You want to list all the DNS records in the internal domain. You connect to the Edinburgh internal DNS
server by using Remote Desktop and open the command console. You type nslookup.
At the nslookup prompt, you type ls -d internal.
An error message tells you that zone data cannot be loaded to that computer. You know all the DNS
records in the domain exist on Edinburgh. Why were they not displayed?
A. You have not configured the internal forward lookup zone to allow zone transfers.
B. You need to run the command console as an administrator to use nslookup.
C. You should have typed nslookup ls -d internal directly from the command prompt. You cannot use the
ls function from the nslookup prompt.
D. You need to log on to the DNS server interactively to use nslookup. You cannot use it over a Remote
Desktop connection.
Answer: A
Q: 2 You are an enterprise administrator for Hi-Tech Company. The company has
a head office and 20 branch offices. The corporate network of Hi-Tech Company consists of an Active
Directory domain and for each office an Active Directory site is configured.
The head office consists of three domain controllers. All the servers on the domain run Windows Server
2008 and client computers run Windows Vista.
You have been assigned the task to deploy domain controllers in the branch offices and make sure that
the client computers in each branch office must attempt to authenticate to the domain
controller at their local site first and the authentication to a main office domain controller must only
occur if a local domain controller fails.
Besides the client computers in the main office must not authenticate to a domain controller in a branch
office and the client computers in a branch office must not authenticate to a domain controller
in another branch office.
Which of the following options would you choose to accomplish this task?
A. Associate the IP subnet of each branch office to the Active Directory site of the head office
B. While deploying domain controllers in the branch office, select the read-only domain controller
(RODC)
option and the Global Catalog option.
C. Create a Group Policy object (GPO) for all branch office domain controllers to control the registration
of
DNS service location (SRV) records.
D. Configure the main office domain controllers as global catalog servers and then enable the Universal
Group
Membership Caching in the Active Directory site for each branch office.
Answer: C
Q: 3 You are an enterprise administrator for Hi-Tech Company. The company has
a head office and 10 branch offices. The corporate network of Hi-Tech Company consists of an Active
Directory domain.
All the domain controllers run Windows Server 2008 and are located in the main office.
Each branch office had a local administrator with necessary permissions to manage the local member
servers of the branch. You have recently installed a read-only domain controller (RODC) in each
branch office.
You have been assigned the task to suggest a solution for the security of the RODC in each branch office,
which ensures that branch office administrators should be allowed to manage their local
domain controller only, which also includes changing device drivers and running Windows updates.
Which of the following options would you choose to accomplish this task?
A. In the Administrators group of the AD domain, add each branch office administrator.
B. Add each branch office administrator to the local Administrators group of their respective domain
controller.
C. On the corresponding domain controller computer object in Active Directory, grant each branch office
administrator Full Control permission.
D. Create a new organizational unit (OU) and move each branch office domain controller computer
object to a
new grant each local administrator the Full Control permission on the new OU.
Answer: B
Q: 4 What type of domain controller should be implemented in the branch office
for maximum security?
A. RODC on a Windows Server full installation.
B. RODC on a Server Core domain controller.
C. Full (writable) domain controller on a Windows Server full installation.
D. Full (writable) domain controller on a Server Core domain controller.
Answer: B
Q: 5 You are an enterprise administrator for Hi-Tech Company. The company has
a head office, two regional offices and four branch offices connected to each other through a WAN link.
An active
Directory site is configured for each office and a site link exists for each wide area network (WAN) link.
The Bridge all site links option is disabled
The corporate network of Hi-Tech Company consists of an Active Directory domain. You have been
asked to deploy domain controllers in the domain. While performing this task, you need to install
Windows PowerShell on all domain controllers in each regional office. You also need to ensure that the
domain user account passwords stored on the domain controllers must be protected if a
branch office domain controller is stolen.
Which of the following options would you choose to accomplish this task?
A. Install a Server Core installation of Windows Server 2008 and configure a writable domain controller
in
each branch and regional office.
B. Configure Windows Server 2008 server as a read-only domain controller (RODC) in each branch and
regional office.
C. Install a Server Core installation of Windows Server 2008 and configure it as a read-only domain
controller
(RODC) in each branch office. Then install a full installation of Windows Server
2008 and configure it as a writable domain controller in each regional office.
D. Install a full installation of Windows Server 2008 and configure a read-only domain controller (RODC)
in
each branch office and install a Server Core installation of
Windows Server 2008 and configure a writable domain controller in each regional office.
Answer: C
Q: 6 Bart is a systems administrator at Hi-Tech Company. The network consists of
several sites in which RODCs are deployed. Bart wants to prepopulate passwords for users that must be
authenticated
on all RODCs at all times. He creates a new group and adds the required users as members. After that,
he adds a new allow entry for the group to every RODC A few minutes later, he tries to
prepopulate users' passwords and receives an error
A. Add an individual allow entry for every user.
B. Initiate Active Directory replication.
C. Add the allow entry directly on the RODC.
D. Wait for replication to finish.
Answer: B, D
Q: 7 You are an enterprise administrator for Hi-Tech Company . The company has
a head office and 8 branch offices connected to each other through a WAN link, which is not very
reliable. Each branch
has 250 client computers.
The corporate network of Hi-Tech Company consists of an Active Directory domain. All domain
controllers on the domain run Windows Server 2008. You have been asked to install domain
controllers in each branch office.
While deploying domain controllers to the branch offices you need to make sure that branch office
administrators are allowed to log in only to the domain controllers of their branch and should be
allowed to update drivers on the domain controllers of their branch.
Which of the following options would you choose to accomplish the assigned task? (Select all that apply)
A. Deploy a Windows Server 2008 read-only domain controller (RODC) in each branch office.
B. Deploy a Server Core Installation of Windows Server 2008 domain controller in each branch office.
C. Assign the Administrators role for the RODC to the branch office administrators.
D. Assign the Network Configuration Operators role for the RODC to the branch office administrators.
E. Add the branch office administrator to the Server Operators domain local group
F. Add the branch office administrator to the Administrators domain local group.
Answer: A, C
Q: 8 You are the Group Policy administrator for your company. All of the user
accounts get created in the Users container and then get moved into their appropriate containers. You
need to ensure that
upon the creation of a new user account, it immediately receives a GPO called New Employee GPO; but
other employees do not receive the settings from this GPO. How should you configure your
environment?
A. Create an OU called New_Employees. Create a GPO called New Employees GPO and link it to the
New_Employees OU. Run the redirusr command to redirect all new user accounts to the
New_Employees OU.
B. Create an OU called New_Employees. Create a GPO called New Employees GPO and link it to the
New_Employees OU. Run the redircmp command to redirect all new computer accounts to
the New_Employees OU.
C. Create an OU called New-Employees. Create a GPO called New Employees GPO and link it to the
domain.
In the attributes of the GPO, select Enforced.
D. Create a GPO called New Employees GPO. Create a global security group called New Employees. Add
all
new employees to the global security group. In the Delegation tab of the GPO,
accept all default entries and then add New Employees security group with the Apply group policy
permission
set to Allow. Link the GPO to the domain.
Answer: A
Q: 9 You are an enterprise administrator for Hi-Tech Company. The company has
a head office and nine branch offices. Each office has 10 domain controllers. The corporate network of
the company
consists of an Active Directory domain that runs at the functional level of Windows Server 2008. All the
domain controllers in the domain run Windows Server 2008.
Each office has a local administrator who has the necessary permissions to create and link domain-level
Group Policy objects. On a Windows Vista client computer, you have recently created custom
Administrative Template (.admx) files locally.
You now want to implement a GPO management strategy to ensure that the administrators can access
the .admx files and any future updates to these files from each office. You also need to ensure
that the .admx files remain identical across the company.
Which of the following options would you choose to accomplish the desired goal? (Select all that apply.
Each select option will form a part of the answer)
A. Create a central store in the domain.
B. Create a central store on a file server in each office.
C. Create and link a GPO to the domain.
D. Create and link a GPO to the Domain Controllers organizational unit (OU).
E. Copy the custom .admx files to the central store.
F. Add the .admx files to the GPO.
G. Add the custom .admx files to the GPO.
Answer: A, E
Q: 10 You have been asked to provide an additional security system for your
company??s internet activity. This system should act as an underlying cryptography system. It should
enable users or
computers that have never been in trusted communication before to validate themselves by referencing
an association to a trusted third party (TTP). The method of security the above example is
referencing is?
A. Certificate Authority (CA)
B. Nonrepudiation
C. Cryptanalysis
D. Public Key Infrastructure (PKI)
Answer: D
Q: 11 You are an enterprise administrator for Hi-Tech Company. The corporate
network of Hi-Tech Company consists of an Active Directory domain. The domain contains servers that
run Windows Server
2008 and all client computers that run Windows Vista.
All users have accounts in the domain. The network contains two servers that are configured as follows:
1. Server1 - Configured as a domain controller and run Active Directory Domain Services (AD DS).
2. Server2 - Configured as Certification authority and run Internet Information Services (IIS) and Active
Directory Certificate Services (AD CS)
Which of the following options would you choose to enable all client computers to automatically
request
and install computer certificates?
A. Implement the Network Device Enrollment Service on Server2.
B. Implement certification authority Web enrollment support on Server2.
C. In the User Configuration section of the Default Domain, enable the Auto-enrollment Settings Policy
under
Public Key Policies on Server1.
D. In the Computer Settings section of the Default Domain Policy, enable auto-enrollment on Server1.
Answer: C
Q: 12 You are planning a Windows Server 2008 Active Directory infrastructure.
You have a single location and there is a limited budget. During your planning process, you have
determined that the
members of the Domain Administrators group should have a password policy that states passwords
must
be changed every 24 days, and the rest of your users must change their passwords every
42 days, except for members of the Enterprise Admins group. These users must change their passwords
every 14 days. What is the best way to accomplish this without going over your budget, and
keeping administration to a minimum?
A. Create a single forest with three domains. In the forest root domain set a domain-wide password
policy that
states users must change their passwords every 14 days. Ensure all
enterprise-wide administrators are placed into the Enterprise Admins group in the forest root domain.
Create
two child domains specifying the appropriate password policy in each domain.
B. Create a single forest with two domains. In the forest root domain set a domain-wide password policy
that
states users must change their passwords every 14 days. Place all administrative
users into the Enterprise Admins group in this domain, including those specified as Domain Admins. In
the
child domain, create a domain-wide password policy with the appropriate
attributes and ensure only non-administrative users log on as users from this domain.
C. Create a single-domain forest. Place all enterprise-wide users into the Enterprise Admins group, all
domain
administrators into the Domain Admins group, and all other users into the Users
group. Create three password security objects (PSOs) with the appropriate attribute values set and
deploy them
to the appropriate security groups.
D. Create a single-domain forest. Create three organizational units (OU), one for enterprise-wide
administrators, one for domain administrators, and one for the rest of your users. Place all
enterprise-wide users into the Enterprise Admins OU, all domain administrators into the Domain Admins
OU,
and all other users into the Users OU. Create three password security objects
(PSOs) with the appropriate attribute values set and link them to the appropriate OU.
Answer: C
Q: 13 You have an existing AD DS forest that has a domain functional level of
Windows Server 2003 and a forest functional level of Windows 2000. You have deployed a number of
writable Windows
Server 2008 domain controllers into this forest. The forest now has a mixture of Windows Server 2003
and Windows Server 2008 domain controllers. You need to deploy an RODC into this forest.
What should you do?
A. Raise the forest functional level to Windows Server 2008.
B. Raise the forest functional level to Windows Server 2003.
C. Run the adprep /forestprep command.
D. Run the adprep /domainprep /gpprep command.
Answer: B
Q: 14 You are an enterprise administrator for Hi-Tech Company. The corporate
network of the company consists of an Active Directory domain that runs at the functional level of
Windows Server 2008.
An organizational unit (OU) called OUUsers is configured in the domain and hold all user accounts.
The company has two departments Sales and Development that are headed by their respective
department managers. Both the departments have their respective global security groups that contain
all the users of the departments.
As an enterprise administrator of the company, you have been assigned the task to ensure that the
department managers must be allowed to manage the user accounts of only their departments.
You also need to ensure that the users of both Sales and Development departments must change their
passwords after the interval of 30 days and 45 days respectively.
Which of the following options would you choose to accomplish the desired goal by using the minimum
amount of administrative effort? (Select three. Each selected option will form a part of the
answer.)
A. Create a new OU for each department.
B. Create a child domain for each department.
C. Delegate administration of the OUUsers OU to the department manager of each department.
D. Delegate administration to the department manager of each OU.
E. Delegate administration to the department manager of each domain.
F. Create a new Group Policy object.
G. Create a new password policy for each global security group.
H. Create a new password policy for each domain.
I. Configure the password policy for the new GPO and link it to the OUs.
Answer: A, D, G
Q: 15 You are the Group Policy administrator for your domain and have been
tasked with creating a policy that will apply to all of the computers in your domain, except for those
computers in the
Accounting OU, and including the computers in the Computers container. The computers in the
Accounting OU should still receive all of the settings from the Default Domain Policy. How can you
design your Group Policy infrastructure to allow the GPO to apply to all computers except for those in
the Accounting OU while allowing the settings from the Default Domain Policy to apply to the
specified computers?
A. Link the new GPO to each of the OUs except for the Accounting OU. On the Default Domain Policy,
select Enforced.
B. Link the new GPO to the Accounting OU. On the Accounting OU, select Block Inheritance. On the
Default Domain Policy, select Enforced.
C. Link the new GPO to the domain. On the Accounting OU, select Block Inheritance. On the Default
Domain Policy, ensure Authenticated Users have Read and Apply group policy permissions.
D. Link the new GPO to the domain. On the Accounting OU, select Block Inheritance. On the Default
Domain Policy, select Enforced.
Answer: D
Q: 16 You are an enterprise administrator for Hi-Tech Company. The corporate
network of the company consists of an Active Directory domain that runs at the functional level of
Windows Server 2008. All
the domain controllers in the domain run Windows Server 2008.
The company has two departments, Sales and Development. Four Group Policy objects (GPOs) have
been configured in the domain, as shown below:
1. GPODB - Configured to install the custom database applications
2. GPOApp - Configured to install line-of-business applications
3. GPOUsbPr - Configured to enable a USB printer device and block access to USB flash drives
4. GPOUsbFl - Configured to enable access to USB flash drives
Besides this the Organizational Units (OU) called Development Users, Sales Users, All Users, and
Managers are configured in the domain.
As an enterprise administrator of the company, you have been assigned the task to link all the four GPOs
to the domain and the departments in such a way that all the domain users must have
access to a USB printer device. Besides this, no user except the department managers should be allowed
to access USB flash drives.
You also need to ensure that the sales department employees should only be allowed to install custom
database application and the Development department employees should be only be allowed
to install line-of-business application.
Which of the following options would you choose to accomplish this task by putting the least amount of
administrative effort?
A. Link GPODB to the Sales Users OU. Link GPOApp to the Development Users OU . Link GPOUsbPr to the
All Users OU . Link GPOUsbFl to the Managers OU.
B. Link GPODB and GPOApp to the Sales Users OU and the Development Users OU. Link GPOUsbPr to
the
domain and block inheritance for the Managers OU. Link GPOUsbFl to the All Users
OU.
C. Link GPODB and GPOApp to the Sales Users OU and the Engineering Users OU. Link GPOUsbPr to the
All Users OU. Link GPO4 to the domain and block inheritance for the All Users OU.
D. Link GPODB to the Sales Users OU. Link GPOApp to the Development Users OU. Link GPOUsbPr to the
All Users OU and block inheritance for the Managers OU. Link GPOUsbFl to the
Managers OU.
Answer: A
Q: 17 You are the Group Policy administrator for your company. All of the user
accounts get created in the Users container and then get moved into their appropriate containers. You
need to ensure that
upon the creation of a new user account, it immediately receives a GPO called New Employee GPO; but
other employees do not receive the settings from this GPO. How should you configure your
environment?
A. Create an OU called New_Employees. Create a GPO called New Employees GPO and link it to the
New_Employees OU. Run the redirusr command to redirect all new user accounts to the
New_Employees OU.
B. Create an OU called New_Employees. Create a GPO called New Employees GPO and link it to the
New_Employees OU. Run the redircmp command to redirect all new computer accounts to
the New_Employees OU.
C. Create an OU called New-Employees. Create a GPO called New Employees GPO and link it to the
domain.
In the attributes of the GPO, select Enforced.
D. Create a GPO called New Employees GPO. Create a global security group called New Employees. Add
all
new employees to the global security group. In the Delegation tab of the GPO,
accept all default entries and then add New Employees security group with the Apply group policy
permission
set to Allow. Link the GPO to the domain.
Answer: A
Q: 18 You are an enterprise administrator for Hi-Tech Company. The corporate
network of the company consists of an Active Directory domain that runs at the functional level of
Windows Server 2008. All
the domain controllers in the domain run Windows Server 2008 and client computers run Windows XP
and Windows Vista.
The company has ten departments and for each department a separate Organizational Unit (OU) is
configured. Besides this another OU called ComputerOU is also configured in department
You have recently configured two logon scripts one each for each type of client computers (XP and Vista)
to install application updates on them.
Which of the following options would you choose to deploy the logon scripts on the client computers
based on the version of the Windows operating system? Besides this you need to ensure that the
logon scripts are applied to users from all departments when logging on from any computer.
You need to accomplish this task by use the minimum number of OUs and Group Policy objects (GPOs).
(Select all that apply)
A. Create a GPO and configure the logon scripts and policy refresh in the GPO.
B. Create a GPO and configure the logon scripts and loopback processing in the GPO.
C. Create one GPO for each Windows operating system and configure the logon scripts and loopback
processing in the GPOs.
D. Create one GPO for each Windows operating system. Configure the logon script in the GPOs.
E. Create two new child OUs in the Users Computers OU named WinXP and WinVista and then link each
GPO to the corresponding operating systems OU.
F. Link the GPO to the domain and apply a Windows Management Instrumentation (WMI) filter.
G. Link both GPOs to the domain and apply a Windows Management Instrumentation (WMI) filter.
Answer: C, G
Q: 19 You are in the process of planning the deployment of WSUS at a university.
The university is contains five colleges, each of which has its own separate IT staff and Active Directory
forest. The
university has a single connection to the Internet through which all traffic passes and wants to minimize
the amount of data downloaded from the Microsoft
Update servers, but each college's IT staff should have responsibility to approve updates.
Which of the following WSUS deployment plans should you use?
A. Configure one upstream server. Configure a downstream replica server for each college.
B. Configure a WSUS server in each college. Configure client computers to retrieve approvals from the
WSUS server and updates from Microsoft Update
C. Configure one upstream server. Configure a WSUS server in each college to use autonomous mode
but to
retrieve updates from the upstream server.
D. Configure an autonomous server in each college to retrieve updates from Microsoft Update.
Answer: C
Q: 20 You are a network administrator for Hi-Tech Company. The company
recently opened a branch office. The corporate network of the company consists of a single Active
Directory domain. The single
domain controller of the corporate network of the company runs Windows Server 2008.
An organizational unit (OU) that contains all the computer accounts for the new branch office and
Microsoft Windows Server Update Services (WSUS) 3.0 to deploy all approved updates to the
environment has already been configured in the domain.
Besides this, the head office contains a server that is used to test and approve all new software updates.
As a network administrator of the company, you have been assigned the task to ensure that only the
minimum amount of bandwidth is used to download updates from Microsoft Update updates in
the branch office and only the approved updates by the head office are allowed to be installed in the
new
branch office.
How would you install WSUS 3.0 server in the Hi-Tech Company domain so that a Group Policy can be
Configured for the OU and all computers receive can receive updates from the new WSUS
server?
A. Install a WSUS 3.0 server as a replica server in the head office.
B. Install a WSUS 3.0 server as a stand-alone server in new branch office.
C. Install a WSUS 3.0 server as a replica server in the new branch office.
D. Install and configure a WSUS 3.0 server as a stand-alone server in the head office.
Answer: C
Your network consists of one Active Directory forest named contoso.com. The functional level of the
contoso.com forest is Windows Server 2008. The network contains seven servers that run Internet
Information Services (IIS) 7.0 and host Web services. Remote users from a partner company access the
Web services through HTTPS. The partner company has a separate Active Directory forest named
fabrikam.com. The functional level of the fabrikam.com forest is Windows Server 2003.
You need to recommend an authentication solution for the fabrikam.com users.
The solution must meet the following requirements:



All communications between both forests must use only HTTPS.
Remote users must only authenticate once to access all Web services.
Users from fabrikam.com must access the Web services by using user accounts in the
fabrikam.com forest.
What should you recommend?
A. Implement Client Certificate Mapping Authentication on the IIS servers.
B. Implement Microsoft Identity Lifecycle Manager (ILM) 2007 on the contoso.com forest.
C. Implement a forest trust between the contoso.com and the fabrikam.com forests. Configure the
forest trust to use Selective Authentication.
D. Implement Active Directory Federation Services (AD FS) in the contoso.com forest. Create a
federation trust between the contoso.com forest and the fabrikam.com forest.
Answer: D
==========================
Your network consists of one Active Directory domain named contoso.com. The domain contains three
Windows Server 2008 servers named Server1, Server2, and Server3. Server1 runs Active Directory
Certificate Services (AD CS) and is configured as an enterprise root certification authority. Server2 hosts
an internal Web site. Users currently connect to the Web site by using the URL
https://server2.contoso.com. You plan to replicate the Web site from Server2 to Server3. You need to
recommend a solution to enable users to connect to the Web site through HTTPS on either Server2 or
Server3 by using a single URL. The solution must meet the following requirements: Users must be able
to use the https://www.contoso.com URL to connect to the Web site. Incoming connections must be
dynamically balanced between Server2 and Server3. What should you recommend? A. Add both servers
to a Network Load Balancing cluster. Export the Web server certificate on Server2 to Server3. B. Add
both servers to a failover cluster. Issue a Web server certificate for www.contoso.com. Install the
certificate on Server2. C. Add both servers to a Network Load Balancing cluster. Issue a Web server
certificate for www.contoso.com. Install the certificate on Server2 and Server3. D. Add both servers to a
failover cluster. Issue a Web server certificate for server2.contoso.com and install the certificate on
Server2. Issue a Web server certificate for server3.contoso.com and install the certificate on Server3.
Answer: C Question: 3 Your company has a main office and 10 branch offices. For interactive and self-
paced preparation of exam 70-647, try our practice exams. Practice exams also include self assessment
and reporting features! 2
The network consists of one Active Directory domain. All domain controllers run Windows Server 2008
and are located in the main office. You need to plan the deployment of one Windows Server 2008
domain controller in each branch office. The solution must meet the following requirements: Branch
office domain controllers must be able to log users on to the domain. Branch office domain controllers
must be able to store the passwords of only some domain users. Users must be able to download Group
Policy objects (GPOs) from the branch office domain controllers. What should your plan include? A.
Install Active Directory Lightweight Directory Services (AD LDS). B. Install Active Directory Domain
Services (AD DS) on a Server Core installation of Windows Server 2008. C. Install Active Directory
Domain Services (AD DS). Select the read-only domain controller (RODC) option during installation. D.
Install Active Directory Domain Services (AD DS). Create a new Password Settings object (PSO). Link the
PSO to user objects in the respective branch office. Answer: C Question: 4 Your company has a main
office and 100 branch offices. The network consists of one Active Directory domain that contains 10,000
users. You plan to deploy one Windows Server 2008 domain controller in each branch office. You need
to recommend a solution to minimize network traffic during the installation of Active Directory Domain
Services (AD DS) on each branch office domain controller. What should you recommend? A. Install AD
DS by using the Install from Media feature. B. Install AD DS and configure the read-only domain
controller (RODC) option. C. Install a Server Core installation of Windows Server 2008, and then install
AD DS. D. Disable the Global Catalog option on each branch office domain controller. Enable Universal E.
Group Membership Caching from each branch office site. Answer: A Question: 5 Your network consists
of one Active Directory domain that contains only domain controllers that run Windows Server 2003.
Your company acquires another company. You need to provide user accounts for the employees of the
newly acquired company. The solution must support multiple account lockout policies. What should you
do? A. Implement Authorization Manager. B. Implement Active Directory Federation Services (AD FS). C.
Upgrade one domain controller to Windows Server 2008. Raise the functional level of the domain to
Windows Server 2003. D. Upgrade all domain controllers to Windows Server 2008. Raise the functional
level of the domain to Windows Server 2008. For interactive and self-paced preparation of exam 70-647,
try our practice exams. Practice exams also include self assessment and reporting features! 3
Answer: D Question: 6 Your company has a main office and a branch office. Your network consists of
one Active Directory domain. All domain controllers run Windows Server 2008. You need to plan the
installation of a new server as a read-only domain controller (RODC) in the branch office. The plan must
meet the following requirements: A branch office user must complete the RODC installation. The branch
office user must only be a member of only the Domain Users security group. What should you do first?
A. Create an installation media by using ntdsutil. B. Instruct the user to join the new server to the
domain. C. Pre-create a read-only domain controller (RODC) account for the branch office server. D.
Create an organizational unit (OU) for the branch office. Delegate full control of the OU to the branch
office user. Answer: C Question: 7 Your network contains one Active Directory forest that has a root
domain and three child domains. All domain controllers run Windows Server 2003 Service Pack 1 (SP1).
Each domain has a different password policy. The domain is configured as shown in the exhibit. (Click
the Exhibit button.) You plan to reduce the number of domains in the forest. You need to plan the
restructuring of the forest to meet the following requirements: Maintain all existing password policies.
Maintain all existing user account attributes. A. Upgrade all domains to Windows Server 2008. Redirect
the users container in the root domain by using the redirusr.exe tool, and then remove the child
domains. Enable fine-grained password policies. B. Upgrade all domains to Windows Server 2008 and
enable SID history. Move all user accounts from the child domains to the root domain by using the
movetree.exe tool, and then remove the child domains. C. Upgrade the forest root domain to Windows
Server 2008. Use the Active Directory Migration Tool (ADMT) to migrate user accounts that contain SID
history from the child domains to the forest root domain. Remove the child domains. For interactive and
self-paced preparation of exam 70-647, try our practice exams. Practice exams also include self
assessment and reporting features! 4
D. Upgrade the forest root domain to Windows Server 2008. Use the Active Directory Migration Tool
(ADMT) to migrate user accounts from the child domains to the forest root domain, and then remove
the child domains. Enable fine-grained password policies. Answer: D Question: 8 Your company has a
main office, three regional offices, and six branch offices. The network links are configured as shown in
the exhibit. (Click the Exhibit button.) The network consists of one Active Directory domain. You create
an Active Directory site for each office. You create a site link for each wide area network (WAN) link. The
Bridge all site links option is disabled. You need to plan the deployment of domain controllers. The
solution must meet the following requirements. Windows PowerShell must be installed on all domain
controllers in each regional office. Domain user account passwords stored on the domain controllers
must be protected if a branch office domain controller is stolen. A. In each branch office and in each
regional office, install a Server Core installation of Windows Server 2008 and configure a writable
domain controller. B. In each branch office and in each regional office, install a full installation of
Windows Server 2008 and configure a read-only domain controller (RODC). C. In each branch office,
install a Server Core installation of Windows Server 2008 and configure a read-only domain controller
(RODC). In each regional office, install a full installation of Windows Server 2008 and configure a
writable domain controller. D. In each branch office, install a full installation of Windows Server 2008
and configure a read-only domain controller (RODC). In each regional office, install a Server Core
installation of Windows Server 2008 and configure a writable domain controller. Answer: C Question: 9
For interactive and self-paced preparation of exam 70-647, try our practice exams. Practice exams also
include self assessment and reporting features! 5
Your company has a main office and 10 branch offices. The network consists of one Active Directory
domain. All domain controllers run Windows Server 2008 and are located in the main office. Each
branch office contains one member server. Branch office administrators in each branch office are
assigned the necessary rights to administer only their member servers. You deploy one read-only
domain controller (RODC) in each branch office. You need to recommend a security solution for the
branch office Windows Server 2008 domain controllers. The solution must meet the following
requirements: Branch office administrators must be granted rights on their local domain controller only.
Branch office administrators must be able to administer the domain controller in their branch office.
This includes changing device drivers and running Windows updates. What should you recommend? A.
Add each branch office administrator to the Administrators group of the domain. B. Add each branch
office administrator to the local Administrators group of their respective domain controller. C. Grant
each branch office administrator Full Control permission on their domain controller computer object in
Active Directory. D. Move each branch office domain controller computer object to a new organizational
unit (OU). Grant each local administrator Full Control permission on the new OU. Answer: B Question:
10 Your company has four offices that are connected by using high speed wide area network (WAN)
links. Each office has a router that supports the Simple Certificate Enrollment Protocol (SCEP). The
network consists of one Active Directory domain. All domain controllers run Windows Server 2008. You
have a Certificate Services infrastructure. The Certificate Services servers run Windows Server 2003
Standard Edition. You plan to enable device authentication for all routers. You need to recommend
changes to the Certificate Services infrastructure to support device authentication. Which changes
should you recommend? A. Install a new server that runs Windows Server 2008 Enterprise Edition.
Enable the Active Directory B. Certificate Services (AD CS) role. C. Install a new server that runs Windows
Server 2008 Standard Edition. Install the Network Protection and Access Services (NPAS) role. D.
Upgrade the existing Certificate Services servers to Windows Server 2008 Standard Edition. Enable the
Web enrollment component. E. Upgrade the existing Certificate Services servers to Windows Server
2008 Enterprise Edition. Enable the Network Device Enrollment service. Answer: D Question: 11 Your
network consists of two Active Directory forests. The Active Directory forests are configured as shown in
the following table. The contoso.com and fabrikam.com domains each contain one server that runs
Active Directory Federation Services (AD FS). Users in the company1.contoso.com domain require access
to an application server in the company2.fabrikam.com domain. The application server is configured to
allow only Kerberos authentication. You need to ensure that users in the company1.contoso.com
domain can access the application server in the company2.fabrikam.com domain. What should you do
first? For interactive and self-paced preparation of exam 70-647, try our practice exams. Practice exams
also include self assessment and reporting features! 6
A. Create a forest trust between the contoso.com forest and the fabrikam.com forest. B. Create an
external trust between the contoso.com domain and the fabrikam.com domain. C. Create an AD FS
federation trust between the contoso.com forest and the fabrikam.com forest. D. Create an external
trust between the company1.contoso.com domain and the company2.fabrikam.com domain. Answer: A
Question: 12 Your network consists of one Active Directory domain. All domain controllers run Windows
Server 2003. The functional level of the forest is Windows 2000. The functional level of the domain is
Windows 2000 mixed. You install a domain controller that runs Windows Server 2008. You plan to
deploy a read-only domain controller (RODC). You need to modify the domain and forest functional
levels to support the installation of the RODC. What should you do? A. Set the domain functional level to
Windows 2003 and the forest functional level to Windows 2000 native. B. Set the domain functional
level to Windows 2003 and the forest functional level to Windows 2003. C. Set the domain functional
level to Windows 2008 and the forest functional level to Windows 2003. D. Set the domain functional
level to Windows 2008 and the forest functional level to Windows 2008. Answer: B Question: 13 Your
network consists of one Active Directory domain that contains servers that run Windows Server 2008.
The relevant servers are configured as shown in the following table. All client computers are members of
the domain and run Windows Vista. All users have accounts in the domain. You need to recommend a
solution that enables all client computers to automatically request and install computer certificates.
What should you recommend? For interactive and self-paced preparation of exam 70-647, try our
practice exams. Practice exams also include self assessment and reporting features! 7
A. On Server2, implement the Network Device Enrollment Service. B. On Server2, implement
certification authority Web enrollment support. C. On Server1, enable auto-enrollment in the User
Configuration section of the Default Domain Policy. D. On Server1, enable auto-enrollment in the
Computer Settings section of the Default Domain Policy. Answer: D Question: 14 Your company has one
main office and eight branch offices. Each branch office has 200 client computers and a local
administrator. The network consists of one Active Directory domain. All domain controllers run
Windows Server 2008. You plan to deploy domain controllers to the branch office locations. You need to
plan an administration solution for the branch offices that meets the following requirements: Branch
office administrators must be able to update drivers on their respective branch office domain
controllers. Branch office administrators must be able to log on only to domain controllers in their
respective branches. What should you include in your plan? A. Deploy a Windows Server 2008 read-only
domain controller (RODC) in each branch office. Assign the Administrators role for the RODC to the
branch office administrators. B. Deploy a Windows Server 2008 read-only domain controller (RODC) in
each branch office. Assign the Network Configuration Operators role for the RODC to the branch office
administrators. C. Deploy a domain controller that runs a Server Core Installation of Windows Server
2008 in each branch office. Add the branch office administrator to the Server Operators domain local
group. D. loy a domain controller that runs a Server Core Installation of Windows Server 2008 in each
branch office. Add the branch office administrator to the Administrators domain local group. Answer: A
Question: 15 Your network consists of one Active Directory forest that contains 20 domain trees. All DNS
servers run Windows Server 2008. The network is configured as an IPv4 network. Users connect to
network applications in all domains by using a NetBIOS name. You plan to migrate to an IPv6-enabled
only network. You need to recommend a solution to migrate the network to IPv6. The solution must not
require any changes to client computers. What should you recommend? A. On the DNS servers,
configure GlobalNames zones. B. On the DNS servers, add all domain zones to the ForestDNSZones
partition. C. On a new server, install and configure a Windows Server 2008 WINS server. D. On a new
server, install and configure a Windows Server 2003 WINS server. Answer: A
1. Your company has a main office and a new branch office. The network consists of one Active directory
domain. The branch office contains two member servers that run Windows Server 2008. One of the
servers is configured as a file server that hosts shared folders. An administrator in the branch office is
responsible for maintaining the servers. You have a single DNS zone that is hosted on a DNS server
located in the main office. A wide area network (WAN) link between the branch office and the main
office is unreliable. You need to recommend a network services solution for the new branch office. The
solution must meet the following requirements: Users must be able to log on to the domain if a WAN
link fails. Users must be able to access file shares on the local server if a WAN link fails. Branch office
administrators must be prevented from initiating changes to Active Directory. Branch office
administrators must be able to make configuration changes to the servers in the branch office. What
should you recommend? A. Promote the member server to a domain controller and add the branch
office administrators to the Domain Admins group. B. Promote the member server to a read-only
domain controller (RODC) and add the branch office administrators to the Domain Admins group. C.
Promote the member server to a read-only domain controller (RODC) and configure the DNS role.
Delegate administrative rights to the local branch office administrator. D. Promote the member server
to a domain controller and configure the DNS role. Create an organizational unit (OU) for each branch
office and delegate administrative rights to the local branch office administrator. Answer: C 2. Your
company has one office in San Diego and one office in New York. The network consists of one Active
Directory forest that contains one domain named contoso.com and one domain named
newyork.contoso.com. All servers run Windows Server 2008. All domain controllers for contoso.com are
located in San Diego. All domain controllers for newyork.contoso.com are located in New York.
Contoso.com contains two domain controllers named Server1 and Server2. Newyork.contoso.com
contains two domain controllers named Server3 and Server4. All domain controllers host Active
Directory-integrated DNS zones for their respective domains. You need to ensure that users from each
office can resolve computer names for both domains from a local DNS server. What should you do? A.
Add the contoso.com and the newyork.contoso.com DNS zones to the ForestDNSZones partition.
Exam1pass Help You Pass Any IT Exam http://www.exam1pass.com
Exam1pass Easiest way to pass IT exams B. Create a stub DNS zone for contoso.com on Server3. Create a
stub DNS zone for newyork.contoso.com on Server1. C. Create a standard primary DNS zone named
contoso.com on Server3. Create a standard primary DNS zone named newyork.contoso.com on Server1.
D. Configure conditional forwarders on Server1 to point to Server3. Configure conditional forwarders on
Server3 to point to Server1. Answer: A 3. Your company has a main office and three branch offices. Each
office has a server that runs Windows Server 2008. The server has the DNS Server role installed. The
branch offices contain client computers that run Windows 2000. You plan to deploy Active Directory
Domain Services (AD DS) on the network. You need to plan a name resolution solution for the
deployment of Active Directory Domain Services (AD DS). The solution must meet the following
requirements: Support secure dynamic updates. Minimize response times for users connecting to
resources anywhere on the network. What should you include in your plan? A. A GlobalNames zone for
the forest. B. A single Active Directory-integrated DNS zone. C. A stub zone on the DNS server in each
branch office. D. A standard primary zone in the main office and secondary zones in each branch office.
Answer: B 4. Your company has one office in Montreal and one office in New York. Each office has 2,000
client computers configured as DHCP clients. DHCP relay is not supported on the network routers. The
network consists of one Active Directory domain. You need to recommend a DHCP addressing solution
for both offices. The solution must meet the following requirements: Minimize traffic between offices.
Be available if a single server fails. What should you recommend? A. In each office, install a DHCP server
that has two scopes. B. In each office, install a DHCP instance on a two node failover cluster. C. In the
Montreal office, install a DHCP server. In the New York office, install a DHCP Relay Agent. D. In the
Montreal office, install a DHCP instance on a two node failover cluster. In the New York office, install a
DHCP Relay Agent. Answer: B Exam1pass Help You Pass Any IT Exam http://www.exam1pass.com
Exam1pass Easiest way to pass IT exams 5. Your network consists of one Active Directory forest that
contains 20 domain trees. All DNS servers run Windows Server 2008. The network is configured as an
IPv4 network. Users connect to network applications in all domains by using a NetBIOS name. You plan
to migrate to an IPv6-enabled only network. You need to recommend a solution to migrate the network
to IPv6. The solution must not require any changes to client computers. What should you recommend?
A. On the DNS servers, configure GlobalNames zones. B. On the DNS servers, add all domain zones to
the ForestDNSZones partition. C. On a new server, install and configure a Windows Server 2008 WINS
server. D. On a new server, install and configure a Windows Server 2003 WINS server. Answer: A 6. Your
company has a main office and two branch offices. The network contains one Active Directory domain
named contoso.com. All domain controllers and DNS servers for the contoso.com domain are located in
the main office. All DNS servers are member servers. You plan to deploy two new Active Directory
domains named east.contoso.com and west.contoso.com in the branch offices. You install a DNS server
in each branch office. You need to prepare the environment for the installation of the new domains.
What should you do next? A. Create a new standard primary zone on each branch office DNS server for
the new domains. Configure forwarders on the main office DNS servers to point to the branch office
servers. B. Create a new stub zone on each branch office DNS server for the new domains. Configure
conditional forwarders on the main office DNS servers to point to the branch office DNS servers. C.
Configure a delegation subdomain DNS record on the main office DNS server for each new domain.
Configure a stub zone on each branch office DNS server for the new domains. Configure zone transfer
for the contoso.com zone to the branch office DNS servers. D. Configure a delegation subdomain DNS
record on the main office DNS server for each new domain. Create a new standard primary zone on each
branch office DNS server for the new domains. Configure zone transfer for the contoso.com zone to the
branch office DNS servers. Answer: D 7. Your company has one main office and one branch office. The
branch office is connected to the main office by using a wide area network (WAN) link. The network
consists of one Active directory domain. The branch office has two member servers that run Windows
Server 2008. One of the servers is configured Exam1pass Help You Pass Any IT Exam
http://www.exam1pass.com
Exam1pass Easiest way to pass IT exams as a file server that hosts shared folders. The branch office has
a local administrator. The main office has one standard primary DNS zone that is hosted on a DNS
server. The branch office grows from 100 client computers to 1,000 client computers. You need to
recommend a name resolution solution for the branch office to meet the following requirements: Users
must be able to access file shares on the local server if a WAN link fails. The branch office administrator
must be able to modify Active Directory objects while at the branch office if a WAN link fails. What
should you recommend? A. Promote the member server to a domain controller and configure the DNS
role. Create a standard secondary zone. B. Promote the member server to a domain controller and
configure the DNS role. Create a new standard primary zone. C. Promote the member server to a readonly domain controller (RODC) and configure the DNS role. Create a primary read-only zone. D. Promote
the member server to a read-only domain controller (RODC) and configure the DNS role. Create a new
standard secondary zone. Answer: A 8. Your network consists of one Active Directory forest that
contains one root domain and 22 child domains. All domain controllers run Windows Server 2003. All
domain controllers run the DNS Server service and host Active Directory-integrated zones.
Administrators report that it takes more than one hour to restart the DNS servers. You need to reduce
the time it takes to restart the DNS servers. What should you do? A. Upgrade all domain controllers to
Windows Server 2008. B. Upgrade all domain controllers in the root domain to Windows Server 2008,
and then set the functional level for the root domain to Windows Server 2008. C. Deploy new secondary
zones on additional servers in each child domain. D. Change the Active Directory-integrated DNS zones
to standard primary zones. Answer: A 9. Your network consists of one Active Directory forest that
contains one root domain and 10 child domains. Administrators of the child domains frequently modify
the records for authoritative DNS servers for the child domain DNS zones. You need to recommend a
solution to minimize the amount of manual configuration steps required to Exam1pass Help You Pass
Any IT Exam http://www.exam1pass.com
Exam1pass Easiest way to pass IT exams maintain name resolution on the network. What should you
recommend? A. On the child domain DNS servers, create stub zones for the root domain zone. B. On the
child domain DNS servers, configure conditional forwarders for the parent domain. C. On the root
domain DNS servers, create stub zones for the child domain zones. D. On the root domain DNS servers,
configure delegation subdomain records for the child domains. Answer: C 10. Your network consists of
one Active Directory domain and one IP subnet. All servers run Windows Server 2008. All client
computers run Windows Vista. The servers are configured as shown in the following table. All network
switches used for client connections are unmanaged. Some users connect to the local area network
(LAN) from client computers that are joined to a workgroup. Some client computers do not have the
latest Microsoft updates installed. You need to recommend a Network Access Protection (NAP) solution
to protect the network. The solution must meet the following requirements: Only computers that are
joined to the domain must be able to connect to servers in the domain. Only computers that have the
latest Microsoft updates installed must be able to connect to servers in the domain. Which NAP
enforcement method should you use? A. 802.1x B. DHCP C. IPsec D. virtual private network (VPN)
Answer: C 11. Your network consists of one Active Directory domain and one IP subnet. All servers run
Windows Server 2008. All client computers run Windows Vista, Windows XP Professional, and Windows
2000 Professional. The servers are configured as shown in the following table. Server2 is configured to
support Network Access Protection (NAP) by using IPsec, DHCP, and 802.1x enforcement methods.
Users from a partner company have computers that are not joined to the domain. The computers
successfully connect to the network. You need to ensure that only computers that are joined to the
domain can access network resources on the Exam1pass Help You Pass Any IT Exam
http://www.exam1pass.com
Exam1pass Easiest way to pass IT exams domain. What should you do? A. Configure all DHCP scopes on
Server1 to enable NAP. B. Configure all network switches to require 802.1x authentication. C. Create a
Group Policy object (GPO) and link it to the domain. In the GPO, enable a secure server IPsec policy on
all member servers in the domain. D. Create a Group Policy object (GPO) and link it to the domain. In the
GPO, enable a NAP enforcement client for IPsec communications on all client computers in the domain.
Answer: C 12. Your network consists of a single IP subnet. All servers and client computers connect to
managed switches. All servers run Windows Server 2008. All client computers run Windows Vista. The
servers on the network are configured as shown in the following table. You need to prepare the
Network Access Protection (NAP) environment to meet the following requirements: Computers that
have the required Microsoft updates installed must be able to access all computers on the network.
Network switches must first allow client computers to communicate to only Server1 and Server2 when
the computers connect to the network. Which NAP enforcement method should you use? A. 802.1x B.
DHCP C. IPsec communications D. VPN Answer: A 13. Your network consists of one Active Directory
domain. The domain contains servers that run Windows Server 2008. The servers are configured as
shown in the following table. Server2 and Server3 are configured as RADIUS clients. You need to plan a
solution to manage all VPN connections to the network. The solution must meet the following
requirements: Specify the allowed VPN connection protocols. Specify the allowed VPN client
authentication mechanisms. Specify VPN client access rights based on group membership. What should
you include in your plan? Exam1pass Help You Pass Any IT Exam http://www.exam1pass.com
Exam1pass Easiest way to pass IT exams A. a Group Policy object (GPO) applied to Server2 and Server3
B. a Group Policy object (GPO) applied to the computers that must establish VPN connections C. a local
computer policy on Server2 and Server3 D. a network policy on Server4 Answer: D 14. Your network
consists of one Active Directory domain. The domain contains servers that run Windows Server 2008.
The servers are configured as shown in the following table. All client computers run Windows Vista
Service Pack 1 (SP1). Remote domain users at a customer site report that they can access Server2 from
the Internet by using the URL https://portal.contoso.com. They also report that a firewall at the
customer site prevents all other outbound connections. You need to implement a solution to enable
remote users to access files on Server3 from a VPN connection. Which connection should you enable on
Server1? A. IPsec tunnel mode B. L2TP C. PPTP D. Secure Socket Tunneling Protocol (SSTP) Answer: D 15.
Your network contains servers that run Windows Server 2008. Microsoft Windows SharePoint Services
(WSS) are available on the network. WSS is only accessible from the internal network. Several users use
devices that run Windows Mobile 6.0. The users can establish only HTTP and HTTPS sessions from the
Internet. You need to enable users to access WSS from the Internet by using their Windows Mobile
devices. The solution must ensure that all connections from the Internet to WSS are encrypted. What
should you do? A. Install Microsoft Internet Security and Acceleration (ISA) Server 2006 and create a
HTTPS publishing rule. B. Install Microsoft Internet Security and Acceleration (ISA) Server 2006 and
create a Secure RPC publishing rule. C. Install the Network Policy and Access Services (NPAS) role and
enable Secure Socket Tunneling (SSTP) connections. Configure WSS to require Kerberos authentication.
Exam1pass Help You Pass Any IT Exam http://www.exam1pass.com
Exam1pass Easiest way to pass IT exams D. Install the Network Policy and Access Services (NPAS) role
and enable Secure Socket Tunneling (SSTP) connections. Configure WSS to require IPsec encryption.
Answer: A 16. Your network is connected to the Internet through a firewall. Remote users connect to
Microsoft Windows SharePoint Services (WSS) located on the internal network by using HTTPS. Users
require access to file servers located on the internal network. You need to ensure that remote users can
connect to the file servers. The solution must not require that any additional TCP ports be opened on
the firewall. What should you do? A. Implement a PPTP virtual private network (VPN) solution. B.
Implement an L2TP virtual private network (VPN) solution. C. Implement a Terminal Services Web Access
(TS Web Access) solution. D. Implement a Secure Socket Tunneling Protocol (SSTP) virtual private
network (VPN) solution. Answer: D 17. Your network consists of one Active Directory domain. Your
company has a department named Sales. Some employees in the Sales department work from home
and require access to applications and file servers on the corporate network. The corporate security
policy includes the following requirements: Remote computers must only connect to the network by
using Secure Socket Layer (SSL). Computers that connect to the network must have an up-to-date
antivirus application and all available security updates installed. You need to plan a remote access
solution for the Sales department employees. What should you include in your plan? A. Configure a
virtual private network (VPN) solution that uses PPTP. B. Configure a virtual private network (VPN)
solution that uses L2TP. C. Configure a Terminal Services solution that uses Terminal Services Gateway
(TS Gateway). D. Configure a Terminal Services solution that uses Terminal Services Web Access (TS Web
Access). Answer: C 18. Your network consists of one Active Directory domain. The domain contains
servers that run Windows Server 2008. The relevant servers are configured as shown in the following
table. All client computers run Windows Vista. You plan to deploy two Java-based applications on all
client computers. The two applications each require a Exam1pass Help You Pass Any IT Exam
http://www.exam1pass.com
Exam1pass Easiest way to pass IT exams different version of the Java Runtime Environment (JRE). After
testing, you notice that the two JREs prevent the applications from running on the same computer. You
need to recommend a solution that enables the two Java-based applications to run on all client
computers. What should you recommend? A. Create two Windows Installer (MSI) packages that each
contains one version of the JRE and one compatible application. On Server2, advertise both packages to
all client computers. B. Create two Windows Installer (MSI) packages that each contains one version of
the JRE and one compatible application. On Server1, create a Group Policy object (GPO) that assigns
both packages to all client computers. C. Use the SoftGrid Sequencer to create two application packages
that each contains one version of JRE and one compatible application. On Server3, stream both
application packages to all client computers. D. Install the two JRE versions and the two Java-based
applications on Server4. Configure all client computers to connect to the Java-based applications by
using Terminal Services RemoteApp (TS RemoteApp). Answer: C 19. Your network consists of one Active
Directory domain. The domain contains servers that run Windows Server 2008. The relevant servers are
configured as shown in the following table. You install an application named Application1 on Server3.
User-specific settings for the application are stored in a configuration file named Application1.ini. When
multiple users run Application1 concurrently, Application1.ini is overwritten and the application fails.
You need to recommend a solution that enables users to successfully run Application1 on Server3. What
should you recommend? A. On Server3, deploy Terminal Services Session Broker (TS Session Broker). B.
On Server2, stream a SoftGrid application package containing Application1 to Server3. C. On Server3,
configure Application1 as a Terminal Services RemoteApp (TS RemoteApp). D. On Server1, create and
link a Group Policy object (GPO) to publish Application1 to all users who establish a Terminal Services
session on Server3. Answer: B 20. Your network consists of one Active Directory domain. The domain
contains servers that run Windows Server 2008. The relevant servers are configured as shown in the
following table. Exam1pass Help You Pass Any IT Exam http://www.exam1pass.com
Exam1pass Easiest way to pass IT exams Your company has a department named Sales. All users in the
Sales department have desktop computers that run Windows Vista Enterprise Edition. All users in the
Sales department run an application named Application1 that is compatible only with Windows 95. To
run Application1, each user in the Sales department has a second desktop computer that runs Windows
95. The Windows 95 computers must be removed from the network. You use the Microsoft Application
Compatibility Toolkit (ACT) 5.0 to test Application1. The test confirms that the application runs only on
Windows 95 computers and must be redeveloped to be compatible with Windows Vista or Windows
Server 2008. You need to recommend a solution that will enable you to remove the Windows 95
computers. Users in the Sales department must be able to continue running Application1. What should
you do? A. Create a virtual machine that runs Windows 95 and Application1. Run the virtual machine on
all computers in the Sales department by using Microsoft Virtual PC 2007. B. Create and link a Group
Policy object (GPO) that publishes Application1 to all client computers in the Sales department.
Configure Application1 to run as an administrator. C. Create and link a Group Policy object (GPO) that
assigns Application1 to all client computers in the Sales department. Configure Application1 to run in
compatibility mode for Windows 2000. D. Install Application1 on Server2. Configure Application1 to run
in compatibility mode for Windows 95. Configure all computers in the Sales department to run the
application through Terminal Services. Answer: A
You are the Group Policy administrator for your company. All of the user accounts get created in the
Users container and then get moved into their appropriate containers. You need to ensure that upon
the creation of a new user account, it immediately receives a GPO called New Employee GPO; but other
employees do not receive the settings from this GPO. How should you configure your environment? A.
Create an OU called New_Employees. Create a GPO called New Employees GPO and link it to the
New_Employees OU. Run the redirusr command to redirect all new user accounts to the
New_Employees OU. B. Create an OU called New_Employees. Create a GPO called New Employees GPO
and link it to the New_Employees OU. Run the redircmp command to redirect all new computer
accounts to the New_Employees OU. C. Create an OU called New-Employees. Create a GPO called New
Employees GPO and link it to the domain. In the attributes of the GPO, select Enforced. D. Create a GPO
called New Employees GPO. Create a global security group called New Employees. Add all new
employees to the global security group. In the Delegation tab of the GPO, accept all default entries and
then add New Employees security group with the Apply group policy permission set to Allow. Link the
GPO to the domain. Answer: A Question:2 You are an enterprise administrator for Hi-Tech Company.
The company has a head office and nine branch offices. Each office has 10 domain controllers. The
corporate network of the company consists of an Active Directory domain that runs at the functional
level of Windows Server 2008. All the domain controllers in the domain run Windows Server 2008. Each
office has a local administrator who has the necessary permissions to create and linkdomain-level Group
Policy objects. On a Windows Vista client computer, you have recently created custom Administrative
Template (.admx) files locally. You now want to implement a GPO management strategy to ensure that
the administrators can access the .admx files and any future updates to these files from each office. You
also need to ensure that the .admx files remain identical across the company. Which of the following
options would you choose to accomplish the desired goal? (Select all that apply. Each select option will
form a part of the answer) A. Create a central store in the domain. B. Create a central store on a file
server in each office. C. Create and link a GPO to the domain. D. Create and link a GPO to the Domain
Controllers organizational unit (OU). E. Copy the custom .admx files to the central store. F. Add the
.admx files to the GPO. G. Add the custom .admx files to the GPO. Answer: A, E Question:3 You have
been asked to provide an additional security system for your company??s internet activity. This system
should act as an underlying cryptography system. It should enable users or computers that have never
been in trusted communication before to validate themselves by referencing an association to a trusted
third party (TTP). The method of security the above example is referencing is? A. Certificate Authority
(CA) B. Nonrepudiation C. Cryptanalysis D. Public Key Infrastructure (PKI) Answer: D Question:4 You are
an enterprise administrator for Hi-Tech Company. The corporate network of Hi-Tech Company consists
of an Active Directory domain. The domain contains servers that run Windows Server 2008 and all client
computers that run Windows Vista. All users have accounts in the domain. The network contains two
servers that are configured as follows:
Server1 - Configured as a domain controller and run Active Directory Domain Services (AD DS).
Server2 - Configured as Certification authority and run Internet Information Services (IIS) and Active
Directory Certificate Services (AD CS)
Which of the following options would you choose to enable all client computers to automatically
request and install computer certificates? A. Implement the Network Device Enrollment Service on
Server2. B. Implement certification authority Web enrollment support on Server2. C. In the User
Configuration section of the Default Domain, enable the Auto-enrollment Settings Policy under Public
Key Policies on Server1. D. In the Computer Settings section of the Default Domain Policy, enable autoenrollment on Server1. Answer: C Question:5 You are planning a Windows Server 2008 Active Directory
infrastructure. You have a single location and there is a limited budget. During your planning process,
you have determined that the members of the Domain Administrators group should have a password
policy that states passwords must be changed every 24 days, and the rest of your users must change
their passwords every 42 days, except for members of the Enterprise Admins group. These users must
change their passwords every 14 days. What is the best way to accomplish this without going over your
budget, and keeping administration to a minimum? A. Create a single forest with three domains. In the
forest root domain set a domain-wide password policy that states users must change their passwords
every 14 days. Ensure all enterprise-wide administrators are placed into the Enterprise Admins group in
the forest root domain. Create two child domains specifying the appropriate password policy in each
domain. B. Create a single forest with two domains. In the forest root domain set a domain-wide
password policy that states users must change their passwords every 14 days. Place all administrative
users into the Enterprise Admins group in this domain, including those specified as Domain Admins. In
the child domain, create a domain-wide password policy with the appropriate attributes and ensure only
non- administrative users log on as users from this domain. C. Create a single-domain forest. Place all
enterprise-wide users into the Enterprise Admins group, all domain administrators into the Domain
Admins group, and all other users into the Users group. Create three password security objects (PSOs)
with the appropriate attribute values set and deploy them to the appropriate security groups. D. Create
a single-domain forest. Create three organizational units (OU), one for enterprise-wide administrators,
one for domain administrators, and one for the rest of your users. Place all enterprise-wide users into
the Enterprise Admins OU, all domain administrators into the Domain Admins OU, and all other users
into the Users OU. Create three password security objects (PSOs) with the appropriate attribute values
set and link them to the appropriate OU. Answer: C Question:6 You are an enterprise administrator for
Hi-Tech Company. The corporate network of the company consists of an Active Directory domain that
runs at the functional level of Windows Server 2008. An organizational unit (OU) called OUUsers is
configured in the domain and hold all user accounts. The company has two departments Sales and
Development that are headed by their respective department managers. Both the departments have
their respective global security groups that contain all the users of the departments. As an enterprise
administrator of the company, you have been assigned the task to ensure that the department
managers must be allowed to manage the user accounts of only their departments. You also need to
ensure that the users of both Sales and Development departments must change their passwords after
the interval of 30 days and 45 days respectively. Which of the following options would you choose to
accomplish the desired goal by using the minimum amount of administrative effort? (Select three. Each
selected option will form a part of the answer.) For Latest 70-647 Exam Questions and study guidesvisit- http://www.testkingprep.com/70-647.html
A. Create a new OU for each department. B. Create a child domain for each department. C. Delegate
administration of the OUUsers OU to the department manager of each department. D. Delegate
administration to the department manager of each OU. E. Delegate administration to the department
manager of each domain. F. Create a new Group Policy object. G. Create a new password policy for each
global security group. H. Create a new password policy for each domain. I. Configure the password
policy for the new GPO and link it to the OUs. Answer: A, D, G Question:7 You are the Group Policy
administrator for your domain and have been tasked with creating a policy that will apply to all of the
computers in your domain, except for those computers in the Accounting OU, and including the
computers in the Computers container. The computers in the Accounting OU should still receive all of
the settings from the Default Domain Policy. How can you design your Group Policy infrastructure to
allow the GPO to apply to all computers except for those in the Accounting OU while allowing the
settings from the Default Domain Policy to apply to the specified computers? A. Link the new GPO to
each of the OUs except for the Accounting OU. On the Default Domain Policy, select Enforced. B. Link
the new GPO to the Accounting OU. On the Accounting OU, select Block Inheritance. On the Default
Domain Policy, select Enforced. C. Link the new GPO to the domain. On the Accounting OU, select Block
Inheritance. On the Default Domain Policy, ensure Authenticated Users have Read and Apply group
policy permissions. D. Link the new GPO to the domain. On the Accounting OU, select Block Inheritance.
On the Default Domain Policy, select Enforced. Answer: D Question:8 You are in the process of planning
the deployment of WSUS at a university. The university is contains five colleges, each of which has its
own separate IT staff and Active Directory forest. The university has a single connection to the Internet
through which all traffic passes and wants to minimize the amount of data downloaded from the
Microsoft Update servers, but each college's IT staff should have responsibility to approve updates.
Which of the following WSUS deployment plans should you use? A. Configure one upstream server.
Configure a downstream replica server for each college. B. Configure a WSUS server in each college.
Configure client computers to retrieve approvals from the WSUS server and updates from Microsoft
Update. C. Configure one upstream server. Configure a WSUS server in each college to use autonomous
mode but to retrieve updates from the upstream server. D. Configure an autonomous server in each
college to retrieve updates from Microsoft Update. Answer: C Question:9 You are a network
administrator for Hi-Tech Company. The company recently opened a branch office. The corporate
network of the company consists of a single Active Directory domain. The single domain controller of
the corporate network of the company runs Windows Server 2008. An organizational unit (OU) that
contains all the computer accounts for the new branch office and Microsoft Windows Server Update
Services (WSUS) 3.0 to deploy all approved updates to the environment has already been configured in
the domain. Besides this, the head office contains a server that is used to test and approve all new
software updates. As a network administrator of the company, you have been assigned the task to
ensure that only the minimum amount of bandwidth is used to download updates from Microsoft
Update updates in the branch office and only the approved updates by the head office are allowed to be
installed in the new branch office. How would you install WSUS 3.0 server in the Hi-Tech For Latest 70647 Exam Questions and study guides- visit- http://www.testkingprep.com/70-647.html
Company domain so that a Group Policy can be Configured for the OU and all computers receive can
receive updates from the new WSUS server? A. Install a WSUS 3.0 server as a replica server in the head
office. B. Install a WSUS 3.0 server as a stand-alone server in new branch office. C. Install a WSUS 3.0
server as a replica server in the new branch office. D. Install and configure a WSUS 3.0 server as a standalone server in the head office. Answer: C Question:10 You are an enterprise administrator for Hi-Tech
Company. The corporate network of Hi-Tech Company consists of two Active Directory forests named
Hi-Tech.com and Hi-Tech Company.com that run at the functional level of Windows Server 2008. The
trust relationship exists between both the forests. All the servers in both the forests run Windows Server
2008. An application server called server1.Hi-Tech.com is configured in TechMasters.com forest. The
server hosts an application that is accessed by the users of a global group called Hi-Tech Company Sales
in the Hi-Tech.com forest. At your normal security check, you discovered that not only the users of the
Hi-Tech Company Sales log into the servers in Hi- Tech.com domain but the users from other groups can
also log on to servers in the Hi-Tech.com domain. To remove this security lapse, you decided to
implement an authentication solution that would ensure that only the users in the Hi-Tech Company
Sales global group are allowed to access server1.Hi-Tech.com. However, the users of this group should
not be allowed to access any other server in the Hi-Tech.com forest. You also decided to make sure that
the users in the Hi-Tech.com domain must be able to access only resources in the Hi-Tech.com forest.
Which of the following options would you choose to accomplish this task? (Select all that apply. Each
selected option will form a part of the answer) A. Configure an external trust between the Hi-Tech.com
domain and the Hi-Tech.com domain. B. On the server1.Hi-Tech.com computer object, grant the
Allowed to Authenticate permission to the Hi-Tech Company Sales global group. C. In the local security
policy of server1.Hi-Tech.com, assign the Access this computer from the network option to the Hi-Tech
Company Sales global group. D. Set the authentication scope of the existing forest trust in the HiTech.com domain to Allow authentication only for selected resources in the local domain. Answer: B, C,
D Question:11 You are assessing the design of an Active Directory infrastructure for a company that has
several business units. For legal reasons, these business units must remain separate entities each
managing its own Active Directory infrastructure. What would be the best design for this company,
keeping their requirements in mind when creating the design? A. Create a single-domain forest, and
place each business unit into its own organizational unit (OU). B. Create a single forest, and place each
business unit into its own tree. C. Create a single forest and place each business unit into its own
domain. D. Create a separate forest for each business unit. Answer: D Question:12 You are an enterprise
administrator for Hi-Tech Company. The company has a head office and 10 branch offices. The
corporate network of Hi-Tech Company consists of an Active Directory domain. All the domain
controllers run Windows Server 2008 and are located in the main office. You have recently deployed
Windows Server 2008 domain controller in each branch office. You are concerned about the security of
the domain controllers in each branch office. Which of the following options would you enable to
configure domain controller of each branch office to ensure that any unauthorized user should not be
allowed to access user passwords either locally or over the network or when the server is running? A.
IPsec policy. B. Windows Firewall. C. Read-only domain controller (RODC) D. Windows BitLocker Drive
Encryption (BitLocker). For Latest 70-647 Exam Questions and study guides- visithttp://www.testkingprep.com/70-647.html
Answer: C Question:13 You are an enterprise administrator for Hi-Tech Company. The company has a
head office and two branch offices, each which is configured as an Active Directory site. The corporate
network of the company consists of an Active Directory domain that runs at the functional level of
Windows Server 2008. All the domain controllers in the domain run Windows Server 2008. The company
has five departments. You have recently used domain-level Group Policy object (GPO) to install
Microsoft Office on all client computers in the domain. You now want to use the same technique to
install a custom application in one of the departments. Besides this you want to restrict access to
removable storage devices for all users and implement separate IE proxy settings for each physical
location while maintaining all settings applied by the existing GPOs. Which of the following options
would you choose to accomplish the desired goal? A. Create a new group for each department, a new
GPO for each site, and a new GPO for the domain and use the GPO created for the domain to install the
custom application. B. Create a new organizational unit (OU) for each department, a new GPO for each
site, a new GPO for the domain, and a GPO for one department OU and use the GPO for the department
OU to install the application. C. Create a new organizational unit (OU) for each department, a single GPO
for all the sites, a new GPO for the domain, and one GPO for each department OU and use the
department GPOs to install the custom application. D. Create a new child domain for each department,
a new GPO for each site, a new GPO for each new child domain and then create a single GPO for all the
new child domains and use that GPO to install the custom application. Answer: B Question:14 As the
network administrator of a large corporate enterprise, it is your responsibility to ensure that all of the
machines on your network are running the most current set of approved patches and updates. It is also
important you are aware of any operating system security holes that have been introduced by some of
your traveling power users who take their laptops with them as they go to client sites. What steps
should you take to validate that workstations are in line with company policy? A. Run the Microsoft
Baseline Security Analyzer against the domain on a regular basis to poll the workstations. B. Implement
WSUS to push patches to the workstations. C. Configure the lockdown settings outlined in the Windows
Server 2008 Security Guide. D. Require that every machine be attached to the domain to log on. E. Turn
on security auditing on the local machines. Answer: A Question:15 You are an enterprise administrator
for Hi-Tech Company. The corporate network of the company consists of an Active Directory domain
that runs at the functional level of Windows Server 2008. The company has 30 domain controllers and
20 administrators to manage the domain users and their accounts. You have been assigned the task to
implement an audit and compliance policy and ensure that all changes made to Active Directory objects
are recorded. Which of the following options would you choose to accomplish this task? A. Run the
Security Configuration Wizard (SCW) on all domain controllers of the Hi-Tech Company network. B.
Configure a Directory Services Auditing policy in the Default Domain Controller Policy. C. Configure and
implement a file-level audit policy for the SYSVOL volume in the Default Domain Controller Policy. D.
Create and link a GPO to the Domain Controllers OU. Configure the GPO to install the Microsoft Baseline
Security Analyzer (MBSA). For Latest 70-647 Exam Questions and study guides- visithttp://www.testkingprep.com/70-647.html
Answer: B Question:16 You have been hired to assess the installation of a Windows Server 2008 forest
for a large company. The company will have nine business units, each using their own IT staff. For
security and regulatory reasons, one of these business units must remain separate from the rest of the
company. The other eight business units will need to have the ability to make their shared resources
available to each other, in the need that a user from one business unit needs access to resources from
another business unit. The other eight business units would also like to share a common global catalog
(GC) database. Domain controllers from each business unit should not replicate user information to
domain controllers outside of the business unit. How should you design Active Directory to meet the
needs of this organization, with the least amount of administrative effort? A. Create two forests. In one
forest place the eight business units, each in their own domain. In the other forest place the other
business unit. As the resource access needs arise, create Domain Local groups in the appropriate domain
for giving permissions to the resources. B. Create nine forests. For the eight business units that would
like to allow access to each other's users to their resources, set up cross forest trusts. Set up connection
objects in Active Directory Sites and Services to allow the GC in each forest to replicate with each other.
C. Create one forest. For the business unit that would like to remain separate, create its own tree. Place
the other eight business units in the same tree of the forest. D. Create two forests. In one forest place
the eight business units, each into their own Organizational Unit (OU). Place all user, computer and
domain controller objects into the appropriate OU. In the other forest, place the other business unit.
Answer: A Question:17 You are an enterprise administrator for Hi-Tech Company. The company has a
head office and 4 zonal offices for East, West, North, and South zones. For each zone separate Active
Directory domains are configured. The North domain is the forest root domain. All the domain
controllers in the domain run Windows Server 2008. Each domain has a local domain group and a global
domain group. The local domain group contains all the local users of a domain and global domain group
contains all managers of a domain. On Hi-Tech Company Server1 in East domain an application called
App1 is installed that is used by the department managers of the East domain. The users of the local
domain group of East domain called EastGroup also have access the application. All global groups are
added to EastGroup. As an enterprise administrator of the company, which of the following options
would you choose to ensure that any unauthorized member added to EastGroup is automatically
removed? A. Deny the Modify permission for the EastGroup domain local group. B. Create and configure
the GPO to restrict group membership to the EastGroup group and link the GPO to the East domain. C.
Create and configure the GPO to restrict group membership to the global domain group and link the
GPO to the North domain. D. Create and configure the GPO to restrict group membership to the global
domain group and link the GPO to the North, South, and West domains. Answer: B Question:18 You
have upgraded the forest root domain so that it now has Windows Server 2008 DCs. You now plan to
upgrade a child domain in the same forest. Assuming that no DC in the forest hosts more than one
FSMO role, on which DC in the child domain should you run the adprep /domainprep /gpprep
command? A. DC hosting the PDC emulator role. B. DC hosting the schema master role. C. DC hosting
the RID master role. D. DC hosting the infrastructure master role. For Latest 70-647 Exam Questions and
study guides- visit- http://www.testkingprep.com/70-647.html
E. DC hosting the domain naming master role. Answer: D Question:19 You are an enterprise
administrator for Hi-Tech Company. The corporate network of Hi-Tech Company consists of an Active
Directory domain. All domain controllers the domain run Windows Server 2003. Hi- Tech Company has
recently closed one of its branch offices and merged it with the head office. You have been assigned the
task to provide user accounts for the employees of the branch closed and merged. Your solution must
support multiple account lockout policies. Which of the following options would you choose to
accomplish this task? A. Use Authorization Manager. B. Use Active Directory Federation Services (AD FS).
C. Upgrade one domain controller to Windows Server 2008. D. Upgrade all domain controllers to
Windows Server 2008. E. Raise the functional level of the domain to Windows Server 2003. F. Raise the
functional level of the domain to Windows Server 2008. Answer: D, F Question:20 How can you ensure
that replication will successfully occur to a site with only one Windows Server 2008 RODC domain
controller? A. Place a Windows Server 2008 full (writable) DC in the site nearest to the RODC. B. Place a
Windows Server 2008 RODC in the site nearest to the RODC. C. Make the site link cost to the adjacent
site higher than all other costs on site links. D. Construct a site link bridge. Answer: A Question:21 You
are an enterprise administrator for Hi-Tech Company. The company has a head office and a branch
office. The corporate network of Hi-Tech Company consists of an Active Directory domain. All domain
controllers the domain run Windows Server 2008. As an enterprise administrator of the company, you
have been assigned the task to install a new server as a read-only domain controller (RODC) in the
branch office and complete the RODC installation. You also need to ensure that the users of branch
office must only be a member of the Domain Users security group. Which of the following options would
you choose to accomplish this task? A. Create an installation media by using ntdsutil to install the new
server as RODC. B. Install the new server as RODC and join the new server to the domain. C. Pre-create a
read-only domain controller (RODC) account for the branch office server. D. Create an organizational
unit (OU) for the branch office and then delegate the full control of the OU to the branch office user.
Answer: C Question:22 Does SYSVOL replication work on an RODC? Click here to input the answer.
Answer & Explanation Correct Answer SYSVOL replication on an RODC is no different than on normal
DCs. It uses FRS and DFS-R to replicate. Explanations No more information available Answer: Pending
Question:23 Your company is implementing Read-only Domain Controllers. You install a Windows Server
2008 domain controller in your domain to support installation of RODCs. Which FSMO role should you
assign to this domain controller? A. RID master B. Infrastructure master For Latest 70-647 Exam
Questions and study guides- visit- http://www.testkingprep.com/70-647.html
C. Schema master D. PDC emulator E. Domain naming master Answer: D Question:24 You are an
enterprise administrator for Hi-Tech Company. The corporate network of Hi-Tech Company consists of a
single Active Directory forest called Hi-Tech.com that contains two domains. All the domain controllers
of the forest run Windows Server 2003 and all the file servers run Windows Server 2003 R2 and DFS
Replication. You have recently created a new domain called corp.Hi-Tech.com by installing a new
domain controller that runs Windows Server 2008. You also prepared the forest schema for the
installation of domain controllers that run Windows Server 2008 accomplish this task. You have now
been asked to implement an Active Directory solution that allows DFS Replication support for SYSVOL on
corp.Hi-Tech.com. You also need to allow the installation of new domain controllers that run Windows
Server 2003 in the forest root domain. Which of the following options would you choose to implement
the solution? Select all that apply. A. Upgrade all file servers to Windows Server 2008. B. Run adprep
/domainprep /gpprep on the corp.Hi-Tech.com domain. C. Run adprep /domainprep on the Hi-Tech.com
domain. D. Upgrade all Windows Server 2003 domain controllers to Windows Server 2008. E. Raise the
functional level of the forest to Windows Server 2008. F. Upgrade the Windows Server 2003 domain
controllers in corp.Hi-Tech.com to Windows Server 2008. G. Raise the functional level of corp.HiTech.com domain to Windows Server 2008. Answer: F, G For Latest 70-647 Exam Questions and study
guides- visit- http://www.testkingprep.com/70-647.html
Question:1 You are planning the deployment of Terminal Services licensing for your organization's
Australian subsidiary. Your organization has two offices, one located in Brisbane and one located in
Adelaide. A data center in Hobart hosts infrastructure servers. Both the Brisbane and Adelaide offices
have their own Terminal Services farms. The offices are connected by a high-speed WAN link. Each office
has its own AD DS domain, and both are a part of the same forest. The forest root domain is located in
the Hobart data center and does not contain standard user or computer accounts. For operational
reasons, you want to ensure that CALs purchased and installed at each location are allocated to devices
at that location only. Which of the following license server deployment plans should you implement? A.
Deploy a license server to each location, and set the discovery scope of each license server to Domain. B.
Deploy a license server to each location, and set the discovery scope of each license server to Forest. C.
Deploy a license server to the Hobart data center, and set the discovery scope of the license server to
Forest. D. Deploy a license server to the Hobart data center, and set the discovery scope of the license
server to Domain. Answer: A Question:2 You are an enterprise administrator for Hi-Tech Company. The
corporate network of Hi-Tech Company consists of a single Active Directory forest. All servers in the
forest run Windows Server 2008 and all client computers run Windows Vista. The network contains two
Windows Server 2008 servers having hardware installed as follows: 1 Server1-Consists of 4 processor
cores and 4 GB RAM. 2 Server2 - Consists of 8 processor cores and 16 GB RAM. The company had many
remote clients that use the Remote Desktop client to connect to Server1 and Server2 As an enterprise
administrator of the company, you have been assigned the task to control the distribution of user
requests made to Server1 and Server2 in such a way that the administrators would be able to distribute
the traffic based on the server hardware. Which of the following options would you choose to
accomplish this task? A. Use DNS round-robin for the distribution of user requests and set the
DoNotRoundRobinTypes registry entry to ptr srv ns. B. Add the failover clustering feature on the
network by configuring Server1 as a passive node and Server2 as an active node. C. Implement Network
Load Balancing on the network by configuring Priority to 1 for Server2 and Priority to 2 for Server1 in
Host Parameters. D. Use TS Session Broker Load Balancing and assign a weight value of 100 to Server1
and a weight value of 200 to Server2. Answer: D Question:3 You are an administrator of a corporate
network and would like to configure a reliable and consistent environment for a training lab that will be
based on thin-client workstations rather than complete workstations. Because you will be doing
different kinds of training in the lab, it is important that these thin clients are able to easily adapt to the
changing needs of the trainers. What kind of Terminal Services implementation would give the training
staff the most flexibility when using this lab? A. Deploy a number of RemoteApp programs to match the
training needs. B. Enable Remote Desktop for Administration. C. Configure Terminal Services Web
Access. D. Configure Terminal Services with Vista Desktop. Answer: D Question:4 You are an enterprise
administrator for Hi-Tech Company. The corporate network of Hi-Tech Company consists of a single
Active Directory domain. All the servers in the domain run Windows Server 2008 and all client
computers run Windows Vista. The network contains three Windows Server 2008 servers configured as
follows: 1 Server1- Configured with Active Directory Domain Services (AD DS). 2 Server2 - Configured
with Terminal Services. 3 Server3 - Configured with Internet Information Services (IIS) The company has
certain remote users that need to connect to the corporate network through Internet using VPN
connections. You have been assigned the task to enable remote users to run TS RemoteApp applications
on Server2. Which of the following options would you choose to prepare the environment to provide
users access to the applications and provide a custom Web page that contains shortcuts to authorized
applications for each user. A. Install the Web Server (IIS) server role on Server2. For Latest 70-647 Exam
Questions and study guides- visit- http://www.certsking.com/70-647.html
B. Install the Terminal Services server role on Server2 that has TS Gateway role service. C. Install the
Terminal Services server role on Server3 that has the TS Web Access role service. D. Install the Terminal
Services server role on Server2 and Server3 that has the TS Session Broker role service. Answer: C
Question:5 Your company is planning to deploy a sales management system and would like to make this
available to its traveling sales force as they move from client to client. You are planning to implement
Terminal Services Client Access Licenses (TS CALs) in per-device mode. What is the downside of this
choice? A. The sales force will not be able to access the terminal server remotely. B. Traveling agents will
only be able to connect from corporate laptops. C. The number of licenses purchased will have to match
the number of remote sales agents. D. You will not be able to load-balance connections through the TS
Broker Service. Answer: B, C Question:6 You are an enterprise administrator for Hi-Tech Company. The
company has three departments, Sales, Marketing, and Development. The corporate network of Hi-Tech
Company consists of a single Windows Server 2008 Active Directory domain. Some employees in the
Development department are allowed to work from home because of their inability to come to the
office for some reasons. These employees usually need to access the applications installed on the
internal network computers and the file servers on the corporate network. As an enterprise
administrator of the company, you have been assigned the task to provide a secure remote access
solution for the development department employees keeping in mind the company's security policy.
According to the security policy of the company, the remote computers can only connect to the
corporate network by using SSL. Besides this all the remote computers that connect to the network
must have an up-to-date antivirus application and all available security updates installed on them.
Which of the following types of remote connection solution would you select to accomplish this task? A.
Configure a PPTP VPN connection. B. Configure a L2TP VPN connection. C. Configure a TS connection
that uses TS Gateway. D. Configure a TS connection that uses TS Web Access. Answer: C Question:7 Your
terminal servers have suddenly stopped providing terminal connections to non-administrator clients
trying to open terminal connections. What is the first thing you should check? A. Check to be sure that
the Terminal Services Licensing Service is running. B. Ensure that the terminal server is running. C.
Restart the TS Broker Service. D. Restart IIS to reset TS Web Access. Answer: A Question:8 You are
putting the finishing touches on a plan to migrate several branch offices to Windows Server 2008. Each
branch office currently has an old UNIX-based computer that hosts several POSIX-compliant
applications. You want to minimize the amount of hardware present at each branch office. Which of the
following items should you include in your Windows Server 2008 branch office migration plan? (Choose
two. Each answer forms part of the solution.) A. Deploy the Terminal Services role. B. Deploy the HyperV role. C. Deploy the Subsystem for UNIX-based Applications feature. D. Deploy the Active Directory
Federation Services role. E. Migrate the applications from the UNIX computer to Windows Server 2008.
Answer: C, E Question:9 You are an enterprise administrator for Hi-Tech Company. The corporate
network of Hi-Tech Company consists of a single Active Directory forest that is made up of a single root
domain and 15 child domains. The Administrators of the child domains need to frequently modify the
records for authoritative DNS servers for the child domain DNS zones. The administrators take a long
time in modifying these records. As an enterprise administrator of the company, you have been assigned
the task to implement a solution that would minimize the effort required to maintain name resolution
on the network. Which of the following options would you choose to accomplish this task? For Latest
70-647 Exam Questions and study guides- visit- http://www.certsking.com/70-647.html
A. Create stub zones for the root domain zone on the child domain DNS servers. B. Configure conditional
forwarders for the parent domain on the child domain DNS servers. C. Create stub zones for the child
domain zones on the root domain DNS servers. D. Configure delegation subdomain records for the child
domains on the root domain DNS servers. Answer: C Question:10 You have been asked to help design
the Active Directory infrastructure for a large organization. One department in this company will be
installing an application that will make several modifications to the Active Directory schema. The rest of
the company must not see those schema modifications. However, there will be some resources that will
be shared by all departments. What is the best way to design this company so that only the department
using the application can see the schema modifications? A. Create a single forest with two trees. In the
first tree, place all of the departments that do not need this specialized application into their own
domains. In the second tree, place the department that uses this specialized application into its own
domain. Transfer the schema master to the domain controller in the second tree and make the
modifications to the schema. B. Create a single forest with two trees. In first tree, place the one
department that needs the application. Modify the schema on the schema master. Then create the
other tree and add the rest of the departments to the domain in the second tree. C. Create two forests
each with a single domain. In the first forest add the department that uses the specialized application
and modify the schema. In the second forest place the rest of the departments. Create a cross-forest
trust between the two forests. D. Create two forests each with a single domain. In the first forest add
the department that uses the specialized application and modify the schema. In the second forest place
the rest of the departments. Ensure Bridge all site links has been enabled for both forests. Answer: C
Question:11 You are an enterprise administrator for Hi-Tech Company. The corporate network of HiTech Company consists of a single Active Directory forest named Hi-Tech.com that runs at the functional
level of Windows Server 2008. All the domain controllers on the network run Windows Server 2008. The
forest contains 2 domains called Hi-Tech.com and company1. Hi-Tech.com. Both the domains run at the
functional level of Windows Server 2008. The Hi-Tech.com contains a server that runs Active Directory
Federation Services (AD FS). The partner company of Hi-Tech Company called TechMasters Inc consists
of an Active Directory forest named TechMasters.com that runs at the functional level of Windows
Server 2003. The forest contains 2 domains called Hi-Tech Company.com that run at the functional level
of Windows Server 2003 and company2.TechMasters.com that run at the functional level of Windows
Server 2008. The TechMasters.com contains a server that runs Active Directory Federation Services (AD
FS). Users in the company1. Hi- Tech.com domain usually need to access resources on an application
server in the company2.TechMasters.com domain. The application server in the company1.Hi-Tech.com
domain allows only Kerberos authentication. Which of the following options would you choose to
prepare an environment that ensures that the users in the company1.Hi-Tech Company.com domain can
access the application server in the company2.TechMasters.com domain? A. Create a forest trust
between the Hi-Tech.com and Hi-Tech Company.com forests. B. Create an external trust between the
Hi-Tech.com and Hi-Tech Company.com domains. C. Create an AD FS federation trusts between the Hi-
Tech.com and Hi-Tech Company.com forests. D. Create an external trust between the company1.HiTech.com and company2.Hi-Tech Company.com domains. Answer: A Question:12 You are planning the
deployment of Terminal Services license servers, using the Domain scope for each of the domains in
your organization's Active Directory forest. Which of the following steps do you need to take prior to
installing Per User TS CALs on a TS license server? A. Set the forest functional level to Windows Server
2008. B. Set the domain functional level of each domain in the forest to Windows Server 2008. C.
Activate the license server. D. Install Internet Information Services (IIS). Answer: C Question:13 You are
an enterprise administrator for Hi-Tech Company. The corporate network of Hi-Tech Company consists
of a For Latest 70-647 Exam Questions and study guides- visit- http://www.certsking.com/70-647.html
single Active Directory forest named Hi-Tech.com that runs at the functional level of Windows Server
2003. All the domain controllers on the network run Windows Server 2008. The forest contains 2
domains called Hi-Tech.com and company1.Hi-Tech.com The partner company of Hi-Tech Company
called TechMasters Inc consists of an Active Directory forest named TechMasters.com that runs at the
functional level of Windows Server 2000. The forest contains 2 domains called Hi-Tech.com and
company2.Hi-Tech.com Which of the following options would you choose to allow all the users to access
resources in all the domains from both the forests without putting too much of administrative effort. A.
Set the functional level of the Hi-Tech.com forest to Windows Server 2008. B. Set the functional level of
the Hi-Tech Company.com forest to Windows Server 2003. C. Set the domain functional level of Hi-Tech
Company.com to Windows Server 2008 after upgrading all the domain controllers in the Hi-Tech
Company.com domain to Windows Server 2008. D. Set the functional level of the Hi-Tech Company.com
forest to Windows Server 2008 after upgrading all domain controllers in the Hi-Tech Company.com and
company2.Hi-Tech.com domains to Windows Server 2008. Answer: B Question:14 You are an enterprise
administrator for Hi-Tech Company. The corporate network of Hi-Tech Company consists of a single
Active Directory domain. All domain controllers run Windows Server 2003. As an enterprise
administrator of the company, you have been assigned the task to create an Active Directory forest and
domain functional levels to support Read-only domain controllers (RODC) and Windows Server 2003
domain controllers Which of the functional levels should you use to accomplish this task? A. Forest
functional level of Windows 2000 and the domain functional level of Windows Server 2003. B. Both
forest and domain functional levels of Windows Server 2003. C. Forest functional level of Windows
Server 2003 and the domain functional level of Windows Server 2008. D. Both forest and domain
functional levels of Windows Server 2008. Answer: B Question:15 You are a network administrator for
Hi-Tech Company. The corporate network of the company consists of a single Active Directory domain.
All the domain controllers of the corporate network of the company run Windows Server 2008. The
relative identifier (RID) operations master role for the domain fails and cannot be restored. You need to
restore the RID master role on the network. Which of the following options would you choose to
accomplish this task? A. Run netdom query /d: Hi-Tech.com fsmo. B. Seize the RID operations master
role from another domain controller. C. Force replication between all domain controllers. Run the Server
Manager. D. Force replication between all domain controllers. Run the File Server Resource Manager
(FSRM). Answer: B Question:16 The organization that you work for wants your assistance in planning
the deployment of a solution that will ensure that new-employee data entered in the human resource
Oracle 9i database is synchronized with your organization??s Windows Server 2008 AD DS and Exchange
Server 2007 deployments. Which of the following solutions would you consider deploying to meet this
need? A. AD FS B. Microsoft Identity Lifecycle Manager 2007 Feature Pack 1 C. Server for NIS D. Services
for NFS Answer: B Question:17 Steve is an IT administrator who recently joined an electronics
manufacturing company. His company has decided to use computer names of 16 characters. One day, a
user complains that she is not able to reach a Windows 2008 server named memberserver120 A. While
troubleshooting, Steve notices there are two names for the Windows 2008 Server in computer
properties, a 16-character name, memberserver120A, and a 15-character name, emberserver120. What
is this 15-character computer name? A. This is a native computer name. B. This is a NetBIOS name. C.
This is fully qualified domain name. D. This is a secondary host name. Answer: B For Latest 70-647 Exam
Questions and study guides- visit- http://www.certsking.com/70-647.html
Question:18 You are an enterprise administrator for Hi-Tech Company. The company has a head office
in San Diego and a branch office in New York. The corporate network of Hi-Tech Company consists of an
Active Directory forest having two domains, Hi-Tech.com and Branch.Hi-Tech.com for the head office
and the branch office respectively. All the servers on the corporate network run Windows Server 2008
and both the offices hold their respective domain controllers on their physical office locations. The two
domain controllers at Hi-Tech.com are called Server1 and Server2 and the two domain controllers at
Branch. Hi-Tech.com are called Server3 and Server4. All domain controllers host Active Directoryintegrated DNS zones for their respective domains. As an enterprise administrator of the company, you
have been assigned the task to ensure that users from each office can resolve computer names for both
domains from a local DNS server. Which of the following options would you choose to accomplish this
task? A. Add the Hi-Tech.com and the Branch. Hi-Tech.com DNS zones to the ForestDNSZones partition.
B. Create a stub DNS zone for Hi-Tech.com on Server3 and a stub DNS zone for Branch.Hi-Tech.com on
Server1. C. Create a standard primary DNS zone named Hi-Tech.com on Server3 and a standard primary
DNS zone named Branch.Hi-Tech.com on Server1. D. Configure conditional forwarders on Server1 to
point to Server3 conditional forwarders on Server3 to point to Server1. Answer: A Question:19 Your
company is operating a Windows Server 2008 Active Directory. The Forest is operating at Windows
Server 2008 functionality level. Your boss tells you to install an additional Windows Server 2003 domain
controller into the domain because of some application compatibility issues. When you try to install the
new domain controller, you fail. What could be the reason for your failure? A. You didn't use the /adv
switch when running DCPROMO. B. You cannot add Windows Server 2003 domain controllers to a forest
that is operating at Windows Server 2008 functionality mode. C. Your Windows Server 2003 domain
controller is not running Service Pack 2. D. You didn't enable the Windows Server 2003 compatibility flag
on the domain where you try to install the new domain controller. Answer: B Question:20 Steve is a
Windows administrator of a small printing company. The company has a Windows 2008 domain
Qprint.net and his company recently purchased Microsoft Exchange Server 2007. He has installed the
Exchange server, mailsrv, but he can't receive any e-mails. What must Steve do to ensure that e-mails
are received to his Exchange Server? A. Update the PTR record on the ISP DNS for Exchange. B. Create
the MX record on the ISP DNS for Exchange. C. Update a record on the ISP DNS for Exchange. D. Create
an SRV record for Exchange Server. Answer: B Question:21 You are an enterprise administrator for HiTech Company. The company has a head office and 50 branch offices. 25 branch offices exist in New
York and 25 branch offices exist in England. An Active Directory site exists for each office. The corporate
network of the company consists of an Active Directory domain that runs at the functional level of
Windows Server 2008. All the domain controllers in the domain run Windows Server 2008. You have
recently deployed an application called App1 using a domain-level Group Policy object (GPO) on all
client computers. You now need to deploy shared printers based on computer location and maintain all
settings applied by the existing GPOs. Which of the following options would you choose to accomplish
this task? A. Create a GPO for each office. Link the GPOs to their respective office sites and then deploy
the printers through GPOs. B. Create a GPO for the domain. Link the GPO to the domain and then deploy
the printers through GPO. C. Create two new organizational units (OU), one for New York offices and
other for England offices. Create two GPO, link them to the OUs and then deploy the printers. D. Install a
child domain for England and a child domain for New York. Create two GPO, link them to the OUs and
then deploy the printers. Answer: A Question:22 I have been working with Windows Server systems
since Windows NT 4.0. I have been using Active Directory since For Latest 70-647 Exam Questions and
study guides- visit- http://www.certsking.com/70-647.html
Windows 2000 and currently use Windows Server 2003 Active Directory. Why do I still have to plan?
Click here to input the answer. Answer & Explanation Correct Answer There have been many changes
since the days of NT 4.0, that's for sure! And you have been keeping up with the changes. But you still
need to plan whether you are going to do an in-place upgrade or a clean installation of Windows Server
2008. You need to be prepared for the RODC and AD RMS, if you decide to use them. Planning will help
you make those decisions. Explanations No more information available Answer: Pending Question:23
You are an enterprise administrator for Hi-Tech Company. The corporate network of the company
consists of a single Active Directory domain. All the domain controllers on the domain run Windows
Server 2008. The company hosts an intranet site that contains confidential documents. To protect the
confidential documents on the intranet site from unauthenticated access, you decided to implement an
identity and access management policy. You decided to place a time limit on access to documents and
the documents that are sent outside the organization and record each time a document is accessed.
Which of the following options would you install and configure on the domain controller to accomplish
this task? A. Active Directory Federation Services (AD FS). B. Active Directory Rights Management
Services (AD RMS). C. Use NTFS file system and Encrypting File System (EFS). D. Use NTFS file system and
Windows BitLocker Drive Encryption. Answer: B Question:24 You are planning a two-way forest trust
between the Contoso and Fabrikam organizations. You want to ensure that only authorized users from
each trusted forest have access to resources in the trusting forest. Many resources are available to
authenticated users in each forest. These resources should not be available to users in the trusted forest
unless explicitly allowed. Which of the following plans should you make? A. Implement selective
authentication. B. Implement SID filtering. C. Implement user principal name (UPN) suffix routing. D.
Implement forest-wide authentication. Answer: A Question:25 You are an enterprise administrator for
Hi-Tech Company. The company has a head office and a branch office. The corporate network of Hi-Tech
Company consists of an Active Directory domain called Hi-Tech.com and a Microsoft Exchange Server
2007 organization named Hi-Tech Company. The network users use email-id credentials to log into their
domain account. The company has recently decided to change its name from Hi-Tech Company to HiTech Company. As a result the domain name and the email addresses were modified to include the new
company name in the email addresses used by the network users. You have been assigned the task to
ensure that all the network users should be able to log on to their computers by using the new email id
credentials. You also need to ensure that the existing applications on the network do not get affected by
any changes you make to the network to accomplish this task. Which of the following options would you
choose to take a first step to accomplish this task? A. Rename the domain to Hi-Tech.com by using the
Active Directory domain Rename Tool. B. Create a new forward lookup zone called Hi-Tech.com by using
the DNS Management Console. C. Create an alternative user principal name (UPN) suffix of Hi-Tech.com.
D. In the Exchange Server 2007 organization, create a new accepted domain called Hi-Tech.com.
Answer: C Question:26 You have designed the Active Directory infrastructure for a company that has
two forests, each with four domains (as shown in Figure 3.16). You are doing an inventory of all of the
domain controllers and the operations master tokens they hold. How many of each should you expect to
find? For Latest 70-647 Exam Questions and study guides- visit- http://www.certsking.com/70-647.html
A. 2 Schema, 2 Domain Naming, 8 Infrastructure Master, 8 PDC Emulator, 8 RID Master. B. 8 Schema, 8
Domain Naming, 8 Infrastructure Master, 8 PDC Emulator, 8 RID Master. C. 2 Schema, 2 Domain Naming,
8 Infrastructure Master, 8 PDC Emulator, 8 RID Master. D. 8 Schema, 8 Domain Naming, 2 Infrastructure
Master, 2 PDC Emulator, 2 RID Master. Answer: A For Latest 70-647 Exam Questions and study guidesvisit- http://www.certsking.com/70-647.html
1. Your network consists of one Active Directory forest named contoso.com. The functional level of
the contoso.com forest is Windows Server 2008. The network contains seven servers that run
Internet Information Services (IIS) 7.0 and host Web services. Remote users from a partner
company access the Web services through HTTPS. The partner company has a separate Active
Directory forest named fabrikam.com. The functional level of the fabrikam.com forest is
Windows Server 2003. You need to recommend an authentication solution for the fabrikam.com
users. The solution must meet the following requirements: All communications between both
forests must use only HTTPS. Remote users must only authenticate once to access all Web
services. Users from fabrikam.com must access the Web services by using user accounts in the
fabrikam.com forest. What should you recommend? A. Implement Client Certificate Mapping
Authentication on the IIS servers. t ne B. Implement Microsoft Identity Lifecycle Manager (ILM)
2007 on the contoso.com forest. C. Implement a forest trust between the contoso.com and the
fabrikam.com forests. Configure the forest trust to use Selective Authentication. D. Implement
Active Directory Federation Services (AD FS) in the contoso.com forest. Create a s. federation
trust between the contoso.com forest and the fabrikam.com forest. Answer: D am Question: 2
Your network consists of one Active Directory domain named contoso.com. ex The domain
contains three Windows Server 2008 servers named Server1, Server2, and Server3. Server1 runs
Active Directory Certificate Services (AD CS) and is configured as an enterprise root certification
authority. Server2 hosts an internal Web site. Users currently connect to the Web al site by
using the URL https://server2.contoso.com. .re You plan to replicate the Web site from Server2
to Server3. You need to recommend a solution to enable users to connect to the Web site
through HTTPS on either Server2 or Server3 by using a single URL. The solution must meet the
following requirements: w Users must be able to use the https://www.contoso.com URL to
connect to the Web site. Incoming connections must be dynamically balanced between Server2
and Server3. w What should you recommend? w A. Add both servers to a Network Load
Balancing cluster. Export the Web server certificate on Server2 to Server3. B. Add both servers
to a failover cluster. Issue a Web server certificate for www.contoso.com. Install the certificate
on Server2. C. Add both servers to a Network Load Balancing cluster. Issue a Web server
certificate for www.contoso.com. Install the certificate on Server2 and Server3. D. Add both
servers to a failover cluster. Issue a Web server certificate for server2.contoso.com and install
the certificate on Server2. Issue a Web server certificate for server3.contoso.com and install the
certificate on Server3. Answer: C Question: 3 Your company has a main office and 10 branch
offices. Page 1 of 88
2. Exam Name: Pro:Windows Server 2008, Enterprise Administrator Exam Type: Microsoft Exam
Code: 70-647 Total Questions: 234 The network consists of one Active Directory domain. All
domain controllers run Windows Server 2008 and are located in the main office. You need to
plan the deployment of one Windows Server 2008 domain controller in each branch office. The
solution must meet the following requirements: Branch office domain controllers must be able
to log users on to the domain. Branch office domain controllers must be able to store the
passwords of only some domain users. Users must be able to download Group Policy objects
(GPOs) from the branch office domain controllers. What should your plan include? A. Install
Active Directory Lightweight Directory Services (AD LDS). B. Install Active Directory Domain
Services (AD DS) on a Server Core installation of Windows Server 2008. C. Install Active Directory
Domain Services (AD DS). Select the read-only domain controller (RODC) option during
installation. D. Install Active Directory Domain Services (AD DS). Create a new Password Settings
object (PSO). Link the PSO to user objects in the respective branch office. t ne Answer: C
Question: 4 s. Your company has a main office and 100 branch offices. The network consists of
one Active Directory domain that contains 10,000 users. You plan to deploy one Windows Server
2008 am domain controller in each branch office. You need to recommend a solution to
minimize network traffic during the installation of Active Directory Domain Services (AD DS) on
each branch office domain controller. What should you recommend? ex A. Install AD DS by using
the Install from Media feature. B. Install AD DS and configure the read-only domain controller
(RODC) option. C. Install a Server Core installation of Windows Server 2008, and then install AD
DS. al D. Disable the Global Catalog option on each branch office domain controller. Enable
Universal E. Group Membership Caching from each branch office site. .re Answer: A Question: 5
w Your network consists of one Active Directory domain that contains only domain controllers
that run Windows Server 2003. Your company acquires another company. You need to provide
user w accounts for the employees of the newly acquired company. The solution must support
multiple account lockout policies. What should you do? w A. Implement Authorization Manager.
B. Implement Active Directory Federation Services (AD FS). C. Upgrade one domain controller to
Windows Server 2008. Raise the functional level of the domain to Windows Server 2003. D.
Upgrade all domain controllers to Windows Server 2008. Raise the functional level of the
domain to Windows Server 2008. Answer: D Question: 6 Your company has a main office and a
branch office. Your network consists of one Active Directory domain. All domain controllers run
Windows Server 2008. You need to plan the installation of a new server as a read-only domain
controller (RODC) in the branch office. The plan must meet the following requirements: Page 2
of 88
3. Exam Name: Pro:Windows Server 2008, Enterprise Administrator Exam Type: Microsoft Exam
Code: 70-647 Total Questions: 234 A branch office user must complete the RODC installation.
The branch office user must only be a member of only the Domain Users security group. What
should you do first? A. Create an installation media by using ntdsutil. B. Instruct the user to join
the new server to the domain. C. Pre-create a read-only domain controller (RODC) account for
the branch office server. D. Create an organizational unit (OU) for the branch office. Delegate
full control of the OU to the branch office user. Answer: C Question: 7 Your network contains
one Active Directory forest that has a root domain and three child domains. All domain
controllers run Windows Server 2003 Service Pack 1 (SP1). Each domain has a different
password policy. t ne The domain is configured as shown in the exhibit. (Click the Exhibit
button.) You plan to reduce the number of domains in the forest. You need to plan the
restructuring of the forest to meet the following requirements: Maintain all existing password
policies. s. Maintain all existing user account attributes. What should you include in your plan?
am ex al .re w w w A. Upgrade all domains to Windows Server 2008. Redirect the users
container in the root domain by using the redirusr.exe tool, and then remove the child domains.
Enable fine-grained password policies. B. Upgrade all domains to Windows Server 2008 and
enable SID history. Move all user accounts from the child domains to the root domain by using
the movetree.exe tool, and then remove the child domains. Page 3 of 88
4. Exam Name: Pro:Windows Server 2008, Enterprise Administrator Exam Type: Microsoft Exam
Code: 70-647 Total Questions: 234 C. Upgrade the forest root domain to Windows Server 2008.
Use the Active Directory Migration Tool (ADMT) to migrate user accounts that contain SID
history from the child domains to the forest root domain. Remove the child domains. D.
Upgrade the forest root domain to Windows Server 2008. Use the Active Directory Migration
Tool (ADMT) to migrate user accounts from the child domains to the forest root domain, and
then remove the child domains. Enable fine-grained password policies. Answer: D Question: 8
Your company has a main office, three regional offices, and six branch offices. The network links
are configured as shown in the exhibit. (Click the Exhibit button.) The network consists of one
Active Directory domain. You create an Active Directory site for each office. You create a site link
for each wide area network (WAN) link. The Bridge all site links option is disabled. You need to
plan the deployment of domain controllers. The solution must meet the following t ne
requirements. Windows PowerShell must be installed on all domain controllers in each regional
office. Domain user account passwords stored on the domain controllers must be protected if a
branch office domain controller is stolen. s. What should you do? am ex al .re w w w A. In each
branch office and in each regional office, install a Server Core installation of Windows Server
2008 and configure a writable domain controller. B. In each branch office and in each regional
office, install a full installation of Windows Server 2008 and configure a read-only domain
controller (RODC). C. In each branch office, install a Server Core installation of Windows Server
2008 and configure a read-only domain controller (RODC). In each regional office, install a full
installation of Windows Server 2008 and configure a writable domain controller. D. In each
branch office, install a full installation of Windows Server 2008 and configure a read- only
domain controller (RODC). In each regional office, install a Server Core installation of Windows
Server 2008 and configure a writable domain controller. Answer: C Question: 9 Your company
has a main office and 10 branch offices. Page 4 of 88
5. Exam Name: Pro:Windows Server 2008, Enterprise Administrator Exam Type: Microsoft Exam
Code: 70-647 Total Questions: 234 The network consists of one Active Directory domain. All
domain controllers run Windows Server 2008 and are located in the main office. Each branch
office contains one member server. Branch office administrators in each branch office are
assigned the necessary rights to administer only their member servers. You deploy one readonly domain controller (RODC) in each branch office. You need to recommend a security
solution for the branch office Windows Server 2008 domain controllers. The solution must meet
the following requirements: Branch office administrators must be granted rights on their local
domain controller only. Branch office administrators must be able to administer the domain
controller in their branch office. This includes changing device drivers and running Windows
updates. What should you recommend? A. Add each branch office administrator to the
Administrators group of the domain. B. Add each branch office administrator to the local
Administrators group of their respective domain controller. t ne C. Grant each branch office
administrator Full Control permission on their domain controller computer object in Active
Directory. D. Move each branch office domain controller computer object to a new
organizational unit (OU). Grant each local administrator Full Control permission on the new OU.
s. Answer: B Question: 10 am Your company has four offices that are connected by using high
speed wide area network (WAN) links. Each office has a router that supports the Simple
Certificate Enrollment ex Protocol (SCEP). The network consists of one Active Directory domain.
All domain controllers run Windows Server 2008. You have a Certificate Services infrastructure.
The Certificate Services servers run Windows Server 2003 Standard Edition. You plan to enable
device authentication for al all routers. You need to recommend changes to the Certificate
Services infrastructure to support device .re authentication. Which changes should you
recommend? A. Install a new server that runs Windows Server 2008 Enterprise Edition. Enable
the Active Directory w B. Certificate Services (AD CS) role. C. Install a new server that runs
Windows Server 2008 Standard Edition. Install the Network w Protection and Access Services
(NPAS) role. D. Upgrade the existing Certificate Services servers to Windows Server 2008
Standard Edition. w Enable the Web enrollment component. E. Upgrade the existing Certificate
Services servers to Windows Server 2008 Enterprise Edition. Enable the Network Device
Enrollment service. Answer: D Question: 11 Your network consists of two Active Directory
forests. The Active Directory forests are configured as shown in the following table. The
contoso.com and fabrikam.com domains each contain one server that runs Active Directory
Federation Services (AD FS). Users in the company1.contoso.com domain require access to an
application server in the company2.fabrikam.com domain. The application server is configured
to allow only Kerberos authentication. You need to ensure that users in the
company1.contoso.com domain can access the application server in the
company2.fabrikam.com domain. Page 5 of 88
6. Exam Name: Pro:Windows Server 2008, Enterprise Administrator Exam Type: Microsoft Exam
Code: 70-647 Total Questions: 234 What should you do first? A. Create a forest trust between
the contoso.com forest and the fabrikam.com forest. t B. Create an external trust between the
contoso.com domain and the fabrikam.com domain. ne C. Create an AD FS federation trust
between the contoso.com forest and the fabrikam.com forest. D. Create an external trust
between the company1.contoso.com domain and the s. company2.fabrikam.com domain.
Answer: A am Question: 12 Your network consists of one Active Directory domain. All domain
controllers run Windows Server 2003. The functional level of the forest is Windows 2000. The
functional level of the domain is ex Windows 2000 mixed. You install a domain controller that
runs Windows Server 2008. You plan to deploy a read-only domain controller (RODC). You need
to modify the domain and forest functional levels to support the installation of the RODC. What
should you do? al A. Set the domain functional level to Windows 2003 and the forest functional
level to Windows .re 2000 native. B. Set the domain functional level to Windows 2003 and the
forest functional level to Windows 2003. w C. Set the domain functional level to Windows 2008
and the forest functional level to Windows 2003. D. Set the domain functional level to Windows
2008 and the forest functional level to Windows w 2008. w Answer: B Question: 13 Your
network consists of one Active Directory domain that contains servers that run Windows Server
2008. The relevant servers are configured as shown in the following table. All client computers
are members of the domain and run Windows Vista. All users have accounts in the domain. You
need to recommend a solution that enables all client computers to automatically request and
install computer certificates. What should you recommend? Page 6 of 88
7. Exam Name: Pro:Windows Server 2008, Enterprise Administrator Exam Type: Microsoft Exam
Code: 70-647 Total Questions: 234 A. On Server2, implement the Network Device Enrollment
Service. B. On Server2, implement certification authority Web enrollment support. C. On
Server1, enable auto-enrollment in the User Configuration section of the Default Domain Policy.
D. On Server1, enable auto-enrollment in the Computer Settings section of the Default Domain
Policy. t Answer: D ne Question: 14 Your company has one main office and eight branch offices.
Each branch office has 200 client s. computers and a local administrator. The network consists of
one Active Directory domain. All domain controllers run Windows Server am 2008. You plan to
deploy domain controllers to the branch office locations. You need to plan an administration
solution for the branch offices that meets the following requirements: Branch office
administrators must be able to update drivers on their respective branch office ex domain
controllers. Branch office administrators must be able to log on only to domain controllers in
their respective branches. What should you include in your plan? al A. Deploy a Windows Server
2008 read-only domain controller (RODC) in each branch office. Assign the Administrators role
for the RODC to the branch office administrators. B. Deploy a Windows Server 2008 read-only
domain controller (RODC) in each branch office. .re Assign the Network Configuration Operators
role for the RODC to the branch office administrators. C. Deploy a domain controller that runs a
Server Core Installation of Windows Server 2008 in w each branch office. Add the branch office
administrator to the Server Operators domain local group. w D. loy a domain controller that
runs a Server Core Installation of Windows Server 2008 in each branch office. Add the branch
office administrator to the Administrators domain local group. w Answer: A Question: 15 Your
network consists of one Active Directory forest that contains 20 domain trees. All DNS servers
run Windows Server 2008. The network is configured as an IPv4 network. Users connect to
network applications in all domains by using a NetBIOS name. You plan to migrate to an IPv6enabled only network. You need to recommend a solution to migrate the network to IPv6. The
solution must not require any changes to client computers. What should you recommend? A. On
the DNS servers, configure GlobalNames zones. B. On the DNS servers, add all domain zones to
the ForestDNSZones partition. C. On a new server, install and configure a Windows Server 2008
WINS server. D. On a new server, install and configure a Windows Server 2003 WINS server.
Answer: A Page 7 of 88
8. Exam Name: Pro:Windows Server 2008, Enterprise Administrator Exam Type: Microsoft Exam
Code: 70-647 Total Questions: 234 Question: 16 Your network consists of one Active Directory
domain. The domain contains servers that run Windows Server 2008. The relevant servers are
configured as shown in the following table. You install an application named Application1 on
Server3. User-specific settings for the application are stored in a configuration file named
Application1.ini. When multiple users run Application1 concurrently, Application1.ini is
overwritten and the application fails. t ne You need to recommend a solution that enables users
to successfully run Application1 on Server3. What should you recommend? A. Server3, deploy
Terminal Services Session Broker (TS Session Broker). s. B. Server2, stream a SoftGrid application
package containing Application1 to Server3. C. Server3, configure Application1 as a Terminal
Services RemoteApp (TS RemoteApp). am D. Server1, create and link a Group Policy object
(GPO) to publish Application1 to all users who establish a Terminal Services session on Server3.
Answer: B ex Question: 17 Your network consists of a single IP subnet. All servers and client
computers connect to managed al switches. All servers run Windows Server 2008. All client
computers run Windows Vista. The servers on the network are configured as shown in the
following table. .re w w w You need to prepare the Network Access Protection (NAP)
environment to meet the following requirements: Computers that have the required Microsoft
updates installed must be able to access all computers on the network. Network switches must
first allow client computers to communicate to only Server1 and Server2 when the computers
connect to the network. Which NAP enforcement method should you use? A. 02.1x B. DHCP C.
IPsec communications D. VPN Page 8 of 88
9. Exam Name: Pro:Windows Server 2008, Enterprise Administrator Exam Type: Microsoft Exam
Code: 70-647 Total Questions: 234 Answer: A Question: 18 Your network consists of one Active
Directory domain. The domain contains servers that run Windows Server 2008. The servers are
configured as shown in the following table. t ne s. All client computers run Windows Vista
Service Pack 1 (SP1). Remote domain users at a customer site report that they can access
Server2 from the Internet by am using the URL https://portal.contoso.com. They also report that
a firewall at the customer site prevents all other outbound connections. You need to implement
a solution to enable remote users to access files on Server3 from a VPN connection. ex Which
connection should you enable on Server1? A. IPsec tunnel mode al B. L2TP C. PPTP .re D. Secure
Socket Tunneling Protocol (SSTP) Answer: D w Question: 19 Your network consists of one Active
Directory domain. All domain controllers run Windows Server w 2003. The functional level of
the domain is Windows 2000 native. You have one Terminal Services licensing server that runs
Windows Server 2003 and three terminal servers that run w Windows Server 2003. You plan to
deploy a new terminal server that runs Windows Server 2008. You need to plan a solution that
enables reporting for all Terminal Services client access licenses (TS CALs). What should you
include in your plan? A. Upgrade the licensing server to Windows Server 2008. B. Upgrade all
domain controllers to Windows Server 2008. C. Upgrade the three terminal servers to Windows
Server 2008. D. Raise the functional level of the domain to Windows Server 2003. Answer: A
Question: 20 Your network consists of one Active Directory domain. Your company has an
intranet. You deploy Terminal Services terminal servers that run Windows Server 2008. You plan
to make applications available to users on the intranet. You need to recommend a solution to
ensure that each user Page 9 of 88
70-647: Pro: Windows Server 2008, Enterprise Administrator Important Note, Please Read Carefully
techeXams’ 70-647 Exam is a comprehensive compilation of questions and answers that have been
developed by our team of certified professionals. In order to prepare for the actual exam, all you need is
to study the content of this exam questions. An average of approximately 10 to 15 hours should be
spent to study these exam questions and you will surely pass your exam. It’s our guarantee. Latest
Version We are constantly reviewing our products. New material is added and old material is revised.
Free updates are available for 90 days after the purchase. You should check your member zone at
techeXams and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest
version: 1. Go to http://www.techeXams.ws/ 2. Log in the User Center 3. The latest versions of all
purchased products are downloadable from here. Just click the links. Feedback If you find any possible
improvement, then please do let us know. We are always interested in improving the quality of this
product. Feedback can be send at: customer.service@techeXams.ws Explanations This product does not
include explanations for all questions at the moment. If you are interested in providing explanations for
this exam, please contact customer.service@techeXams.ws. Copyright techeXams holds the copyright of
this material. techeXams grants you a limited license to view and study this material, either for personal
or commercial use. Unauthorized reproduction or distribution of this material, or any portion thereof,
may result in severe civil and criminal penalties, and will be prosecuted to the maximum extent possible
under law. Disclaimer Neither this guide nor any material in this guide is sponsored, endorsed or
affiliated with any of the respective vendor. All trademarks are properties of their respective owners. 1
© Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
70-647: Pro: Windows Server 2008, Enterprise Administrator Question: 1 Your network consists of one
Active Directory forest named contoso.com. The functional level of the contoso.com forest is Windows
Server 2008. The network contains seven servers that run Internet Information Services (IIS) 7.0 and
host Web services. Remote users from a partner company access the Web services through HTTPS. The
partner company has a separate Active Directory forest named fabrikam.com. The functional level of the
fabrikam.com forest is Windows Server 2003. You need to recommend an authentication solution for
the fabrikam.com users. The solution must meet the following requirements: All communications
between both forests must use only HTTPS. Remote users must only authenticate once to access all
Web services. Users from fabrikam.com must access the Web services by using user accounts in the
fabrikam.com forest. What should you recommend? A. Implement Client Certificate Mapping
Authentication on the IIS servers. B. Implement Microsoft Identity Lifecycle Manager (ILM) 2007 on the
contoso.com forest. C. Implement a forest trust between the contoso.com and the fabrikam.com
forests. Configure the forest trust to use Selective Authentication. D. Implement Active Directory
Federation Services (AD FS) in the contoso.com forest. Create a federation trust between the
contoso.com forest and the fabrikam.com forest. Answer: D Question: 2 Your network consists of one
Active Directory domain named contoso.com. The domain contains three Windows Server 2008 servers
named Server1, Server2, and Server3. Server1 runs Active Directory Certificate Services (AD CS) and is
configured as an enterprise root certification authority. Server2 hosts an internal Web site. Users
currently connect to the Web site by using the URL https://server2.contoso.com. You plan to replicate
the Web site from Server2 to Server3. You need to recommend a solution to enable users to connect to
the Web site through HTTPS on either Server2 or Server3 by using a single URL. The solution must meet
the following requirements: Users must be able to use the https://www.contoso.com URL to connect to
the Web site. Incoming connections must be dynamically balanced between Server2 and Server3. What
should you recommend? A. Add both servers to a Network Load Balancing cluster. Export the Web
server certificate on Server2 to Server3. B. Add both servers to a failover cluster. Issue a Web server
certificate for www.contoso.com. Install the certificate on Server2. C. Add both servers to a Network
Load Balancing cluster. Issue a Web server certificate for www.contoso.com. Install the certificate on
Server2 and Server3. D. Add both servers to a failover cluster. Issue a Web server certificate for
server2.contoso.com and install the certificate on Server2. Issue a Web server certificate for
server3.contoso.com and install the certificate on Server3. 2 © Copyright www.techeXams.ws 2008
Practice Exams, Printable, Audio Trainings, Study Guides
70-647: Pro: Windows Server 2008, Enterprise Administrator Answer: C Question: 3 Your company has a
main office and 10 branch offices. The network consists of one Active Directory domain. All domain
controllers run Windows Server 2008 and are located in the main office. You need to plan the
deployment of one Windows Server 2008 domain controller in each branch office. The solution must
meet the following requirements: Branch office domain controllers must be able to log users on to the
domain. Branch office domain controllers must be able to store the passwords of only some domain
users. Users must be able to download Group Policy objects (GPOs) from the branch office domain
controllers. What should your plan include? A. Install Active Directory Lightweight Directory Services (AD
LDS). B. Install Active Directory Domain Services (AD DS) on a Server Core installation of Windows Server
2008. C. Install Active Directory Domain Services (AD DS). Select the read-only domain controller (RODC)
option during installation. D. Install Active Directory Domain Services (AD DS). Create a new Password
Settings object (PSO). Link the PSO to user objects in the respective branch office. Answer: C Question: 4
Your company has a main office and 100 branch offices. The network consists of one Active Directory
domain that contains 10,000 users. You plan to deploy one Windows Server 2008 domain controller in
each branch office. You need to recommend a solution to minimize network traffic during the
installation of Active Directory Domain Services (AD DS) on each branch office domain controller. What
should you recommend? A. Install AD DS by using the Install from Media feature. B. Install AD DS and
configure the read-only domain controller (RODC) option. C. Install a Server Core installation of
Windows Server 2008, and then install AD DS. D. Disable the Global Catalog option on each branch office
domain controller. Enable Universal Group Membership Caching from each branch office site. Answer: A
Question: 5 Your network consists of one Active Directory domain that contains only domain controllers
that run Windows Server 2003. Your company acquires another company. You need to provide user
accounts for the employees of the newly acquired company. The solution must support multiple account
lockout 3 policies. What should you do? A. Implement Authorization Manager. B. Implement Active
Directory Federation Services (AD FS). © Copyright www.techeXams.ws 2008 Practice Exams, Printable,
Audio Trainings, Study Guides
70-647: Pro: Windows Server 2008, Enterprise Administrator C. Upgrade one domain controller to
Windows Server 2008. Raise the functional level of the domain to Windows Server 2003. D. Upgrade all
domain controllers to Windows Server 2008. Raise the functional level of the domain to Windows Server
2008. Answer: D Question: 6 Your company has a main office and a branch office. Your network consists
of one Active Directory domain. All domain controllers run Windows Server 2008. You need to plan the
installation of a new server as a read-only domain controller (RODC) in the branch office. The plan must
meet the following requirements: A branch office user must complete the RODC installation. The branch
office user must only be a member of only the Domain Users security group. What should you do first?
A. Create an installation media by using ntdsutil. B. Instruct the user to join the new server to the
domain. C. Pre-create a read-only domain controller (RODC) account for the branch office server. D.
Create an organizational unit (OU) for the branch office. Delegate full control of the OU to the branch
office user. Answer: C Question: 7 Your network contains one Active Directory forest that has a root
domain and three child domains. All domain controllers run Windows Server 2003 Service Pack 1 (SP1).
Each domain has a different password policy. The domain is configured as shown in the exhibit. (Click
the Exhibit button.) You plan to reduce the number of domains in the forest. You need to plan the
restructuring of the forest to meet the following requirements: Maintain all existing password policies.
Maintain all existing user account attributes. 4 © Copyright www.techeXams.ws 2008 Practice Exams,
Printable, Audio Trainings, Study Guides
70-647: Pro: Windows Server 2008, Enterprise Administrator Contoso.com amer.contoso.com
apac.contoso.com euro.contoso.com Password Age: 90 Days Password Age: 60 Days Password Age: 40
Days Password Length: 7 Characters Password Length: 8 Characters Password Length: 10 Characters A.
Upgrade all domains to Windows Server 2008. Redirect the users container in the root domain by using
the redirusr.exe tool, and then remove the child domains. Enable fine-grained password policies. B.
Upgrade all domains to Windows Server 2008 and enable SID history. Move all user accounts from the
child domains to the root domain by using the movetree.exe tool, and then remove the child domains.
C. Upgrade the forest root domain to Windows Server 2008. Use the Active Directory Migration Tool
(ADMT) to migrate user accounts that contain SID history from the child domains to the forest root
domain. Remove the child domains. D. Upgrade the forest root domain to Windows Server 2008. Use
the Active Directory Migration Tool (ADMT) to migrate user accounts from the child domains to the
forest root domain, and then remove the child domains. Enable fine-grained password policies. Answer:
D Question: 8 Your company has a main office, three regional offices, and six branch offices. The
network links are configured as shown in the exhibit. (Click the Exhibit button.) The network consists of
one Active Directory domain. You create an Active Directory site for each office. You create a site link for
each wide area network (WAN) link. The Bridge all site links option is disabled. You need to 5 plan the
deployment of domain controllers. The solution must meet the © Copyright www.techeXams.ws 2008
Practice Exams, Printable, Audio Trainings, Study Guides
70-647: Pro: Windows Server 2008, Enterprise Administrator following requirements. Windows
PowerShell must be installed on all domain controllers in each regional office. Domain user account
passwords stored on the domain controllers must be protected if a branch office domain controller is
stolen. A. In each branch office and in each regional office, install a Server Core installation of Windows
Server 2008 and configure a writable domain controller. B. In each branch office and in each regional
office, install a full installation of Windows Server 2008 and configure a read-only domain controller
(RODC). C. In each branch office, install a Server Core installation of Windows Server 2008 and configure
a read-only domain controller (RODC). In each regional office, install a full installation of Windows Server
2008 and configure a writable domain controller. D. In each branch office, install a full installation of
Windows Server 2008 and configure a read- only domain controller (RODC). In each regional office,
install a Server Core installation of Windows Server 2008 and configure a writable domain controller.
Answer: C Question: 9 Your company has a main office and 10 branch offices. The network consists of
one Active Directory domain. All domain controllers run Windows Server 2008 and are located in the
main office. Each branch office contains one member server. Branch office administrators in each
branch office are assigned the necessary rights to administer only their member servers. You deploy one
read-only domain controller (RODC) in each branch office. You need to recommend a security solution
for the branch office Windows Server 2008 domain controllers. The solution must meet the following
requirements: Branch office administrators must be granted rights on their local domain controller only.
Branch office administrators must be able to administer the domain controller in their branch office.
This includes changing device drivers and running Windows updates. What should you recommend? A.
Add each branch office administrator to the Administrators group of the domain. B. Add each branch
office administrator to the local Administrators group of their respective domain controller. C. Grant
each branch office administrator Full Control permission on their domain controller computer object in
Active Directory. D. Move each branch office domain controller computer object to a new organizational
unit (OU). Grant each local administrator Full Control permission on the new OU. Answer: B Question:
10 Your company has four offices that are connected by using high speed wide area network (WAN)
links. Each office has a router that supports the Simple Certificate Enrollment Protocol (SCEP). The
network consists of one Active Directory domain. All domain controllers run Windows Server 2008. You
have a Certificate Services infrastructure. The Certificate Services servers run 6 Windows Server 2003
Standard Edition. You plan to enable device © Copyright www.techeXams.ws 2008 Practice Exams,
Printable, Audio Trainings, Study Guides
70-647: Pro: Windows Server 2008, Enterprise Administrator authentication for all routers. You need to
recommend changes to the Certificate Services infrastructure to support device authentication. Which
changes should you recommend? A. Install a new server that runs Windows Server 2008 Enterprise
Edition. Enable the Active Directory A. Certificate Services (AD CS) role. B. Install a new server that runs
Windows Server 2008 Standard Edition. Install the Network Protection and Access Services (NPAS) role.
C. Upgrade the existing Certificate Services servers to Windows Server 2008 Standard Edition. Enable the
Web enrollment component. D. Upgrade the existing Certificate Services servers to Windows Server
2008 Enterprise Edition. Enable the Network Device Enrollment service. Answer: D Question: 11 Your
network consists of two Active Directory forests. The Active Directory forests are configured as shown in
the following table. The contoso.com and fabrikam.com domains each contain one server that runs
Active Directory Federation Services (AD FS). Users in the company1.contoso.com domain require access
to an application server in the company2.fabrikam.com domain. The application server is configured to
allow only Kerberos authentication. You need to ensure that users in the company1.contoso.com
domain can access the application server in the company2.fabrikam.com domain. What should you do
first? Forest Name Forest Functional Domain Name Domain Functional Level Level Contoso.com
Windows Server Contoso.com Windows Server 2008 2008 Company1.contoso.com Windows Server
2008 Fabrikam.com Windows Server Fabrikam.com Windows Server 2003 2003
Company2.fabrikam.com Windows Server 2008 A. Create a forest trust between the contoso.com forest
and the fabrikam.com forest. B. Create an external trust between the contoso.com domain and the
fabrikam.com domain. C. Create an AD FS federation trust between the contoso.com forest and the
fabrikam.com forest. D. Create an external trust between the company1.contoso.com domain and the
company2.fabrikam.com domain. 7 © Copyright www.techeXams.ws 2008 Practice Exams, Printable,
Audio Trainings, Study Guides
70-647: Pro: Windows Server 2008, Enterprise Administrator Answer: A Question: 12 Your network
consists of one Active Directory domain. All domain controllers run 70-647 Demo Exam Windows Server
2003. The functional level of the forest is Windows 2000. The functional level of the domain is Windows
2000 mixed. You install a domain controller that runs Windows Server 2008. You plan to deploy a readonly domain controller (RODC). You need to modify the domain and forest functional levels to support
the installation of the RODC. What should you do? A. Set the domain functional level to Windows 2003
and the forest functional level to Windows 2000 native. B. Set the domain functional level to Windows
2003 and the forest functional level to Windows 2003. C. Set the domain functional level to Windows
2008 and the forest functional level to Windows 2003. D. Set the domain functional level to Windows
2008 and the forest functional level to Windows 2008. Answer: B Get complete 70-647 exam questions
and answers by visiting URL “http://www.techexams.ws/exams/70-647.do” 8 © Copyright
www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides