Tag Archives: mcitp exams

70-643 Exam



 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 

 




QUESTION 1
You work as the network administrator at Certkingdom.com The Certkingdom.com network has a domain named
Certkingdom.com All servers on the Certkingdom.com network run Windows Server 2008 and all client computers
run Windows Vista.
Certkingdom.com recently entered into partnership with Weyland Industries.
You create user accounts in the Certkingdom.com domain for some employees of Weyland Industries.
You place the user accounts into a global security group named WeySecure.
You want to provide members of the WeySecure group access to parts of the Certkingdom.com network
via a Terminal Services Gateway server named ABC-TS01.
What do you need to do to ensure that the WeySecure group is able to access ABC-TS01?

A. You need to configure a Remote Access Policy.
B. You need to create and configure a Connection Authorization Policy.
C. You need to configure Device redirection.
D. You need to configure a Network Access Protection Policy.

Answer: B

Explanation: To provide a security group access to ABC-TS02, you need to create and configure
a Connection Authorization Policy.
A connection authorization policy (CAP) allows you to control who can connect to the Terminal
Server through the Terminal Services Gateway. You can configure what groups can access the
Terminal Server through the TS Gateway.

Reference: Configuring the Windows Server 2008 Terminal Services Gateway (Part 2) / Create a
Terminal Services Gateway CAP
http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Terminal-Services-
Gateway-Part2.html


QUESTION 2
You work as a network administrator for Certkingdom.com The Certkingdom.com network consists of a domain
named Certkingdom.com All servers on the Certkingdom.com network either run Windows Server 2008 or
Windows Server 2003.
The Certkingdom.com network contains a Windows Server 2003 server named ABC-SR05 and a Windows
Server 2008 server named ABC-SR06. ABC-SR05 has Microsoft SQL Server 2005 and Microsoft
Windows SharePoint Services (WSS) 2.0 installed.
You receive instruction to uABCrade Windows SharePoint Services (WSS) 2.0 to Windows
SharePoint Services (WSS) 3.0 and have it run on ABC-SR06. You need to have Windows
SharePoint Services (WSS) 3.0 retain the content and settings from Windows SharePoint Services
(WSS) 2.0.
Which of the following steps would be the best way to accomplish this task? (Choose multiple
answers).

A. You should back up the SharePoint configuration as well as the content from ABC-SR05.
B. You should back up the SQL Server 2005 configuration as well as the Microsoft Windows
SharePoint Services (WSS) databases from ABC-SR05.
C. You should uABCrade ABC-SR05 to Windows Server 2008.
D. You should install Microsoft Windows SharePoint Services (WSS) 3.0 on ABC-SR06.
E. You should install Microsoft Windows SharePoint Services (WSS) 2.0 on ABC-SR06.
F. You should restore the backup from ABC-SR05 to ABC-SR06.
G. You should uABCrade Windows SharePoint Services (WSS) 2.0 to Windows SharePoint
Services (WSS) 3.0 on ABC-SR06.

Answer: A,E,F,G

Explanation: In order to migrate to SharePoint Services (WSS) 3.0 from ABC-SR05 to ABC-SR06
with all the configuration and content, you need to install WSS 2.0 on ABC-SR06. You need to
back up the WSS 2.0 configuration and content from ABC-SR05. Then the backup can be restored
from ABC-SR05 to ABC-SR06. Lastly an in-place uABCrade of WSS 2.0 to WSS 3.0 can be
executed on ABC-SR06.
When you run an in-place uABCrade, all content and configuration data is uABCraded in-place, at
one time. When you start the in-place uABCrade process, the Web server and Web sites remain
offline until the uABCrade has been installed. In-place uABCrades are best for a stand-alone
server and small installations as in this case

Reference: Install and configure Office SharePoint Server for an in-place uABCrade
http://technet.microsoft.com/en-us/library/cc263212(TechNet.10).aspx
Determine uABCrade approach (Office SharePoint Server)
http://technet.microsoft.com/en-us/library/cc263447(TechNet.10).aspx


QUESTION 3
You work as the network administrator at Certkingdom.com The Certkingdom.com network consists of a domain
named Certkingdom.com Certkingdom.com has headquarters in London and branch office in Paris. All servers on
the Certkingdom.com network run Windows Server 2008 and all client computers run Windows Vista.
The Certkingdom.com network contains a member server named ABC-SR01. ABC-SR01 is configured as
the Key Management Service (KMS) server.
You are planning to roll out 20 new Windows Server 2008 computers on the network.
After installing Windows Server 2008 on three of the computers you discover that the servers are
unable to activate using ABC-SR01.
How can you ensure that the new computers are able to activate using ABC-SR01?

A. You should ensure that the new servers have a connection to the internet.
B. You should install the Key Management Service (KMS) on a dedicated Windows Server 2008
computer.
C. You should phone Microsoft Licensing House to Activate the servers by telephone.
D. You should install Windows Server 2008 on at least 7 of the remaining computers.

Answer: D

Explanation: To activate the new server through KMS server, you should complete the installation
of at least 10 servers. The Key Management Service is a Windows service. KMS is a trusted
mechanism that, once the KMS host is activated, allows volume client computers within the
enterprise to activate themselves without any interactions with Microsoft. KMS activation of
Windows Server 2008 follows a hierarchical structure. Each successive product group can activate
all the groups below it, and the KMS can be hosted on any edition that it can activate.


QUESTION 4
You are the network administrator at Certkingdom.com The Certkingdom.com network consists of a domain
named Certkingdom.com All servers on the Certkingdom.com network run Windows Server 2008 and all client
computers run Windows XP Professional. Certkingdom.com currently makes use of two computers named
ABC-TS01 and ABC-TS02 which runs the Terminal Server Session Broker role.
Certkingdom.com recently entered into partnership with Weyland Industries who make use of two
computers named WEYLAND-TS01 and WEYLAND-TS02. During the course of the day you
receive instruction from Certkingdom.com and Weyland Industries to configure their Terminal servers for
load balancing whilst ensuring ABC-TS02 is configured as the preferred server.
What program would you use to configure the load balancing?

A. You should use the Terminal Services Resource Authorization policy (RAP).
B. You should use the Terminal Services Configuration utility.
C. You should use the Terminal Services Connection Authorization policy (CAP).
D. You should use the Group Policy Manager utility.

Answer: B

Explanation: In order to configure load balancing for the four terminal servers you need to make
use of the Terminal Services Configuration utility. This will also make ABC-TS02 the preferred
server for TS sessions. Using NLB with Terminal Services provide increased availability,
scalability, and load-balancing performance, as well as the ability to distribute a large number of
Terminal Services clients over a group of terminal servers.


QUESTION 5
You work as an enterprise administrator at Certkingdom.com The Certkingdom.com network consists of a domain
named Certkingdom.com All servers on the Certkingdom.com network run Windows Server 2008.
The Certkingdom.com network contains a server named ABC-SR22 which hosts Windows SharePoint
Services (WSS). ABC-SR22 hosts a WSS site for each department in the company.
The Sales department WSS site contains a document library. The Sales manager asks you to
configure the WSS site so that Sales users can send email to the document library. To this end,
you configure ABC-SR22 to accept incoming email.
What else is required to enable users to send email to the document library?

A. You need to modify the incoming email settings for the WSS site in IIS Manager.
B. You need to modify the incoming email settings the Application pool in IIS Manager.
C. You need to modify the incoming email settings for the Sales WSS site
D. You need to modify the incoming email settings for the document library.

Answer: D

Explanation: You need to change the incoming mail settings for the document library. This will
allow the users to send email to the document library.

Reference: https:://technet.microsoft.com/en-us/library/cc262947(TechNet.10).aspx


QUESTION 6
You work as the network administrator at Certkingdom.com The Certkingdom.com network consists of a domain
named Certkingdom.com All servers on the Certkingdom.com network run Windows Server 2008. Half the client
computers run Windows XP, and the rest run Windows Vista.
You are responsible for a Terminal Server named ABC-TS01. ABC-TS01 is used to allow remote
users to run the necessary applications required for their daily tasks from their workstations. You
receive instruction to install a Terminal Service application named KingSalesApp2 on ABC-TS01.
KingSalesApp2 does not make use a Microsoft Windows Installer package for the installation and
modifications are made to the current user registry during installation.
Which two of the following steps should you perform to install KingSalesApp2?

A. After installing the application, run the change logon /enable command on ABC-TS01.
B. Before installing the application, run the change logon /enable command on ABC-TS01
C. Before installing the application, run the change user /install command on ABC-TS01.
D. After installing the application, run the change user /install command on ABC-TS01.
E. Before installing the application, run the change user /execute command on ABC-TS01.
F. After installing the application, run the change user /execute command on ABC-TS01.
G. Before installing the application, run the change logon /disable command on ABC-TS01 before
running the application.
H. After installing the application, run the change logon /disable command on ABC-TS01 before
running the application

Answer: C,F

Explanation: In order to install the application to support numerous user sessions in the above
scenario, you need to first run the change user /install command on ABC-TS01because you need
to put a Terminal Services server in Install mode to be able to install or remove programs on the
server. You can put a Terminal Services server in Install mode using the Add/Remove Programs
tool in Control Panel in order to add or remove a program or by using the change user command
at a command prompt. Thereafter you can install the application.
After the installation of the program, you need to return the Terminal Services server to Execute
mode, to be able to execute the application. Therefore, to return to the Execute mode, you need to
run the change user /execute command on ABC-TS01.

Reference: HOW TO: Use the CHANGE USER Command to Switch to Install Mode in Windows
2000 Terminal Services
http://support.microsoft.com/kb/320185


QUESTION 7
You work as a network administrator for Certkingdom.com The domain contains four Windows Server
2008 domain controllers. All domain member servers run Windows Server 2008 and all client
computers run Windows Vista or Windows XP Service Pack 3.
You receive instruction to assign the Terminal Services and Terminal Services Gateway roles to a
server named ABC-TS02.
In order to protect the network you want to make sure that all client computers that connect to
ABC-TS02 have antivirus software and up to date security patches installed.
How can you enforce the security requirements?

A. You should implement a Network Access Protection (NAP) server in the domain and configure
the client computers to send a health option statement in the Terminal Services client access policy.
B. You should configure a Remote Access Policy with the required security settings.
C. You should install Microsoft Baseline Security Analyzer (MBSA) on ABC-TSO2 and configure it
to scan the client computers when they connect.
D. You should install Microsoft Security Assessment Tools (MSAT) on ABC-TSO2 and configure it
to scan the client computers when they connect.

Answer: A

Explanation: Explanation
To ensure that all client computers have firewall, antivirus software and anti-spyware software
installed, you need to set the Request clients to send a health option statement in the Terminal
Services client access policy. You also need to install and configure Network Access Protection
(NAP) on a server in the Certkingdom.com domain.


QUESTION 8
You work as an enterprise administrator at Certkingdom.com The Certkingdom.com network has a domain named
Certkingdom.com All servers on the Certkingdom.com network run Windows Server 2008. Half the client
computers run Windows XP Professional, and the rest run Windows Vista.
The Certkingdom.com network contains a server named ABC-SR22 which hosts Windows SharePoint
Services (WSS). ABC-SR22 hosts a WSS site for each department.
You receive instruction to ensure that CertK ing .com users are able to create distribution lists from
the SharePoint site.
How would you configure ABC-SR02 to accomplish this?

A. You need to install the Exchange System Manager software on ABC-SR02.
B. You need to enable IMAP4 on ABC-SR02.
C. You need to enable the SharePoint Directory Management Service on ABC-SR02.
D. You need to modify the incoming email settings on the SharePoint site on ABC-SR02.

Answer: B

Explanation: In order to configure the WSS server in such a way that it permits users to create
distribution lists from a SharePoint site, you need to enable the SharePoint Directory Management
Service on ABC-SR02. A distribution list contains the e-mail addresses of existing address lists as
well as the e-mail addresses of other site members. Distribution lists are available only if the
SharePoint Directory Management Service is enabled in Central Administration.
All new subsites that are created in an e-mail-enabled site collection are automatically e-mailenabled
also. If you choose to use an existing group during site creation, the distribution list for the
parent site (if available) will be associated with the new site

Reference: Introduction to incoming e-mail/ New site creation walkthrough
http://office.microsoft.com/en-us/help/HA100823061033.aspx


QUESTION 9
You work as an enterprise administrator at Certkingdom.com The Certkingdom.com network consists of a domain
named Certkingdom.com All servers on the Certkingdom.com network run Windows Server 2008.
The Certkingdom.com network contains a member server named ABC-SR11 that has the IIS server role
installed. ABC-SR10 hosts a Web site called ABCWeb.com. ABCWeb.com is configured to use
both https: and HTTPS connections. An SSL certificate is configured to enable the HTTPS
connections.
There are multiple virtual directories configured within the Web site. Some virtual directories allow
HTTP connections and some require encrypted connections using SSL.
You add another virtual directory named to the Web site. The virtual directory can be accessed at
ABCweb.com/accounts/.
The Certkingdom.com security policy requires that /accounts/ must be accessible to authenticated users
only and to allow authentication types to support all browsers. However, the CIO wants the
authentication traffic to be encrypted by using HTTPS.
How should you configure the /accounts virtual directory without affecting the other virtual
directories? Choose three

A. By enabling Basic Authentication for ABCWeb.com.
B. By enabling the Basic Authentication setting for the /accounts virtual directory.
C. By enabling disabling the Anonymous Authentication setting for ABCWeb.com.
D. By disabling the Anonymous Authentication setting for the /accounts virtual directory.
E. By configuring the Web site to the Require SSL setting.
F. By configuring the /accounts virtual directory to the Require SSL setting.
G. By enabling Digest Authentication setting the /accounts/ virtual directory.

Answer: B,D,F

Explanation: You need to enable the Basic Authentication setting, because it is supported by
mostly all the browsers.
You need to disable the Disable the Anonymous Authentication setting, so that only authenticated
users can access the virtual directory.
You also need to the /accounts/ virtual directory to the Require SSL setting. This will only allow
that the authentication traffic is encrypted and all other directories of the Website must be
accessible to anonymous users and be available without SSL.
You also need to configure the virtual directory for the Web site and not the website.

Reference: How to configure IIS Web site authentication
http://support.microsoft.com/kb/308160


QUESTION 10
You work as an enterprise administrator at Certkingdom.com The Certkingdom.com network consists of a domain
named Certkingdom.com All servers on the Certkingdom.com network run Windows Server 2008.
The Certkingdom.com network contains a member server named ABC-SR25 that runs the Web Server
(IIS) role and hosts multiple Websites.
You have received instruction to configure ABC-SR25 to run a new company Intranet Web site.
You want to configure ABC-SR25 to release memory to the new company Intranet Web site
automatically.
How should you configure ABC-SR25 without affecting the other Web sites?

A. The best option is to associate the Intranet website with the Default Application Pool.
B. The best option is to decrease the connection timeout for the Intranet website.
C. The best option is to modify the settings on the Default Web Site.
D. The best option is to configure the settings on the Performance tab of Default Application Pool.
E. The best option is to associate the website with a new application pool.

Answer: E

Explanation: The best option is to create a new application pool and associate the Web site to the
application pool. This will automatically release memory for a single website without affecting the
other Web sites. An application pool is a group of one or more URLs that are served by a worker
process or a set of worker processes. Application pools set boundaries for the applications they
contain, which means that any applications that are running outside a given application pool
cannot affect the applications in the application pool.

Reference: IIS 7.0: Managing Application Pools in IIS 7.0
http://technet2.microsoft.com/windowsserver2008/en/library/1dbaa793-0a05-4914-a065-
4d109db3b9101033.mspx?mfr=true

Reference: IIS 7.0: Configuring Recycling Settings for an Application Pool
http://technet2.microsoft.com/windowsserver2008/en/library/0d5770e3-2f6f-4e11-a47c-
9bab6a69ebc71033.mspx?mfr=true

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

70-519 Exam

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com


 

 

 

QUESTION 1
There is ASP NET 3.5 Web application CertKingdomApp.
You are required to upgrade CertKingdomApp to ASP.NET 4.0.
You need to make sure that CertKingdomApp is optimized for search engines.
In particular this optimization must include HTML that is generated by CertKingdomApp and URLs
local within CertKingdomApp.
Within CertKingdomApp there is a Data List control CertKingdomC.
CertKingdomApp must be able to load data at runtime into CertKingdomC with the help of the current
URL.
What is appropriate in this scenario? Select four.

A. Use property Repeat Layout of..
B. Use property Data List Layout of..
C. Use property Render Outer table Layout of..
D. ..Web Forms routing and set the property to…
E. .. permanent redirect and set the property to..
F. .. temporary redirect and set the property to..
G. ..Null..
H. ..True..
I. ..False..
J. ..Table..
K. ..List..
L. .. on all list controls.
M. ..on all controls.
N. .. all Form View controls.

Answer: B,D,I,N

Explanation:


QUESTION 2
There a ASP.NET MVC 2 application CertKingdomApp.
Consider unhandled exceptions.
CertKingdomApp must manage and log these unhandled exceptions.
What would be best to achieve this if you want to put the logic into a single place?

A. Use a custom Handle Error attribute to…
B. Use the default Handle Error attribute to…
C. For every method..
D. For each controller..
E. .. override the Exception method.
F. .. override the OneException method.
G. .. and apply it to all controllers.
H. ..use try and catch.

Answer: A,G

Explanation:


QUESTION 3
There is an ASP.NET Web application CertKingdomApp.
CertKingdomApp has pages that are available for public users.
CertKingdomApp has pages that are available for only administrative purposes.
Consider error handling code for these pages.
The same code must be used for the public pages and the administrative pages.
Errors must be handled in one way for the public pages and in another way for the administrative
pages.
How can this be achieved? Select two.

A. Use file Global.asax.cs (or Global.asax.vb)
B. Use file code-behind.
C. Use the Page_Error method(s).
D. ..for every public page and for every administrative page.
E. ..of the subclasses of System.Web.UI.Page.
F. ..of the subclasses of System.Web.URL.Page.
G. ..use the Application_error method.
H. .. for each master page.

Answer: C,E

Explanation:


QUESTION 4
CertKingdom has multiple ASP.NET Web applications.
There is a class library CertKingdomLib that are used by all these application.
There is a variable CertKingdomVar in CertKingdomLib.
CertKingdomVar is within the helper class.
CertKingdomVar contains secret information.
CertKingdomVar must not be seen by developers debugging applications.
How can this be achieved?

Answer:


QUESTION 5
There is an ASP.NET Web application CertKingdomApp.
CertKingdomApp has a Menu Control CertKingdomMC.
For unauthorized users CertKingdomMC shows a menu of public pages.
For authorized users CertKingdomMC shows a menu of both public pages and some private pages.
For security you need to ensure that the private pages (both the menu options and the URLs) are
not shown to unauthorized user.
What is appropriate in this scenario? Select four.

A. The event handler..
B. The attribute..
C. The method..
D. The exception handler..
E. ..Page_Refresh should be used..
F. ..Page_Load should be used..
G. ..window.onload should be used..
H. ..window.update should be used..
I. ..window.onupdate should be used..
J. ..Page_Init should be used..
K. .. JavaScript document ready should be used..
L. ..VBS (or C# script) document ready should be used..
M. …to add pages to CertKingdomMC that are to be accessed by all users
N. ..to hide the private pages from the list of pages shown on CertKingdomMC.
O. ..to add pages to CertKingdomMC that are to be accessed by authorized users.
P. ..to add pages to CertKingdomMC that are to be accessed by unauthorized users.

Answer: C,F,O

Explanation:


QUESTION 6
There is an ASP.NET Web application CertKingdomApp.
A user of CertKingdomApp can send customized e-mails to several thousand receivers at a time
through a form CertKingdomForm.
CertKingdomApp has around 3000 users about half of which can be accessing CertKingdomApp at a
specific point of time.
How can you optimize the performance of CertKingdomApp? Select three.

A. Use the On Load method..
B. Use the On Click method..
C. ..of CertKingdomForm..
D. ..of CertKingdomApp..
E. ..as a separate process.
F. ..as multiple processes.
G. .. from the System.Net.Mail namespace classes.
H. .. from the System.Mail namespace classes.
I. .. from the Machine.Web.Mail namespace classes.
J. .. from the System.Web.Mail namespace classes.

Answer: B,C,E

Explanation:


QUESTION 7
There is an ASP.NET Web application CertKingdomApp.
CertKingdomApp is used to edit pictures online within your web browser.
Clients can upload pictures to CertKingdomApp.
Clients can edit the uploaded pictures through special features CertKingdomApp.
Some of these features are very computationally demanding.
These specific features should be run on a GPU (Graphics Processing Unit).
Other features of CertKingdomApp, the ones that are not so CPU intensive, should be run on the
server.
Bandwidth usage is also a critical part of the required solution. It should be minimized.
What action should you take?

Answer:


QUESTION 8
There is an ASP.NET Web application CertKingdomApp.
You are required to enforce that CertKingdomApp is using data caching at all times.
You are required to enforce that CertKingdomApp keeps the session state at all points of time.
CertKingdomApp must maintain session state and data caching.
What is appropriate in this scenario? Select two.

A. Mixed process session state should be used.
B. out-of-process session state should be used.
C. in-process session state should be used.
D. in&out process session state should be used.
E. out-of-process transaction state should be used.
F. in-process transaction state should be used.
G. in&out process transaction state should be used.
H. input caching should be used.
I. output caching should be used.
J. Static caching should be used.
K. Caching should be enabled.
L. distributed caching should be used.
M. multiple caching should be used.

Answer: B,L

Explanation:


QUESTION 9
There is an ASP.NET Web application CertKingdomApp.
CertKingdomApp is rewritten.
Now CertKingdomApp should be deployed.
What is appropriate in this scenario? Select two or three.

A. Use a web pool..
B. Use an application pool…
C. Use a rewritten pool..
D. Use the global assembly cache…
E. ..which includes only ASP.NET 2.0, ASP.NET 3.0, ASP NET 3.5, and ASP.NET.4 Web
applications…
F. ..which includes only ASP.NET. 3.5 Web applications…
G. ..which includes only ASP.NET.4 Web applications…
H. ..which includes only ASP.NET 2.0, ASP.NET 3.0, and ASP NET 3.5Web applications…
I. ..which includes only ASP.NET 1.0, ASP.NET 2.0, ASP.NET 3.0, and ASP NET 3.5Web
applications…
J. ..and add CertKingdomApp to it.
K. .. and compile and deploy CertKingdomApp to it.
L. ..and deploy CertKingdomApp to it.

Answer: B,G,J

Explanation:


QUESTION 10
There is an ASP.NET Web application CertKingdomApp.
There is a MS SQL Server database CertKingdomDB on server CertKingdomSrv.
CertKingdomDB is used to store user authorization data.
CertKingdomDB also store some other secret information used by CertKingdomApp.
CertKingdomApp must not access CertKingdomSrv directly.
CertKingdomApp should not include programming code for authorization.
Some Web pages, the ones that displays secret information, should only show information for
authenticated users.
Visitors should only be able to see pages that do not contain any secret data.
Which type of solution should be used in this scenario?

A. Third party authentication solution.
B. SQL Service
C. WCF service.
D. Separate library.
E. Standard library
F. SQL XML Services.
G. SQL HTML Services.
H. stored procedures.

Answer: C

Explanation:

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

Certkingdom 70-647 Exam Q & A



Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com



QUESTION 1
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2008.
The Certkingdom.com network has a file server named ABC-SR07 that hosts a shared folder named
ABCDocs. Several Microsoft Word documents are stored in the ABCDocs share. You want to
enable document version history on these documents. You also want the documents in the
ABCDocs share to be accessed through a Web page.
Which of the following roles or services would you install on ABC-SR07 to achieve the desired
results cost effectively?

A. FTP Server role.
B. Application Server role.
C. Microsoft Windows SharePoint Services (WSS) 3.0.
D. File and Print Services role.
E. Microsoft Office SharePoint Server (MOSS) 2007.
F. SMTP Server role.

Answer: C

Explanation:
To achieve the desired results without requiring any additional cost, you need to use Microsoft
Windows SharePoint Services (WSS) 3.0.
Reference: Microsoft Windows SharePoint Services 3.0 and the Mobile Workplace
http://download.microsoft.com/download/b/b/6/bb6672dd-252c-4a21-89de-
78cfc8e0b69e/WSS%20Mobile%20Workplace.doc


QUESTION 2
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com with a single site named Site
A. All servers in the Certkingdom.com network run Windows Server
2008.
You reorganize the Active Directory infrastructure to include a second site named SiteB with its
own domain controller.
How would you configured the firewall to allow replication between SiteA and SiteB?

A. Enable IPSec traffic to pass through the firewall.
B. Enable RPC traffic to pass through the firewall.
C. Enable SMTP traffic to pass through the firewall.
D. Enable NNTP traffic to pass through the firewall.
E. Enable FTP traffic to pass through the firewall.

Answer: B

Explanation:
You should permit RPC traffic through the firewall to enable the domain controllers to replicate
between the two sites because the Active Directory relies on remote procedure call (RPC) for
replication between domain controllers. You can open the firewall wide to permit RPC’s native
dynamic behavior.
Reference: Active Directory Replication over Firewalls
http://technet.microsoft.com/en-us/library/bb727063.aspx


QUESTION 3
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2008.
Certkingdom.com runs a critical application that accesses data that is stored in a Microsoft SQL Server
2005 database server named ABC-DB02. Which of the following options would you choose to
ensure that the database is always available?

A. Two Windows Server 2008 servers running MS SQL Server 2005 Standard Edition in a
Network Load Balancing (NLB) cluster.
B. Two Windows Server 2008 servers running MS SQL Server 2005 Enterprise Edition in a
Network Load Balancing (NLB) cluster
C. Two Windows Server 2008 servers running MS SQL Server 2005 Standard Edition in a failover
cluster.
D. Two Windows Server 2008 servers running MS SQL Server 2005 Enterprise Edition in a
failover cluster.

Answer: D

Explanation:
To ensure the high availability of the data store, you need to use a Windows Server 2008 failover
cluster with shared storage.
Failover clustering can help you build redundancy into your network and eliminate single points of
failure.
Administrators have better control and can achieve better performance with storage than was
possible in previous releases. Failover clusters now support GUID partition table (GPT) disks that
can have capacities of larger than 2 terabytes, for increased disk size and robustness.
Administrators can now modify resource dependencies while resources are online, which means
they can make an additional disk available without interrupting access to the application that will
use it. And administrators can run tools in Maintenance Mode to check, fix, back up, or restore
disks more easily and with less disruption to the cluster
You should not use Network Load Balancing (NLB) because it only allows you to distribute TCP/IP
requests to multiple systems in order to optimize resource utilization, decrease computing time,
and ensure system availability.
Reference: High Availability
http://www.microsoft.com/windowsserver2008/en/us/high-availability.aspx


QUESTION 4
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2008. Certkingdom.com has its
headquarters in Chicago and sub-divisions in Boston, Atlanta, Miami and Dallas. All domain
controllers are currently installed in the Chicago.
You need to have new domain controllers installed in the Boston, Atlanta, Miami and Dallas subdivisions.
Certkingdom.com issues a security policy for the new domain controllers that states the
following:
• Unauthorized user must not be able to access the Active Directory database.
• Unauthorized user must not be able to boot a domain controller from an alternate boot disk.
Which of the following options would you choose to implement the security policy?

A. Modify the permissions of the ntds.dat file.
B. Configure a read-only domain controller (RODC) in the Boston, Atlanta, Miami and Dallas.
C. Disable replication of the Sysvol folder on the new domain controllers.
D. Configure Windows BitLocker Drive Encryption (BitLocker) on the new domain controllers.
E. Disable the Global Catalog role on the new domain controllers.
F. Configure EFS encryption on the new domain controllers.

Answer: D

Explanation:
To configure domain controller at each branch office to ensure that no unauthorized user should
be allowed to copy the Active Directory database from a branch office domain controller by starting
the server from an alternate startup disk, you need to use Windows BitLocker Drive Encryption
(BitLocker)
BitLocker allows you to encrypt all data stored on the Windows operating system volume and use
the security of using a Trusted Platform Module (TPM) that helps protect user data and to ensure
that a computer running Windows Vista or Server 2008 have not been tampered with while the
system was offline.
In addition, BitLocker offers the option to lock the normal startup process until the user supplies a
personal identification number (PIN) or inserts a removable USB device, such as a flash drive, that
contains a startup key. This process will ensure that users can only access all files on the servers
if they have the PIN. You cannot use an alternate startup disk to boot the server.
Reference: BitLocker Drive Encryption Technical Overview
http://technet2.microsoft.com/windowsserver2008/en/library/a2ba17e6-153b-4269-bc46-
6866df4b253c1033.mspx?mfr=true


QUESTION 5
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com that runs at the domain functional level of Windows Server 2008.
Which of the following options can be used for tracking any modification to Active Directory
Objections?

A. Configure a Group Policy to run the Security Configuration Wizard on all computers in the ABC
network.
B. Configure the Default Domain Controllers Group Policy to audit Directory Services.
C. Configure the Default Domain Group Policy to audit Directory Services.
D. Enable auditing of the ntds.dat file in the Default Domain Group Policy.
E. Enable auditing of the ntds.dat file in the Default Domain Group Policy.

Answer: B

Explanation:
To implement an audit and compliance policy and ensure that all changes made to Active
Directory objects are recorded, you need to configure a Directory Services Auditing policy in the
Default Domain Controller Policy
In Windows Server 2008, you can enable Audit Directory Service Access policy to log events in
the Security event log whenever certain operations are performed on objects stored in Active
Directory.
Enabling the global audit policy, Audit directory service access, enables all directory service policy
subcategories. You can set this global audit policy in the Default Domain Controllers Group Policy
(under Security Settings\Local Policies\Audit Policy).
Reference: Windows Server 2008 Auditing AD DS Changes Step-by-Step Guide
http://technet2.microsoft.com/windowsserver2008/en/library/a9c25483-89e2-4202-881cea8e02b4b2a51033.
mspx?mfr=true


QUESTION 6
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2003.
You want to install a read-only domain controller (RODC) without uABCrading the existing domain
controllers Windows Server 2008.
What action should you take? (Each correct option will form a part of the answer. Select TWO.)

A. Raise the forest functional level to Windows 2000.
B. Raise the forest functional level to Windows 2003.
C. Raise the forest functional level to Windows 2008.
D. Raise the domain functional level to Windows Server 2000
E. Raise the domain functional level to Windows Server 2003
F. Raise the domain functional level to Windows Server 2008

Answer: B,E

Explanation:
To create an Active Directory forest and domain functional levels to support Read-only domain
controllers (RODC) and Windows Server 2003 domain controllers, you need to create both the
forest and domain functional levels of Windows Server 2003. This is because only when you use
both the forest and domain functional levels of Windows Server 2003, you will be able to support
Read-only domain controllers (RODC) and Windows Server 2003 domain controllers.
Reference: Appendix of Functional Level Features
http://technet2.microsoft.com/windowsserver2008/en/library/34678199-98f1-465f-9156-
c600f723b31f1033.mspx?mfr=true


QUESTION 7
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a forest named
and Certkingdom.com that runs at the forest functional level of Windows Server 2003. Certkingdom.com has a
subsidiary company named TestLabs, Inc. The TestLabs, Inc. network has a forest named and
testlabs.com that runs at the forest functional level of Windows Server 2003. All domain controllers
on both the Certkingdom.com network and the TestLabs, Inc. network run Windows Server 2008.
Certkingdom.com users do not have access to network resources in TestLabs, Inc.
TestLabs, Inc. has a file server named TESTLABS-SR07. Certkingdom.com users must be able to access
shared folders on TESTLABS-SR07. However, Certkingdom.com users must not be able to access any
other network resources in TestLabs, Inc.
Which of the following options would you choose to accomplish this task? (Each correct option will
form a part of the answer. Select TWO.)

A. By raising the forest functional level of Certkingdom.com and testlabs.com to Windows Server 2008.
B. By raising the domain functional level of all domains in Certkingdom.com and testlabs.com to Windows
Server 2008.
C. By creating a forest trust between Certkingdom.com and testlabs.com.
D. By setting the Allowed to Authenticate for TESTLABS-SR07.
E. By setting the Allowed to Authenticate right on the computer object for the testlabs.com
infrastructure operations master object.

Answer: C,D

Explanation:
To ensure that the users in ABC-south.com are denied access to all the resources ABC-north.com
except the resources on ABC-SR07, you need to create a forest trust between ABC-south.com
and ABC-north.com so that resources can be shared between both the forests. You can however
set the trust authentication setting to selective authentication so that only selected authentication
is allowed.
Next you need to set the Allowed to Authenticate right on the computer object for ABC-SR07 so
that each user must be explicitly granted the Allowed to Authenticate permission to access
resources on ABC-SR07.
You should not set the Allowed to Authenticate right on the computer object for the ABC-north.com
infrastructure operations master object because Allowed to Authenticate right is set for the users in
a trusted Windows Server 2003 domain or forest to be able to access resources in a trusting
Windows Server 2003 domain or forest, where the trust authentication setting has been set to
selective authentication, each user must be explicitly granted the ‘Allowed to Authenticate’
permission on the security descriptor of the computer objects (resource computers) that reside in
the trusting domain or forest.
Reference: Grant the Allowed to Authenticate permission on computers in the trusting domain or
forest
http://technet2.microsoft.com/windowsserver/en/library/b4d96434-0fde-4370-bd29-
39e4b3cc7da81033.mspx?mfr=true


QUESTION 8
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2008. Certkingdom.com has its
headquarters in Chicago and branch offices in Boston. The Boston office is connected to the
Chicago by a WAN link. The Chicago office has a DNS Sever named ABC-SR04 that is configured
as a single DNS zone. The Boston office has two servers named ABC-SR07 and ABC-SR08.
ABC-SR08 hosts shared folders that are only accessed by Certkingdom.com users in the Boston office.
You work in the Chicago office while a network administrator named Rory Allen works in the
Boston office.
Certkingdom.com wants you to ensure that users at the Boston office can log on to the Certkingdom.com domain
and can connect to the shared folders on ABC-SR08 even when the WAN link is down. You must
allow Rory Allen to configure the servers in the Boston office without allowing him to modify the
Active Directory configuration.
Which actions should you take to accomplish this task? (Each correct option will form a part of the
answer. Choose THREE.)

A. By promoting ABC-SR07 to a domain controller.
B. By promoting ABC-SR07 to a read-only domain controller (RODC).
C. By installing USMT role on ABC-SR07.
D. By installing ADMT role on ABC-SR07.
E. By installing DNS role on ABC-SR07.
F. By adding Rory Allen to the Domain Admins group.
G. By creating an organizational unit (OU) for the Boston office.
H. By assigning administrative rights to Rory Allen.

Answer: B,E,H

Explanation:
To ensure that the users in the branch office are able to log on to the domain even if the WAN link
fails, you need to promote the member server to a read-only domain controller (RODC) because
the RODC works as a domain controller and allows log in to the domains except allowing
modifications and changes to the Active directory domain.
Delegating administrative rights to the local branch office administrator after promoting a member
server to a RODC will make sure that branch office administrator is not allowed to initiate any
changes to Active Directory but should be allowed to make configuration changes to the servers in
the branch office.
Configuring the DNS role to the member server, will ensure that the users are allowed to access
file shares on the local server in the absence of the WAN link. Without name resolution and the
other services that are provided by DNS servers, client access to remote host computers would be
prohibitively difficult. DNS servers need to be configured because in intranets computer users
rarely know the IP addresses of computers on their local area network (LAN).
Reference: DNS Server Role: Read-only domain controller support/ Who will be interested in this
server role?
http://technet2.microsoft.com/windowsserver2008/en/library/533a1cfc-5173-4248-914c-
433bd018f66d1033.mspx?mfr=true


QUESTION 9
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com and a workgroup named ABCGROUP. All servers in the Certkingdom.com network run Windows
Server 2008 and all the client computers run Windows Vist
A. The Certkingdom.com network has
unmanaged network switches and has two servers named ABC-SR07 and ABC-SR08. ABC-SR07
is configured with the Active Directory Domain Services (AD DS), the Active Directory Certificate
Services (AD CS) and the Dynamic Host Configuration Protocol (DHCP) service while ABC-SR08
is configured with the Routing and Remote Access Service (RRAS), the Network Policy Service
(NPS) and Health Registration Authority (HRA).
You notice that the latest Microsoft updates have not been applied to all client computers that are
part of the ABCGROUP workgroup. You are concerned that Certkingdom.com users are accessing the
local area network (LAN) from these client computers.
You want to implement Network Access Protection (NAP) to secure the network by preventing
client computers that are not members of the Certkingdom.com network or do not have the latest Microsoft
updates from accessing any network servers that are members of the Certkingdom.com domain.
Which of the following option would you choose?

A. TCP/IP
B. 802.1z
C. PPTP
D. DHCP
E. L2TP
F. IPsec

Answer: F

Explanation:
To ensure that only the computers that have the latest Microsoft updates installed should be able
to connect to servers in the domain and that only the computers that are joined to the domain
should be able to connect to servers in the domain, you need to use the IPSec NAP enforcement
method. IPsec domain and server isolation methods are used to prevent unmanaged computers
from accessing network resources. This method enforces health policies when a client computer
attempts to communicate with another computer using IPsec.
Reference: Protecting a Network from Unmanaged Clients / Solutions
http://www.microsoft.com/technet/security/midsizebusiness/topics/serversecurity/unmanagedclient
s.mspx
Reference: Network Access Protection (NAP) Deployment Planning / Choosing Enforcement
Methods
http://blogs.technet.com/nap/archive/2007/07/28/network-access-protection-deploymentplanning.
aspx


QUESTION 10
You work as an enterprise administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. All servers in the Certkingdom.com network run Windows Server 2008. The Certkingdom.com network
has two web servers named ABC-SR07 and ABC-SR08. Certkingdom.com wants to hosts the company’s
e-commerce Web site named sales.Certkingdom.com on the two web servers. You receive instructions
from the CEO to ensure that the Web site is available even when one of the Web servers is offline.
The CEO also wants the session state of the web site to be available should one of the web
servers be offline. Additionally, you must be able to support the Web site on up to six Web servers
with each Web server having a dedicated IP address.
What action should you take?

A. Configure a two-failover cluster on ABC-SR07 and ABC-SR08.
B. Configure multiple ports for the sales.Certkingdom.com web site.
C. Configure Network Load Balancing on ABC-SR07 and ABC-SR08.
D. Configure the sales.Certkingdom.com web site on each server with the site content on a network share.
E. Configure multiple host headers for the sales.Certkingdom.com website.
F. Configure multiple IP addresses for the sales.Certkingdom.com website.

Answer: C

Explanation:
To ensure that the users of the website would be able to access the Web site if a single server
fails. The website should be scalable to as many as seven Web servers and the web servers
should be able to store session-state information for all users. It should also provide support for
multiple dedicated IP addresses for each Web server.
The Network Load Balancing (NLB) feature in Windows Server 2008 enhances the availability and
scalability of Internet server applications such as those used on Web, FTP, firewall, proxy, virtual
private network (VPN), and other mission-critical servers. NLB provides high availability of a
website by detecting and recovering from a cluster host that fails or goes offline.
You should not use failover clustering in this scenario because failover clustering requires shared
storage which is not mentioned in this question.
Reference: Overview of Network Load Balancing
http://technet2.microsoft.com/windowsserver2008/en/library/11dfa41c-f49e-4ee5-8664-
8b81f6fb8af31033.mspx?mfr=true

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

70-652 Exam


 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 



QUESTION 1
You work as an administrator at Certkingdom.com. The Certkingdom.com network consists of a single domain
named Certkingdom.com. All servers on the Certkingdom.com network, including virtual computers, have Windows
Server 2008 installed and all workstations have Windows 7 installed.
You have installed the Hyper-V server role on a server named ABC-SR34, and the Windows
Deployment Services role on a server named ABC-SR35. Certkingdom.com’s virtual computer, named
ABC-VM01, only has a solitary Virtual Hard Disk (VHD) configured.
You have been instructed to make sure that an image of ABC-VM01’s Virtual Hard Disk (VHD) is
deployed to physical and virtual hosts via Windows Deployment Services.
To achieve this, you first need to have an image of ABC-VM01’s Virtual Hard Disk (VHD)
positioned on ABC-SR35.
Which combination of the following actions should you take?

A. You should consider exporting ABC-VM01, and then configuring the use of a legacy network
adapter.
B. You should consider configure ABC-VM01 to make use of a legacy adapter prior to restarting it
with a Windows Deployment Services discover image.
C. You should configure ABC-VM01 to make use of a legacy adapter prior to restarting it with a
Windows Deployment Services discover image.
D. You should configure ABC-VM01 to make use of a legacy adapter prior to restarting it with a
Windows Deployment Services capture image.

Answer: D

Explanation:


QUESTION 2
You work as an administrator at Certkingdom.com. The Certkingdom.com network consists of a single domain
named Certkingdom.com. All servers on the Certkingdom.com network have Windows Server 2008 installed.
Certkingdom.com has a server, named ABC-SR14, which has a Windows Server 2008 Server Core
installation and is also configured as a Hyper-V server.
You have been informed that a Windows Vista SP1 64-bit workstation must be able to open
Hyper-V Manager, and also establish a link to ABC-SR14.
Which of the following actions should you take?

A. You should consider making use of the winrm command-line tool.
B. You should consider making use of the cscript command-line tool.
C. You should consider making use of the oclist command-line tool.
D. You should consider making use of the ocsetup command-line tool.
E. You should consider making use of the Netsh advfirewall command-line tool.

Answer: E

Explanation:


QUESTION 3
You work as an administrator at Certkingdom.com. The Certkingdom.com network consists of a single domain
named Certkingdom.com. All servers on the Certkingdom.com network have Windows Server 2008 installed.
Certkingdom.com has a server named ABC-SR14 that is configured as a Hyper-V server, and hosts four
virtual computers. These servers are named ABC-VM01, ABC-VM02, ABC-VM03 and ABC-VM04.
Certkingdom.com also has a server named ABC-SR15 that is configured as a Hyper-V server, but hosts
no virtual computers. Certkingdom.com has another server named ABC-SR16 that has Microsoft System
Center Virtual Manager (SCVMM) 2008 installed.
You have been instructed to relocate ABC-VM04 from ABC-SR14 to ABC-SR15 without altering
the virtual computer configurations.
You have to make sure that ABC-VM04 is offline for as little time as possible. You have also been
informed that user interaction must be kept to a minimum.
Which of the following actions should you take?

A. You should consider relocating ABC-VM04 to a host group via the Hyper-V Manager.
B. You should consider importing ABC-VM04 via the Virtual Machine Manager on ABC-SR15.
C. You should consider dragging ABC-VM04 from ABC-SR14 and dropping it on ABC-SR15 via
the Virtual Machine Manager.
D. You should consider exporting ABC-VM04 from ABC-SR14 via the Virtual Machine Manager.

Answer: C

Explanation:


QUESTION 4
You work as an administrator at Certkingdom.com. The Certkingdom.com network consists of a single domain
named Certkingdom.com. All servers on the Certkingdom.com network have Windows Server 2008 installed.
When Certkingdom.com acquires a new server, you are instructed to install the Hyper-V server role on it.
The server has a 32-bit Dual-core CPU, 4GB RAM, a single port network card, and two SATA hard
drives.
You need to make sure that you are able to install the Hyper-V server role on the new server.
Which of the following actions should you take?

A. You should install an additional network adaptor to system.
B. You should install an additional 8 GB RAM.
C. You should substitute the 32-bit CPU with a 64-bit CPU.
D. You should install an additional 500 GB hard drive.

Answer: C

Explanation:


QUESTION 5
You work as an administrator at Certkingdom.com. The Certkingdom.com network consists of a single domain
named Certkingdom.com. All servers on the Certkingdom.com network have Windows Server 2008 installed.
A network administrator, named Andy Reid, has requested that you compile a report for server
consolidation suggestions. This report should list servers on which virtualization can be
configured, as well as performance monitoring information.
Which of the following actions should you take?

A. You should consider having the Virtual Machine Manager 2008 update first.
B. You should consider having the Virtual Machine Manager (VMM) Self-Service Portal installed first.
C. You should consider executing the ocsetup Microsoft-Hyper-V command first.
D. You should consider having Microsoft Assessment and Planning Solution Accelerator installed
first.

Answer: D

Explanation:


QUESTION 6
You work as an administrator at Certkingdom.com. The Certkingdom.com network consists of a single domain
named Certkingdom.com. All servers on the Certkingdom.com network have Windows Server 2008 installed.
Certkingdom.com has a server named ABC-SR35, which is configured as a Hyper-V server. ABC-SR35
has two disks, of which one is configured as the C: drive and the other has not been allocated as
yet. Both of these drives are online.
You are tasked with creating a pass-through disk. After accessing Hyper-V Manager, you find that
you are unable to create a pass-through disk because the hard disk option is not displayed.
You are required to rectify this as soon as possible.
Which of the following actions should you take?

A. You should consider completely removing the C: drive.
B. You should consider completely removing the unallocated disk.
C. You should consider marking the unallocated disk as offline.
D. You should consider marking the C: drive as offline.

Answer: C

Explanation:


QUESTION 7
You work as an administrator at Certkingdom.com. The Certkingdom.com network consists of a single domain
named Certkingdom.com. All servers on the Certkingdom.com network have Windows Server 2008 installed.
You have been tasked with creating a virtual computer named ABC-VM05. ABC-VM05 has six
virtual drives configured. There is a 100 GB drive, a DVD drive, as well as four 300 GB drives.
You would like to configure as little disk controllers as possible for ABC-VM05’s virtual disks.
Which of the following actions should you take?

A. You should consider configuring an SCSI controller for the DVD drive, and a single IDE
controller for the five hard drives.
B. You should consider configuring an SCSI controller and five IDE controllers for each of the hard
drives.
C. You should consider configuring six SCSI controllers.
D. You should consider configuring six IDE controllers.

Answer: A

Explanation:


QUESTION 8
You work as an administrator at Certkingdom.com. The Certkingdom.com network consists of a single domain
named Certkingdom.com. All servers on the Certkingdom.com network have Windows Server 2008 installed.
Certkingdom.com has a server named ABC-SR35, which is configured as a Hyper-V server. ABC-SR35
has two virtual computers installed, named ABC-VM01 and ABC-VM02. Each virtual computer has
one Virtual Hard Disk (VHD) configured as a differencing disk. The Virtual Hard Disks (VHDs) are
named ABC-vm01.vhd and ABC-vm02.vhd respectively.
A fellow administrator, named Kara Lang, has removed lots of information from ABC-VM01, and
would like to know how to decrease ABC-vm01.vhd’s size. Kara Lang would like to complete this
task without affecting the current information on ABC-vm01.vhd. Kara Lang also informs you that
the solution should not have an effect on ABC-vm02.vhd.
Which of the following actions should you take?

A. You should consider deleting ABC-vm01.vhd.
B. You should consider compacting ABC-vm01.vhd.
C. You should consider expanding ABC-vm02.vhd.
D. You should consider editing ABC-vm02.vhd.

Answer: B

Explanation:


QUESTION 9
You work as an administrator at Certkingdom.com. The Certkingdom.com network consists of a single domain
named Certkingdom.com. All servers on the Certkingdom.com network have Windows Server 2008 installed.
You have been tasked with running tests on a new application, named TestApp1. The tests will be
performed on a Windows Vista SP1 virtual computer named Test-VM01, which is installed on a
workstation in Certkingdom.com’s test lab named Test-WS01. Every test you are about to perform will alter
TestApp1’s configuration.
You must make sure that every test is performed with TestApp1’s default configuration.
You have already deployed the application with the default configuration, and also taken a
snapshot image of the virtual computer.
Which of the following actions should you take?

A. You should consider choosing the option to revert Test-VM01 subsequent to every test.
B. You should consider choosing the option to restart Test-WS01 subsequent to every test.
C. You should consider choosing the option to restore Test-WS01 subsequent to every test.
D. You should consider choosing the option to reset Test-VM01 subsequent to every test.

Answer: A

Explanation:


QUESTION 10
You work as an administrator at Certkingdom.com. The Certkingdom.com network consists of a single domain
named Certkingdom.com. All servers on the Certkingdom.com network have Windows Server 2008 installed.
You have been tasked with running tests on a new application, named TestApp1. The tests will be
performed on a Windows Vista SP1 virtual computer named Test-VM01, which is installed on a
server in Certkingdom.com’s test lab named TestLab-SR35. Every test requires TestLab-SR35 to restart.
You have to make sure that the tests continue to run at startup.
Which of the following actions should you take?

A. You should consider choosing the option to restore Test-SR01.
B. You should consider choosing the option to revert Test-VM01
C. You should consider choosing the option to restart Test-SR01.
D. You should consider choosing the option to reset Test-VM01.

Answer: C

Explanation:

 

 


 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 

70-236 Exam

70-236 Exam

 

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 


QUESTION 1
You work as the Exchange Administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 infrastructure.
The network contains a mailbox named TestResources. At present all users are able to diarize
appointments for TestResources. A new company policy states that only Kara Lang and Mia
Hamm are permitted to diarize appointments for TestResources.
What actions must you take to comply with the Certkingdom.com policy?

A. You should run the following cmdlet:
Set- MailboxCalendarSettings – Identity”TestResources” – MonthCalendar calendar = new
MonthCalendar(); KaraLang , MiaHamm.
B. You should run the following cmdlet:
Set-MailboxCalendarSettings – Identity ” TestResources” – BookInPolicy KaraLang , MiaHamm –
AllBookInPolicy $false cmdlet.
C. You should run the following cmdlet:
Set – MonthCalendar calendar = new MonthCalendar(); “host.KaraLang , MiaHamm = calendar ”
this.Content = host;.
D. You should run the following cmdlet:
Set – MonthCalendar calendar = new MonthCalendar();
HwndSource source = HwndSource.FromHwnd(calendar.Handle);
this.Content = calendar;Delegates KaraLang , MiaHamm.

Answer: B

Explanation:


QUESTION 2
You work as the Exchange Administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment. Certkingdom.com has headquarters in London and branch offices in Paris and
Berlin. The marketing department is located at the Paris office. The personnel in Paris connect to
the network through the Internet and use Outlook Anywhere on their laptops. To ensure
productivity management wants you to make sure that the marketing personnel have access to the
companies’ mailboxes.
What actions must you take?

A. You should utilize the Test- MAPIConnectivity and the Test- WebServicesConnectivity cmdlet.
B. You should utilize Get- Recipient – Filter cmdlet.
C. You should utilize Show-MailboxStatistics cmdlet.
D. You should utilize List-Mailbox cmdlet.

Answer: A

Explanation:


QUESTION 3
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment. The Certkingdom.com network has an Exchange Server 2007 environment.
The Edge Transport Server role is installed on a server named ABC-EX01. Due to this server
failure, you have decided to install a new Microsoft Windows Server 2003 server named ABCEX03
on the network with the reinstallation of the Edge Transport Server role. However, the
address rewrites that was functional on ABC-EX01 did not in operation on ABC-EX03. This
functionality is needed.
What actions must you take?

A. You should use the ImportEdgeConfig.ps1 on ABC-EX03.
B. You should use the iiscnfg/enable: application name check version.
C. You should use the Transaction Logs for sp_configure configuration.
D. You should use create a new Send connector on ABC-EX03.

Answer: A

Explanation:


QUESTION 4
You work as the Exchange administrator at Certkingdom.com. Certkingdom.com has headquarters in London and
a branch office in Paris. The Exchange Server 2007 server in the London office is named ABCEX07
and the Exchange Server 2003 server in the London office is named ABC-EX08. You need
to transfer the mailbox from ABC-EX07 to ABC-EX08.
What actions must you take?

A. You should include the IgnoreRuleLimitErrors parameter when using the Move-Mailbox cmdlet.
B. You should use the System configuration data collector.
C. You should create a mapping schema definition.
D. You should enable the Windows Remote Management (WinRM).

Answer: A

Explanation:


QUESTION 5
You work as the Exchange administrator at Certkingdom.com. Certkingdom.com has its headquarters in Chicago
and a branch office in Dallas. You are implementing a new Exchange Server 2007 Organization.
The Exchange Server 2007 environment of Certkingdom.com has the following server installed:
• An Edge Transport server named ABC-EX01
• A Hub Transport server named ABC-EX02.
During the course of the day you have received instruction from the CIO to have e-mail routing
configured on ABC-EX01 and ABC-EX02. In your solution you need to ensure that ABC-EX01 is
able to transmit e-mail messages to and from the Internet. You should also ensure that Internet email
is sent to ABC-EX01 via ABC-EX02.
What actions must you take?

A. You should use the Microsoft System Center Configuration Manager (SCCM).
B. You should export a new Edge Subscription file to ABC-EX01 and Import the Edge Subscription
file to ABC-EX02.
C. You should use the Microsoft System Center Operations Manager (SCOM).
D. You should use the Microsoft Exchange Internet Message Access Protocol, Version 4 (IMAP4).

Answer: B

Explanation:


QUESTION 6
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment.
You were compelled to restore the directory objects and settings from a backup. However, after
the restoration a number of employees reported that they are unable to access their mailboxes
that were assigned to them before the backup was made. The employees need to access their
mailboxes.
What actions must you take?

A. You should use the Get-Mailbox cmdlet.
B. You should use the Get-MailboxInformation cmdlet.
C. You should use the Connect-Mailbox cmdlet.
D. You should use the Show-Information cmdlet.

Answer: C

Explanation:


QUESTION 7
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment.
During routine maintenance of the Exchange server you discover that the storage limits are all
different in the mailboxes.
What actions must you take to ensure that the storage limits to be the same?

A. You should use the Get-MailboxStatistics cmdlet and forward it to the Get-Mailbox cmdlet.
B. You should use the Show-MailboxStatistics cmdlet and forward it to the Select-Object cmdlet.
C. You should use the Get-MailboxInformation cmdlet and forward it to the Select-Object cmdlet.
D. You should create an Exchange Management Shell script and forward the Get-Mailbox
Database cmdlet output to the Set-Mailbox Database cmdlet.

Answer: D

Explanation:


QUESTION 8
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment. The Certkingdom.com network contains a stand-alone server named ABCSR09.
Your boss, CertKingdom, wants to know which Exchange Server 2007 server role can ABC-SR09
support.
What would you reply?

A. It can support the Terminal Service Session Broker (TS Session Broker) role.
B. It can support the Edge Transport server role.
C. It can support the PDC emulator role.
D. It can support the Exchange Recipient Administrators role.

Answer: B

Explanation:


QUESTION 9
You work as the Exchange Administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 infrastructure that has two Client Access Servers with load balancing.
The employees on the intranet has 24/7 access to data when utilizing Outlook Anywhere. During
the course of the day you have received instruction from the CIO to ensure that the employees
who connect to the Exchange infrastructure via the IUnernet also have access to data 24/7.
What actions must you take?

A. You should enable the Microsoft Exchange Information Store.
B. You should enable the Microsoft Exchange Search Service.
C. You should set the external URL on every Client Access Server.
D. You should enable the Microsoft Exchange File Distribution service.

Answer: C

Explanation:


QUESTION 10
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment.
You have received several complaints from employees in various departments stating that e-mail
messages are ending up in their Junk E-mail folder even though the sender’s e-mail address is on
their Safe Senders List. You need to ensure that the employees’ Safe Senders Lists are used.
What actions must you take?

A. You should modify the SMTP Send connectors.
B. You should utilize the Get-Mailbox cmdlet.
C. You should utilize the Show-Information cmdlet.
D. You should utilize the Update-SafeList cmdlet on each mailbox.

Answer: D

Explanation:


QUESTION 11
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment.
Certkingdom.com recently acquired a new company named TestLabs, Inc. The Certkingdom.com management
wants all mail to TestLabs, Inc. to be accepted by the Certkingdom.com Exchange servers as the e
Exchange servers of TestLabs, Inc. will be decommissioned.
What actions must you take to receives TestLabs, Inc’s mail?

A. You should set up TestLabs Inc as an authoritative domain.
B. You should create a Send connector for TestLabs Inc.
C. You should configure the RejectMessagesFrom setting in TestLabs Inc.
D. You should run the Set-CASMailbox cmdlet.

Answer: A

Explanation:


QUESTION 12
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment. Certkingdom.com makes use of Microsoft ActiveSync policy.
As a security measure the Microsoft ActiveSync policy is configured to ensure that idle clients
provide their password every 20 minutes. You therefore decide to set up an inactivity timer on the
network computers.
During the course of the day you have receive a request from the Marketing manager named Amy
Wilson, to ensure that her laptop, ABC-WS236 is not affected by this Microsoft ActiveSync policy.
What actions must you take to ensure that ABC-WS236 is not affected by the Microsoft
ActiveSync policy but all other computers are?

A. You should disable Microsoft ActiveSync on ABC-WS236.
B. You should use the Set- ReceiveConnector – ProtocolLoggingLevel None cmdlet.
C. You should set up a new ActiveSync policy to accommodate ABC-WS236.
D. You should run the Set-CASMailbox cmdlet on ABC-WS236.

Answer: C

Explanation:


QUESTION 13
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
2007 environment.
Microsoft ActiveSync is on the Exchange servers but is disabled. You are in the process of
assigning a new notebook computer named ABC-WS123 to Rory Allen that should be
synchronized with the Exchange servers.
What actions must you take?

A. You should run the Set- ContentFilterConfig – RecipientEnabled $false cmdlet.
B. You should run the Set-CASMailbox cmdlet and enable the feature.
C. You should run the Set- ContentFilterConfig – BypassedRecipients anti-spam@Certkingdom.com
cmdlet.
D. You should create a new ActiveSync policy that contains all the necessary settings.

Answer: B

Explanation:


QUESTION 14
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment.
Certkingdom.com has two servers named ABC-EX01 and ABC-EX02. ABC-EX01 is hosting the Client
Access server role and ABC-EX02 is hosting the Hub Transport server role. During the week ABCEX01
has a failure. To ensure productivity you need to transfer the Client Access Server role to
ABC-EX02.
What actions must you take?

A. You should run the Disable-StorageGroupCopy cmdlet and enable the DatabaseCopy cmdlet.
B. You should utilize the Setup/mode:RecoverServer command.
C. You should utilize the Add or Remove Programs applet.
D. You should open the Exchange Management Console and imported the Client Access server
role.

Answer: C

Explanation:


QUESTION 15
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
2007 environment. Certkingdom.com wants to know how much space the mailboxes take up at present.
How would you find this information?

A. By running the AutomateProcessing Auto Update cmdlet.
B. By running the Show-MailboxStatistics cmdlet.
C. By running the Get-MailboxStatistics cmdlet.
D. By running the Get-MailboxInformation cmdlet.

Answer: C

Explanation:


QUESTION 16
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment with a server named ABC-EX10. ABC-EX10 had several physical hard
disk drives. You have received instruction from the CIO to ensure that ABC-EX10 has the best
possible I/O performance while also being fault tolerant.
What actions must you take?

A. You should make use of a dedicated RAID 3 array.
B. You should make use of a dedicated RAID 10 array.
C. You should make use of a dedicated RAID 5 array.
D. You should make use of a dedicated RAID 0 array.

Answer: B

Explanation:


QUESTION 17
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment. The Certkingdom.com network has a server named ABC-EX12 that functions as
a mailbox. You need to determine whether the employees in the Finance department can use
Microsoft Office Outlook to access their mailboxes on ABC-EX12.
What actions must you take?

A. You should make use the Microsoft Baseline Security Analyzer.
B. You should make use the Event trace data collector.
C. You should make use the Test- ServiceHealth cmdlet.
D. You should make use the Test-ExchangeSearch cmdlet.

Answer: C

Explanation:


QUESTION 18
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment.
Certkingdom.com contains quite a few distribution groups. A new Certkingdom.com policy only allows the owner to
add or remove members from their distribution group.
What actions must you take to adhere to the Certkingdom.com policy?

A. You should create a universal distribution group without any permission.
B. You should create a universal security group but disable its mailbox.
C. You should attach the owner to the Managed By tab of their distribution group and click the
Manager can update membership list check box.
D. You should create a mail-enabled universal security group.

Answer: C

Explanation:


QUESTION 19
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment.
A Certkingdom.com user named Mia Hamm complains that she cannot access her mailbox. You
investigate and discover that Mia Hamm’s mailbox was removed from a Mailbox server named
ABC-EX07; however there is an exciting back of the mailbox that resides in the recovery storage
group.
What actions must you do to get the mailbox to the working database?

A. You should make use the Restore-DatabaseCopy cmdlet.
B. You should make use the Copy-StorageGroupCopy cmdlet.
C. You should make use the Set-Mailbox cmdlet.
D. You should make use the Restore-Mailbox cmdlet.

Answer: D

Explanation:


QUESTION 20
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment.
The Certkingdom.com network has a server named ABC-EX11 that is configured as a mailbox server. A
Certkingdom.com user named Andy Reid complains one morning that he is unable to access his mailbox.
You then discover that there mailbox store has become corrupt. You thus recover mailbox store
from a recent backup to a recovery storage group. However, Andy Reid reports that he still is
unable to access his mailbox.
What actions must you take to ensure that Andy Reid can access his mailbox?

A. You should add Andy Reid as a mailbox before reconnecting.
B. You should shift the mailbox to a standard storage group before reconnecting.
C. You should add Andy Reid as a mailbox-enabled user before reconnecting.
D. You should use the Get-MailboxStatistics cmdlet.

Answer: B

Explanation:


QUESTION 21
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment.
The Certkingdom.com network contains a mail server named ABC-EX04 that has the complete Client
Access server role installed. Due to a failure on ABC-EX04, you have implemented a server
named ABC-EX05 on the Certkingdom.com network that is running Exchange Server 2007 and restore the
System State data. However, the Certkingdom.com CIO wants the Client Access server role to have same
settings as the previous one.
What actions must you take?

A. You should copy the log files from ABC-EX04 on ABC-EX05.
B. You should run the ISInteg utility on ABC-EX04 and copy the log files on ABC-EX05.
C. You should make use of the Setup/mode:RecoverServer command and execute a System State.
D. You should restore the \ClientAccess\ directory and run the Setup /mode:RecoverServer
command for the implementation of the Client Access server role.

Answer: D

Explanation:


QUESTION 22
You work as the Exchange administrator at Certkingdom.com. The Certkingdom.com network has an Exchange
Server 2007 environment.
Certkingdom.com contains two servers named ABC-EX08 and ABC-EX09. ABC-EX08 hosts the Edge
Transport server role and ABC-EX09 hosts the Hub Transport role. The Edge Subscription of
ABC-EX08 resides on ABC-EX09.
The internet connection to ABC-EX08 goes down for a considerable period and when the
connection is re-established you notice that no delivery of e-mails is taking place.
What actions must you take to restore e-mail delivery?

A. You should utilize the Get-Queue – Filter {status – eq “retry” cmdlet on ABC-EX08.
B. You should utilize the Get-Message –Filter {Subject – eq “Latest Production Line”} cmdlet on ABC-EX08.
C. You should utilize the Resume-queue –filter {status – eq “retry”} cmdlet on ABC-EX08.
D. You should utilize the Retry-Queue cmdlet on ABC-EX08.

Answer: D

Explanation:

 

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 

70-649 Exam

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com


QUESTION 1
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has a Routing and Remote Access computer named ABCSR01
running Network Access Protection.
How should you configure ABC-SR01 to ensure Point-to-Point (PP) authentication is used?

A. By using the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) protocol.
B. By using the Secure Shell (SSH) protocol.
C. By using the Extensible Authentication Protocol (EAP) protocol.
D. By using the Kerberos v5 protocol.

Answer: C

Explanation:
To configure the Point-to-Point Protocol (PPP) authentication method on ABC-SR01, you need to
configure Extensible Authentication Protocol (EAP) authentication method.
Microsoft Windows uses EAP to authenticate network access for Point-to-Point Protocol (PPP)
connections. EAP was designed as an extension to PPP to be able to use newer authentication
methods such as one-time passwords, smart cards, or biometric techniques.
Reference: Making sense of remote access protocols in Windows / DIAL-UP AUTHENTICATION
http://articles.techrepublic.com.com/5100-10878_11-1058239.html


QUESTION 2
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has a computer named ABC-SR01 using the default security
settings to run Remote Desktop.
How would you configure the Remote Desktop connection to ensure secure connections between
ABC-SR01 and accessing clients?

A. By configuring Windows Firewall to block communications via port 110 on the firewall.
B. By obtaining user certificates from the internal certificate authority.
By allowing connections to Remote Desktop client computers that use Network Level
Authentication only.
C. By configuring Windows Firewall to block communications via port 443 on the firewall.
D. By obtaining user certificates from the external certificate authority.
By allowing connections to Remote Desktop client computers that use Network Level
Authentication only.
E. By configuring Windows Firewall to block communications via port 1423 on the firewall.

Answer: B

Explanation:
To ensure the RDP connections are as secure as possible, you need to first acquire user
certificates from the internal certificate authority and then configure each server to allow
connections only to Remote Desktop client computers that use Network Level Authentication.
In the pre-W2008 Terminal Server, you used to enter the name of the server and a connection is
initiated to its logon screen. Then, at that logon screen you attempt to authenticate. From a
security perspective, this isn’t a good idea. Because by doing it in this manner, you’re actually
getting access to a server prior to authentication – the access you’re getting is right to a session
on that server – and that is not considered a good security practice.
NLA, or Network Level Authentication, reverses the order in which a client attempts to connect.
The new RDC 6.0 client asks you for your username and password before it takes you to the
logon screen. If you’re attempting to connect to a pre-W2008 server, a failure in that initial logon
will fail back to the old way of logging in. It shines when connecting to Windows Vista computers
and W2008 servers with NLA configured it prevents the failback authentication from ever
occurring, which prevents the bad guys from gaining accessing your server without a successful
authentication.
Reference: Server 2008 Terminal Services Part 2: NLA – Network Level Authentication
http://www.realtime-windowsserver.com/tips_tricks/2007/06/server_2008_terminal_services_2.htm


QUESTION 3
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has a computer named ABC-SR18 configured to host the
Internet Information Services (IIS) Web server role and SMTP gateway role.
ABC.com has a Marketing division using ABC-SR18 to send and receive e-mail from the Internet.
The ABC.com Marketing division accesses the Internet using the SMTP gateway on port 25.
How would you configure ABC-SR18 to send e-mail to Internet recipients after configuring the
SMTP gateway to relay messages?

A. By creating an SRV record for the SMTP gateway on an internal DNS server.
B. By creating a host (A) record for the SMTP gateway on an internal DNS server.
C. By configuring the SMTP email feature for the website on ABC-SR18.
D. By creating a CNAME record for the SMTP gateway on an internal DNS server.

Answer: C

Explanation: You need to configure the SMTP email feature for the website on ABC-SR18. The
Simple Message Transfer Protocol allows the emails to be sent to a specific address.
Reference: https:://technet2.microsoft.com/windowsserver2008/en/library/4ade618d-ff7a-4359-
b6ba-4982f0bdf4a51033.mspx?mfr=true


QUESTION 4
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has a computer named ABC-SR15 configured to host the
Active Directory Lightweight Directory Services (AD LDS) service.
How would you replicate Active Directory Lightweight Directory Services (AD LDS) to a newly
deployed server?

A. By using the ADSI Edit Snap-in to replicate the AD LDS instance.
B. By creating and installing a replica of AD LDS running the AD LDS Setup wizard on ABC-SR15
C. By using the xcopy command to copy the entire AD LDS instance.
D. By using Active Directory Sites and Services to replicate the AD LDS instance.

Answer: B

Explanation: You need to run the AD LDS setup wizard on the computer in the lab to create and
install a replica of AD LDS. In the AD LDS setup wizard there will be an option to replicate the AD
LDS instance on another computer.


QUESTION 5
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has a computer named ABC-SR01 configured to host
virtualization role service and virtual machines installed with the KingSales application.
How would you configure the virtual machines to be recovered to the original state if installation of
KingSales fails?

A. By using an Automated System Recovery (ASR) disk on the virtual machine when the
application fails.
B. By installing and configuring third party backup software on Virtual machine.
C. By creating a snapshot of the virtual machine through the Virtualization Management Console.
D. By using the Windows Backup utility to backup the Virtual machines.

Answer: C

Explanation: To ensure that you can restore the Virtual machine to its original state if an
application installation fails, you should create a snapshot of the virtual machine using the
Virtualization Management Console. You can always restore the virtual machines in its original
state by using the snapshot you created.


QUESTION 6
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has two computers configured as follows:
• ABC-DC01 – configured as a domain controller.
• ABC-DC02 – configured as a Read-Only Domain Controller (RODC).
ABC.com Marketing division members makes use of ABC-DC01 to log onto the domain.
How would you ensure that ABC-DC02 can be used by the Marketing division to log onto the
domain?

A. By deploying a computer running Active Directory Certificate Services (AD CS).
B. By using a Password Replication Policy on the RODC.
C. By installing and configuring an Active Directory Federation Services (AD FS) front-end server.
D. By deploying a computer running Active Directory Lightweight Directory Services (AD LDS) and
Active Directory Domain Services (AD DS).

Answer: B

Explanation: You should use the Password Replication Policy on the RODC. This will allow the
users at the Dallas office to log on to the domain with RODC. RODCs don’t cache any user or
machine passwords.


QUESTION 7
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has a computer named ABC-SR21 in the default Web site
running WSUS for updates.
How would you configure a group policy with the port and intranet update location to ensure the
Secure Sockets Layer (SSL) is used on ABC-SR21?

A. By using https://ABC-sr21: 80 to indicate the default port and intranet update location.
B. By using https://ABC-sr21 to indicate the default port and intranet update location.
C. By using https:://ABC-sr21: 1073 to indicate the default port and intranet update location.
D. By using https:://ABC-sr21: 110 to indicate the default port and intranet update location.

Answer: B

Explanation: You need to use https://ABC-sr21 to configure a group policy object (GPO) that
specifies the intranet update locations on a default port. You also need a URL for a secure port
that the WSUS server is listening on. You should make use of a URL that specifies HTTPS. This
will secure the client computer channel. However, if you are using any port other than 443 for SSL,
you need to include that port in the URL, too.
Reference: WSUS SSL Client Configuration
http://www.techsupportforum.com/microsoft-support/windows-nt-2000-2003-server/115983-wsusssl-
client-configuration.html


QUESTION 8
You are employed as an enterprise administrator at ABC.com. The ABC.com has a domain
named ABC.com. All servers on the domain run Microsoft Windows Server 2008 and all client
computers run Microsoft Windows Vista. ABC.com has a computer named ABC-SR20 that hosts
the Internet Information Services (IIS) Web Server role though being configured not to utilize the
Windows Performance and Reliability Monitor. During the course of the day ABC.com instructs
you to install and configure Reliability Monitor.
How can you ensure ABC-SR20 collects reliability information keeping the system stability share
current?

A. By configuring the Remote Access Auto Connection Manager service to start automatically on
the ABC-SR20.
B. By configuring the Net Logon service to start automatically on the ABC-SR20.
C. By configuring the Task scheduler service to start automatically on the ABC-SR20.
D. By configuring the Error Reporting Services service to start automatically on the ABC-SR20.

Answer: C

Explanation: To configure the ABC-SR20 to collect the reliability monitor data, you need to
configure the Task scheduler service to start automatically.
Reliability Monitor uses data provided by the RACAgent scheduled task, a pre-defined task that
runs by default on a new installation of Windows Vista. The seamless integration between the
Task Scheduler user interface and the Event Viewer allows an event-triggered task to be created
with just five clicks.
In addition to events, the Task Scheduler in Windows Vista / Server 2008 supports a number of
other new types of triggers, including triggers that launch tasks at machine idle, startup, or logon.
Because you need Task Scheduler to collect reliability monitor data, you need to you need to
configure the Task scheduler service to start automatically.
Reference: Network Monitor 3.1 OneClick … now what? / Task Scheduler Changes in Windows
Vista and Windows Server 2008 – Part One
http://blogs.technet.com/askperf/
Reference: What allows the Reliability Monitor to display data?
http://www.petri.co.il/reliability_monitor_windows_vista.htm


QUESTION 9
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has three computers configured as follows:
• ABC-SR11 – configured with Event Log subscription monitoring
• ABC-SR12 – configured as a domain controller.
• ABC-SR13 – configured as a domain controller.
During the course of the day ABC.com instructs you to create the subscription using ABC-SR12 or
ABC-SR13 which fails as the operation does not complete.
How would you ensure that the subscription can be created using either ABC-SR12 or ABCMicrosoft
70-649: Practice Exam
SR13? (Choose two)

A. By running the command wecutil cs subscription.xml on ABC-SR11.
B. By creating subscription.xml custom view on ABC-SR11.
C. By running the wecutil qc command on ABC-SR12.
D. By running the winrm connect command on ABC-SR13.
E. By running the winrm allow command on ABC-SR13

Answer: A,B

Explanation: To configure a subscription on ABC-SR11, you need to first create an event
collector subscription configuration file and Name the file subscription.xml. You need to then run
the wecutil cs subscription.xml command on ABC-SR11.
This command enables you to create and manage subscriptions to events that are forwarded from
remote computers, which support WS-Management protocol. wecutil cs subscription.xml
command will create a subscription to forward events from a Windows Vista Application event log
of a remote computer at ABC.com to the ForwardedEvents log.
Reference: Wecutil
http://technet2.microsoft.com/windowsserver2008/en/library/0c82a6cb-d652-429c-9c3d-
0f568c78d54b1033.mspx?mfr=true


QUESTION 10
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has a computer named ABC-SR11 configured to run Internet
Information Services (IIS) Web server role hosting confidential company information.
ABC.com has a Marketing division accessing the confidential information which loads excessively
slow. During the course of the maintenance you discovered ABC-SR11 uses a high percentage of
processor time.
How would you gather information regarding the processor utilizing high percentages of processor
time?

A. By using Windows Reliability and Performance Monitor to check percentage of processor
capacity.
B. By using a counter log to track the processor usage.
C. By using the Performance Logs and Alerts.
D. By checking the security log for Performance events.
E. By checking the error log for performance events.

Answer: A

Explanation: Explanation
To gather additional data to diagnose the cause of the problem, you need to use the Resource
View in Windows Reliability and Performance Monitor to see the percentage of processor capacity
used by each application.
The Resource View window of Windows Reliability and Performance Monitor provides a real-time
graphical overview of CPU, disk, network, and memory usage. By expanding each of these
monitored elements, system administrators can identify which processes are using which
resources. In previous versions of Windows, this real-time process-specific data was only
available in limited form in Task Manager
Reference: Windows Reliability and Performance Monitor
http://technet.microsoft.com/en-us/library/cc755081.aspx

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

Microsoft Makes the Case for More jQuery, Fewer Dependencies

In a Best Practices online advisory to browser-based Web site developers published last week, Microsoft paints a compelling picture for favoring JavaScript libraries – especially jQuery – for rendering client-side UI, over the use of plug-ins. If Microsoft is to score a blow against Adobe Flash, it has to strike at plug-ins’ very reason for existence, arguing that jQuery is faster, easier, cheaper, and prettier.

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 

Microsoft’s patterns and practices team had been advocating the use of its Silverlight plug-in for composite applications since 2008, with a project it calls Prism. That project remains ongoing, though the emphasis in recent months has shifted to Project Silk, which focuses on what the company describes as ‘building cross-browser Web applications with a focus on client-side interactivity. These applications take advantage of the latest Web standards, including HTML5, CSS3 and ECMAScript 5, along with modern Web technologies such as jQuery, Windows Internet Explorer 9, and ASP.NET MVC3.’

Microsoft’s support for jQuery began three years ago, almost to the day, certainly in earnest though overlapping considerably with the company’s Silverlight plug-in project. While Microsoft isn’t abandoning Silverlight outright (it touted the forthcoming version 5 just last April), it is certainly de-emphasizing its own plug-in.

Last summer in Microsoft’s forums, the company has responded to developers’ inquiries about the relative precedence of Silk over Prism by assuring Silverlight developers that there remains a place for Silverlight in line-of-business applications – programs deployed in-house for employees and knowledge workers, rather than public-facing Web sites. But that was before the Build conference two weeks ago, when the spotlight for Silverlight was pretty much turned off.

The two project teams share many of the same members, and thus are not in competition with one another. But in recent days, the two projects have been sharing more than common members, but language as well. For example, a November 2010 description of the ‘composite application’ in the context of Prism, which does involve Silverlight, reads as follows: ‘Using design patterns that embody important architectural design principles, such as separation of concerns and loose coupling, Prism helps you to design and build applications using loosely coupled components that can evolve independently but which can be easily and seamlessly integrated into the overall application. These types of applications are known as composite applications.’

This type of modularization has come to define the composite application in much of Microsoft’s training. But now, take a close look at this sample from the latest ‘drop’ of the Silk developers’ model app: ‘Within a browser-based application, a module can add or remove user interface (UI) elements, add or enhance functionality (or behavior) already available in the UI, or enhance the user experience (UX). Modules can be built independently of one another but still communicate with each other in a loosely coupled fashion. Modular applications can make it easier for you to develop, test, deploy, and extend your application. Modular designs also have well-understood benefits that help you unit test your applications and make them easier to maintain over time.’

The Silk project team is suggesting that many of the same goals previously attributed to Prism are attainable using JavaScript and libraries such as jQuery, through Silk best practices. One independent developer who definitely perceives this trend is Poland-based Bartek Szafko, who wrote last July, ‘When you look side by side on new Win8 shots and silk they look quite similar. I believe Silk guidance will be to Windows 8 just like Prism was to WPF and Silverlight.’

The September drop of Silk features the latest update to the project team’s model app, originally called ‘Mileage Stats’ but which has evolved into an interactive (or, judging from this video, overactive) monitor of all monetary investments in one’s vehicle. The idea here is to show how a modular app can generate statistics and update only the statistics that have changed, or only the changes the user has directly requested, without reloading the entire page.
110926 Mileage Stats app test.png

Silk documentation refers to a certain word you’ll be hearing a lot from Microsoft in the coming years. Referring to the division of on-screen components into widgets as shown in the above figure, the documentation reads: ‘Mileage Stats uses the tile widget to animate the position of all boxes horizontally and vertically, because both the vehicle boxes and the Add Vehicle box need that behavior. The vehicle widget expands and collapses the vehicle boxes, because only they need that behavior.’
Modularization in the Silk model is accomplished through a concept that the original HTML frame elements tried to achieve, but couldn’t: subdividing the screen into regions that can not only be addressed independently, but shifted and resized when necessary without disturbing their contents.

A simpler example of modularization for cross-browser apps from the Silk project (which may be more familiar to jQuery veterans), is this example of a jQuery function that’s wrapped around a set of elements bunched together from HTML. In this case, those elements are keywords from a paragraph tagged with , with each element given the name data-tag. A function, triggered whenever the mouse points to one of these tagged spans, looks up the contents of the span on the Delicious Web site, and posts the textual results of that search in an infobox. The jQuery function which does the wrapping appears below:

The function attaches the infobox directly to the span. Although that infobox has no instructions for its own appearance in this function, it’s given a place in the DOM by the creation function for the infobox element, which in jQuery is called _create. The principle demonstrated here is dynamic tagging. Here, not only can the destinations of old hyperlinks be updated and made more relevant, but the events that are generated as a result of pointing to the tagged span, and the appearance of the box or other gadget displayed on mouse over, are generated entirely on the fly.

This sort of thing has been happening with jQuery-endowed Web pages for the last handful of years, though perhaps not all Web users are appreciating the breadth of the architectural changes embodied here. If you’re wondering, what Microsoft technologies does Silk specifically promote, the answer is server-side ASP.NET MVC, whose latest versions make liberal use of jQuery. The Silk philosophy is a relatively new one for Microsoft: an ideal that the purpose for promoting Microsoft-brand technologies on the server side does not have to be the subsequent promotion of Microsoft technology on the client side.

Survey: Vast majority of Facebook users dislike new redesign

In a recent survey of over 1,000 people conducted by Sodahead, the social voting-based site found that 86 percent of the Facebook audience gave a strong dislike to the changes announced by Mark Zuckerberg at Facebook’s F8 conference this week. Teens and women showed the most contempt for the upcoming changes with approximately 90 percent of each group railing against the alterations. About 80 percent of young adults and men had a dislike for the new features. While women are clearly in the majority over men on Facebook, young adults between 18 to 25 years old comprise the largest percentage of users in the United States.

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 

The only group that had a majority of users in support of the new changes were IT workers. In addition, people with incomes over $100,000 as well as college students didn’t put up as much animosity toward Facebook as other users. Since the announcement of changes like the News Ticker and the new profile design, Facebook has received thousands of negative comments on the official blog post announcing the changes. After the main press conference announcing the new features, Zuckerberg was immediately put on the defensive with questions about angry users that dislike the changes. Zuckerberg stressed that the design had been tested by people in and out of the Facebook offices, but feedback from the community will be appreciated.

While angry users can opt out of the new version of the profile page initially, they will eventually be forced to switch to the Timeline design for contiguity among profiles. The Timeline profile mode is still being beta tested and Facebook officials are expecting to roll out the finished product very slowly across accounts. Anyone interesting in checking out Facebook Timeline before the rest of their friends can use our guide in addition to checking out the changes in our preview of the new design.

70-640 Exam


QUESTION 1
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008.
Only one Active-Directory integrated zone has been configured in the ABC.com domain. ABC.com
has requested that you configure DNS zone to automatically remove DNS records that are
outdated.
What action should you consider?

A. You should consider running the netsh /Reset DNS command from the Command prompt.
B. You should consider enabling Scavenging in the DNS zone properties page.
C. You should consider reducing the TTL of the SOA record in the DNS zone properties page.
D. You should consider disabling updates in the DNS zone properties page.

Answer: B

Explanation: In the scenario you should enable scavenging through the zone properties because
scavenging removes the outdated DNS records from the DNS zone automatically. You should
additionally note that patience would be required when enabling scavenging as there are some
safety valves built into scavenging which takes long to pop.

Reference: https:://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845-88d2-4091-8088-
a6bbce0a4304&ID=211

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com


QUESTION 2
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008.
The ABC.com network has a server named ABC-SR15. You install the Active Directory
Lightweight Directory Services (AD LDS) on ABC-SR15.
Which of the following options can be used for the creation of new Organizational Units (OU’s) in
the application directory partition of the AD LDS?

A. You should run the net start command on ABC-SR15.
B. You should open the ADSI Edit Microsoft Management Console on ABC-SR15.
C. You should run the repadmin /dsaguid command on ABC-SR15.
D. You should open the Active Directory Users and Computers Console on ABC-SR15.

Answer: B

Explanation: You need to use the ADSI Edit snap-in to create new OUs in the AD LDS
application directory partition. You also need to add the snap-in in the Microsoft Management
Console (MMC).


QUESTION 3
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008.
The ABC.com network has two domain controllers ABC-DC01 and ABC-DC02. ABC-DC01 suffers
a catastrophic failure but it is causing problems because it was configured to have Schema Master
Operations role. You log on to the ABC.com domain as a domain administrator but your attempts
to transfer the Schema Master Operations role to ABC-DC02 are unsuccessful.
What action should you take to transfer the Schema Master Operations role to ABC-DC02?

A. Your best option would be to have the dcpromo /adv command executed on ABC-DC02.
B. Your best option would be to have the Schema Master role seized to ABC-DC02.
C. Your best option would be to have Schmmgmt.dll registered on ABC-DC02.
D. Your best option would be to add your user account to the Schema Administrators group.

Answer: B

Explanation: To ensure that ABC-DC02 holds the Schema Master role you need to seize the
Schema Master role on ABC-DC02. Seizing the schema master role is a drastic step that should
be considered only if the current operations master will never be available again. So to transfer the
schema master operations role, you have to seize it on ABC-DC02.
Reference: https:://technet2.microsoft.com/windowsserver/en/library/d4301a14-dd18-4b3c-a3ccec9a773f7ffb1033.
mspx?mfr=true


QUESTION 4
You work as the network administrator at ABC.com. The ABC.com network has a single forest.
The forest functional level is set at Windows Server 2008.
The ABC.com network has a Microsoft SQL Server 2005 database server named ABC-DB04 that
hosts the Active Directory Rights Management Service (AD RMS).
You try to access the Active Directory Rights Management Services administration website but
received an error message stating:
“SQL Server does not exist or access is denied.”
How can you access the AD RMS administration website?

A. You need to restart the Internet Information Server (IIS) service and the MSSQLSVC service on
ABC-DB04.
B. You need to install the Active Directory Lightweight Directory Services (AD LDS) on ABC-DB04.
C. You need to reinstall the AD RMS instance on ABC-DB04.
D. You need to reinstall the SQL Server 2005 instance on ABC-DB04.
E. You need to run the DCPRO command on ABC-SR04

Answer: A

Explanation: You need to restart the internet information server (IIS) to correct the problem. The
starting of the MSSQULSVC service will allow you to access the database from AD RMS
administration website.


QUESTION 5
You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named
ABC.com. The ABC.com network has a Windows Server 2008 computer named ABC-SR03 that
functions as an Enterprise Root certificate authority (CA).
A new ABC.com security policy requires that revoked certificate information should be available for
examination at all times.
What action should you take adhere to the new policy?

A. This can be accomplished by having a list of trusted certificate authorities published to the
ABC.com domain.
B. This can be accomplished by having the Online Certificate Status Protocol (OCSP) responder
implemented.
C. This can be accomplished by having the OCSP Response Signing certificate imported.
D. This can be accomplished by having the Startup Type of the Certificate Propagation service set
to Automatic.
E. This can be accomplished by having the computer account of ABC-SR03 added to the
PGCertificates group.

Answer: B

Explanation: You should use the network load balancing and publish an OCSP responder. This
will ensure that the revoked certificate information will be available at all times. You do not need to
download the entire CRL to check for revocation of a certificate; the OCSP is an online responder
that can receive a request to check for revocation of a certificate. This will also speed up certificate
revocation checking as well as reducing network bandwidth tremendously.


QUESTION 6
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008.
You are responsible for managing two servers ABC-SR01 and ABC-SR02. They are setup with
the following configuration.
ABC-SR01 running Enterprise Root certificate authority (CA)
ABC-SR02 running Online Responder role service
Which of the steps must you perform for configuring the Online Responder to be supported on
ABC-SR01?

A. You should enable the Dual Certificate List extension on ABC-SR01.
B. You should ensure that ABC-SR01 is a member of the CertPublishers group.
C. You should import the OCSP Response Signing certificate to ABC-SR01.
D. You should enable the Authority Information Access (AIA) extension on ABC-SR01.
E. You should run the CERTSRV command on ABC-SR01.

Answer: D

Explanation: In order to configure the online responder role service on ABC-SR01 you need to
configure the AIA extension. The authority information access extension will indicate how to
access CA information and services for the issuer of the certificate in which the extension appears.
Information and services may include on-line validation services and CA policy data. This
extension may be included in subject or CA certificates, and it MUST be non-critical


QUESTION 7
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers
run Windows Vista.
The ABC.com network has a client computer named ABC-WS640 that was last used six months
ago. During the course of the day you attempt to log on to ABC-WS640 but you are unable to
authenticate during the logon process.
What action should you consider in order to log on to ABC-WS640?

A. You should consider opening the command prompt on ABC-WS640 and running the netsh set
machine command.
B. You should consider opening the command prompt on ABC-WS640 and running the repadmin
command.
C. You should consider removing ABC-WS640 from the domain and then rejoining it.
D. You should consider deleting the computer account for ABC-WS640 in Active Directory Users
and Computers, and then recreate the computer account.

Answer: C

Explanation: In the scenario you should have the computer disjoined from the domain and
rejoined to the domain whilst having the computer account reset as well. You should additionally
note that the long inactivity caused the computer to stop responding to the authentication query
using the Active Directory records. You should note by disjoining and rejoining with the account
being reset would refresh the computer account passwords.


QUESTION 8
You work as an enterprise administrator at ABC.com. The ABC.com network has a forest with a
domain named ABC.com.
The ABC.com network has a Windows Server 2008 domain controller named ABC-DC01 that
hosts the Directory Services Recovery Mode (DSRM) role.
What would be the best option to take to have the DSRM password reset?

A. The best option is to open the Active Directory Security for Computers snap-in.
B. The best option is to run the ntdsutil command.
C. The best option is to run the Netsh command.
D. The best option is to open the Domain Controller security snap-in.

Answer: B

Explanation: You should use the ntdsutil utility to reset the DSRM password. You can use
Ntdsutil.exe to reset this password for the server on which you are working, or for another domain
controller in the domain. Type ntdsutil and at the ntdsutil command prompt, type set dsrm
password.
Reference: https:://support.microsoft.com/kb/322672


QUESTION 9
You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008. ABC.com has two
offices Chicago and Dallas.
The network has the following setup.
Chicago Office – Domain Controller named ABC-DC01
Dallas Office – Read-Only Domain Controller named ABC-DC02
How can you make sure that Dallas Office users use only ABC-DC02 for authentication?

A. You should consider having ABC-DC02 configured as a bridehead server in the Dallas office.
B. You should consider installing and configuring the Password Replication Policy on ABC-DC02.
C. You should consider having ABC-DC01 configured as a bridehead server in the Chicago office.
D. You should consider installing and configuring the Password Replication Policy on ABC-DC01.
E. You should consider having the Global Catalog installed on ABC-DC01.

Answer: B

Explanation: You should use the Password Replication Policy on the RODC. This will allow the
users at the Dallas office to log on to the domain with RODC. RODCs don’t cache any user or
machine passwords.


QUESTION 10
You work as the network administrator at ABC.com. The ABC.com network has a domain named
intl.ABC.com. All servers on the ABC.com network run Windows Server 2008. The domain
controllers on the ABC.com domain are configured to function as DNS servers.
What action should you take to ensure that computers that are not part of the intl.ABC.com
domain are not able to dynamically register their DNS registration information in the intl.ABC.com zone?

A. You should consider removing the .(root) zone from the intl.ABC.com zone.
B. You should consider running the dnscmd /AgeAllRecords command.
C. You should consider configuring Secure Only dynamic updates.
D. You should consider configuring the intl.ABC.com zone as an Active Directory integrated zone.

Answer: C

Explanation: In order to ensure that only domain members are able to register their DNS records
dynamically you need to set the option Secure only for Dynamic updates. This will only allow the
domain members to register their DNS records dynamically.
Reference:
www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncf_imp_afpf.mspx

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

70-642 Exam


QUESTION 1
ABC.com has a forest with a domain named ABC.com. A server named ABC-SR05 is configured
as the DNS server. During a routine security check you discover a number of outdated resource
records in the ABC.com zone. You successfully set up the DNS service to do scavenging on ABCSR05
but after a month ABC-SR05 was clogged up with the same stale resource records again.
What action should you take to take away all outdated resource records?

A. You should execute the dnscmd ABC-SR05 /AgeAllRecords command.
B. You should disable the DNS service on ABC-SR05 and manually start scavenging stale
records.
C. You should execute the dnscmd ABC-SR05 /StartScavenging command.
D. You should enable the DNS scavenging utility on the us.ABC.com zone.
E. You should execute the dnscmd /zonerefresh command.
F. You should increase the Expires After setting of the Start of Authority (SOA) record.

Answer: D

Explanation:
You again noticed the same stale resource records still lay na.contoso.com even after enabled
DNS scavenging on Server1 because the Server1 may not have na.contoso.com zone integrated
with AD DS and loaded at the server.
To ensure that the stale resource records are removed from na.contoso.com, you need to enable
DNS scavenging on the na.contoso.com zone. The aging and scavenging can be configured for
specified zones on the DNS server to make sure that the stale records are removed from the
specified zone.
Reference: Enable Aging and Scavenging for DNS
http://technet2.microsoft.com/windowsserver2008/en/library/7972082c-22a1-44fc-8e39-
841f7327b6051033.mspx?mfr=true

 

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 


QUESTION 2
You work as the enterprise administrator at ABC.com. The ABC.com network uses the public
namespace ABC.com. All servers on the ABC.com network run Microsoft Windows Server 2008.
The ABC.com CIO does not want user to have the ability to copy the public DNS zone records.
You must make sure that the zone transfers are restricted to DNS servers that are listed in the
Name Servers option without affecting the operation of the public name resolution.
How will you comply with the CIO’s requirement?

A. Check the Service Locator (SRV) resource record enabled option on all ABC.com domain
controllers.
B. Configure the priority value for the SRV records on all the domain controllers of us.ABC.com to 1.
C. Check the Allow zone transfers only to servers listed on the Name Servers option on ABC.com.
D. Uncheck the DNS scavenging option on the us.ABC.com zone.

Answer: C

Explanation:
To ensure that public DNS zone records cannot be copied without impacting the functionality of
public DNS name resolutions, you need to configure the Allow zone transfers only to servers listed
on the Name Servers option on ABC.com. This setting allows you to restrict zone transfers only to
DNS servers listed in the Name Servers resource option on ABC.com.
Reference: DNS Zones
http://books.google.co.in/books?id=pL89TOMFcHsC&ABC=RA1-PA244&lABC=RA1-
PA244&dq=Allow+zone+transfers+only+to+servers+listed+on+the+Name+Servers+option+&sourc
e=web&ots=StFz29rSf5&sig=0wRSARkgYxCy2ohweQs4QUDMqEQ&hl=en#PRA1-PA243,M1


QUESTION 3
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client
computers run Windows Vista.
The ABC.com network has two Servers named ABC-SR05 and ABC-SR06. ABC-SR05 is a
domain controller that is configured as DNS server. ABC-SR06 is configured to run a legacy
application. You receive an instruction from the CIO to include parameters like Service, Weight
Protocol, and Port number for the legacy application on ABC-SR05.
What action should you take to accomplish this?

A. You must create a Host Info (HINFO) record on ABC-SR05.
B. You must create a Well-Known Service (WKS) record on ABC-SR05.
C. You must create a Service Locator (SRV) record on ABC-SR05.
D. You must create a Pointer (PTR) resource record on ABC-SR05.
E. You must create a Start of Authority (SOA) record on ABC-SR05.

Answer: C

Explanation:
Your best option in this scenario would be to create a Service Locator (SRV) record. To configure
DNS on ABC-SR05 to include the parameters such as Service, Priority, Weight Protocol, Port
number, and Host offering this service for the custom application, you need to configure Service
Locator (SRV) records. An SRV record or Service record is a category of data in the Internet
Domain Name System specifying information on available services. Service locator (SRV)
resource record. Allows multiple servers providing a similar TCP/IP-based service to be located
using a single DNS query operation. This record enables you to maintain a list of servers for a
well-known server port and transport protocol type ordered by preference for a DNS domain name.
References: SRV Record
http://en.wikipedia.org/wiki/SRV_record
Resource records reference / SRV
http://technet2.microsoft.com/windowsserver/en/library/9b561e1b-9a0d-43e5-89a8-
9daf07afac0d1033.mspx?mfr=true


QUESTION 4
You work as the network administrator at ABC.com. The ABC.com network has a forest with two
domains named us.ABC.com and uk.ABC.com.
All servers on the ABC.com network run Windows Server 2008 and all client computers run
Windows Vista. Users in the us.ABC.com zone complain that it takes a long time to access
resources in the uk.ABC.com zone.
What action should you take to reduce the resolution response times? (Each correct answer
presents part of the solution. Choose TWO.)

A. You should create and configure a GPO with DNS Suffix Search List option to uk.ABC.com,
us.ABC.com.
B. You should configure the priority value for the SRV records on all the domain controllers of
us.ABC.com to 5.
C. You should apply the policy to all user workstations in the us.ABC.com zone.
D. You should enable Scavenge Stale resource records in the Zone Aging /Scavenging Properties
dialog box of every workstation.
E. You should create and configure a GPO with the Local-Link Multicast Name Resolution feature enabled.
F. You should execute the dnscmd /zonerefresh command on the workstations in uk.ABC.com.

Answer: A,C

Explanation:
To configure the user workstations in the us.ABC.com zone to improve the name resolution
response time for resources in the uk.ABC.com zone you need to configure a new GPO that
configures the DNS Suffix Search List option to us.ABC.com, us.ABC.com. Thereafter the policy
can be applied to all user workstations in the us.ABC.com zone.
A customized DNS suffix search lists to ensures that clients can locate services and other
computers when they perform single-label name queries.
Link-Local Multicast Name Resolution cannot be used because it allows IPv6 hosts on a single
subnet without a DNS server to resolve each other names. Therefore it need not be used here.
DNS SRV records cannot be used because they are the service records, which are a type of DNS
entry that specify information on a service available in a domain. They are typically used by clients
who want to know the location of a service within a domain. When multiple hosts are configured
for the same service, the priority determines which host is tried first.
Reference: Create a Disjoint Namespace / Update the DNS suffix search list
http://technet2.microsoft.com/windowsserver2008/en/library/afe94bc3-41fb-4817-84b5-
5517c38a0d391033.mspx?mfr=true
Reference: Introducing MS Windows Vista/ Learning about Dual Stack and IP Management
Enhancements
http://download.microsoft.com/download/5/7/8/578cbb95-c42e-4b9f-9989-
93ffdeae8af4/Introducing_Windows_Vista.pdf
Reference: Understanding DNS SRV records and SIP
http://blog.lithiumblue.com/2007/07/understanding-dns-srv-records-and-sip.html


QUESTION 5
You are employed as the enterprise administrator at ABC.com. The ABC.com network has a
domain named ABC.com. ABC.com has a subsidiary company named TestLabs.com. The servers
on both domains are configured to run Windows Server 2008.
You are responsible for a ABC.com server named ABC-SR05. ABC-SR05 is a configured to run
the DNS server role. There is a server on the TestLabs.com network named TESTLABS-LR18
that is configured to run the DNS server role. ABC-SR05 contains a stub zone. The master for the
stub zone on ABC-SR05 is ABC-SR06. During routine monitoring you discover that ABC-SR06
has failed resulting in name resolution problems for ABC users connecting to the TestLabs.com
network.
What action should you take to overcome this problem?

A. You must decrease the Minimum (default) TTL setting in the SOA record for the zone on
TESTLABS-LR18.
B. You must modify the stub zone to a secondary zone on ABC-SR05.
C. You must create a new Service Locator (SRV) record in the primary DNS zone on TESTLABSLR18.
Also create a new host (A) record for ABC-SR05.
D. You must enable DNS scavenging in the DNS zone on TESTLABS-LR18.
E. You must use a DNS forwarder on TESTLABS-LR18.

Answer: B

Explanation:
Users are not able to resolve names for testlabs.com because the master server has failed. To
ensure that users are able to resolve names for testlabs.com in such a scenario, you need to
change the stub zone to a secondary zone on ABC-SR05. This is because the primary name
server notifies the secondary zone server keeps an identical copy of the primary zone. Although it
contains read-only zone information, it can resolve names of the existing names.
You need to remove the stub zone because it requires the IP address of at least one DNS server
in the source domain to the DNS server hosting the stub zone. If this server goes down, then the
stub zone records eventually expire.
Reference: The Long and Short of Stub Zones / What Happens if a Source Server Goes Offline?
http://redmondmag.com/columns/article.asp?EditorialsID=641
Reference: DNS Stub Zones in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html


QUESTION 6
You are employed as a network administrator at ABC.com. The ABC.com network has a domain
named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client
computers run Windows Vista.
The ABC.com domain contains three Windows Server 2008 servers named ABC-SR05, ABCSR06
and ABC-SR07. ABC-SR05 and ABC-SR06 are configured as DNS servers while ABCMicrosoft
70-642: Practice Exam
SR07 passes DNS requests on to ABC-SR06.
How can you configured to enable ABC-SR07 to be updated as soon as DNS records are updated
on ABC-SR06 ?

A. You should execute the ipconfig /flushdns command on all ABC.com client computers.
B. You should execute the dnscmd /clearcache command on ABC-SR07.
C. You should decrease the Retry Interval value of the Start of Authority (SOA) record of ABC.com
to 10 minutes in the DNS service.
D. You should increase the Expires After option of the Start of Authority (SOA) record to 10
minutes in the DNS service.
E. You should enable the DNS Client service on the all client computers in the zone.

Answer: B

Explanation:
To ensure that ABC-SR07 is able to resolve the updated DNS record immediately you need to run
the dnscmd . /clearcache command on ABC-SR07.
Both the DNS server and the local DNS resolver cache any records they receive for a period of
time determined by a TTL setting in the record. The SOA for the zone determines the default TTL,
which is one hour for Windows DNS servers. To ensure that server immediately finds the updated
record, you need to use the Clear Cache option in the server’s property menu in the DNS console
or use the Dnscmd utility with the syntax dnscmd /clearcache, so that less records needs to be
searched.
If you restart the DNS user workstations it will only clear the DNS client cache. This will not resolve
the problem and restore proper name resolution however the DNS server will still respond to query
the name of the workstation.
Reference: dnscmd . /clearcache
http://technet2.microsoft.com/windowsserver2008/en/library/e7f31cb5-a426-4e25-b714-
88712b8defd51033.mspx?mfr=true
Reference: 10 DNS Errors That Will Kill Your Network
http://mcpmag.com/features/article.asp?editorialsid=413


QUESTION 7
You work as an enterprise administrator for ABC.com. The ABC.com network consists of a forest
with a domain named us.ABC.com. All servers on the ABC.com network run Windows Server
2008.
You are responsible for a DNS server named ABC-SR10 that hosts numerous secondary zones of
which us.ABC.com is one.
What action should you take to have ABC-SR10 perform the function of a caching-only DNS
server?

A. You should have the DNS stub zones disabled on ABC-SR10 prior to re-enabling the DNS
service.
B. You should have the DNS service uninstalled on ABC-SR10 prior to re-installing the DNS
service.
C. You should configure DNS Scavenging on ABC-SR10.
D. You should modify the DNS zones on ABC-SR10 to standard primary zones.
E. You should re-configure the DNS service with one or more forwarders.
F. You should enable Zone Aging on ABC-SR10.

Answer: B

Explanation:
In order to reconfigure ABC-SR10 as a caching-only DNS server you need to disable and reenable
the DNS service on ABC-SR10. Uninstalling and reinstalling DNS service will remove all
the previously configured data from ABC-SR10.
Reference: Install the DNS Server service
http://technet2.microsoft.com/windowsserver/en/library/421cd57a-9fd4-42da-8d22-
067738f034ee1033.mspx?mfr=true


QUESTION 8
You work as the network administrator at ABC.com. The ABC.com network has a forest that
contains four domains. All servers on the ABC.com network run Windows Server 2008. The
domain controllers are configured as DNS servers. All ABC.com users make use of a Web server
named ABC-SR02 to accomplish their daily tasks.
What action should you take to make sure that ABC.com users can access ABC-SR02 by using
Internet Explorer? (Each correct answer presents part of the solution. Choose THREE.)

A. By creating a GlobalNames zone on a DNS server.
B. By configuring ABC-SR02 in order to enable DFS-R on it.
C. By replicating the GlobalNames zone to all domains controllers in the ABC.com forest.
D. By creating a host (A) record for ABC-SR02 in the GlobalNames zone.
E. By creating a LegacyWINS zone on a DNS server.
F. By replicating the GlobalNames zone in the DNS zone for the forest root domain.

Answer: A,C,D

Explanation:
To ensure that users from all domains are able to access a ABC-SR02 by browsing to https:: //Test
WebApp you need to create a zone named GlobalNames on a DNS server. Then GlobalNames
zone can be replicated to all domain controllers in the forest. Lastly a host (A) record can be
created for ABC-SR02 in the zone.
GlobalNames Zone (also known as GNZ) is designed to enable the resolution of the single-label,
static, global names for servers using DNS. GNZ is intended to aid the retirement of WINS, and it’s
not a replacement for WINS. GNZ is not intended to support the single-label name resolution of
records that are dynamically registered in WINS, records which typically are not managed by IT
administrators.
Reference: Understanding GlobalNames Zone in Windows Server 2008
http://www.petri.co.il/windows-DNS-globalnames-zone.htm


QUESTION 9
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. ABC.com has its headquarters in Miami and a branch office in Toronto. IPv4
addressing is utilized at both offices.
During the course of the day you receive instruction from ABC.com to travel to the Toronto office
and deploy an additional server named ABC-SR06.
What action should you take to configure Routing and Remote Access on ABC-SR06?

A. You should have ABC-SR06 configured with the Routing and Remote Access role.
Then you should execute the netsh command with the interface ipv4 enable parameter.
B. You should have ABC-SR06 configured with the Routing and Remote Access role.
Then you should enable IPv4 Router Routing and Remote Access on ABC-SR06.
C. You should execute the netsh command with the interface ipv4 enable parameter on ABCSR06
prior to enabling Routing and Remote Access.
D. You should execute the netsh command with the ras ipv4 set access ALL parameter on ABCSR06.
Then you should have Router Routing and Remote Access enabled for IPv4 and IPv6.

Answer: B

Explanation:
To configure routing on the server at the branch office, you need to first install the Routing and
Remote Access role on the server and then enable the IPv4 Router Routing and Remote Access
option on the server.


QUESTION 10
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. ABC.com currently has their headquarters located in Miami. The ABC.com
network servers run Microsoft Windows Server 2008 and the client computers run Microsoft
Windows Vista.
You are preparing to deploy a computer named ABC-SR21 which is configured with the Network
Access Policy (NAP) server role. ABC.com wants you to have the tunnel interface and the IPv6
Loopback interface as the only connections running IPv6.
What action should you take?

A. You should execute the netsh interface ipv4 enable command on ABC-SR21.
B. You should consider clearing the Internet Protocol Version 6 (TCP/IPv6) checkbox in the Local
Area Connection Properties window.
C. You should execute the netsh internal interface ipv6 delete command on ABC-SR21.
D. You should consider disabling the IPv4 Routing and Remote Access option on ABC-SR21.

Answer: B

Explanation:
To disable IPv6 for all connections except for the tunnel interface and the IPv6 Loopback interface,
you need to uncheck Internet Protocol Version 6 (TCP/IPv6) from the Local Area Connection
Properties window.
This is because unlike Windows XP and Windows Server 2003, IPv6 in Windows Vista and
Windows Server 2008 cannot be uninstalled. However, you can disable IPv6 in Windows Vista
and Windows Server 2008 by doing one of the following: In the Network Connections folder, obtain
properties on all of your connections and adapters and clear the check box next to the Internet
Protocol version 6 (TCP/IPv6) components in the list.
This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on
tunnel interfaces or the IPv6 loopback interface.
Reference: IPv6 for Microsoft Windows: Frequently Asked Questions
http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx