Learn About Windows Server 2008, Enterprise Administrator
By Certification Magazine —
1 | 2 | 3 | The following are questions from MeasureUp Practice Test for the Microsoft IT Professional exam 70-647: Windows Server 2008, Enterprise Administrator
Objective: Plan network and application services.
Sub-objective: Design for network access.
Single answer, multiple choice
Your network is configured as an Active Directory domain. The network is protected from the Internet by a perimeter network. There are two Web servers deployed in the perimeter network. Both Web servers support Secure Sockets Layer (SSL) connections.
You deploy a computer running Microsoft Windows Server 2008 and configure the computer to support Routing and Remote Access Service (RRAS). You need to configure the server to support incoming virtual private network (VPN) connections. Changes to perimeter network firewalls must be kept to a minimum. Communication between the remote client and RRAS server must be encrypted. What should you do?
A. Use SSTP for client connections.
B. Use PPTP for client connections.
C. Use L2TP/IPSec for client connections.
D. Use RDP for client connections.
Answer:
A
Tutorial:
You should use Secure Sockets Transport Protocol (SSTP) for client connections. SSTP provides a secure connection. SSTP support was introduced with Windows Server 2008. Communication between the client and RRAS server are encrypted. The connection uses port 443, the same port as SSL, so you do not have to change the firewall configuration.
You should not use Point-to-Point Tunneling Protocol (PPTP). PPTP does not, in itself, provide for encryption. It would also require you to open an additional port in the perimeter firewall.
You should not use Layer 2 Tunneling Protocol with IP Security (L2TP/IPSec). This connection type provides encryption, but it would require you to open an additional port in the perimeter firewall.
You should not use Remote Desktop Protocol (RDP) for the connection. RDP is not used for VPN connections. It would also require you to open an additional port in the perimeter firewall.
References:
What's New in Routing and Remote Access
Windows Server 2008 Technical Library
http://technet2.microsoft.com/windowsserver2008/en/library/62736172-aa83-43ba-a844-f1c548f5a4ac1033.mspx
SSTP Remote Access Step-by-Step Guide: Deployment
Windows Server 2008 Technical Library
http://technet2.microsoft.com/windowsserver2008/en/library/9f69d438-2723-4e15-836f-8e58ef2827141033.mspx
How to configure a Secure Socket Tunneling Protocol (SSTP)-based VPN server behind a NAT device in Windows Server 2008
Microsoft TechNet
http://support.microsoft.com/kb/947032
Objective: Plan network and application services.
Sub-objective: Plan for name resolution and IP addressing.
Single answer, multiple-choice
Your network has two forests: stayandsleep.com and bcdtrain.com. App1 is a server in the stayandsleep.com domain. WinSrv is a server running Windows Internet Name Service (WINS) and is located in the stayandsleep.com domain. DC.stayandsleep.com and DC.bcdtrain.com host the Domain Name System (DNS) and Active Directory Domain Services (AD DS) roles and are configured with an Active Directory-Integrated zone for their own domains. Both domain controllers run Windows Server 2008.
You plan to decommission WinSrv. Client applications on computers in both stayandsleep.com and bcdtrain.com need to be able to resolve App1 using single-label name resolution. What should you do?
A. On DC.bcdtrain.com, configure DC.stayandsleep.com as a conditional forwarder.
B. On DC.stayandsleep.com, configure DC.bcdtrain.com as a forwarder.
C. Create a GlobalNames zone on DC.stayandsleep.com. Add a SRV record to DC.bcdtrain.com identifying DC.stayandsleep.com as the GlobalNames zone host.
D. Create a GlobalNames zone on DC.stayandsleep.com. Add DC.stayandsleep.com to root hints on DC.bcdtrain.com.
Answer:
C
Tutorial:
You should create a GlobalNames zone on DC.stayandsleep.com and add a SRV record to DC.bcdtrain.com identifying DC.stayandsleep.com as the GlobalNames zone host. Windows Server 2008 allows you to create a GlobalNames zone to allow single-label name resolution. If you need to resolve the name between forests, you will also need to add a Service Location (SRV) record to the DNS server in the forest that does not contain the GlobalNames zone so that the DNS server will know how to locate the GlobalNames zone.
You should not configure DC.stayandsleep.com as a conditional forwarder on DC.bcdtrain.com. A conditional forwarder is one that forwards requests for resources in a specific zone. In this case, you need to support single-label name resolution so the zone will not be known.
You should not configure DC.bcdtrain.com as a forwarder on DC.stayandsleep.com. The forwarder is the DNS server that receives requests for names that cannot be resolved by the DNS server that initially receives the request. If you configure DC.bcdtrain.com as a forwarder, DC.stayandsleep.com will forward requests for resources it cannot resolve to DC.bcdtrain.com. DC.bcdtrain.com will not be able to resolve the single-label name, so name resolution will fail.
You should not create a GlobalNames zone on DC.stayandsleep.com and add DC.stayandsleep.com to root hints on DC.bcdtrain.com. The root hints file is used to locate domain controllers to resolve fully qualified names outside the hosted zone when there are no forwarders. You cannot identify a DNS server that can resolve a single-label name by using root hints.
Reference:
DNS Server Role
Windows Server 2008 Technical Library
http://technet2.microsoft.com/windowsserver2008/en/library/533a1cfc-5173-4248-914c-433bd018f66d1033.mspx?mfr=true
Objective: Design core identity and access management components.
Sub-objective: Design the Active Directory physical topology.
Single answer, multiple-choice
Your network is configured as two Active Directory domains: stayandsleep.com and branch.stayandsleep.com. There are currently two sites: Corp and BranchA.
Your company is opening a second branch office. The branch office will support 200 users. Three file servers and a server running Microsoft Exchange 2007 will be installed at the branch office. All computers at the branch office will be members of the branch.stayandsleep.com domain. The new branch office connects to the corporate office through a demand-dial connection.
You plan to deploy a single domain controller in the new branch office. You need to determine how that domain controller should be configured. Your solution should require the least amount of server resources. What should you do?
A. Install a Read Only Domain Controller (RODC) and add the Global Catalog server role.
B. Install a Server Core installation. Install AD DS and add the Global Catalog server role.
C. Install a Server Core installation. Install AD DS and enable universal group membership caching.
D. Install a Read Only Domain Controller (RODC) and enable universal group membership caching.
