70-648 Microsoft TS: Upgrading Your MCSA on Windows Server 2003 to Windows

70-648 Microsoft TS: Upgrading Your MCSA on Windows Server 2003 to Windows

http://www.TwPass.com

70-648

Microsoft

TS: Upgrading Your MCSA on Windows Server 2003 to Windows

Server 2008, Technology Specialist

http://www.twpass.com/twpass.com/exam.aspx?eCode= 70-648

The 70-648 practice exam is written and formatted by Certified Senior IT Professionals working in today's prospering companies and data centers all over the world! The 70-648 Practice Test covers all the exam topics and objectives and will prepare you for success quickly and efficiently.

The 70-648 exam is very challenging, but with our 70-648 questions and answers practice exam, you can feel confident in obtaining your success on the 70-648 exam on your FIRST TRY!

Microsoft 70-648 Exam Features

- Detailed questions and answers for 70-648 exam

- Try a demo before buying any Microsoft exam

- 70-648 questions and answers, updated regularly

- Verified 70-648 answers by Experts and bear almost 100% accuracy

- 70-648 tested and verified before publishing

- 70-648 exam questions with exhibits

- 70-648 same questions as real exam with multiple choice options

Acquiring Microsoft certifications are becoming a huge task in the field of I.T. More over these exams like 70-648 exam are now continuously updating and accepting this challenge is itself a task.

This 70-648 test is an important part of Microsoft certifications. We have the resources to prepare you for this. The 70-648 exam is essential and core part of Microsoft certifications and once you clear the exam you will be able to solve the real life problems yourself.Want to take

advantage of the Real 70-648 Test and save time and money while developing your skills to pass your Microsoft 70-648 Exam? Let us help you climb that ladder of success and pass your 70-648 now!

70-648

QUESTION: 1

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional. The

ABC.com network has a server named ABC-SR12. You ran the IPconfig /all command and got the following IP configuration as shown in the exhibit: microsoft&c=70-648&q=1

ABC.com has a Marketing division which access resources located on another segment. How would you configure ABC-SR12 to ensure users in the Marketing division are able to access

ABCSR12?

A. By enabling DHCP.

B. By changing the subnet mask to 255.255.255.0.

C. By changing the IP address to 192.108.16.2.

D. By changing the DNS Server to 192.108.16.12.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=1

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 2

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2.

The ABC.com network has a computer named ABC-SR08 that is configured to communicate using IPv4 addressing. ABC.com has a Marketing division which requires remote access to shared folders on ABC-SR08 when out of office. You configuring the Routing and Remote

Access role on ABC-SR08. What else must you do on ABC-SR08?

A. On ABC-SR08, by running the netsh interface ipv6 enable.

B. On ABC-SR08, by running the netsh ras ipv6 set access ALL

C. On ABC-SR08, by having the IPv4 Router Routing and Remote Access option enabled.

D. On ABC-SR08, by having the NAT and OSPF enabled on the IPv4 interface o

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=2

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 3

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2.

The ABC.com network contains several wireless access points (WAPs) that use 802.1x authentication. You install Network Access Protection (NAP) on a server named ABC-SR07.

How would you configure ABC-SR07 to have NAP verify all client computer connections to the ABC.com networks?

A. By creating and configuring an Authorization Request Policy which has Secure

Sockets Layer (SSL) as the only available authentication method.

B. By creating and configuring a Connection Request Policy which has Kerberos v5 as the only available authentication method.

C. By creating and configuring a Connection Request Policy which allows EAP-TLS as the only 3 method for authentication.

D. By creating and configuring an Authorization Request Policy which has Secure Shell

(SSH) as the only available authentication method.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=3

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 4

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista. The ABC.com network has a Routing and Remote

Access computer named ABC-SR08 that is configured as a Routing and Remote Access server running Network Access Protection (NAP). How should you configure ABC-SR08 to ensure that it uses Point-to-Point (PPP) authentication?

A. By using the Challenge Handshake Authentication Protocol version 2 (CHAP v2) protocol.

B. By using the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) protocol.

C. By using the Secure Shell (SSH) protocol.

D. By using the Extensible Authentication Protocol (EAP) protocol. 4

E. By using the Kerberos v5 protocol.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=4

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 5

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista. The ABC.com network has a computer named

ABC-SR08 that is configured with the Active Directory Certificate Services (AD CS) and hosts the Network Access Protection (NAP). ABC.com has a division of marketing users accessing the network using portable computers. How would you ensure that the Marketing division network users are required to use smart cards?

A. By configuring 802.1X authentication on all WAPs.

B. By configuring WPA2 and EAP-TLS authentication on all portable computers.

C. By having Extensible Authentication Protocol (EAP) used on all portable computers.

D. By configuring WPA2, 802.1X authentication and EAP-TLS on all portable computers.

E. By having Internet Protocol Security (IPSec) protocol used on all portable computers.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=5

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 6

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista. The ABC.com network has a computer named

ABC-SR04 that is configured as a Virtual Private Network (VPN) server. ABC.com recently installed and configured a firewall before ABC-SR04 to protect Web communications. How should you configure the secure connection without the need to open more ports?

A. By using full duplex tunneling over a secure SSL channel.

B. By configuring a Point-to-Point (PPP) connection.

C. By configuring a EAP-Transport Level Security (EAP-TLS) connection.

D. By configuring a Secure Socket Tunneling Protocol (SSTP) connection.

E. By using half duplex tunneling over a secure SSL channel.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=6

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 7

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional. The

ABC.com network has a domain controller named ABC-SR04. ABC.com has a Marketing division which travels frequently. How would you configure ABC-SR04 to ensure the

Marketing division is able to access the network remotely when traveling? (Choose two) 6

A. By configuring ABC-SR04 to run the Windows Deployment Services role.

B. By configuring ABC-SR04 to run the Host Credential Authorization Protocol role service.

C. By configuring ABC-SR04 to run the Routing and Remote Access Services role service.

D. By configuring ABC-SR04 to run the Terminal Services role.

E. By configuring ABC-SR04 to run the Terminal Services Gateway role.

F. By configuring ABC-SR04 to run the Network Policy and Access Services role.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=7

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 8

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista. The ABC.com network has a computer named

ABC-SR06 that is configured as a Virtual Private Network (VPN) server utilizing end-to end encryption with computer level authentication without user names and passwords required.

ABC.com has a Marketing division which uses the VPN connection to access resources. How would you configure the VPN connection to ensure Marketing division members do not require using their user names and passwords whilst utilizing computer level authentication?

A. By using a L2TP/IPsec connection with EAP-TLS authentication.

B. By using a L2TP/IPsec connection in tunnel mode with WPA2 authentication.

C. By using a L2TP/IPsec connection with a PKI infrastructure.

D. By using a L2TP/IPsec connection with Kerberos v5 authentication.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=8

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 9

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and half the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional

SP2. The ABC.com network has a computer named ABC-SR21 that is configured to host

Active Directory Certificate Services (AD CS) and Network Access Protection ABC.com has a division of marketing users accessing the wireless network using portable computers. How would you ensure that a created policy is enforced on the portable computers?

A. By configuring 802.1X authentication on all access points.

B. By configuring WPA2 and EAP-TLS authentication on all portable computers.

C. By having Extensible Authentication Protocol (EAP) used on all portable computers.

D. By configuring WPA2, 802.1X authentication and EAP-TLS on all portable computers.

E. By having Internet Protocol Security (IPSec) protocol used on all portable computers.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=9

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 10

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2.

The ABC.com network has a computer named ABC-SR06 that is configured as the Virtual

Private Network (VPN) server running the Network Access Protection (NAP) role. ABC.com has a Marketing division which uses the ABC-SR06 as a Virtual Private Network (VPN) server when traveling. How would you configure ABC-SR06 to ensure the Marketing division

client computers health are able to be monitored? (Choose all that apply)

A. By creating a network access policy named MarktingHealth linked to the domain.

B. By configuring the Requiring trusted path for credential entry option set to Enabled.

C. By creating and configuring a Group Policy object (GPO) named Marketing.

D. By creating a network access policy named MarketingHealth and Goup Policy

Object (GPO) named Marketing linked to the Domain Controllers organizational unit

(OU).

E. By linking Marketing to the domain.

F. By having the Windows Security Center enabled.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=10

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 11

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and half the client computers run either Microsoft Windows Vista or Windows XP Professional SP2. The

ABC.com network has a computer named ABC-SR03 that is configured to host Network

Access Protection which is setup to limit access to resources based on client computers health requirements. How would you configure the NAP policy to prevent access to resources if the client computers do not comply with the health requirements?

A. By creating an 802.1X network policy.

B. By creating a Kerberos v5 enforcement network policy.

C. By creating an IPSec enforcement network policy.

D. By creating a Layer 2 Tunneling Protocol enforcement policy.

E. By creating a Network Policy restricting remote connections.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=11

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 12

You work as an enterprise administrator at ABC.com. The ABC.com network consists has a domain named ABC.com. All servers on the domain run Microsoft Windows Server 2008 and half the client computers run either Microsoft Windows Vista or Microsoft Windows XP

Professional. The ABC.com network has a computer named ABC-SR12 that is configured with a SAN that has multiple physical disk drives attached. You have received instructions from management to execute a data archiving script on ABCSR12. However, it should only be executed when any of the logical drives has less than 25% free space left. How would you ensure the archiving script executes automatically with the condition is met?

A. By using a Resource View to view the free space of the physical disks in Windows

Reliability and Performance Monitor and executing the archiving script.

B. By creating an alert which is triggered when free disk space falls below 30% and

executes the archiving script.

C. By adding the Performance counter alert to the Data Collector Set.

D. By creating a counter log to track disk space usage in Performance console.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=12

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 13

11 You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2.

ABC.com has three computers configured as follows:

ABC-SR14

configured with Event

Log subscription monitoring ABC-SR15 and ABC-SR16

configured as a domain controller.

ABC-SR15

configured as a domain controller.

ABC-SR16

configured as a domain controller. During the course of the day ABC.com instructs you to create the subscription using ABC-SR15 or ABC-SR16 which fails as the operation does not complete. You then create collector subscription configuration file called config.xml on ABC-SR14. What steps should you perform next to ensure that the required subscription can be created using either

ABC-SR15 or ABC-SR16?

A. By executing the wecutil cs config.xml command on ABC-SR14.

B. By executing the wecutil qc command on ABC-SR15.

C. By executing the winrm connect command on ABC-SR16.

D. By executing the winrm allow command on ABC-SR16.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=13

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 14

You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named 12 ABC.com. All servers on the domain run Microsoft Windows Server 2008 and all client computers run Microsoft Windows Vista. The ABC.com network has a computer named

ABC-SR20 that is configured to host WSUS. During the course of the day you receive instruction from ABC.com to ensure the domain servers retrieve approved updates from ABC-

SR20. How should you accomplish this?

A. By opening Control Panel from the Start Menu and configuring Windows Update settings on the domain servers.

B. By opening Control Panel from the Start Menu and configuring Windows Update

Settings on the domain servers using the local group policy.

C. By configuring ABC-SR20 as a Proxy server and executing the wuauclt.exe command on the domain servers.

D. By opening Control Panel from the Start Menu and configuring Windows Update

Settings on the domain servers using the domain group policy.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=14

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 15

You work as an enterprise administrator at ABC.com. The ABC.com has a domain named

ABC.com. All servers on the domain run Microsoft Windows Server 2008 and all client computers run Microsoft Windows Vista. The ABC.com network contains two computers named ABC-SR08 and ABC-SR12 that is configured as WSUS servers. How should you configure ABC-SR08 to receive approved updates from ABC-SR12?

A. By configuring ABC-SR12 as a proxy server. 13

B. By opening Control Panel from the Start Menu and configuring Windows Update

Settings on ABC-SR08 in the domain group policy.

C. By configuring ABC-SR12 as an upstream server on ABC-SR08.

D. By configuring ABC-SR08 as a downstream server on ABC-SR12.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=15

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 16

You are working as an enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2.

The ABC.com network has a domain controller named ABC-DC04 that runs the Windows

Server Backup feature. ABC.com has recently discovered that someone has deleted the

Organizational Unit (OU) named Marketing from ABC-DC04. You need to recover the

Marketing OU by running a non-authoritative restore from the latest backup media. How would you have the non-authoritative restore performed on ABC-DC04 without disrupting the other data stored on domain controller?

A. By using the incremental backup created of all the volumes.

B. By using the Critical volume backup.

C. By using the backup of the User state and backup of the volume that hosts Operating system.

D. By using the backup of the System and User state and backup of AD DS folders. 14

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=16

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 17

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2.

The ABC.com network has a computer named ABC-SR15 that is configured to host Active

Directory Lightweight Directory Services (AD LDS). How would you create Organizational

Units for the network divisions in the Active Directory Lightweight Directory Services (AD

LDS) application directory partition?

A. By using Active Directory Sites and Services to create the OUs.

B. By using the ADSI Edit Snap-in on the AD LDS application directory partition to create the OUs.

C. By running the Dsmgmt command to create the OUs.

D. By using Active Directory Domains and Trusts snap-in to create the OUs on the AD

LDS application directory partition.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=17

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 18

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2.

15 ABC.com has its headquarters in Chicago and a Marketing division in Boston. The

ABC.com network contains two domain controllers named ABC-DC04 and ABC-DC05.

ABC-DC04 is located in the Chicago office while ABC-DC05 is a Read-Only Domain

Controller (RODC) that is located in the Boston office. Currently, ABC.com users in the

Marketing division are using ABC-DC04 to log onto the domain. How would you make sure that ABC-DC05 can be used by the Marketing division to log onto the domain?

A. By deploying a computer running Active Directory Certificate Services (AD CS).

B. By using a Password Replication Policy on the ROD

C.

C. By installing and configuring an Active Directory Federation Services (AD FS) front-end server.

D. By deploying a computer running Active Directory Lightweight Directory Services

(AD LDS) and Active Directory Domain Services (AD DS).

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=18

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 19

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2.

The ABC.com network has a computer named ABC-SR05 that is configured host the Active

Directory Lightweight Directory Services (AD LDS) service. You install a new server named

ABC-SR06. How would you replicate Active Directory Lightweight Directory Services (AD

LDS) from ABCSR05 to ABC-SR06?

A. By using the ADSI Edit Snap-in to replicate the AD LDS instance.

B. By creating and installing a replica of AD LDS running the AD LDS Setup wizard on ABC-SR06.

C. By using the xcopy command to copy the entire AD LDS instance.

D. By using Active Directory Sites and Services to replicate the AD LDS instance.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=19

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 20

You are a newly appointed enterprise administrator at ABC.com. ABC.com has a domain named ABC.com that operates in the domain functional level of Windows Server 2003 Native

Mode. The client computers at ABC.com run either Microsoft Windows Vista or Microsoft

Windows XP Professional SP2. The ABC.com network has a computer named ABC-SR08 that is configured to run the Active Directory Rights Management Services (AD RMS).

ABC.com has a Marketing division which works with documents that contain confidential company information. How would you configure ABC-SR08 allowing the Marketing division to secure these documents?

A. By creating and configuring an e-mail account in Active Directory Domain Services

(AD DS) for each Marketing division user.

B. By deploying Active Directory Certificate Services (AD CS) to ABC-SR08 using a group policy to create e-mail accounts for the Marketing division.

C. By uABCrading the domain servers to Microsoft Windows Server 2008 and raising the domain functional level to Windows Server 2008.

D. By deploying Active Directory Federation Services (AD FS) to ABC-SR08 using a group policy to create e-mail accounts for the Marketing division.

E. By uABCrading the domain servers to Microsoft Windows Server 2008.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=20

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 21

You are the newly appointed enterprise administrator at ABC.com. You work as the network administrator at ABC.com. The ABC.com Active Directory forest has a domain named

ABC.com that operates at a forest functional level of Windows Server 2008. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft

Windows Vista. The ABC.com network has a computer named ABC-SR08 that is configured to run the Active Directory 17 Rights Management Services (AD RMS). ABC.com has recently decided to deploy Microsoft SQL Server 2005 on ABC-SR08. How would you configure ABC-SR08 to run the SQL Server when the Active Directory Rights Management

Services administration Web site displays the error message stating "SQL Server does not exist or access denied." (Choose two)?

A. By restarting the Task Scheduler service on ABC-SR08.

B. By starting the MSSQLSVC service on ABC-SR08.

C. By restarting the Net Logon service on ABC-SR08.

D. By restarting the AD RMS service on ABC-SR08.

E. By starting the Workstation service on ABC-SR08.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=21

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 22

You work as the enterprise administrator at ABC.com. The ABC.com network has a forest with a domain named ABC.com. The ABC.com network has a member server named ABC-SR04 that hosts the Active Directory Federation Services (AD FS) role. What action should you take to have Active Directory domain data in the AD FS tokens?

A. By creating and configuring a new account store.

B. By opening a browser window to type the Federation Service URL for ABC-SR04.

C. By checking Event Viewer applications and Event ID columns for the ID 674 event.

D. By deploying and installing Active Directory Domain Services (AD DS) configured as a new resource partner.

E. By deploying and installing Active Directory Certificate Services (AD CS) configured as a new resource partner

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=22

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 23

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2.

The ABC.com network has a computer named ABC-SR08 that is configured as the Network

Access Policy (NAP) server. How would you configure ABC-SR08 to ensure that only able the tunnel interface and the IPv6 Loopback interface are running IPv6?

A. By running the netsh -r command at the command prompt.

B. By clearing the check box stating Internet Protocol Version 6 (TCP/IPv6) from the

Local Area Connection Properties window.

C. By running the netsh -c command at the command prompt.

D. By running the netsh -a command at the command prompt.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=23

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 24

You work as the enterprise administrator at ABC.com. ABC.com has a forest with a domain named ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional.

The ABC.com network has a two DHCP server named ABC-SR04 and ABC-SR05. How would you configure ABC-SR05 to ensure a client computer named ABC-WS648 receives a client reservation?

A. By adding a DHCP reservation for ABC-WS648 added to ABC-SR05.

B. By adding a DHCP reservation for ABC-WS648 added to ABC-SR04.

C. By running the netsh DHCP command on ABC-WS648.

D. By running the ipconfig /renew command run on ABC-WS648.

E. By running the ipconfig /release command on ABC-WS648.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=24

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 25

20 You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional.

ABC.com two servers named ABC-SR05 and ABC-SR06. ABC-SR05 is configured as a domain controller with an IPv4 address 10.16.12.100/21 while ABC-SR06 is using the IP address 10.16.10.90/21. How would you use ABC-SR05 to verify IPv6 communication to

ABC-SR06?

A. By running the ping 192.168.10.90 command on the computer.

B. By running the pathping command with the Link-local address of the computer.

C. By running the tracert command with the Site-local address of the computer.

D. By running the ping command with the Link-local address of the computer.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=25

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 26

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional. The

ABC.com network has a computer named ABC-SR06 that is configured to run Network

Address Translation (NAT). During the course of the day ABC.com deploys an additional computer named ABC-SR08 to facilitate the launch of a new office. 21 How would you make sure that you are able to make a Remote Desktop Protocol (RDP) connection to ABC-

SR08?

A. By configuring port forwarding on ABC-SR06 to forward to port 3389.

B. By configuring port forwarding on ABC-SR06 to forward to port 110.

C. By configuring port forwarding on ABC-SR06 to forward to port 21.

D. By configuring port forwarding on ABC-SR06 to forward to port 80.

E. By configuring port forwarding on ABC-SR06 to forward to port 443.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=26

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 27

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2.

The ABC.com network contains two computers named ABC-SR10 and ABC-SR12. ABC-

SR10 is running the Active Directory Certificate Services (AD CS) service and ABC-SR12 is running Network Access Protection (NAP). ABC.com has a Marketing division which uses portable computers to access resources during the business day. These computers connect to the ABC.com network via wireless access points (WAPs). How would you configure the

Marketing division s portable computers to ensure that smart cards can be used?

A. By using WPA2, CHAP and MSCHAP v2 authentication on portable computers.

B. By using WPA2, 802.1X authentication and EAP-TLS authentication on portable computers.

C. By using WPA, EAP, MD5 hashing with strong user passwords on portable computers. 22

D. By using WEP, EAP, MSCHAP authentication with MD5 hashing on portable computers.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=27

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 28

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional. The

ABC.com network has a computer named ABC-SR08 that is configured to run Network

Access Protection (NAP). ABC.com wants only client computers that have the latest critical and important updates installed to be allowed to access resources on the network. How would you implement this using a Group Policy Object (GPO)?

A. By having the automatic updates service disabled for the Marketing division.

B. By having the clients quarantined not installed with the required security updates.

C. By having the Windows Firewall enabled for the Marketing division on the Default

Domain Group Policy.

D. By configuring a policy to restrict remote connections for a health check.

E. By having the Windows Security Center enabled for the Marketing division on the

Default Domain Group Policy.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=28

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 29

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. ABC.com has its headquarters located in Miami. The ABC.com domain servers run

Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2. The ABC.com network has a Routing and

Remote Access Services (RRAS) server named ABC-SR08. ABC.com has a Marketing division with remote users contained in a group named KingRemote. Members of KingRemote are requiring access to the domain when out of office. During the course of the day ABC.com discovers that stringent security settings are required when remotely accessing the domain.

You started the maintenance by creating a remote access policy. How should you make sure members of KingRemote use smartcards when accessing ABC-SR08 from remote locations?

A. By creating a remote access policy enabling users to authenticate connections using

Extensible Authentication Protocol-Transport Layer Security (EAP-TLS).

B. By creating a remote access policy enabling users to authenticate connections using

Secure Shell (SSH).

C. You should consider a remote access policy that requires Kerberos v5 authentication.

D. By creating a remote access policy enabling users to authenticate connections using

Internet Protocol Security (IPSec).

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=29

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 30

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista. The ABC.com network has a server named ABC-

SR08 that is used to store documents that contain confidential information. How should you configure ABC-SR08 to be more secure?

A. By using the Domain Profile in Windows Firewall and Blocking all connections.

B. By using the Internal Profile in Windows Firewall and Blocking all connections.

C. By disabling the Secondary Logon Service in the Services snap-in.

D. By disabling the Browser service in the Services snap-in.

E. By disabling Net Logon service in the Services snap-in.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=30

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 31

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2.

The ABC.com 25 network has a computer named ABC-SR11 that is configured to run

Remote Desktop using the default settings. How would you configure the Remote Desktop connection to ensure secure connections between ABC-SR11 and accessing clients?

A. By configuring Windows Firewall to block communications via port 80 on the firewall.

B. By obtaining user certificates from the internal certificate authority. By allowing

connections to Remote Desktop client computers that use Network Level

Authentication only.

C. By configuring Windows Firewall to block communications via port 443 on the firewall.

D. By obtaining user certificates from the external certificate authority. By allowing connections to Remote Desktop client computers that use Network Level

Authentication only.

E. By configuring Windows Firewall to block communications via port 25 on the firewall.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=31

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 32

26 You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional. The

ABC.com network has a computer named ABC-SR10 that is configured to host Windows

Server Update Services (WSUS) service. How would you configure ABC-SR10 to have traffic to and from ABC-SR10 encrypted?

A. By configuring and using Integrated Windows Authentication (IWA).

B. By disabling Basic Authentication setting on ABC-SR10.

C. By configuring and using SHA encryption on the web site.

D. By configuring and using SSH encryption on the web site

E. By enabling Active Directory Client Certificate Authentication on ABC-SR10.

F. By configuring and using Internet Protocol Security (IPSec) on the Web site.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=32

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 33

You are employed as an enterprise administrator at ABC.com. The ABC.com has a domain named ABC.com. All servers on the domain run Microsoft Windows Server 2008 and all client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional. The

ABC.com network has a Web server named ABC-SR05 that is configured to run Internet

Information Services (IIS). During the course of the day ABC.com instructs you to configure

ABCSR05 to store information using Reliability Monitor. How can you accomplish this task?

A. By having the Remote Access Auto Connection Manager service set to start automatically on the ABC-SR05.

B. By having the Net Logon service set to start automatically on the ABC-SR05. 27

C. By having the Task scheduler service set to start automatically on the ABC-SR05.

D. By having the Error Reporting Services service set to start automatically on the

ABC-SR05.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=33

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 34

You work as an enterprise administrator at ABC.com. The ABC.com has a domain named

ABC.com. All servers on the domain run Microsoft Windows Server 2008 and all client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional.

ABC.com makes use of two computers named ABC-DC04 and ABC-DC05. During the course of the day you configure event subscriptions with ABC-DC05 as the default subscription on ABC-DC04. How can we now review the system event for ABC-DC05?

A. By opening the Event Viewer on ABC-DC05.

B. By opening the System log on ABC-DC04.

C. By opening the Forwarded Events log on ABC-DC04. 28

D. By opening the Error log on ABC-DC05.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=34

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 35

You work as the enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista. The ABC.com network has a Web server named

ABC-SR09 that is configured to run Internet Information Services (IIS). ABC.com users complain of slow response times when they access web sites on ABC-SR09. You investigate and discover ABC-SR09 has maximum CPU usage. How would you gather diagnostic data regarding this problem?

A. By using Windows Reliability and Performance Monitor to check percentage of processor capacity used.

B. By using a counter log to track the processor usage.

C. By checking the security log for Performance events.

D. By checking the error log for performance events.

E. By checking the application log for events.

F. By checking the Internet Explorer log for events.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=35

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 36

ABC.com has employed you as a network administrator. ABC.com has a domain named

ABC.com. All servers on the ABC.com network run Windows Server 2008 and the client computers run either Microsoft Windows XP Professional SP2 or Microsoft Windows Vista.

The ABC.com network has a computer named ABC-SR06 that is running Active Directory

Certificate Services (AD CS) and configured as the Enterprise Root Certification Authority

(CA). ABC.com has recently configured the firewall on ABC-SR06 to block communication over ports 443 and 80. How would you configure ABC-SR06 to ensure that certificates can be

requested using a web browser?

A. By deploying an additional computer running Active Directory Federation Services

(AD FS) and the Certification Authority Web Enrollment Role Service.

B. By deploying an additional computer running Active Directory Domain Services

(AD DS) and the Certification Authority Web Enrollment Role Service.

C. By deploying an additional computer running the Certification Authority Web

Enrollment Role Service and ensure Background Intelligent Transfer Service (BITS) is enabled.

D. By deploying an additional computer running the Certification Authority Web

Enrollment Role Service.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=36

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 37

You work as an enterprise administrator at ABC.com. ABC.com has a domain named

ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2.

The ABC.com network has a domain controller named ABC-DC08 that is backed up every night. ABC.com has a Marketing division with an organizational unit (OU) named

MarketingDiv. 30 You have recently created an OU in the MarketingDiv OU named

MarketingComp that contains the client computers of the Marketing division. During the course of the day the MarketingComp OU was accidentally deleted. How would you recover the MarketingComp OU without affecting other OUs in MarketingDiv?

A. By using the system state from the most recent backup to restore MarketingDiv.

B. By using the user state from the most recent backup to restore MarketingComp.

C. By doing an authoritative restore of MarketingDiv.

D. By doing an authoritative restore of MarketingComp.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=37

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 38

ABC.com has employed you as a network administrator. ABC.com has a domain named

ABC.com. All servers on the ABC.com network run Windows Server 2008 and the client computers run either Microsoft Windows XP Professional or Microsoft Windows Vista. The

ABC.com network contains two domain controllers named ABC-DC04 and ABC-DC05. You have become aware of malicious users trying to access the ABC.com network. How would you track unsuccessful attempts by malicious users to logon to the network?

A. By checking the Event Viewer Internet Explorer log on ABC-DC04 and ABC-

DC05.

B. By checking the Windows error log on ABC-DC04 and ABC-DC05.

C. By checking the Event Viewer security log on ABC-DC04 and ABC-DC05.

D. By executing the netsh /events command on the command prompt on ABC-DC04 and ABCDC05.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=38

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 39

ABC.com has hired you as a systems administrator for their network. ABC.com has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client 31 computers run either Microsoft Windows Vista or Microsoft Windows XP

Professional SP2. ABC.com has three domain controllers named ABC-DC04, ABC-DC05 and

ABC-DC06. How can you verify replication between the domain controllers?

A. By using the Network Monitor utility to troubleshoot directory replication.

B. By using Event Viewer to troubleshoot directory replication.

C. By using Task Manager utility to troubleshoot directory replication.

D. By using the RepAdmin utility to troubleshoot directory replication.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=39

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 40

You are working as an enterprise administrator at ABC.com. ABC.com has a forest with a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run either Microsoft Windows Vista or Microsoft Windows XP

Professional. The ABC.com network has a domain controller named ABC-DC08 with the

Directory Services Recovery Mode (DSRM). Which of the utilities listed below would be suitable to use when required to have the DSRM password on ABC-DC08reset?

A. By using Active Directory Security for Computers snap-in.

B. By using the ntdsutil utility.

C. By using the Netsh utility.

D. By using the Domain Controller security snap-in.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=40

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 41

You are the newly appointed enterprise administrator at ABC.com. ABC.com has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional

SP2. The ABC.com network has a domain controller named ABC-DC08 that is hosting ntds.dit file on its secondary hard disk labeled drive D. Which of the processes would you use when required to move the ntds.dit file to a newly installed volume?

A. By using the Files option in the Ntdsutil utility and moving the ntds.dit file to the new volume.

B. By using the Windows Power Shell Copy Paste function to move the ntds.dit file to the new volume.

C. By using XCOPY to move ntds.dit file to the new volume.

D. By using Windows Explorer to move ntds.dit file to the new volume.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=41

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 42

You are working as an enterprise administrator at ABC.com. ABC.com has a forest with a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run either Microsoft Windows Vista or Microsoft Windows XP

Professional. The ABC.com network has a computer named ABC-DC08 that is configured as the domain controller and backup server. ABC.com recently added an additional hard disk partitioned into three logical drives. During the course of the day ABC-DC04 suffers a catastrophic hard disk failure. You replace the hard disk and partition it into three logical drives of the same size as the original hard disk. How would you recover the operating system and files? 33

A. By using the Automated System Recovery disk after rebooting ABC-DC04.

B. By using the backup utility to restore the system state from the recent backup.

C. By using Disk defragment before restoring the system and user states.

D. By starting ABC-SC08 from the Windows Server 2008 installation DVD and using the wbadmin utility.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=42

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 43

You are employed as the network administrator at ABC.com. ABC.com has a domain named

ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2.

The ABC.com network has three domain controllers named ABC-DC01, ABC-DC02 and

ABC-DC03. How would you use ABC-DC01 to locate an error message on all domain controllers related to replication?

A. By using the Event Viewer Directory Service log.

B. By using Active Directory Sites and Services administrative tool.

C. By using the Computer Management tool.

D. By checking the Event Viewer System log.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=43

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 44

You are a newly appointed enterprise administrator at ABC.com. ABC.com has a forest with a domain named ABC.com. ABC.com has its headquarters in Chicago and a Marketing division in Boston. The ABC.com network contains only Windows Server 2003 domain controllers that are all located in the Chicago office. You need to install a Windows Server 2008 Read-Only

Domain Controller (RODC) named ABC-DC04 in the Boston office. How would you accomplish this task?

A. By uABCrading ABC-DC01 to Windows Server 2008 and executing the adprep

/rodcprep command. 34

B. By raising the forest functional level to at least Windows Server 2003.

C. By raising the domain functional level Windows Server 2008.

D. By executing the adprep /forestprep command on ABC-DC04.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=44

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 45

You are employed as an enterprise administrator at ABC.com. The ABC.com has a domain named ABC.com. All servers on the domain run Microsoft Windows Server 2008 and all client computers run Microsoft Windows Vista. The ABC.com network has a computer named

ABCDC07 which runs Network Monitor 3.0. ABC-DC07 has the IP address 192.168.12.4 and the Mac Address of 00-15-F2-CD-2A-43. ABC.com has recently configured the capturing

DHCP serverrelated traffic by selecting P-mode in Network Monitor 3.0. ABC.com users complain that they cannot access a file server named ABC-SR12. You run the ipconfig /all command on ABC-SR12 and receive the output shown in the exhibit: microsoft&c=70-

648&q=1 How would you capture DHCP related traffic between ABC-DC07 and ABC-SR12?

A. By using the IPv4 address == 169.254.1.140 && DHCP to build a filter in Network

Monitor.

B. By using the MAC Address == 0x0B042D854AF3 && DHCP to build a filter in

Network Monitor.

C. By using the MAC Address == 0x0015F2CD2A43 && DHCP to build a filter in

Network Monitor.

D. By using the IPv4. Address == 192.168.12.4 && DHCP to build a filter in Network

Monitor.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=45

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 46

You are the newly appointed enterprise administrator at ABC.com. ABC.com has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and the client computers run either Microsoft Windows XP Professional SP2 or Microsoft Windows

Vista. The ABC.com network has a domain controller named ABC-DC04. The I/O times to

read data from ABC-DC04 have become slower. You suspect that this is a result for fragmentation of the hard disk. As ABC-DC04 is a domain controller, you decide to defragment the file for Active Directory database by taking the file offline. How would you complete the task?

A. By starting ABC-DC04 in the Directory Services restore mode and running the defrag utility.

B. By starting ABC-DC04 in the Directory Services restore mode and running the

Ntdsutil utility

C. By stopping the Domain controller service in the Services MMC and running the

Ntdsutil utility

D. By stopping the Domain controller service in the Services MMC and running the

Defrag utility.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=46

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 47

You are the network administrator for your company. Your company decides to uABCrade the existing Windows Server 2003 computers to Windows Server 2008. You perform a pilot uABCrade on one of the Windows Server 2003 computers. Immediately after the successful uABCrade, you restart the server, and open the Reliability Monitor console to view system stability information. However, the Reliability Monitor does not display any data in the

System Stability Chart. What could be the cause for this problem?

A. You have not used valid administrative credentials to log on to the server.

B. You have not created a Data Collector Set.

C. Running the Reliability Monitor for the first time on a new server does not display any data.

D. The server must be running at least 24 hours after installation and restart

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=47

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 48

You are the network administrator for your company. The company network runs on Windows

Server 2008. All the client computers run Windows Vista. You have a branch office and a main office. You need to monitor all the frames that pass over the network to a local buffer, regardless of the destination address. What should you do?

A. Use a capture buffer

B. Use display filters

C. Use promiscuous mode

D. Use capture triggers

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=48

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 49

You administer your company s network. The network consists of a single Active Directory domain. All servers run Windows Server 2008, and all client computers run Windows Vista.

The company s written security policy stipulates that employees must use certificates for remote 37 access and secure e-mail. Only designated administrators are authorized to approve users requests for certificates, issue certificates, and revoke certificates. You install

Certificate Services on several servers and configure them as enterprise certification authorities

(CAs). You must assign the appropriate privileges to the designated administrators in accordance with the company policy. Which of the following should you do?

A. Issue an Enrollment Agent certificate to each designated administrator.

B. Assign the designated administrators to the Certificate Manager role on each CA.

C. Assign the Allow - Enroll permission for each certificate template to the designated administrators.

D. Assign the Allow - Write permission for each CA to the designated administrators.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=49

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 50

You are the network administrator for your company. You have recently installed Windows

Server 2008 for your company. You want to create a test network of five subnets that will use

IPv6. You have to create the network in such a way that the client computers on the test network are able to communicate with each other while ensuring that they cannot access the

Internet. In addition, the addresses used should be unique across all sites within your company.

Which IP address could you use?

A. 0:0:0:0:0:0:0:0

B. FE80:AB10:2B5C:B000:: /64

C. FD00:AB10:2B5C:B000::/8

D. FEC0:AB10:2B5C:B000::/10

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=50

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 51

Your network consists of a single Active Directory domain in which all servers run Windows

Server 2008. You are planning a secure remote access infrastructure that includes three servers: WINNPS: Network Policy Server 38 HEALTH01: System Health Validation

Server, Remediation Server VPN01: VPN Server You need to ensure that VPN client computers are screened by network health policies. What action should you perform to complete the configuration? Select the best answer.

A. Configure VPN01 as a System Health Validator.

B. Configure VPN01 as a RADIUS server.

C. Configure VPN01 as a RADIUS client of WINNPS.

D. Configure VPN01 as a RADIUS client of HEALTH01.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=51

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 52

Your organization consists of an IP internetwork that is routed by a multihomed Windows

Server 2008 member server that is configured with the RRAS server role. You need to configure a persistent default route on the server from the command prompt that sends all default traffic out of the interface with IP address 192.168.1.1. What action should you perform? Select the best answer.

A. Issue the command route print 192.168.1.0 on the server.

B. Issue the command route -persistent 192.168.1.0 on the server.

C. Issue the command route -p add 0.0.0.0 mask 0.0.0.0 192.168.1.1 on the server.

D. Issue the command route -p add 255.255.255.255 mask 255.255.255.255

192.168.1.1 on the server.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=52

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 53

Your organization is planning to migrate from an IPv4 infrastructure to an IPv6 infrastructure.

Your manager is concerned about how IPv6 packets can be routed over the public Internet, especially to destinations that still use IPv4. What actions should you perform? Choose TWO.

(Each correct answer represents an independent solution.)

A. Deploy the Teredo transition technology in your network.

B. Deploy NAT in your network. 39

C. Deploy 6to4 technology in your network.

D. Deploy NPS in your network.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=53

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 54

Henry is the systems administrator for his company. The company has a total of 20 servers running Windows Server 2008 Enterprise and 100 workstations running Window Vista.

Although every machine on the network is running antivirus software, one of the users inadvertently downloaded a Trojan virus which spread through the network to one of the servers. After removing both the server and the workstation from the network, Henry runs a removal tool and is able to completely remove the virus from both machine Now, when either

machine is booted up, both of them have the Task Manager option disabled from the

Ctrl+Alt+Del screen. When Henry tries to run the Task Manager from Windows Explorer, it says that the Task Manager has been disabled by the administrator How can Henry re-enable the Task Manager for the server and the workstation? Select the best answer.

A. Henry must open the Local Computer Policy first from the command line. He then needs to go to Computer Configuration, Administrative Templates, System,

Ctrl+Alt+Del Options and disable the setting that states "Remove Task Manager".

B. Henry must open the Local Computer Policy first from the command line. He then needs to go to User Configuration, Windows Settings, System, Ctrl+Alt+Del and enable the setting that states "Enable Task Manager".

C. To re-enable the Task Manager, Henry must open the Local Computer Policy from the command line. Then, he needs to navigate to User Configuration, Administrative

Templates, System, Crtl+Alt+Del Options and disable the "Remove Task Manager" setting.

D. Henry must re-apply the latest service packs for both Windows Server 2008 and

Windows Vista for the Task Manager to be enabled.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=54

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 55

Your organization s single Active Directory domain consists of a mixed IPv4/IPv6 environment. All servers run Windows Server 2008, and all client workstations run Windows

Vista. You need to ping a file server named FS01.BIRCO.LAN that uses an IPv6 address.

What actions should you perform? Choose TWO. (Each correct answer represents an independent solution.) 40

A. Ping the site-local address of the server.

B. Ping the link-local address of the server.

C. Issue the command ping -426 fs01.birdco.com from your administrative workstation.

D. Issue the command ping -6 fs01.birdco.lan from your administrative workstation.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=55

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 56

You are the network administrator for your company, a large financial institution in Memphis.

You are getting ready to purchase three new servers that will be used to carry out financial audits at different banking locations. These servers will be placed in a large enclosed case with casters and wheeled into the different locations to perform the audits. When you get the servers, you will install Windows Server 2008 Enterprise on all of them. You thought about installing Core Server because of its inherent security, but you thought against it since it would be more difficult to work on the servers without a Windows interface. Since the servers will store sensitive information and will be mobile, you have decided to install BitLocker on all the servers for added security and protection when they are purchased. You really like the

BitLocker feature that prevents stolen hard drives from being used in other computers in order to steal data. What hardware feature must the servers come with so that they can implement the BitLocker technology which prevents hard drives from being used in other computers?

Select the best answer.

A. The servers must have Ultra Wide SCSI-3 support on their backplanes. This will ensure that BitLocker can communicate between the firmware and the MBR on the first hard drive of the server.

B. In order for the BitLocker software to check that the hard drives have not been tampered with or switched out, the servers must have DDR RAM installed. DDR RAM is necessary to keep up with the speed at which the firmware talks to the hard drives on boot.

C. An EPROM version 2.9 or later chip must be installed on the server motherboards.

The chip stores the OTP passwords used by BitLocker to verify firmware and hardware.

D. You must make sure that the new servers have a TPM version 1.2 or higher chip installed on the motherboards. This chip checks to make sure that the drive(s) have not been tampered with while the system is offline.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=56

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 57

Your organization consists of a single Active Directory domain named Birdco.com in which all servers run Windows Server 2008. Three of these servers, WSUS01, WSUS02 and WSUS03, are configured with Windows Server Update Services (WSUS). You need to configure WSUS such 41 that all computer groups and approvals are configured at WSUS01 and updates are copied to WSUS02 and WSUS03. What action should you perform? Select the best answer.

A. Configure WSUS02 and WSUS3 as upstream servers of WSUS01.

B. Configure WSUS02 and WSUS03 as downstream servers of WSUS01.

C. Configure WSUS02 and WSUS03 as replicas of WSUS01.

D. Configure WSUS01 as a disconnected server.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=57

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 58

Justin is the systems administrator for the University of Southwest Oklahoma. The university s network is a Windows Server 2008 Active Directory network. All network users are using

Microsoft Exchange 2007. Because of the sensitive information that users send back and forth in email, many Exchange users are utilizing S/MIME to encrypt their email. To accommodate

S/MIME, Justin has installed an Active Directory Certificate Server. The only problem is that there are many satellite schools associated with the university that need to use S/MIME as well. Instead of installing Certificate Authorities at all the satellite schools, Justin has decided to deploy online responders so clients can check certificate status through HTTP. Periodically,

Justin checks the IIS servers that are working as Online Responders to ensure that they are

working properly. From the servers log files, Justin can see that most of them are responding with cached answers since they are receiving so many requests. He can also see that requests are answered very quickly within a 120 second interval; then requests take longer to answer.

Justin knows that the online responders use ISAPI extension caching, but not in this manner.

What mechanism is caching responses for 120 seconds in order to answer requests quicker?

Select the best answer.

A. Network Load Balancing is being used by the online responders to route requests and cache responses to provide answers quicker.

B. The IIS HTTP.SYS library is what is being used to cache responses for 120 seconds.

The library file helps to cache responses in addition to the OCSP ISAPI extension caching.

C. The CACHING.XML file, which is installed by default with IIS, handles client requests quickly by caching responses for up to 120 seconds at a time.

D. The CACHING.SYS library file built into IIS is being used to cache responses for

120 seconds to respond to requests.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=58

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 59

You deploy a Windows Server 2008 public key infrastructure (PKI) and Network Access

Protection (NAP) on your domain. You discover that NAP policies are not affecting wireless clients. You need to ensure that all wireless clients are properly screened by health policy upon their initial association with a wireless access point. What actions should you perform?

Choose TWO (Each choice represents a part of a single solution.)

A. Verify that wireless client network connections are configured for 802.1X authentication.

B. Verify that wireless client network connections are configured to use a DHCP server.

C. Verify that DHCP enforcement is configured on your Windows Server 2008 network policy server.

D. Verify that 802.1X enforcement is configured on your Windows Server 2008 network policy server.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=59

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 60

Your company has recently increased in size, after acquiring another company twice the size.

You have been given the task to set up a cluster in the main datacenter. You have been given the scope of the project and decided that the cluster will have to consist of eight nodes for high availability. Which editions of Windows Server 2008 will not be suitable for the eight nodes in the cluster? (Choose all that apply.)

A. Windows Server 2008 Standard Edition

B. Windows Server 2008 Enterprise Edition

C. Windows Server 2008 Datacenter Edition

D. Windows Web Server 2008

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=60

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 61

You have been asked to install the first Windows Server 2008 server in the domain. This server will be for testing purposes, so you will use older hardware with minimum hardware requirements for Windows Server 2008. You have decided to install a 32-bit edition of Server

2008 Standard Edition. What is the minimum amount of disk space required to install the

Standard Edition of Server 2008?

A. 8 GB 43

B. 10 GB

C. 12 GB

D. 40 GB

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=61

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 62

You have recently been transferred to the DNS team at a large multinational company, and are working feverously learn about DNS. Lately you

� ve been working on the difference between clientto- server and server-to-server queries. Which of the following are true? (Select all that apply).

A. Client-to-server queries are all-or-nothing requests.

B. Client-to-server queries are also known as recursive queries.

C. Server-to-server queries ask for FQDN resolution.

D. Server-to-server queries ask for as much information as can be provided about the

FQDN.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=62

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 63

You are the DNS administrator for a mid-sized organization. As part of the uABCrade process, you put in a request to transition all DNS services to AD integrated zones. When your manager asks about the key features involved, what do you tell her? (Select all that apply).

A. You tell her that AD integrated zones are stored in Active Directory.

B. You tell her that all zone records are stored as AD objects and have object level security.

C. You tell her that it enables secure dynamic updates.

D. You tell her that replication is much more efficient and secure.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=63

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 64

The Web development team has requested that you implement a new Web server in a DMZ that will be used for presenting Web sites to customers. Which of the following is NOT a reason for using Windows Server 2008 Core Server?

A. A Core installation does not require a Windows Server 2008 license.

B. A Core installation does not provide GUIs, which limits console access.

C. Core Server installs fewer services than a full installation of Windows Server 2008.

44

D. Core Server uses fewer resources than a full installation of Windows Server 2008.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=64

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 65

You have a Windows Server 2003 R2 domain currently running in your organization. You would like to install a read-only domain controller into your Directory Services structure, but you do not want to completely uABCrade your domain to Windows Server 2008 Directory

Services just yet. What do you need to do in order to add an RODC?

A. Change the domain functional level to Windows Server 2008 mixed mode.

B. Change the forest functional level to Windows Server 2008 mixed mode.

C. Run adprep on a Windows Server 2003 R2 domain controller.

D. An RODC cannot be added until the entire domain is a Windows Server 2008

Directory Services domain.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=65

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 66

You are engaged in an exercise that is meant to demonstrate the Public-Key Cryptography

Standards (PKCS) used in modern encryption. You arrive at a portion of the exercise which outlines the encryption of data using the RSA algorithm. Which of the following PKCS does this exercise address?

A. PKCS #5

B. PKCS #1

C. PKCS #8

D. PKCS #9

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=66

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 67

You are the administrator of your company

� s Windows Server 2008-based network and are attempting to enroll a smart card and configure it at an enrollment station. Which of the following certificates must be requested in order to accomplish this action?

A. A machine certificate. 45

B. An application certificate.

C. A user certificate.

D. All of the above

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=67

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 68

You are the domain administrator for your company. Your network consists of multiple DCs at multiple sites. A DC at your local site is having problems with replicating. You need to know when this DC last attempted to perform an inbound replication on the Active Directory partitions. How would you accomplish this?

A. Open a command prompt on the DC and run ntdsutil

B. Open a command prompt on the DC and run repadmin /replicate

C. Open a command prompt on the DC and run repadmin /rodcpwdrepl

D. Open a command prompt on the DC and run repadmin /showrepl

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=68

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 69

You are the domain administrator for your company. At your site you have a single DC that also acts as an application server. From 10:00 a.m. to 4:00 p.m., users complain about slow logons to the network and that accessing resources from this DC is incredibly slow during most of the workday. You log on to the DC, pull up the Task Manager, and notice that a process called CustApp.exe is using just more than 90% of the CPU cycles. The application must remain running during the day, but you also need to resolve the slow logon issues. There is no money in the budget for additional hardware. What is the best way to handle this situation?

A. Go into the Windows System Resource Manager on the DC, and create a new recurring calendar event to start at 8:00 a.m. and end at 5:00 p.m. daily. Associate the event with the Equal_ Per_ Process policy.

B. Go into the Task Manager and into the Processes tab. Find CustApp.exe and set the priority to Below Normal.

C. Go into the Task Manager and into the Process tab. Find CustApp.exe and end the process.

D. Purchase a second server to run only the CustApp.exe application

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=69

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 70

The CIO has asked you to configure a GPO that will ensure that antivirus software is installed on every computer in the company. You are the most senior administrator in the company and have full access to every computer, and to Active Directory. Your company has a single domain and site. Which one of the following actions do you take?

A. You configure a GPO at the domain level, and publish the application to all computers.

B. You configure a GPO at the site level, and assign the application to all computers.

C. You create a GPO with the required settings and link it into all OUs that have computer accounts in it. You set the options to assign the application to computers.

D. You tell him it cannot be done.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=70

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 71

You

� ve just taken over the domain-level administration for a mid-size company. The previous administrator did not use group policy software deployment. You have just configured and tested your first published application to users. The application was designed to be used by all users in the accounting department. You created the software distribution point and copied the installation files over to it. You then created the GPO and linked it to the AcctgUsers OU, which contains all user accounts for the department. When the users log on to their computers, the application is visible in Control Panel | Add or Remove Programs, but when users attempt the installation it fails. When you log on from a computer in accounting, you are able to access the installation files and run them manually. Which one of the following is most likely the problem?

A. The application files are corrupt.

B. The permissions on the software distribution point are configured incorrectly.

C. The GPO is corrupt.

D. The GPO is linked to the wrong place within Active Directory.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=71

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 72

Your company, mycompany.com, is merging with the yourcompany.com company. The details of the merger are not yet complete. You need to gain access to the resources in the

yourcompany.com company before the merger is completed. What type of trust relationship should you create?

A. Forest trust

B. Shortcut trust 47

C. External trust

D. Tree Root trust

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=72

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 73

You recently completed a merger with yourcompany.com. Corporate decisions have been made to keep the integrity of both of the original companies; however, management has decided to centralize the IT departments. You are now responsible for ensuring that users in both companies have access to the resources in the other company. What type of trust should you create to solve the requirements?

A. Forest trust

B. Shortcut trust

C. External trust

D. Tree root trust

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=73

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 74

You need to set up a network in the lab for a training class. You want to isolate the lab network from the rest of the corporate network so students don

� t inadvertently do something that takes the entire network down. What IP addressing method would you use?

A. Private network addressing

B. Public network addressing

C. Network Address Translation

D. Subnet isolation through subnet mask

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=74

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 75

You have a growing network that originally was configured using the private Class C address space. However, you

� re now about to grow beyond the maximum number of devices and need to expand but you don

� t anticipate needing more than a total of 290 addresses. What action would you take to solve this problem that would create the least disruption to your network?

A. Install a router. Create two new scopes on your DHCP Server and reassign IP addresses. 48

B. Change the default subnet mask to 255.255.252.0.

C. Change the IP addressing scheme from Class C to Class

B.

D. Assign new computers on the network IP addresses from the existing address pool.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=75

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 76

You are asked by your employer to set up a LAN using Windows 2008 Server RRAS. Which of these types of routing algorithms or protocols cannot be used to organize the signal flow between the devices in the network, according to the supported Windows Server 2008 features?

A. RIP

B. RIP2

C. OSPF

D. None of the Above

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=76

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 77

You are working with a server running the RRAS that is configured for the Windows authentication provider. You have administered several policies from RRAS to the server.

Which of the following connection settings cannot be validated before authorization occurs by the policies you set up?

A. Advanced conditions such as access server identity, access client phone number, or

MAC address.

B. Remote access permission.

C. Whether user account dial-in properties are ignored.

D. None of the above.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=77

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 78

The NAP Health Policy Server is responsible for storing health requirement policies and provides health state validation for the NAP Infrastructure. What Windows Server 2008 roles have to be installed for the NAP Health Policy Server to be configured?

A. Active Directory Domain Role

B. NPS Server Role 49

C. NAP Server Role

D. DHCP Server Role

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=78

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 79

You have decided to implement NAP into your existing network. During the design, you need to make a decision as to how the Restricted Network will be secured from the Remediation

Network. Given the options below, which one(s) would work in this scenario?

A. Use IPsec with Health Certificates

B. Use a secondary switch to split the networks

C. Use IP packet filters

D. Use VLANs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=79

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 80

Yancey is the systems administrator for his company. The entire company s network consists of one 2008 Active Directory domain, with 20 servers running Windows Server 2008, and 250 workstations running Windows Vista. Of the 20 servers, 4 of them hold the operations master roles. SVR1 holds the schema master and domain naming master role. SVR2 holds the RID master role. SVR3 holds the infrastructure master role. SVR4 holds the PDC emulator role.

One of Yancey s junior administrators is planning to take SVR2 down for maintenance over a two day span. During that same time, another junior administrator is scheduled to add a number of user accounts to the domain for recently hired employees. Yancey needs to make sure that the junior administrator can add user accounts to the domain while SVR2 is down and also that user account creation will be possible after SVR2 is brought back online. What does

Yancey need to do to accomplish this? Choose TWO.

A. He needs to use Ntdsutil to connect to SVR1.

B. He needs to transfer the RID master role from SVR2 to SVR1.

C. He needs to seize the RID master role from SVR2.

D. He needs to use Ntdsutil to connect to SVR2.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=80

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 81

You are the network administrator for your company. The network contains a single Windows

2008 Active Directory domain. A Windows Server 2008 computer named Remote1 is a member server with Routing and Remote Access installed. Remote1 allows both dial-up and virtual private network (VPN) connections. Smart cards are issued to all users who will access the network remotely. The smart cards will be used for both dial-up and VPN connections. All

users who will access the network remotely are issued Windows 2000 Professional portable computers with smart card readers. The written security policy for your company states that the users are required to use the smart cards only when connecting to the network remotely.

When connecting to the network locally, smart cards should not be used. You must implement a remote access solution that will enforce the written security policy. What should you do?

A. In the Active Directory Users and Computers console, enable the Smart card is required for interactive logon option for each user account that will access the network remotely.

B. Install a computer certificate on Remote1. Configure the remote access policy on

Remote1 to accept only EAP-TLS authentication. Use the Remote1 computer certificate for authentication.

C. Install a computer certificate on Remote1. Configure the remote access policy on

Remote1 to accept only EAP-MD5 authentication. Use the Remote1 computer certificate for authentication.

D. Install a computer certificate on each computer. Configure the remote access policy on Remote1 to accept only EAP-TLS authentication. Use the computer certificate for authentication.

E. Install a computer certificate on each computer. Configure the remote access policy on Remote1 to accept only EAP-MD5 authentication. Use the computer certificate for authentication.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=81

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 82

You are the systems administrator for your company. The network contains an Active

Directory Lightweight Directory Services (AD LDS) server that runs Windows Server 2008.

The AD LDS server provides directory services to various applications. You are required to manage AD LDS directories. Which three tools can you use? (Each correct answer presents a complete solution. Choose three.)

A. Dsamain.exe

B. Active Directory Sites and Services 51

C. LDP.exe

D. ADSI Edit

E. Active Directory Users and Computers

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=82

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 83

You are the systems administrator for your company, a plastic container manufacturer and distributor. The company s network consists of a single Active Directory forest. The network contains an Internet Information Services (IIS) server that hosts a Web application that allows users to purchase your company s products online. Your company has a partner organization, a

graphic design firm that designs your company s products. The partner company has its own

Active Directory forest. You are required to enable users in the partner organization to access your Web application without being prompted for secondary credentials. Which Windows

Server 2008 server role should you install in your network to provide Web-based Single-Sign-

On (SSO) capabilities to users in the partner organization?

A. Active Directory Rights Management Services (AD RMS)

B. Active Directory Federation Services (AD FS)

C. Active Directory Lightweight Directory Services (AD LDS)

D. Active Directory Directory Services (AD DS)

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=83

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 84

You are the network administrator for your company. All servers on the company s network run Windows Server 2008. You are required to install a Dynamic Host Configuration Protocol

(DHCP) server on the network to enable client computers on the network to obtain IP address automatically from the DHCP server. You want to ensure that when you install the DHCP server, the server is automatically authorized. What should you do?

A. Install the DHCP server on a server that is member of the domain.

B. Install the DHCP server on a stand-alone server.

C. Install the DHCP server on the domain controller.

D. Install the DHCP server on a member server and the DHCP Relay Agent on the domain controller. 52

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=84

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 85

You are the systems administrator for your company. The company s network consists of a single Active Directory domain. All domain controllers run Windows Server 2008, and all client computers run Windows Vista. You have a public key infrastructure that has a subordinate enterprise Certification Authority (CA), which issues certificates on behalf of the root CA. You have a certificate template that allows users to autoenroll, and a group policy object that distributes the certificates to users. All users are able to automatically obtain certificates. You now want routers and other network devices are able to obtain certificates from the CA. What should you do?

A. Assign the routers and network devices the Autoenroll permission in a certificate template.

B. Change the Publish Delta CRL to 1 hour so expired certificates for routers and network devices are published in Active Directory.

C. Install the Online Certificate Status Protocol (OCSP) role service for AD CS.

D. Install the Microsoft Simple Certificate Enrollment Protocol (MSCEP) role service for AD CS.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-648&qno=85

-------------------------------------------------------------------------------------------------------------------------------------

TwPass Certification Exam Features;

TwPass offers over

2500

Certification exams for professionals.

More than

98,800

Satisfied Customers Worldwide.

Average

99.8%

Success Rate.

Over

120

Global Certification Vendors Covered.

Services of Professional & Certified Experts available via support.

Free 90 days updates to match real exam scenarios.

Instant Download Access!

No Setup required.

Price as low as $19, which is 80% more cost effective than others.

Verified answers researched by industry experts.

Study Material

updated

on regular basis.

Questions / Answers are downloadable in

PDF

format.

Mobile Device Supported (Android, iPhone, iPod, iPad)

-

No authorization

code required to open exam.

-

Portable

anywhere.

-

Guaranteed Success

.

-

Fast

, helpful support 24x7.

View list of All Exams (AE);

http://www.twpass.com/twpass.com/vendors.aspx

Download Any Certication Exam DEMO.

http://www.twpass.com/twpass.com/vendors.aspx

To purchase Full version of exam click below; http://www.TwPass.com/

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement