Online Access Free 070-646 Exam Questions
| Exam Code: | 070-646 |
| Exam Name: | Windows Server 2008, Server Administrator |
| Certification Provider: | Microsoft |
| Free Question Number: | 266 |
| Posted: | May 25, 2026 |
Your network consists of a single Active Directory domain.
The functional level of the domain is Windows Server 2008 R2. All domain controllers run Windows Server 2008 R2.
A corporate policy requires that the users from the research department have higher levels of account and password security than other users in the domain.
You need to recommend a solution that meets the requirements of the corporate policy. Your solution must minimize hardware and software costs.
What should you recommend?
Testlet: Graphic Design Institute, Case B
You need to plan a scheduled daily backup of all files on TADC01.
Which tools could you use? (Choose all that apply.)
Case Study Title (Case Study): General Background
You are the systems administrator for the Graphic Design Institute (GDI). GDI is a private liberal arts and technical college with campuses in multiple cities.
Technical Background
The campus locations, users, client computers, and servers are described in the following table.
The campuses are connected by a fully meshed WAN.
The corporate network includes Active Directory Domain Services (AD DS). Domain controllers are located on each campus.
GDI uses Microsoft Windows Deployment Server (WDS) to distribute images by using Preboot Execution Environment (PXE). GDI builds images by using the Windows Automated Installation Kit (WAIK).
GDI uses Microsoft Windows Server Update Services (WSUS) to distribute and manage Windows security updates and software updates.
All private client computers and portable computers used by faculty and staff are members of the WSUS computer group named Staff. All shared client computers are members of the WSUS computer group named LabComputers. All faculty and staff users are members of the global security group named GDI_Staff. All students are members of the global security group named GDI_Students.
Specific servers are configured as shown in the following table.
The main data center is located on the Boston campus. ADMX and ADML files are centrally stored on BODC01.
All Charlotte servers reside in the CH_Servers organizational unit (OU). CHDATA01, CHDATA02, CHDATA03, and CHDATA04 reside in the CH_FileServers OU. CH_FileServers is a child OU of CH_Servers.
A Group Policy object (GPO) named ServerSettings applies Windows Internet Explorer settings to all servers.
Business Requirements
After successful migrations to Windows Server 2008 R2 in Boston, New Haven, and Tacoma, GDI plans to migrate its other campuses to Windows Server 2008 R2 in advance of a full Windows 7 client computer deployment.
Server deployment on the Austin campus must be performed on weekends by using scheduled deployments.
The post-migration environment must meet the following business requirements:
Maximize security.
Maximize data protection.
Maximize existing resources.
Minimize downtime.
Technical Requirements
The post-migration environment must meet the following security requirements:
All updates must be distributed by using WSUS.
All critical updates must be installed as soon as possible.
All drives on the Minneapolis campus servers must have Windows BitLocker Drive Encryption enabled. The post-migration environment must meet the following data protection requirements:
All servers must have automated backup routines.
All backups must be replicated to the Boston data center at the end of each business week. The post-migration environment must meet the following resource requirements:
Installations and recovery must be performed remotely.
All department volumes on file servers must have NTFS quotas.
Minimize download time for users who open Microsoft Office documents over the WAN.
Ensure that users' files are always opened from the closest file server when available.
Users' files must be accessible by the same path from all campuses.
Testlet: Lucerne Publishing
You need to recommend a solution for starting the servers in the San Francisco office from Windows Recovery Environment (Windows RE). The solution must meet the company's security requirements.
What should you include in the recommendation?
Case Study Title (Case Study): COMPANY OVERVIEW Overview
Lucerne Publishing is a large publishing company that produces both traditional books and e- books.
Physical Location
The company has a main office and a branch office. The main office is located in New York. The branch office is located in San Francisco. The main office has a satellite office located in Boston. The company has 7,500 users.
EXISTING ENVIRONMENT Active Directory Environment
The network contains an Active Directory forest. The forest contains a single domain named lucernepublishing.com.
Network Infrastructure
Client computers in the New York office and the San Francisco office run either Windows Vista or Windows XP. All client computers in the Boston office run Windows 7.
The company has a finance department. All of the client computers in the finance department run Windows XP. The finance department uses an application named App1. App1 only runs on Windows XP.
The relevant servers in the New York office are configured as shown in the following table.
The servers have the following configurations:
Remote Desktop is enabled on all servers.
The passwords for all service accounts are set to never expire.
Server1 stores roaming user profiles for users in the Boston office.
SQL1 and SQL2 are deployed in a two-node failover cluster named Cluster1.
All servers have Pre-Boot Execution Environment (PXE)-compliant network adapters.
The servers in the San Francisco office contain neither a recovery partition nor optical media drives.
DFS1 and DFS2 are members of the same DFS Replication group. The DFS namespace is configured
to use Windows 2000 Server mode. The Boston office has no servers. The Boston office connects to the New York office by using a dedicated hardware VPN device.
The finance department publishes monthly forecast reports that are stored in DFS.
REQUIREMENTS Business Goals
Lucerne Publishing must minimize administrative costs, hardware costs, software costs, and development costs, whenever possible.
Planned Changes
All client computers will be upgraded to Windows 7.
A VPN server will be deployed in the main office. All VPN clients must have the latest Windows updates before they can access the internal network.
You plan to deploy a server that has the Remote Desktop Gateway (RD Gateway) role service installed.
Technical Requirements
Lucerne Publishing must meet the following technical requirements:
Upgrade all client computers to Windows 7.
Minimize Group Policy-related replication traffic.
Ensure that App1 can be used from client computers that run Windows 7.
Ensure that users can use App1 when they are disconnected from the network.
Ensure that you can perform a bare metal recovery of the servers in the San Francisco office.
Minimize the amount of time it takes users in the Boston office to log on to their client computers.
Ensure that domain administrators can connect remotely to all computers in the domain through RD
Gateway.
Ensure that file server administrators can access DFS servers and file servers through the RD Gateway.
Prevent file server administrators from accessing other servers through the RD Gateway.
Security Requirements
Lucerne Publishing must meet the following security requirements:
USB storage devices must not be used on any servers.
The passwords for all user accounts must be changed every 60 days.
Users must only be able to modify the financial forecast reports on DFS1. DFS2 must contain a read-only copy of the financial forecast reports.
All operating system drives on client computers that run Windows 7 must be encrypted.
Only approved USB storage devices must be used on client computers that run Windows 7.
Testlet: Litware, Inc
You need to recommend a strategy for managing Windows Firewall that meets the company's technical requirements.
What should you include in the recommendation?
Case Study Title (Case Study): COMPANY OVERVIEW
Litware, Inc. is a manufacturing company that has a main office and two branch office.
The main office is located in Montreal. The branch offices are located in Seattle and New York.
The main office has 4,000 users. The branch offices each have 500 users.
PLANNED CHANGES
Litware plans to open a new sales office. The sales office will have a direct connection to the Internet. The sales office will have a single server.
The sales office requires a connection to the Montreal office. The connection to the Montreal office must use either TCP port 80 or TCP port 443.
The network currently contains a Fibre Channel Storage Area Network (SAN). A new iSCSI SAN will be implemented during the next month. The current SAN and the new SAN are from different manufacturers. Both SANs use a virtual disk service (VDS) interface.
EXISTING ENVIRONMENT
All servers run Windows Server 2008 R2. All client computers run Windows 7 Enterprise.
The main office has a single DHCP server. The IP addresses for all of the client computers must be assigned from the DHCP server.
All software is installed from a central software distribution point in the main office. Software deployments for the branch offices frequently fail due to bandwidth limitations.
Existing Active Directory/Directory Services
The network contains a single Active Directory domain named litwareinc.com. Each office has two domain controllers.
Current Administration Model
Currently, all help desk users have full administrator rights to the servers. The help desk users use Remote Desktop to log on to the servers and perform tasks such as managing Active Directory user accounts and creating DHCP reservations.
TECHNICAL REQUIREMENTS
Windows Firewall must be managed by using the minimum amount of administrative effort. Windows Firewall configurations must be duplicated easily between servers that have the same server role.
Litware must centralize the monitoring of critical system events. The monitoring solution must use the existing infrastructure.
Litware plans to prevent help desk users from interactively logging on to servers. Help desk users must not have full administrator rights to the servers.
The software deployment process must be updated to meet the following requirements:
Application source files must be centrally managed.
Software deployments to the offices in Seattle and New York must remain unaffected if a WAN link fails. The SANs must be administered by using a single tool.
Testlet: Tailspin Toys
You need to recommend a solution to meet the certificate distribution requirements.
What should you recommend?
Case Study Title (Case Study): General Background
You are the Windows Server Administrator for Tailspin Toys. Tailspin Toys has a main office and a manufacturing office.
Tailspin Toys recently acquired Wingtip Toys and is in the beginning stages of Merging the IT environments. Wingtip Toys has a main office and a sales office.
Technical Background
The companies use the network subnets indicated in the following table: The Tailspin Toys network and the Wingtip Toys are connected by a point-to-point dedicated 45 Mbps circuit that terminates in the main offices.
The current Tailspin Toys server topology is shown in the following table:
The Tailspin Toys environment has the following characteristics: All servers are joined to the tailspintoys.com domain. In the Default Domain Policy, the Retain old events Group Policy setting is enabled. An Active Directory security group named "Windows System Administrators" is used to control all files and folders on TT-PRINT01. A Tailspin Toys administrator named Marx has been delegated rights to multiple Organizational Units (OUs) and object in the tailspintoys.com domain. Tailspin Toys developers use Hyper-V Virtual Machines (VM's) for development. There are 10 development VM's named TT-DEV01 to TT-DEV20.
The current Wingtip Toys server topology is shown in the following table: All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
All domain zones must be stored as Active Directory-integrated zones.
Only DNS servers located in the Tailspin Toys main offices may communicate with the DNS servers at Wingtip Toys.
Only DNS servers located in the Wingtip Toys main offices may communicate with the DNS servers at Tailspin Toys
All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
All wingtiptoys.com resources must be resolved from the Tailspin toys offices.
Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met: Tailspin Toys IT security administrators must be able to create, modify and delete user objects in the wingtip.com domain.
Members of the Domain Admins Group in the tailspintoys.com domain must have full access to the wingtiptoys.com Active Directory environment.
A delegation policy must grant minimum access rights and simplify the process of delegating rights.
Minimum permissions must always be delegated to ensure that the least privilege is granted for a job task.
Members of the TAILSPINTOYS\Helpdesk group must be able to update drivers and add printer ports on TT-PRINT01.
Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print job on TT-PRINT01.
Tailspin Toys developers must be able to start, stop and apply snapshots to their development VM's.
IT Security
Server security must be automated to ensure that newly deployed servers automatically have the same security configurations as existing servers.
Auditing must be configured to ensure that the deletion of users objects and OUs is logged.
Microsoft Word and Microsoft Excel files must be automatically encrypted when uploaded to the
Confidential documents library on the Tailspin Toys Microsoft SharePoint site.
Multi factor authentication must control access to Tailspin Toys domain controllers.
All file and folder auditing must capture the reason for access.
All folder auditing must capture all delete actions for all existing folders and newly created folders.
New events must be written to the Security event log in the tailspintoys.com domain and retained
indefinitely.
Drive X:\ on the TT-FILE01 must be encrypted by using Windows BitLocker Drive Encryption and must be automatically unlock.