Get Familiar With Windows Server 2008, Server Administrator

These questions are based on 70-646: PRO: Windows Server 2008, Server Administrator
Self Test Software Practice Test

Objective: Plan for server deployment.
Sub-objective: Plan server installations and upgrades.

Single answer, multiple-choice

You are a server administrator for your organization. Your organization has a main office in Sydney and a branch office in Melbourne. You have deployed Windows Server 2008 on all servers in both offices. You also used Server Manager to install BitLocker on a Windows Server 2008 server in the branch office to encrypt data that will be used by various applications.

Your organization wants you to manage the BitLocker encryption from the main office rather than traveling to the branch office. How can you enable this functionality?
 
A.    Run the ServerManagerCmd -install BitLocker command.
B.    Run the ServerManagerCmd -resultPath <result.xml> command.
C.    Run the ServerManagerCmd -install RSAT-BitLocker command.
D.    Run the Scwcmd command.
 
Answer:
C. Run the ServerManagerCmd -install RSAT-BitLocker command.
 
Tutorial:
You should run the ServerManagerCmd -install RSAT-BitLocker command to enable you to manage the BitLocker encryption from the main office. This command will install BitLocker-RemoteAdminTool that is required for BitLocker remote management. This tool contains the manage-bde.wsf script and the associated .ini file. The manage-bde.wsf script is a command-line utility that controls all aspects of BitLocker locally or remotely. You can install the remote management feature of BitLocker on any Windows Server 2008 server without enabling BitLocker on the management server.

You should not use the ServerManagerCmd -install BitLocker command to manage the BitLocker encryption from the main office. This command will install BitLocker on a Windows Server 2008 server. In this scenario, you want to manage the BitLocker encryption for the branch office from the main office. Therefore, you should run the ServerManagerCmd -install RSAT-BitLocker command or the manage-bde.wsf script file to install the remote management feature of BitLocker.

You should not run the ServerManagerCmd -resultPath <result.xml> command to manage the BitLocker encryption for the branch office from the main office. The -resultPath parameter is used with the -install and -remove commands to specify an .xml file, to which the results of the removal or installation should be saved. The complete syntax of this command is ServerManagerCmd -install <ID> -resultPath <result.xml> for an installation or ServerManagerCmd -remove <ID> -resultPath <result.xml> for a removal.

You should not use the Scwcmd command to manage the BitLocker encryption for the branch office from the main office. This tool allows you to create security policies. Using this command-line tool, you can roll back or apply the policy to one or more Windows Server 2008 servers. This tool does not provide any method to manage BitLocker encryption remotely.
 
Reference:

Windows Server 2008 Technical Library > Featured Resources > Changes in Functionality from Windows Server 2003 with SP1 to Windows Server 2008 > Security Features > BitLocker Drive Encryption

 

Objective: Plan for server management.
Sub-objective: Plan for delegated administration.

Multiple answer, multiple-choice

You are the enterprise administrator for your company. Your company has a single forest with two trees that have three domains each. Each domain within the verigon.com tree contains three file servers named dc1, dc2 and dc3.

You want a set of technical support people from verigon.com, east.verigon.com, west.verigon.com, nutex.com, east.nutex.com and west.nutex.com to be able to do the following on the file servers in each domain:

•    Back up and restore data on each file server.
•    Format the hard disk.

What should you do? (Choose all that apply. Each correct answer presents part of the solution.)
 
A.    Create a global group called SrvAdmins in each domain of the verigon.com tree and in each domain of the nutex.com tree.
B.    Create a local group called SrvAdmins in each domain of the verigon.com tree and in each domain of the nutex.com tree.
C.    Create a universal group called NutexSrvAdmins that contains the SrvAdmins group in each domain of the nutex.com tree group.
D.    Create a universal group called VerigonSrvAdmins that contains the SrvAdmins group in each domain of the verigon.com tree group.
E.    Add the NutexSrvAdmins and VerigonSrvAdmins groups as members of the Server Operators group on dc1, dc2 and dc3 in each domain of the verigon.com tree.
F.    Add the NutexSrvAdmins and VerigonSrvAdmins groups as members of the Backup Operators group on dc1, dc2 and dc3 in each domain of the verigon.com tree.
G.    Add the NutexSrvAdmins and VerigonSrvAdmins groups as members of the Account Operators group on dc1, dc2 and dc3 in each domain of the verigon.com tree.
 
Answers:
A. Create a global group called SrvAdmins in each domain of the verigon.com tree and in each domain of the nutex.com tree.
C. Create a universal group called NutexSrvAdmins that contains the SrvAdmins group in each domain of the nutex.com tree group.
D. Create a universal group called VerigonSrvAdmins that contains the SrvAdmins group in each domain of the verigon.com tree group.
E. Add the NutexSrvAdmins and VerigonSrvAdmins groups as members of the Server Operators group on dc1, dc2 and dc3 in each domain of the verigon.com tree.
 
Tutorial:
You should do the following:
 
•    Create a global group called SrvAdmins in each domain of the verigon.com tree and in each domain of the nutex.com tree.
•    Create a universal group called NutexSrvAdmins that contains the SrvAdmins in each domain of the nutex.com tree group.
•    Create a universal group called VerigonSrvAdmins that contains the SrvAdmins in each domain of the verigon.com tree group.
•    Add the NutexSrvAdmins and VerigonSrvAdmins group as a member of the Server Operators group on dc1, dc2 and dc3 in each domain of the verigon.com tree.

You should create a global group called SrvAdmins in each domain of the verigon.com tree and in each domain of the nutex.com tree. A global group can contain accounts from the same domain as the global group, and it can contain other global groups from the same domain, but not global groups from different domains.

Each domain in the verigon.com tree should have a SrvAdmins global group. Each SrvAdmins global group should contain users from its own domain. In this scenario, you should add users from the west.verigon.com domain to the SrvAdmins global group in the west.verigon.com domain, users from the east.verigon.com domain to the SrvAdmins global group in the east.verigon.com domain and users from the verigon.com domain to the SrvAdmins global group in the verigon.com domain.

You should create a universal group called VerigonSrvAdmins that contains the SrvAdmins in each domain of the verigon.com tree group and create a universal group called VerigonSrvAdmins that contains the SrvAdmins in each domain of the verigon.com tree group. A universal group can contain accounts from any domain within the forest in which this universal group resides, global groups from any domain within the forest in which this universal group resides and universal groups from any domain within the forest in which this universal group resides.

In this scenario, you should add the SrvAdmins global group from the verigon.com, east.verigon.com and west.verigon.com domains to the NutexSrvAdmins universal group. The NutexSrvAdmins universal group can contain global groups from any domain. You can ease administration by grouping global groups in a tree into one universal group in the root domain of that tree.

You should create a universal group called NutexSrvAdmins that contains the SrvAdmins in each domain of the nutex.com tree group and create a universal group called VerigonSrvAdmins that contains the SrvAdmins in each domain of the nutex.com tree group. A universal group can contain accounts from any domain within the forest in which this universal group resides, global groups from any domain within the forest in which this universal group resides and universal groups from any domain within the forest in which this universal group resides.

In this scenario, you should add the SrvAdmins global group from the nutex.com, east.nutex.com and west.nutex.com domains to the NutexSrvAdmins universal group. The NutexSrvAdmins universal group can contain global groups from any domain. You can ease administration by grouping global groups in a tree into one universal group in the root domain of that tree.

You should add the NutexSrvAdmins and VerigonSrvAdmins group as a member of the Server Operators group on dc1, dc2 and dc3 in each domain of the verigon.com tree. You can add universal or global groups into a local group. In this scenario, you should add the universal groups from each tree into the Server Operators group. The Server Operators group exists on domain controllers. Members of this group can backup and restore files, format a hard disk and shut down the computer.

You should not add the NutexSrvAdmins and VerigonSrvAdmins group as a member of the Backup Operators group on dc1, dc2 and dc3 in each domain of the verigon.com tree. Although the Backup Operators group can back up and restore all files on domain controllers in the domain, regardless of their own individual permissions on those files, this group cannot format a hard disk. The Administrators group and Server Operators group can back up and restore files and format a hard disk.

You should not add the NutexSrvAdmins and VerigonSrvAdmins group as a member of the Account Operators group on dc1, dc2 and dc3 in each domain of the verigon.com tree. Members of the Account Operators group can create, modify and delete accounts for users, groups and computers located in the Users or Computers containers and organizational units in the domain, except the Domain Controllers organizational unit. Members of this group do not have permissions to backup and restore files and format a hard disk.
 
References:

Windows Server TechCenter > Windows Server 2003 Technical Library > Windows Server 2003: Product Help > Windows Server 2003 Product Help > Active Directory > Active Directory Concepts > Understanding Active Directory > Understanding Groups > Default groups

WINDOWS SYSTEMS MANAGEMENT AND ADMINISTRATION – AGDLP reduces account management, permissions management headaches

Windows Server TechCenter > Windows Server 2003 Technical Library > Windows Server 2003: Deployment > Windows Server 2003: Deployment Whitepapers > Best Practices for Delegating Active Directory Administration (Windows Server 2003)

Objective: Monitor and maintain servers.
Sub-objective: Monitor servers for performance evaluation and optimization.

Single answer, multiple-choice

You are the administrator of your company’s application servers. One application server is used by a group of users in the accounting department. Processes on the server are causing the processor load to exceed 70 percent. Some processes are taking up more resources than other processes. Most users open the same number of processes on the server.

You want to give equal access to each process and maintain minimum resource availability while ensuring the processor load is not too great. What should you configure?
 
A.    Implement Windows System Resource Manager (WSRM) and configure an Equal_Per_Process resource allocation policy.
B.    Implement WSRM and configure an Equal_Per_User resource allocation policy.
C.    Implement WSRM and configure an Equal_Per_Session resource allocation policy.
D.    Use Windows Remote Management. Configure the service in a GPO. Add the users into the Security Filtering of the GPO.
E.    Use Windows Remote Management. Configure the service in a GPO. Add the users' computers into the Security Filtering of the GPO.
 
Answer:
A. Implement Windows System Resource Manager (WSRM) and configure an Equal_Per_Process resource allocation policy.
 
Tutorial:
You should implement Windows System Resource Manager (WSRM) and configure an Equal_Per_Process resource allocation policy. WSRM begins to manage processor resources of the application server when the combined processor load is greater than 70 percent.

WSRM does not manage the application server's resources when the processor load is low. When the demand for processor resources exceeds 70 percent of the processor load, WSRM resource allocation policies help ensure minimum resource availability. There are four built-in resource management policies:
 
•    The Equal_Per_Process resource allocation policy allows each running process to have equal treatment. A user can run multiple processes, whereas another user can run a single process, but only the processes are given equal treatment. If a server that is running five processes reaches 70 percent processor utilization, WSRM will limit each process to 20 percent of the processor resources while they are in contention. Any resources not used by low utilization processes will be allocated to other processes.
•    The Equal_Per_User resource allocation policy groups processes by the user account that is running them. Each user has a process group, and each of these process groups is given equal treatment. This is the recommended policy for application servers.
•    The Equal_Per_Session resource allocation policy allows resources to be allocated on an equal basis for each session connected to the system. This policy is used with terminal servers.
•    The Equal_Per_IISAppPool resource allocation policy allows resource to be allocated equally for each application pool of IIS. Applications that are not in an IIS application pool can only use resources that are not used by IIS application pools.
 
You should not implement WSRM and configure an Equal_Per_User resource allocation policy. In this scenario, the resources should be divided equally per process and not equally per user.

You should not implement WSRM and configure an Equal_Per_Session resource allocation policy. In this scenario, the resources should be divided equally per process and not equally per session. A single session may spawn several processes on the server.
You should not use Windows Remote Management, configure the service in GPO and add either the users or the users' computers to Security Filtering in the GPO. The Windows Remote Management (WinRM) service implements a standard Web services protocol called WS-Management that is used for software and hardware management.

The WinRM service provides access to WMI data and enables event collection. For event collection and subscription to events to function, the service must be running. The WinRM service cannot manage server processor and memory usage with standard or custom resource policies.

Security Filtering limits the scope of the GPO to apply to only the users or computers that have permissions to the GPO. For example, you could remove the default permissions of Authenticated Users on a GPO that is linked to a domain and add a particular group to have Read permissions. The GPO would only be read by the particular group in the domain and not everyone in the domain. Since you cannot use WinRM, it would not help use Security Filtering.
 
References:

Windows Server 2008 Technical Library > Featured Resources > Changes in Functionality from Windows Server 2003 with SP1 to Windows Server 2008 > Terminal Services Role > Terminal Services and Windows System Resource Manager

 

Windows Server 2008 Technical Library > Installed Help > Performance and Reliability > Windows System Resource Manager > Windows System Resource Manager

Objective: Plan application and data provisioning.
Sub-objective: Provision applications.

Single answer, multiple-choice

You are a server manager for your organization. Your organization has a single Active Directory domain that contains Windows Server 2008 domain controllers and Windows Vista client computers.

You have recently installed Microsoft System Center Configuration Manager 2007 on a Windows Server 2008 server. You plan to use Configuration Manager 2007 to apply software updates to client computers in your organization. What must you do to apply software updates on client computers?
 
A.    Install Windows Installer 2.0.
B.    Configure the software Distribution component settings.
C.    Install Windows Server Update Services (WSUS) 3.0.
D.    Configure a distribution point.
 
Answer:
C. Install Windows Server Update Services (WSUS) 3.0.
 
Tutorial:
You should install Windows Server Update Services (WSUS) 3.0 to ensure System Center Configuration Manager 2007 can apply software updates to client computers in your organization. WSUS 3.0 is required to synchronize software updates on client computers. You must install WSUS 3.0 prior to creating a software update point. System Center Configuration Manager 2007 allows client computers to connect to the WSUS server when client computers are performing a scan for software updates. The client computer uses a Windows Update Agent (WUA) to connect to the WSUS server for retrieving relevant software updates that need to be scanned for compliance.

You should not install Windows Installer 2.0 in this scenario. Instead, you should install Windows Installer 3.1 to use with Configuration Manager 2007 and use Configuration Manager 2007 to apply software updates to client computers in your organization.
You should not configure the software Distribution component settings to ensure System Center Configuration Manager 2007 can apply software updates to client computers in your organization. This is required when creating a software distribution point. You would configure a distribution point to distribute software packages to users and computer resources.

You should not configure a distribution point to ensure System Center Configuration Manager 2007 can apply software updates to client computers in your organization. You need to configure a distribution point when planning to distribute software to client computers. You must create and configure at least one distribution point to distribute software to client computers.
 
Reference:

Microsoft TechNet > TechNet Library > Systems Management > System Center > System Center Configuration Manager 2007 > Configuration Manager Documentation Library > Getting Started with Configuration Manager 2007 > Understanding Configuration Manager Features

 

Objective: Plan for business continuity and high availability.
Sub-objective: Plan high availability.

Multiple answer, multiple-choice

You are the administrator for a company that manufactures industrial chemicals. All servers in the single domain run Windows Server 2008, and all clients run Windows Vista. You want to create a Terminal Services Farm that provides fault tolerance in the event that a server is unavailable. What must you configure to provide load balancing? (Choose all that apply.)
 
A.    Install the TS Session Broker role service.
B.    Install the TS Licensing role.
C.    Install Windows System Resource Manager 2007 (WSRM).
D.    Populate the Session Broker Computers Local Group.
E.    Populate the TS Web Access Computers Group.
F.    Populate the TS Web Access Administrators group.
G.    Manage the terminal servers with WSRM and configure them to participate in the load balancing.
H.    Add the DNS entries for the terminal servers.
 
Answers:
A. Install the TS Session Broker role service.
D. Populate the Session Broker Computers Local Group.
H. Add the DNS entries for the terminal servers.
 
Tutorial:
You should install the TS Session Broker role service, populate the Session Broker Computers Local group and add the DNS entries for the terminal servers. The TS Session Broker role service is used to support session load balancing between terminal servers in a server farm. This service is used to reconnect an existing session on a terminal server that is a member of a load-balanced terminal server farm.

The TS Session Broker service provides cross-server session reconnection capability and provides load-balancing capability, as well as the Session Broker Load Balancing (SBLB) feature in Windows Server 2008. SBLB is an application-level load-balancing solution that is managed based on the number of sessions running. It has built-in protection against log-on throttling and a max session count. You can combine NLB with SBLB to have complete server and application load balancing.

The Session Broker Computers Local group is used to determine which terminal servers are using the Session Broker to manage sessions. You then must join the terminal servers to the Session Broker and configure them to participate in load balancing. You should add the DNS entries for the terminal servers. This step is necessary to provide name resolution and also round robin DNS.

You should not populate the TS Web Access Computers local group. Members of this group can query the list of RemoteApp programs that are available from this terminal server. This group is not necessary to configure Network Load Balancing.

You should not populate the TS Web Access Administrators local group. Members of this group can modify the default TS Web Access Web site. This group is not necessary to configure Network Load Balancing.

You should not use the Windows System Resource Manager 2007 (WSRM). WSRM is a component that is used to limit CPU and memory usage on the servers on which the product is installed. WSRM can be useful when you want to run multiple applications on a server while ensuring no application consumes more than a certain amount of resources.
This can be useful to ensure one application's performance does not hurt another application's performance. WSRM lets you place limits on a process or user level to make sure all processes have the required resources. WSRM is not designed to load balance servers or applications.

You should not manage the terminal servers with WSRM and configure them to participate in the load balancing. WSRM is not used to configure load balancing.
You should not install the TS Licensing role. TS Licensing manages the Terminal Services client access licenses (TS CALs) that are required to connect to a terminal server. You can use TS Licensing to install, to issue and to monitor the availability of TS CALs. The TS Licensing role will not provide support for load balancing.
 
References:

Microsoft TechNet > Ask the Performance Team > WS2008: Terminal Session Broker Overview

Microsoft TechNet > Ask the Performance Team > WS2008: Session Broker Load Balancing

Like what you see? Share it.
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: