Free Online Latest 2014 Pass4sure&Lead2pass Microsoft 70-647 Dumps (101-110)

QUESTION 101
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2003. The functional level of the forest is Windows 2000. The functional level of the domain is Windows 2000 mixed. You install a domain controller that runs Windows Server 2008. You plan to deploy a read-only domain controller (RODC). You need to modify the domain and forest functional levels to support the installation of the RODC. What should you do?

A.    Set the domain functional level to Windows 2003 and the forest functional level to Windows 2000 native.
B.    Set the domain functional level to Windows 2003 and the forest functional level to Windows 2003.
C.    Set the domain functional level to Windows 2008 and the forest functional level to Windows 2003.
D.    Set the domain functional level to Windows 2008 and the forest functional level to Windows 2008.

Answer: B
Explanation:
To deploy a read-only domain controller (RODC) where all domain controllers the domain run Windows Server 2003 and the functional level of the forest is Windows 2000 and the functional level of the domain is Windows 2000 and Windows 2003 mixed, you need to set the domain functional level to Windows 2003 set forest functional level to Windows 2003. You need to create both the forest and domain functional levels of Windows Server 2003 because only when you use both the forest and domain functional levels of Windows Server 2003, you will be able to support Read-only domain controllers (RODC) and Windows Server 2003 domain controllers.
Reference: Appendix of Functional Level Features
http://technet2.microsoft.com/windowsserver2008/en/library/34678199-98f1-465f-9156-c600f723b31f1033.mspx?mfr=true

QUESTION 102
Your Company has one main office and 100 branch offices. The network consists of one Active Directory domain. All domain controllers run Windows Server 2008. The wide area network (WAN) links from the branch offices to the main office are unreliable. A local administrator manages each branch office. Your company plans to add a new branch office. You create a new organizational unit (OU) that contains all the computer accounts for the new branch office. You configure a server in the main office to test all new software updates. You install Microsoft Windows Server Update Services (WSUS) 3.0. You need to implement an update management solution for the new branch office to meet the following requirements:
– Only approved updates must be installed in the branch office.
– Client computers must be able to download updates if a WAN link fails.
– Each branch office administrator must be able to approve updates before installation.
What should you do?

A.    In each branch office, install a WSUS server as a replica server and configure it to download updates
from the main office. Configure all computers to receive updates from their local WSUS server.
B.    In each branch office, install a WSUS server as an autonomous server and configure it to download
updates from Microsoft Update. Configure all computers to receive updates from their local WSUS server.
C.    In the main office, install a WSUS server as an autonomous server and configure it to download updates
from Microsoft Update. Configure all computers to receive updates from the new WSUS server.
D.    In the main office, install and configure a WSUS server as a stand-alone server and configure it to download
updates from Microsoft Update. Configure all computers to receive updates from the new WSUS server.

Answer: B

QUESTION 103
Your network consists of an Active Directory forest that contains only domain controllers that run Windows Server 2003. You need to prepare the environment for the implementation of a new Windows Server 2008 domain in the forest. What should you do?

A.    Run adprep /forestprep on the schema operations master.
B.    Run adprep /domainprep on the schema operations master.
C.    Run adprep /forestprep on the infrastructure operations master.
D.    Run adprep /domainprep on the infrastructure operations master.

Answer: A
Explanation:
To create a new Windows Server 2008 domain in the forest, you need to run adprep /forestprep on the schema operations master. You can prepare the forest by running adprep /forestprep on the server that holds the schema master operations master role (also known as flexible single master operations or FSMO) to update the schema.
Reference: Installing an Additional Windows Server 2008 Domain Controller http://technet2.microsoft.com/windowsserver2008/en/library/dc4dfacc-7771-4a31-8113- 6e57c090987b1033.mspx?mfr=true

QUESTION 104
Your network consists of two Active Directory forests. The Active Directory forests are configured as shown in the following table. (Click the Exhibit)

image
The servers in both forests run Windows Server 2008. A forest trust exists between the fabrikam.com forest and the contoso.com forest. Fabrikam.com has a server named server1.fabrikam.com. Contoso.com has a global group named ContosoSales. Users in the ContosoSales global group access an application on server1.fabrikam.com. You discover that users from other groups in the contoso.com domain can log on to servers in the fabrikam.com domain. You need to implement an authentication solution to meet the following requirements:
– Users in the ContosoSales global group must be able to access server1.fabrikam.com.
– Users in the ContosoSales global group must be denied access to all other servers in the fabrikam.com forest.
– All other users in the contoso.com domain must be able to access only resources in the contoso.com forest.
What should you do?

A.    Replace the existing forest trust with an external trust between the contoso.com domain and the
fabrikam.com domain. On the server1.fabrikam.com computer object, grant the Allowed to Authenticate
permission to the ContosoSales global group.
B.    Replace the existing forest trust with an external trust between the contoso.com domain and the
fabrikam.com domain. In the local security policy of server1.fabrikam.com, assign the Access this computer
from the network user right to the ContosoSales global group.
C.    Set the authentication scope of the existing forest trust in the fabrikam.com domain to Allow authentication
only for selected resources in the local domain. On the server1.fabrikam.com computer object, grant the
Allowed to Authenticate permission to the ContosoSales global group.
D.    Set the authentication scope of the existing forest trust in the fabrikam.com domain to Allow authentication
only for selected resources in the local domain. In the local security policy on server1.fabrikam.com, assign
the Access this computer from the network user right to the ContosoSales global group.

Answer: C
Explanation:
To ensure that the users in the ContosoSales global group are allowed to access server1.Fabrikam.com you need to assign the Access this computer from the network option to the ContosoSales global group in the local security policy of server1.Fabrikam.com to allow remote users to have permission to connect to the remote computer. To ensure that the ContosoSales global group users should not be allowed to access any other server in the Fabrikam.com forest, you need to grant the Allowed to Authenticate permission to the ContosoSales global group on the server1.Fabrikam.com computer object. The Allowed to authenticate on an object allows you to set the selective authentication on an incoming external trust from the external domain. Authentication requests made from one domain to another are successfully routed in order to provide a seamless coexistence of resources across domains. Users can only gain access to resources in other domains after first being authenticated in their own domain.
Reference: View Full Version : Network Problems – Should be simple right? http://forums.pcworld.co.nz/archive/index.php/t-57658.html
Reference: Accessing resources across domains
http://technet2.microsoft.com/windowsserver/en/library/e36ceae6-ff36-4a1b-9895- 75f0eacfe94c1033.mspx?mfr=true

QUESTION 105
Your network consists of one Active Directory domain. All servers run Windows Server 2008. You need to plan access restriction policies for the network. The plan must support the following restrictions:
– Only computers that run Windows Vista must be able to access the network.
– Only computers that have Windows Firewall enabled must be able to access the network.
What should you include in your plan?

A.    Implement Authorization Manager.
B.    Implement Network Access Protection (NAP) on a single server in the domain.
C.    Create a Group Policy object (GPO) linked to the domain. Enable the Windows Firewall settings in the GPO.
D.    Create a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU).
Enable the Windows Firewall settings in the GPO.

Answer: B
Explanation:
To configure access restriction policies for the network which would only allow Windows Vista computers that have Windows Firewall enabled to access the network, you need to implement Network Access Protection (NAP). NAP uses System Health Agent (SHA) to check if the specified system health requirements are fulfilled. The SHA can verify whether the Windows Firewall is on; antivirus and antispyware software are installed, enabled, and updated; Microsoft Update Services is enabled, and the most recent security updates are installed. If the system is not in the required state, the SHA can then start a process to remedy the situation. For example, it can enable Windows Firewall or contact a remediation server to update the antivirus signatures Reference: Windows Server 2008 NAP (Network Access Protection) infrastructure http://4sysops.com/archives/windows-server-2008-nap-network-access-protection-infrastructure/

QUESTION 106
Your network contains a six-node Microsoft Clustering Service (MSCS) cluster that has a shared quorum. Each of the six nodes runs Windows Server 2003. You need to recommend a solution to transition the cluster to Windows Server 2008. The solution must maintain the availability of cluster services during the transition. What should you recommend?

A.    Evict one node at a time and rebuild the cluster by using Windows Server 2008.
B.    Evict five nodes from the cluster. Install Windows Server 2008 on the remaining node.
Add five new Windows Server 2008 nodes.
C.    On each node, run the Windows Server 2008 installation program.
D.    On the MSCS, change the quorum type to a Majority Node Set (MNS) quorum.
Install Windows Server 2008 on all nodes.

Answer: A
Explanation:
To ensure a smooth transition of the cluster from Windows Server 2003 to Windows Server 2008 while maintaining the availability of the cluster services during the transition, you need to evict one node at a time and rebuild the cluster by using Windows Server 2008. It is not important which cluster node you upgrade first in your organization. However, you need to evict the passive node first. For eviction, you need to stop the Cluster Service on the passive node, and then evict Node from the server cluster.
Reference: How to upgrade Exchange 2000 Server to Exchange Server 2003 in an active/passive clustered environment by doing a clean installation of Windows Server 2003 / To upgrade a server cluster by using the clean installation method
http://support.microsoft.com/kb/842427

QUESTION 107
You are the enterprise administrator for a company named Contoso, Ltd. Contoso acquires a company named Fabnkam, Inc. Contoso and Fabrikam each have one Active Directory forest that contains two domains. All domain controllers run Windows Server 2008. You need to migrate the Fabrikam domain resources to the Contoso forest. What should you do?

A.    Run the Active Directory Migration Tool (ADMT) from a server in Contoso.
B.    Run the Active Directory Migration Tool (ADMT) from a server in Fabrikam.
C.    Run the Microsoft Windows User State Migration Tool (USMT) from a server in Contoso.
D.    Run the Microsoft Windows User State Migration Tool (USMT) from a server in the Fabrikam forest.

Answer: A
Explanation:
To migrate the TechMasters domain resources to the Contoso forest, you need to run the Active Directory Migration Tool (ADMT) from the Contoso AD forest. When using ADMT to migrate users and groups, you install the ADMT tool, typically in the target domain into which security principals or resources are being migrated. Therefore you need to run the Active Directory Migration Tool (ADMT) from the Contoso AD forest and not from the Fabrikam AD forest. You can use ADMT to restructure your Windows 2008 Active Directory domains. ADMT features let you manage domain migration efficiently and fine-tune the results to suit their requirements, USMT cannot be used for domain migrations.
Reference: Active Directory Migration Tool (ADMT )
http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/ActiveDirecto ry/ActiveDirectoryMigrationToolADMT.html

QUESTION 108
Your network consists of one Active Directory domain. The domain contains servers that run Windows Server 2008. The relevant servers are configured as shown in the following table. (Click the Exhibit)

image
You install an application named Application1 on Server3. User-specific settings for the application are stored in a configuration file named Application1.ini. When multiple users run Application1 concurrently, Application1.ini is overwritten and the application fails. You need to recommend a solution that enables users to successfully run Application1 on Server3. What should you recommend?

A.    On Server3, deploy Terminal Services Session Broker (TS Session Broker).
B.    On Server2, stream a SoftGrid application package containing Application1 to Server3.
C.    On Server3, configure Application1 as a Terminal Services RemoteApp (TS RemoteApp).
D.    On Server1, create and link a Group Policy object (GPO) to publish Application1 to all users who establish
a Terminal Services session on Server3.

Answer: B
Explanation:
To enable the users to successfully run application on Server3, which is configured with Terminal Services, you need to stream a SoftGrid application package containing App1 on Server2 to Server3. SoftGrid applications are sandboxed from each other, so that different versions of the same application can be run under SoftGrid concurrently. There can be numerous scripts per profile and scripts can even be stuff that is not directly executable such as data or DLLs. SoftGrid can be executed on a connected desktop system and published via Citrix. The Scripts used on this server can run BEFORE application execution or AFTER the application terminates and can run inside or outside of isolation.
Reference: Application Streaming and SoftGrid – dual mode http://blogs.technet.com/virtualworld/archive/2008/02/23/application-streaming-and-softgrid- dual-mode.aspx
Reference: Microsoft Application Virtualization
http://en.wikipedia.org/wiki/Microsoft_Application_Virtualization

QUESTION 109
Your network is connected to the Internet through a firewall. Remote users connect to Microsoft Windows SharePoint Services (WSS) located on the internal network by using HTTPS. Users require access to file servers located on the internal network. You need to ensure that remote users can connect to the file servers. The solution must not require that any additional TCP ports be opened on the firewall. What should you do?
A.    Implement a PPTP virtual private network (VPN) solution.
B.    Implement an L2TP virtual private network (VPN) solution.
C.    Implement a Terminal Services Web Access (TS Web Access) solution.
D.    Implement a Secure Socket Tunneling Protocol (SSTP) virtual private network (VPN) solution.

Answer: D
Explanation:
To ensure that the remote users can connect to the file servers securely but without require opening any additional TCP ports on the firewall, you need to configure a SSTP VPN connection. SSTP VPN connections are tunneled over SSL using TCP port 443. Since all firewalls and NAT devices have TCP port 443 open, you will be able to use SSTP from anywhere without opening any additional TCP ports on the firewall.
Reference: Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 1) / Why Introduce a New VPN Protocol
http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Remote-Access-SSL- VPN-Server-Part1.html

QUESTION 110
Your network consists of one Active directory domain. The functional level of the domain is Windows Server 2008. The domain is configured as shown in the exhibit. (Click the Exhibit button.) You create four Group Policy objects (GPOs) as shown in the following table. (Click the Exhibit) You need to link the new GPOs to meet the following requirements:

image
– All users must have access to a USB printer device.
– All users except the department managers must be denied access to USB flash drives.
– Both department managers must have access to USB flash drives and a USB printer device.
– Only users in the sales department must have the custom database application installed.
– Only users in the engineering department must have the line-of-business application installed.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do?

A.    Link GPO1 to the Sales Users OU. Link GPO2 to the Engineering Users OU.
Link GPO3 to the All Users OU. Link GPO4 to the Managers OU.
B.    Link GPO1 and GPO2 to the Sales Users OU and the Engineering Users OU.
Link GPO3 to the domain and block inheritance for the Managers OU.
Link GPO4 to the All Users OU.
C.    Link GPO1 and GPO2 to the Sales Users OU and the Engineering Users OU.
Link GPO3 to the All Users OU. Link GPO4 to the domain and block inheritance for the All Users OU.
D.    Link GPO1 to the Sales Users OU. Link GPO2 to the Engineering Users OU.
Link GPO3 to the All Users OU and block inheritance for the Managers OU.
Link GPO4 to the Managers OU.

Answer: A
Explanation:
To ensure that all the domain users have access to a USB printer device, you need to Link GPOUsbPr to the All Users OU. To ensure that no user except the department managers should be allowed to access USB flash drives Link GPOUsbFl to the Managers OU. Next to ensure that the sales department employees should only be allowed to install custom database application you need to Link GPODB to the Sales Users OU and to ensure that the Marketing department employees should be only be allowed to install line-of-business application, you need to link GPOApp to the Development Users OU.

If you want to pass Microsoft 70-647 successfully, donot missing to read latest lead2pass Microsoft 70-647 exam questions.
If you can master all lead2pass questions you will able to pass 100% guaranteed.

http://www.lead2pass.com/70-647.html