windowsserver2008/en/library/a9c25483-89e2-4202-881cea8e02b4b2a51033.
mspx?mfr=true

QUESTION 6
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2003.
You want to install a read-only domain controller (RODC) without uABCrading the existing domain
controllers Windows Server 2008.
What action should you take? (Each correct option will form a part of the answer. Select TWO.)

A. Raise the forest functional level to Windows 2000.
B. Raise the forest functional level to Windows 2003.
C. Raise the forest functional level to Windows 2008.
D. Raise the domain functional level to Windows Server 2000
E. Raise the domain functional level to Windows Server 2003
F. Raise the domain functional level to Windows Server 2008

Answer: B,E

Explanation:
To create an Active Directory forest and domain functional levels to support Read-only domain
controllers (RODC) and Windows Server 2003 domain controllers, you need to create both the
forest and domain functional levels of Windows Server 2003. This is because only when you use
both the forest and domain functional levels of Windows Server 2003, you will be able to support
Read-only domain controllers (RODC) and Windows Server 2003 domain controllers.
Reference: Appendix of Functional Level Features
http://technet2.microsoft.com/windowsserver2008/en/library/34678199-98f1-465f-9156-
c600f723b31f1033.mspx?mfr=true

QUESTION 7
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a forest named
and Certkingdom.com that runs at the forest functional level of Windows Server 2003. Certkingdom.com has a
subsidiary company named TestLabs, Inc. The TestLabs, Inc. network has a forest named and
testlabs.com that runs at the forest functional level of Windows Server 2003. All domain controllers
on both the Certkingdom.com network and the TestLabs, Inc. network run Windows Server 2008.
Certkingdom.com users do not have access to network resources in TestLabs, Inc.
TestLabs, Inc. has a file server named TESTLABS-SR07. Certkingdom.com users must be able to access
shared folders on TESTLABS-SR07. However, Certkingdom.com users must not be able to access any
other network resources in TestLabs, Inc.
Which of the following options would you choose to accomplish this task? (Each correct option will
form a part of the answer. Select TWO.)

A. By raising the forest functional level of Certkingdom.com and testlabs.com to Windows Server 2008.
B. By raising the domain functional level of all domains in Certkingdom.com and testlabs.com to Windows
Server 2008.
C. By creating a forest trust between Certkingdom.com and testlabs.com.
D. By setting the Allowed to Authenticate for TESTLABS-SR07.
E. By setting the Allowed to Authenticate right on the computer object for the testlabs.com
infrastructure operations master object.

Answer: C,D

Explanation:
To ensure that the users in ABC-south.com are denied access to all the resources ABC-north.com
except the resources on ABC-SR07, you need to create a forest trust between ABC-south.com
and ABC-north.com so that resources can be shared between both the forests. You can however
set the trust authentication setting to selective authentication so that only selected authentication
is allowed.
Next you need to set the Allowed to Authenticate right on the computer object for ABC-SR07 so
that each user must be explicitly granted the Allowed to Authenticate permission to access
resources on ABC-SR07.
You should not set the Allowed to Authenticate right on the computer object for the ABC-north.com
infrastructure operations master object because Allowed to Authenticate right is set for the users in
a trusted Windows Server 2003 domain or forest to be able to access resources in a trusting
Windows Server 2003 domain or forest, where the trust authentication setting has been set to
selective authentication, each user must be explicitly granted the ‘Allowed to Authenticate’
permission on the security descriptor of the computer objects (resource computers) that reside in
the trusting domain or forest.
Reference: Grant the Allowed to Authenticate permission on computers in the trusting domain or
forest
http://technet2.microsoft.com/windowsserver/en/library/b4d96434-0fde-4370-bd29-
39e4b3cc7da81033.mspx?mfr=true

QUESTION 8
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2008. Certkingdom.com has its
headquarters in Chicago and branch offices in Boston. The Boston office is connected to the
Chicago by a WAN link. The Chicago office has a DNS Sever named ABC-SR04 that is configured
as a single DNS zone. The Boston office has two servers named ABC-SR07 and ABC-SR08.
ABC-SR08 hosts shared folders that are only accessed by Certkingdom.com users in the Boston office.
You work in the Chicago office while a network administrator named Rory Allen works in the
Boston office.
Certkingdom.com wants you to ensure that users at the Boston office can log on to the Certkingdom.com domain
and can connect to the shared folders on ABC-SR08 even when the WAN link is down. You must
allow Rory Allen to configure the servers in the Boston office without allowing him to modify the
Active Directory configuration.
Which actions should you take to accomplish this task? (Each correct option will form a part of the
answer. Choose THREE.)

A. By promoting ABC-SR07 to a domain controller.
B. By promoting ABC-SR07 to a read-only domain controller (RODC).
C. By installing USMT role on ABC-SR07.
D. By installing ADMT role on ABC-SR07.
E. By installing DNS role on ABC-SR07.
F. By adding Rory Allen to the Domain Admins group.
G. By creating an organizational unit (OU) for the Boston office.
H. By assigning administrative rights to Rory Allen.

Answer: B,E,H

Explanation:
To ensure that the users in the branch office are able to log on to the domain even if the WAN link
fails, you need to promote the member server to a read-only domain controller (RODC) because
the RODC works as a domain controller and allows log in to the domains except allowing
modifications and changes to the Active directory domain.
Delegating administrative rights to the local branch office administrator after promoting a member
server to a RODC will make sure that branch office administrator is not allowed to initiate any
changes to Active Directory but should be allowed to make configuration changes to the servers in
the branch office.
Configuring the DNS role to the member server, will ensure that the users are allowed to access
file shares on the local server in the absence of the WAN link. Without name resolution and the
other services that are provided by DNS servers, client access to remote host computers would be
prohibitively difficult. DNS servers need to be configured because in intranets computer users
rarely know the IP addresses of computers on their local area network (LAN).
Reference: DNS Server Role: Read-only domain controller support/ Who will be interested in this
server role?
http://technet2.microsoft.com/windowsserver2008/en/library/533a1cfc-5173-4248-914c-
433bd018f66d1033.mspx?mfr=true

QUESTION 9
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com and a workgroup named ABCGROUP. All servers in the Certkingdom.com network run Windows
Server 2008 and all the client computers run Windows Vist
A. The Certkingdom.com network has
unmanaged network switches and has two servers named ABC-SR07 and ABC-SR08. ABC-SR07
is configured with the Active Directory Domain Services (AD DS), the Active Directory Certificate
Services (AD CS) and the Dynamic Host Configuration Protocol (DHCP) service while ABC-SR08
is configured with the Routing and Remote Access Service (RRAS), the Network Policy Service
(NPS) and Health Registration Authority (HRA).
You notice that the latest Microsoft updates have not been applied to all client computers that are
part of the ABCGROUP workgroup. You are concerned that Certkingdom.com users are accessing the
local area network (LAN) from these client computers.
You want to implement Network Access Protection (NAP) to secure the network by preventing
client computers that are not members of the Certkingdom.com network or do not have the latest Microsoft
updates from accessing any network servers that are members of the Certkingdom.com domain.
Which of the following option would you choose?

A. TCP/IP
B. 802.1z
C. PPTP
D. DHCP
E. L2TP
F. IPsec

Answer: F

Explanation:
To ensure that only the computers that have the latest Microsoft updates installed should be able
to connect to servers in the domain and that only the computers that are joined to the domain
should be able to connect to servers in the domain, you need to use the IPSec NAP enforcement
method. IPsec domain and server isolation methods are used to prevent unmanaged computers
from accessing network resources. This method enforces health policies when a client computer
attempts to communicate with another computer using IPsec.
Reference: Protecting a Network from Unmanaged Clients / Solutions
http://www.microsoft.com/technet/security/midsizebusiness/topics/serversecurity/unmanagedclient
s.mspx
Reference: Network Access Protection (NAP) Deployment Planning / Choosing Enforcement
Methods
http://blogs.technet.com/nap/archive/2007/07/28/network-access-protection-deploymentplanning.
aspx

QUESTION 10
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2008. The Certkingdom.com network
has two web servers named ABC-SR07 and ABC-SR08. Certkingdom.com wants to hosts the company’s
e-commerce Web site named sales.Certkingdom.com on the two web servers. You receive instructions
from the CEO to ensure that the Web site is available even when one of the Web servers is offline.
The CEO also wants the session state of the web site to be available should one of the web
servers be offline. Additionally, you must be able to support the Web site on up to six Web servers
with each Web server having a dedicated IP address.
What action should you take?

A. Configure a two-failover cluster on ABC-SR07 and ABC-SR08.
B. Configure multiple ports for the sales.Certkingdom.com web site.
C. Configure Network Load Balancing on ABC-SR07 and ABC-SR08.
D. Configure the sales.Certkingdom.com web site on each server with the site content on a network share.
E. Configure multiple host headers for the sales.Certkingdom.com website.
F. Configure multiple IP addresses for the sales.Certkingdom.com website.

Answer: C

Explanation:
To ensure that the users of the website would be able to access the Web site if a single server
fails. The website should be scalable to as many as seven Web servers and the web servers
should be able to store session-state information for all users. It should also provide support for
multiple dedicated IP addresses for each Web server.
The Network Load Balancing (NLB) feature in Windows Server 2008 enhances the availability and
scalability of Internet server applications such as those used on Web, FTP, firewall, proxy, virtual
private network (VPN), and other mission-critical servers. NLB provides high availability of a
website by detecting and recovering from a cluster host that fails or goes offline.
You should not use failover clustering in this scenario because failover clustering requires shared
storage which is not mentioned in this question.
Reference: Overview of Network Load Balancing
http://technet2.microsoft.com/windowsserver2008/en/library/11dfa41c-f49e-4ee5-8664-
8b81f6fb8af31033.mspx?mfr=true