You are on page 1of 15

Vendor: Microsoft Exam: 070-647 Version: Demo

PassITExam is the best choice for you as we provide up-to-date, accurate and reliable information, Questions with verified answers researched by industry experts; 100% Guarantee to Pass Your IT exam and get your Certification at the first attempt.

www.passitexam.com

PassITExam – Industry Best 100% Pass Guarantee
Important Information, Please Read Carefully

PassITExam products
1) Practice Questions & Answers (PDF format). Pass Your Exam at First Attempt with 100% Pass Guarantee 2) Realistic Labs (not available for all exams) 3) Study Guide (not available for all exams) Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is updated. Free updates are available for ONE year after the purchase.

PassITExam practice exam helps individuals increase their understanding of exam objectives and become familiar with the testing format. PassITExam test questions have comprehensive questions, with verified answers researched by industry experts! We offer free demo for Microsoft MCSE, Cisco CCNA, CCNP, CCIE, CompTIA A+, Novell, Lotus, Sun, Oracle, HP, IBM, EMC and more. We are the only one site can offer demo for almost all products.

PassITExam offers 24/7 support to our customer To download more PassITExam free demo, feel free to visit PassITExam website:

http://www.PassITExam.com

www.passitexam.com

Q: 1 You want to list all the DNS records in the adatum.internal domain. You connect to the Edinburgh.adatum.internal DNS server by using Remote Desktop and open the command console. You type nslookup. At the nslookup> prompt, you type ls -d adatum.internal. An error message tells you that zone data cannot be loaded to that computer. You know all the DNS records in the domain exist on Edinburgh. Why were they not displayed?

A. You have not configured the adatum.internal forward lookup zone to allow zone transfers. B. You need to run the command console as an administrator to use nslookup. C. You should have typed nslookup ls -d adatum.internal directly from the command prompt. You cannot use the ls function from the nslookup> prompt. D. You need to log on to the DNS server interactively to use nslookup. You cannot use it over a Remote Desktop connection.

Answer: A

Q: 2 You are an enterprise administrator for Hi-Tech Company. The company has a head office and 20 branch offices. The corporate network of Hi-Tech Company consists of an Active Directory domain and for each office an Active Directory site is configured. The head office consists of three domain controllers. All the servers on the domain run Windows Server 2008 and client computers run Windows Vista. You have been assigned the task to deploy domain controllers in the branch offices and make sure that the client computers in each branch office must attempt to authenticate to the domain controller at their local site first and the authentication to a main office domain controller must only occur if a local domain controller fails. Besides the client computers in the main office must not authenticate to a domain controller in a branch office and the client computers in a branch office must not authenticate to a domain controller in another branch office. Which of the following options would you choose to accomplish this task?

A. Associate the IP subnet of each branch office to the Active Directory site of the head office.

B. While deploying domain controllers in the branch office, select the read-only domain controller (RODC) option and the Global Catalog option. C. Create a Group Policy object (GPO) for all branch office domain controllers to control the registration of DNS service location (SRV) records. D. Configure the main office domain controllers as global catalog servers and then enable the Universal Group Membership Caching in the Active Directory site for each branch office.

Answer: C Q: 3 You are an enterprise administrator for Hi-Tech Company. The company has a head office and 10 branch offices. The corporate network of Hi-Tech Company consists of an Active Directory domain. All the domain controllers run Windows Server 2008 and are located in the main office. Each branch office had a local administrator with necessary permissions to manage the local member servers of the branch. You have recently installed a read-only domain controller (RODC) in each branch office. You have been assigned the task to suggest a solution for the security of the RODC in each branch office, which ensures that branch office administrators should be allowed to manage their local domain controller only, which also includes changing device drivers and running Windows updates. Which of the following options would you choose to accomplish this task?

A. In the Administrators group of the AD domain, add each branch office administrator. B. Add each branch office administrator to the local Administrators group of their respective domain controller. C. On the corresponding domain controller computer object in Active Directory, grant each branch office administrator Full Control permission. D. Create a new organizational unit (OU) and move each branch office domain controller computer object to a new grant each local administrator the Full Control permission on the new OU.

Answer: B Q: 4 What type of domain controller should be implemented in the branch office for maximum security?

A. RODC on a Windows Server full installation. B. RODC on a Server Core domain controller. C. Full (writable) domain controller on a Windows Server full installation. D. Full (writable) domain controller on a Server Core domain controller.

Answer: B Q: 5 You are an enterprise administrator for Hi-Tech Company. The company has a head office, two regional offices and four branch offices connected to each other through a WAN link. An active Directory site is configured for each office and a site link exists for each wide area network (WAN) link. The Bridge all site links option is disabled The corporate network of Hi-Tech Company consists of an Active Directory domain. You have been asked to deploy domain controllers in the domain. While performing this task, you need to install Windows PowerShell on all domain controllers in each regional office. You also need to ensure that the domain user account passwords stored on the domain controllers must be protected if a branch office domain controller is stolen. Which of the following options would you choose to accomplish this task?

A. Install a Server Core installation of Windows Server 2008 and configure a writable domain controller in each branch and regional office. B. Configure Windows Server 2008 server as a read-only domain controller (RODC) in each branch and regional office. C. Install a Server Core installation of Windows Server 2008 and configure it as a read-only domain controller (RODC) in each branch office. Then install a full installation of Windows Server 2008 and configure it as a writable domain controller in each regional office. D. Install a full installation of Windows Server 2008 and configure a read-only domain controller (RODC) in each branch office and install a Server Core installation of Windows Server 2008 and configure a writable domain controller in each regional office.

Answer: C

Q: 6 Bart is a systems administrator at Hi-Tech Company. The network consists of several sites in which RODCs are deployed. Bart wants to prepopulate passwords for users that must be authenticated on all RODCs at all times. He creates a new group and adds the required users as members. After that, he adds a new allow entry for the group to every RODC A few minutes later, he tries to prepopulate users' passwords and receives an error

A. Add an individual allow entry for every user. B. Initiate Active Directory replication. C. Add the allow entry directly on the RODC. D. Wait for replication to finish.

Answer: B, D Q: 7 You are an enterprise administrator for Hi-Tech Company . The company has a head office and 8 branch offices connected to each other through a WAN link, which is not very reliable. Each branch has 250 client computers. The corporate network of Hi-Tech Company consists of an Active Directory domain. All domain controllers on the domain run Windows Server 2008. You have been asked to install domain controllers in each branch office. While deploying domain controllers to the branch offices you need to make sure that branch office administrators are allowed to log in only to the domain controllers of their branch and should be allowed to update drivers on the domain controllers of their branch. Which of the following options would you choose to accomplish the assigned task? (Select all that apply)

A. Deploy a Windows Server 2008 read-only domain controller (RODC) in each branch office. B. Deploy a Server Core Installation of Windows Server 2008 domain controller in each branch office. C. Assign the Administrators role for the RODC to the branch office administrators. D. Assign the Network Configuration Operators role for the RODC to the branch office administrators. E. Add the branch office administrator to the Server Operators domain local group.

F. Add the branch office administrator to the Administrators domain local group.

Answer: A, C Q: 8 You are the Group Policy administrator for your company. All of the user accounts get created in the Users container and then get moved into their appropriate containers. You need to ensure that upon the creation of a new user account, it immediately receives a GPO called New Employee GPO; but other employees do not receive the settings from this GPO. How should you configure your environment?

A. Create an OU called New_Employees. Create a GPO called New Employees GPO and link it to the New_Employees OU. Run the redirusr command to redirect all new user accounts to the New_Employees OU. B. Create an OU called New_Employees. Create a GPO called New Employees GPO and link it to the New_Employees OU. Run the redircmp command to redirect all new computer accounts to the New_Employees OU. C. Create an OU called New-Employees. Create a GPO called New Employees GPO and link it to the domain. In the attributes of the GPO, select Enforced. D. Create a GPO called New Employees GPO. Create a global security group called New Employees. Add all new employees to the global security group. In the Delegation tab of the GPO, accept all default entries and then add New Employees security group with the Apply group policy permission set to Allow. Link the GPO to the domain.

Answer: A Q: 9 You are an enterprise administrator for Hi-Tech Company. The company has a head office and nine branch offices. Each office has 10 domain controllers. The corporate network of the company consists of an Active Directory domain that runs at the functional level of Windows Server 2008. All the domain controllers in the domain run Windows Server 2008. Each office has a local administrator who has the necessary permissions to create and link domain-level Group Policy objects. On a Windows Vista client computer, you have recently created custom Administrative Template (.admx) files locally. You now want to implement a GPO management strategy to ensure that the administrators can access the .admx files and any future updates to these files from each office. You also need to ensure

that the .admx files remain identical across the company. Which of the following options would you choose to accomplish the desired goal? (Select all that apply. Each select option will form a part of the answer)

A. Create a central store in the domain. B. Create a central store on a file server in each office. C. Create and link a GPO to the domain. D. Create and link a GPO to the Domain Controllers organizational unit (OU). E. Copy the custom .admx files to the central store. F. Add the .admx files to the GPO. G. Add the custom .admx files to the GPO.

Answer: A, E Q: 10 You have been asked to provide an additional security system for your company??s internet activity. This system should act as an underlying cryptography system. It should enable users or computers that have never been in trusted communication before to validate themselves by referencing an association to a trusted third party (TTP). The method of security the above example is referencing is?

A. Certificate Authority (CA) B. Nonrepudiation C. Cryptanalysis D. Public Key Infrastructure (PKI)

Answer: D

Q: 11 You are an enterprise administrator for Hi-Tech Company. The corporate network of Hi-Tech Company consists of an Active Directory domain. The domain contains servers that run Windows Server 2008 and all client computers that run Windows Vista. All users have accounts in the domain. The network contains two servers that are configured as follows: 1. Server1 - Configured as a domain controller and run Active Directory Domain Services (AD DS). 2. Server2 - Configured as Certification authority and run Internet Information Services (IIS) and Active Directory Certificate Services (AD CS) Which of the following options would you choose to enable all client computers to automatically request and install computer certificates?

A. Implement the Network Device Enrollment Service on Server2. B. Implement certification authority Web enrollment support on Server2. C. In the User Configuration section of the Default Domain, enable the Auto-enrollment Settings Policy under Public Key Policies on Server1. D. In the Computer Settings section of the Default Domain Policy, enable auto-enrollment on Server1.

Answer: C Q: 12 You are planning a Windows Server 2008 Active Directory infrastructure. You have a single location and there is a limited budget. During your planning process, you have determined that the members of the Domain Administrators group should have a password policy that states passwords must be changed every 24 days, and the rest of your users must change their passwords every 42 days, except for members of the Enterprise Admins group. These users must change their passwords every 14 days. What is the best way to accomplish this without going over your budget, and keeping administration to a minimum?

A. Create a single forest with three domains. In the forest root domain set a domain-wide password policy that states users must change their passwords every 14 days. Ensure all enterprise-wide administrators are placed into the Enterprise Admins group in the forest root domain. Create two child domains specifying the appropriate password policy in each domain. B. Create a single forest with two domains. In the forest root domain set a domain-wide password policy that states users must change their passwords every 14 days. Place all administrative users into the Enterprise Admins group in this domain, including those specified as Domain Admins. In the child domain, create a domain-wide password policy with the appropriate

attributes and ensure only non-administrative users log on as users from this domain. C. Create a single-domain forest. Place all enterprise-wide users into the Enterprise Admins group, all domain administrators into the Domain Admins group, and all other users into the Users group. Create three password security objects (PSOs) with the appropriate attribute values set and deploy them to the appropriate security groups. D. Create a single-domain forest. Create three organizational units (OU), one for enterprise-wide administrators, one for domain administrators, and one for the rest of your users. Place all enterprise-wide users into the Enterprise Admins OU, all domain administrators into the Domain Admins OU, and all other users into the Users OU. Create three password security objects (PSOs) with the appropriate attribute values set and link them to the appropriate OU.

Answer: C Q: 13 You have an existing AD DS forest that has a domain functional level of Windows Server 2003 and a forest functional level of Windows 2000. You have deployed a number of writable Windows Server 2008 domain controllers into this forest. The forest now has a mixture of Windows Server 2003 and Windows Server 2008 domain controllers. You need to deploy an RODC into this forest. What should you do?

A. Raise the forest functional level to Windows Server 2008. B. Raise the forest functional level to Windows Server 2003. C. Run the adprep /forestprep command. D. Run the adprep /domainprep /gpprep command.

Answer: B Q: 14 You are an enterprise administrator for Hi-Tech Company. The corporate network of the company consists of an Active Directory domain that runs at the functional level of Windows Server 2008. An organizational unit (OU) called OUUsers is configured in the domain and hold all user accounts. The company has two departments Sales and Development that are headed by their respective department managers. Both the departments have their respective global security groups that contain all the users of the departments.

As an enterprise administrator of the company, you have been assigned the task to ensure that the department managers must be allowed to manage the user accounts of only their departments. You also need to ensure that the users of both Sales and Development departments must change their passwords after the interval of 30 days and 45 days respectively. Which of the following options would you choose to accomplish the desired goal by using the minimum amount of administrative effort? (Select three. Each selected option will form a part of the answer.)

A. Create a new OU for each department. B. Create a child domain for each department. C. Delegate administration of the OUUsers OU to the department manager of each department. D. Delegate administration to the department manager of each OU. E. Delegate administration to the department manager of each domain. F. Create a new Group Policy object. G. Create a new password policy for each global security group. H. Create a new password policy for each domain. I. Configure the password policy for the new GPO and link it to the OUs.

Answer: A, D, G Q: 15 You are the Group Policy administrator for your domain and have been tasked with creating a policy that will apply to all of the computers in your domain, except for those computers in the Accounting OU, and including the computers in the Computers container. The computers in the Accounting OU should still receive all of the settings from the Default Domain Policy. How can you design your Group Policy infrastructure to allow the GPO to apply to all computers except for those in the Accounting OU while allowing the settings from the Default Domain Policy to apply to the specified computers?

A. Link the new GPO to each of the OUs except for the Accounting OU. On the Default Domain Policy, select Enforced.

B. Link the new GPO to the Accounting OU. On the Accounting OU, select Block Inheritance. On the Default Domain Policy, select Enforced. C. Link the new GPO to the domain. On the Accounting OU, select Block Inheritance. On the Default Domain Policy, ensure Authenticated Users have Read and Apply group policy permissions. D. Link the new GPO to the domain. On the Accounting OU, select Block Inheritance. On the Default Domain Policy, select Enforced.

Answer: D Q: 16 You are an enterprise administrator for Hi-Tech Company. The corporate network of the company consists of an Active Directory domain that runs at the functional level of Windows Server 2008. All the domain controllers in the domain run Windows Server 2008. The company has two departments, Sales and Development. Four Group Policy objects (GPOs) have been configured in the domain, as shown below: 1. GPODB - Configured to install the custom database applications 2. GPOApp - Configured to install line-of-business applications 3. GPOUsbPr - Configured to enable a USB printer device and block access to USB flash drives 4. GPOUsbFl - Configured to enable access to USB flash drives Besides this the Organizational Units (OU) called Development Users, Sales Users, All Users, and Managers are configured in the domain. As an enterprise administrator of the company, you have been assigned the task to link all the four GPOs to the domain and the departments in such a way that all the domain users must have access to a USB printer device. Besides this, no user except the department managers should be allowed to access USB flash drives. You also need to ensure that the sales department employees should only be allowed to install custom database application and the Development department employees should be only be allowed to install line-of-business application. Which of the following options would you choose to accomplish this task by putting the least amount of administrative effort?

A. Link GPODB to the Sales Users OU. Link GPOApp to the Development Users OU . Link GPOUsbPr to the All Users OU . Link GPOUsbFl to the Managers OU. B. Link GPODB and GPOApp to the Sales Users OU and the Development Users OU. Link GPOUsbPr to the domain and block inheritance for the Managers OU. Link GPOUsbFl to the All Users OU. C. Link GPODB and GPOApp to the Sales Users OU and the Engineering Users OU. Link GPOUsbPr to the All Users OU. Link GPO4 to the domain and block inheritance for the All Users OU.

D. Link GPODB to the Sales Users OU. Link GPOApp to the Development Users OU. Link GPOUsbPr to the All Users OU and block inheritance for the Managers OU. Link GPOUsbFl to the Managers OU.

Answer: A Q: 17 You are the Group Policy administrator for your company. All of the user accounts get created in the Users container and then get moved into their appropriate containers. You need to ensure that upon the creation of a new user account, it immediately receives a GPO called New Employee GPO; but other employees do not receive the settings from this GPO. How should you configure your environment?

A. Create an OU called New_Employees. Create a GPO called New Employees GPO and link it to the New_Employees OU. Run the redirusr command to redirect all new user accounts to the New_Employees OU. B. Create an OU called New_Employees. Create a GPO called New Employees GPO and link it to the New_Employees OU. Run the redircmp command to redirect all new computer accounts to the New_Employees OU. C. Create an OU called New-Employees. Create a GPO called New Employees GPO and link it to the domain. In the attributes of the GPO, select Enforced. D. Create a GPO called New Employees GPO. Create a global security group called New Employees. Add all new employees to the global security group. In the Delegation tab of the GPO, accept all default entries and then add New Employees security group with the Apply group policy permission set to Allow. Link the GPO to the domain.

Answer: A Q: 18 You are an enterprise administrator for Hi-Tech Company. The corporate network of the company consists of an Active Directory domain that runs at the functional level of Windows Server 2008. All the domain controllers in the domain run Windows Server 2008 and client computers run Windows XP and Windows Vista. The company has ten departments and for each department a separate Organizational Unit (OU) is configured. Besides this another OU called ComputerOU is also configured in department.

You have recently configured two logon scripts one each for each type of client computers (XP and Vista) to install application updates on them. Which of the following options would you choose to deploy the logon scripts on the client computers based on the version of the Windows operating system? Besides this you need to ensure that the logon scripts are applied to users from all departments when logging on from any computer. You need to accomplish this task by use the minimum number of OUs and Group Policy objects (GPOs). (Select all that apply)

A. Create a GPO and configure the logon scripts and policy refresh in the GPO. B. Create a GPO and configure the logon scripts and loopback processing in the GPO. C. Create one GPO for each Windows operating system and configure the logon scripts and loopback processing in the GPOs. D. Create one GPO for each Windows operating system. Configure the logon script in the GPOs. E. Create two new child OUs in the Users Computers OU named WinXP and WinVista and then link each GPO to the corresponding operating systems OU. F. Link the GPO to the domain and apply a Windows Management Instrumentation (WMI) filter. G. Link both GPOs to the domain and apply a Windows Management Instrumentation (WMI) filter.

Answer: C, G Q: 19 You are in the process of planning the deployment of WSUS at a university. The university is contains five colleges, each of which has its own separate IT staff and Active Directory forest. The university has a single connection to the Internet through which all traffic passes and wants to minimize the amount of data downloaded from the Microsoft Update servers, but each college's IT staff should have responsibility to approve updates. Which of the following WSUS deployment plans should you use?

A. Configure one upstream server. Configure a downstream replica server for each college. B. Configure a WSUS server in each college. Configure client computers to retrieve approvals from the WSUS server and updates from Microsoft Update.

C. Configure one upstream server. Configure a WSUS server in each college to use autonomous mode but to retrieve updates from the upstream server. D. Configure an autonomous server in each college to retrieve updates from Microsoft Update.

Answer: C Q: 20 You are a network administrator for Hi-Tech Company. The company recently opened a branch office. The corporate network of the company consists of a single Active Directory domain. The single domain controller of the corporate network of the company runs Windows Server 2008. An organizational unit (OU) that contains all the computer accounts for the new branch office and Microsoft Windows Server Update Services (WSUS) 3.0 to deploy all approved updates to the environment has already been configured in the domain. Besides this, the head office contains a server that is used to test and approve all new software updates. As a network administrator of the company, you have been assigned the task to ensure that only the minimum amount of bandwidth is used to download updates from Microsoft Update updates in the branch office and only the approved updates by the head office are allowed to be installed in the new branch office. How would you install WSUS 3.0 server in the Hi-Tech Company domain so that a Group Policy can be Configured for the OU and all computers receive can receive updates from the new WSUS server?

A. Install a WSUS 3.0 server as a replica server in the head office. B. Install a WSUS 3.0 server as a stand-alone server in new branch office. C. Install a WSUS 3.0 server as a replica server in the new branch office. D. Install and configure a WSUS 3.0 server as a stand-alone server in the head office.

Answer: C