70 643

Microsoft 70-643
TS: Windows Server 2008 Applications Infrastructure, Configuring
Practice Test
Version: 30.0
Microsoft 70-643: Practice Exam QUESTION NO: 1 You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. ABC.com recently entered into partnership with Weyland Industries. You create user accounts in the ABC.com domain for some employees of Weyland Industries. You place the user accounts into a global security group named WeySecure. You want to provide members of the WeySecure group access to parts of the ABC.com network via a Terminal Services Gateway server named ABC-TS01. What do you need to do to ensure that the WeySecure group is able to access ABC-TS01? A. You need to configure a Remote Access Policy. B. You need to create and configure a Connection Authorization Policy. C. You need to configure Device redirection. D. You need to configure a Network Access Protection Policy. Answer: B Explanation: To provide a security group access to ABC-TS02, you need to create and configure a Connection Authorization Policy. A connection authorization policy (CAP) allows you to control who can connect to the Terminal Server through the Terminal Services Gateway. You can configure what groups can access the Terminal Server through the TS Gateway. Reference: Configuring the Windows Server 2008 Terminal Services Gateway (Part 2) / Create a Terminal Services Gateway CAP http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Terminal-ServicesGateway-Part2.html
QUESTION NO: 2 You work as a network administrator for ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network either run Windows Server 2008 or Windows Server 2003.
"Pass Any Exam. Any Time." - www.actualtests.com
Microsoft 70-643: Practice Exam The ABC.com network contains a Windows Server 2003 server named ABC-SR05 and a Windows Server 2008 server named ABC-SR06. ABC-SR05 has Microsoft SQL Server 2005 and Microsoft Windows SharePoint Services (WSS) 2.0 installed. You receive instruction to uABCrade Windows SharePoint Services (WSS) 2.0 to Windows SharePoint Services (WSS) 3.0 and have it run on ABC-SR06. You need to have Windows SharePoint Services (WSS) 3.0 retain the content and settings from Windows SharePoint Services (WSS) 2.0. Which of the following steps would be the best way to accomplish this task? (Choose multiple answers). A. You should back up the SharePoint configuration as well as the content from ABC-SR05. B. You should back up the SQL Server 2005 configuration as well as the Microsoft Windows SharePoint Services (WSS) databases from ABC-SR05. C. You should uABCrade ABC-SR05 to Windows Server 2008. D. You should install Microsoft Windows SharePoint Services (WSS) 3.0 on ABC-SR06. E. You should install Microsoft Windows SharePoint Services (WSS) 2.0 on ABC-SR06. F. You should restore the backup from ABC-SR05 to ABC-SR06. G. You should uABCrade Windows SharePoint Services (WSS) 2.0 to Windows SharePoint Services (WSS) 3.0 on ABC-SR06. Answer: A,E,F,G Explanation: In order to migrate to SharePoint Services (WSS) 3.0 from ABC-SR05 to ABC-SR06 with all the configuration and content, you need to install WSS 2.0 on ABC-SR06. You need to back up the WSS 2.0 configuration and content from ABC-SR05. Then the backup can be restored from ABC-SR05 to ABC-SR06. Lastly an in-place uABCrade of WSS 2.0 to WSS 3.0 can be executed on ABC-SR06. When you run an in-place uABCrade, all content and configuration data is uABCraded in-place, at one time. When you start the in-place uABCrade process, the Web server and Web sites remain offline until the uABCrade has been installed. In-place uABCrades are best for a stand-alone server and small installations as in this case Reference: Install and configure Office SharePoint Server for an in-place uABCrade http://technet.microsoft.com/en-us/library/cc263212(TechNet.10).aspx Determine uABCrade approach (Office SharePoint Server) http://technet.microsoft.com/en-us/library/cc263447(TechNet.10).aspx
Microsoft 70-643: Practice Exam QUESTION NO: 3 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. ABC.com has headquarters in London and branch office in Paris. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. The ABC.com network contains a member server named ABC-SR01. ABC-SR01 is configured as the Key Management Service (KMS) server. You are planning to roll out 20 new Windows Server 2008 computers on the network. After installing Windows Server 2008 on three of the computers you discover that the servers are unable to activate using ABC-SR01. How can you ensure that the new computers are able to activate using ABC-SR01? A. You should ensure that the new servers have a connection to the internet. B. You should install the Key Management Service (KMS) on a dedicated Windows Server 2008 computer. C. You should phone Microsoft Licensing House to Activate the servers by telephone. D. You should install Windows Server 2008 on at least 7 of the remaining computers. Answer: D Explanation: To activate the new server through KMS server, you should complete the installation of at least 10 servers. The Key Management Service is a Windows service. KMS is a trusted mechanism that, once the KMS host is activated, allows volume client computers within the enterprise to activate themselves without any interactions with Microsoft. KMS activation of Windows Server 2008 follows a hierarchical structure. Each successive product group can activate all the groups below it, and the KMS can be hosted on any edition that it can activate.
QUESTION NO: 4 You are the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows XP Professional. ABC.com currently makes use of two computers named ABC-TS01 and ABC-TS02 which runs the Terminal Server Session Broker role. ABC.com recently entered into partnership with Weyland Industries who make use of two computers named WEYLAND-TS01 and WEYLAND-TS02. During the course of the day you receive instruction from ABC.com and Weyland Industries to configure their Terminal servers for load balancing whilst ensuring ABC-TS02 is configured as the preferred server. "Pass Any Exam. Any Time." - www.actualtests.com 4
Microsoft 70-643: Practice Exam What program would you use to configure the load balancing? A. You should use the Terminal Services Resource Authorization policy (RAP). B. You should use the Terminal Services Configuration utility. C. You should use the Terminal Services Connection Authorization policy (CAP). D. You should use the Group Policy Manager utility. Answer: B Explanation: In order to configure load balancing for the four terminal servers you need to make use of the Terminal Services Configuration utility. This will also make ABC-TS02 the preferred server for TS sessions. Using NLB with Terminal Services provide increased availability, scalability, and load-balancing performance, as well as the ability to distribute a large number of Terminal Services clients over a group of terminal servers.
QUESTION NO: 5 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains a server named ABC-SR22 which hosts Windows SharePoint Services (WSS). ABC-SR22 hosts a WSS site for each department in the company. The Sales department WSS site contains a document library. The Sales manager asks you to configure the WSS site so that Sales users can send email to the document library. To this end, you configure ABC-SR22 to accept incoming email. What else is required to enable users to send email to the document library? A. You need to modify the incoming email settings for the WSS site in IIS Manager. B. You need to modify the incoming email settings the Application pool in IIS Manager. C. You need to modify the incoming email settings for the Sales WSS site D. You need to modify the incoming email settings for the document library. Answer: D Explanation: You need to change the incoming mail settings for the document library. This will allow the users to send email to the document library. Reference: http://technet.microsoft.com/en-us/library/cc262947(TechNet.10).aspx
Microsoft 70-643: Practice Exam QUESTION NO: 6 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. Half the client computers run Windows XP, and the rest run Windows Vista. You are responsible for a Terminal Server named ABC-TS01. ABC-TS01 is used to allow remote users to run the necessary applications required for their daily tasks from their workstations. You receive instruction to install a Terminal Service application named KingSalesApp2 on ABC-TS01. KingSalesApp2 does not make use a Microsoft Windows Installer package for the installation and modifications are made to the current user registry during installation. Which two of the following steps should you perform to install KingSalesApp2? A. After installing the application, run the change logon /enable command on ABC-TS01. B. Before installing the application, run the change logon /enable command on ABC-TS01 C. Before installing the application, run the change user /install command on ABC-TS01. D. After installing the application, run the change user /install command on ABC-TS01. E. Before installing the application, run the change user /execute command on ABC-TS01. F. After installing the application, run the change user /execute command on ABC-TS01. G. Before installing the application, run the change logon /disable command on ABC-TS01 before running the application. H. After installing the application, run the change logon /disable command on ABC-TS01 before running the application Answer: C,F Explanation: In order to install the application to support numerous user sessions in the above scenario, you need to first run the change user /install command on ABC-TS01because you need to put a Terminal Services server in Install mode to be able to install or remove programs on the server. You can put a Terminal Services server in Install mode using the Add/Remove Programs tool in Control Panel in order to add or remove a program or by using the change user command at a command prompt. Thereafter you can install the application. After the installation of the program, you need to return the Terminal Services server to Execute mode, to be able to execute the application. Therefore, to return to the Execute mode, you need to run the change user /execute command on ABC-TS01. Reference: HOW TO: Use the CHANGE USER Command to Switch to Install Mode in Windows 2000 Terminal Services http://support.microsoft.com/kb/320185
Microsoft 70-643: Practice Exam
QUESTION NO: 7 You work as a network administrator for ABC.com. The domain contains four Windows Server 2008 domain controllers. All domain member servers run Windows Server 2008 and all client computers run Windows Vista or Windows XP Service Pack 3. You receive instruction to assign the Terminal Services and Terminal Services Gateway roles to a server named ABC-TS02. In order to protect the network you want to make sure that all client computers that connect to ABC-TS02 have antivirus software and up to date security patches installed. How can you enforce the security requirements? A. You should implement a Network Access Protection (NAP) server in the domain and configure the client computers to send a health option statement in the Terminal Services client access policy. B. You should configure a Remote Access Policy with the required security settings. C. You should install Microsoft Baseline Security Analyzer (MBSA) on ABC-TSO2 and configure it to scan the client computers when they connect. D. You should install Microsoft Security Assessment Tools (MSAT) on ABC-TSO2 and configure it to scan the client computers when they connect. Answer: A Explanation: Explanation To ensure that all client computers have firewall, antivirus software and anti-spyware software installed, you need to set the Request clients to send a health option statement in the Terminal Services client access policy. You also need to install and configure Network Access Protection (NAP) on a server in the ABC.com domain.
QUESTION NO: 8 You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. The ABC.com network contains a server named ABC-SR22 which hosts Windows SharePoint Services (WSS). ABC-SR22 hosts a WSS site for each department.
Microsoft 70-643: Practice Exam You receive instruction to ensure that TesKing.com users are able to create distribution lists from the SharePoint site. How would you configure ABC-SR02 to accomplish this? A. You need to install the Exchange System Manager software on ABC-SR02. B. You need to enable IMAP4 on ABC-SR02. C. You need to enable the SharePoint Directory Management Service on ABC-SR02. D. You need to modify the incoming email settings on the SharePoint site on ABC-SR02. Answer: B Explanation: In order to configure the WSS server in such a way that it permits users to create distribution lists from a SharePoint site, you need to enable the SharePoint Directory Management Service on ABC-SR02. A distribution list contains the e-mail addresses of existing address lists as well as the e-mail addresses of other site members. Distribution lists are available only if the SharePoint Directory Management Service is enabled in Central Administration. All new subsites that are created in an e-mail-enabled site collection are automatically e-mailenabled also. If you choose to use an existing group during site creation, the distribution list for the parent site (if available) will be associated with the new site Reference: Introduction to incoming e-mail/ New site creation walkthrough http://office.microsoft.com/en-us/help/HA100823061033.aspx
QUESTION NO: 9 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains a member server named ABC-SR11 that has the IIS server role installed. ABC-SR10 hosts a Web site called ABCWeb.com. ABCWeb.com is configured to use both HTTP and HTTPS connections. An SSL certificate is configured to enable the HTTPS connections. There are multiple virtual directories configured within the Web site. Some virtual directories allow HTTP connections and some require encrypted connections using SSL. You add another virtual directory named to the Web site. The virtual directory can be accessed at ABCweb.com/accounts/.
Microsoft 70-643: Practice Exam The ABC.com security policy requires that /accounts/ must be accessible to authenticated users only and to allow authentication types to support all browsers. However, the CIO wants the authentication traffic to be encrypted by using HTTPS. How should you configure the /accounts virtual directory without affecting the other virtual directories? Choose three A. By enabling Basic Authentication for ABCWeb.com. B. By enabling the Basic Authentication setting for the /accounts virtual directory. C. By enabling disabling the Anonymous Authentication setting for ABCWeb.com. D. By disabling the Anonymous Authentication setting for the /accounts virtual directory. E. By configuring the Web site to the Require SSL setting. F. By configuring the /accounts virtual directory to the Require SSL setting. G. By enabling Digest Authentication setting the /accounts/ virtual directory. Answer: B,D,F Explanation: You need to enable the Basic Authentication setting, because it is supported by mostly all the browsers. You need to disable the Disable the Anonymous Authentication setting, so that only authenticated users can access the virtual directory. You also need to the /accounts/ virtual directory to the Require SSL setting. This will only allow that the authentication traffic is encrypted and all other directories of the Website must be accessible to anonymous users and be available without SSL. You also need to configure the virtual directory for the Web site and not the website. Reference: How to configure IIS Web site authentication http://support.microsoft.com/kb/308160
QUESTION NO: 10 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains a member server named ABC-SR25 that runs the Web Server (IIS) role and hosts multiple Websites. You have received instruction to configure ABC-SR25 to run a new company Intranet Web site. You want to configure ABC-SR25 to release memory to the new company Intranet Web site automatically.
Microsoft 70-643: Practice Exam How should you configure ABC-SR25 without affecting the other Web sites? A. The best option is to associate the Intranet website with the Default Application Pool. B. The best option is to decrease the connection timeout for the Intranet website. C. The best option is to modify the settings on the Default Web Site. D. The best option is to configure the settings on the Performance tab of Default Application Pool. E. The best option is to associate the website with a new application pool. Answer: E Explanation: The best option is to create a new application pool and associate the Web site to the application pool. This will automatically release memory for a single website without affecting the other Web sites. An application pool is a group of one or more URLs that are served by a worker process or a set of worker processes. Application pools set boundaries for the applications they contain, which means that any applications that are running outside a given application pool cannot affect the applications in the application pool. Reference: IIS 7.0: Managing Application Pools in IIS 7.0 http://technet2.microsoft.com/windowsserver2008/en/library/1dbaa793-0a05-4914-a0654d109db3b9101033.mspx?mfr=true Reference: IIS 7.0: Configuring Recycling Settings for an Application Pool http://technet2.microsoft.com/windowsserver2008/en/library/0d5770e3-2f6f-4e11-a47c9bab6a69ebc71033.mspx?mfr=true
QUESTION NO: 11 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. ABC.com has headquarters in London and branch office in Paris. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista Business. The ABC.com network contains a member server named ABC-SR01 that runs the Windows Deployment Services (WDS) role. A deployment image for Windows Vista Business is stored on ABC-SR01. During the course of the day you receive instruction from ABC.com to install Windows Vista Business on a new client computer named ABC-WS644. ABC-WS644 does not support Preboot Execution Environment (PXE).
10
Microsoft 70-643: Practice Exam What additional steps should be taken to ensure you are able to install Windows Vista on the new client computer? A. You need to create a WindowsPE image and storing it on a DVD then boot ABC-WS644 to the DVD. B. You need to create a boot DVD containing the PXE drivers then boot ABC-WS644 to the DVD. C. You need to boot ABC-WS644 to the Windows Vista Installation DVD then enter the IP address of the WDS server. D. You need to create a Discover image and storing it on a DVD then boot ABC-WS644 to the DVD. Answer: D Explanation: In order to start the computer and install Windows Vista image stored on ABCSR01, you should create the Discover image. If you have a computer that is not PXE enabled, you can create a discover image and use it to install an operating system on that computer. When you create a discover image and save it to media (CD, DVD, USB drive, and so on), you can then boot a computer to the media. The discover image on the media locates a Windows Deployment Services server, and the server deploys the install image to the computer. You can configure discover images to target a specific Windows Deployment Services server. This means that if you have multiple servers in your environment, you can create a discover image for each, and then name them based on the name of the server. Reference: http://technet2.microsoft.com/WindowsVista/en/library/9e197135-6711-4c20-bfadfc80fc2151301033.mspx?mfr=true
QUESTION NO: 12 You work as a network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows XP Professional. You receive an instruction to implement a Terminal Services infrastructure. To this end, you add the Terminal Services role on a server named ABC-TS05. You add the Terminal Services licensing role on a new server named ABC-TS15. ABC-TS15 is not a member of the ABC.com domain. You attempt to configure the Terminal Services Per User Client Access License (CAL) mode in the Terminal Services Licensing role on ABC-TS05 but you discover that you are unable to do so. How can you enable Per User Terminal Services licensing on ABC-TS05?
11
Microsoft 70-643: Practice Exam A. You should get the license keys from Microsoft Clearinghouse and enter it into ABC-TS15. B. You should install the Terminal Services Gateway role on ABC-TS05. Then a GPO should be configured on ABC-TS05 to use ABC-TS15 for licensing. C. You should configure ABC-TS15 to be a member of the domain. D. You should configure ABC-TS05 to make use of ABC-TS15 for the Terminal Services Licensing role. Thereafter ABC-TS15 should be reconfigured for the Terminal Services Per User CAL mode Answer: C Explanation: To ensure that you could employ Terminal Services per User CAL mode on ABCTS10, you need to connect ABC-TS10 to the Active Directory domain because TS Per User CAL tracking and reporting is supported only in domain-joined scenarios. Reference: TS Licensing / Are there any special considerations? http://technet2.microsoft.com/windowsserver2008/en/library/5a4afe2f-5911-4b3f-a98a338b442b76041033.mspx?mfr=true
QUESTION NO: 13 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains a member server named ABC-SR12 that runs the Web Server (IIS) role and hosts an ASP .NET 2.0 website named ABC_site.com. You have received instructions from the CIO to make sure that the cookies from the ABC_site.com website are encrypted when stored on the website visitors computers. What is the best way to ensure that the cookies are encrypted? A. You should configure BitLocker on ABC-SR12. B. You should configure the ABC-SR12 to require IPSec connections. C. You should configure the Machine Key feature on ABC-SR12. D. You should configure the IIS Secure Socket Layer configuration feature on ABC-SR12. E. You should configure Encrypted File System (EFS) on ABC-SR12. Answer: C Explanation: A machine key is needed to encrypt the cookies sent from the website on the users client computer. To protect the cookie, machine key is used in ASP .NET 2.0. Encryption is based on a hash plus the actual data encrypted. ASP.NET's ViewState uses the Machine key config file section to configure the keys and such... this is important when the application is going to be run on a web farm, where load balancing webservers may be in no affinity mode. "Pass Any Exam. Any Time." - www.actualtests.com 12
Microsoft 70-643: Practice Exam Reference: http://www.codeproject.com/KB/web-security/HttpCookieEncryption.aspx
QUESTION NO: 14 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains a member server named ABC-SR14 that runs the IIS 7.0 role. The default website on ABC-SR14 is named ABC-web.net. You have received instructions to configure ABC-web.net to require HTTPS connections. To this end, you obtain an SSL certificate and import it into ABC-SR14. You discover that you are still able to connect to ABC-web.net using an unencrypted HTTP connection. How would you configure ABC-web.net to require secure connections using SSL? A. The best option is to clear the Allow Anonymous Access checkbox for the ABC-web.net website. B. The best option is to create an HTTPS protocol binding for the ABC-web.net website in the ISS Manager console. C. The best option is to modify the license key seed for the ABC-web.net website in the ISS Manager console. D. The best option is to change the port number for the ABC-web.net website to 443. Answer: B Explanation: You need to get an appropriate certificate and create an HTTPS binding on a site. This will activate SSL for the default Web site. On Windows Vista and Windows Server 2008, HTTP.sys handles SSL encryption/decryption in kernel mode. This will gives you a 20% better performance for secure connections. You need to store SSL binding information in two places, if you want to move the SSL to kernel mode. The binding is stored in %windir%\system32\inetsrv\applicationHost.config for your site. When the site starts, IIS 7.0 sends the binding to HTTP.sys and HTTP.sys starts listening for requests on the specified IP:Port. Second, SSL configuration associated with the binding is stored in HTTP.sys configuration. When a client connects and initiates an SSL negotiation, HTTP.sys looks in its SSL configuration for the "Pass Any Exam. Any Time." - www.actualtests.com 13
Microsoft 70-643: Practice Exam IP:Port pair that the client connected to. The HTTP.sys SSL configuration must include a certificate hash and the name of the certificate's store for the SSL negotiation to succeed. Reference: How to Setup SSL on IIS 7.0 http://learn.iis.net/page.aspx/144/how-to-setup-ssl-on-iis-7/
QUESTION NO: 15 You work as a network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You are responsible for managing a server named ABC-TS01. ABC-TS01 is configured to run the Terminal Services role in order to allow remote users to run the necessary applications from their terminals. Weeks later, you discover that a Terminal Services application named KingApp that is located on ABC-TS01 is not responding. You decide to monitor memory usage on ABC-TS01 for seven days. You discover that KingApp has a memory management problem. You receive an instruction from management to resolve the issue as fast as possible. You first decide to look for a update but none is available at the present time. You then decide to create a resource allocation policy in WSRM. You also configure a Process Matching Criterion named MemoryTrack for KingApp. You receive an instruction from the senior administrator to end KingApp as soon as it uses more than half of the memory available on ABC-TS01. Which three of the following steps should you perform? A. Configure the new policy as a Managing Policy. B. Configure a Resource Authorization policy. C. Configure the new policy. D. Configure a connection authorization policy. E. Configure the maximum working set limit option to half the available memory on ABC-TS01. F. Configure the maximum committed memory option to half the available memory on the server G. Configure a resource-allocation policy. Answer: A,F,G Explanation: In order to stop KingApp when it uses more than half of the available memory on ABC-TS01, you need to configure the resource-allocation policy and set the maximum committed memory option to half the available memory on ABC-TS01. Thereafter the new policy can be set "Pass Any Exam. Any Time." - www.actualtests.com 14
Microsoft 70-643: Practice Exam as a Managing Policy. A memory limit should be set when an application is leaking memory from the Memory tab. Select the Use Maximum Committed Memory For Each Process check box. In Maximum Committed Memory Limit Per Process, you can type a value in megabytes. The Maximum Committed Memory Limit Per Process field allows you to limit the memory on per process basis. Now you're ready to set the new resource allocation policy to manage the computer. In the console tree, click Resource Allocation Policies. In the details pane, right-click the resource allocation policy you want to set, and then click Set As Managing Policy. This is because this policy is for computer management and not for profile management. Reference: Use Windows System Resource Manager to control a server's powers http://articles.techrepublic.com.com/5100-10878_11-5054954.html
QUESTION NO: 16 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains a web server named ABC-SR07. You install a test website on ABC-SR07. The test website will later become the company intranet website. You configure the Web server with a self-signed certificate and configure the test website to require SSL. When you connect to https://ABC-sr07 from your client computer, you receive a warning message saying there is a problem with the websites security certificate. Other users report the same problem. How can you ensure that users can connect to the website without receiving the warning message? A. By instructing the users to use the InPrivate browsing option. B. By configuring the website to use port 443. C. By exporting the self-signed certificate and importing the certificate on all the client computers in the domain. D. By instructing the users to use http://ABC-sr07.
15
Microsoft 70-643: Practice Exam Answer: C Explanation: The problem is that your client computer (and the other clients on the domain) dont trust the self-signed certificate. To connect to the website without receiving the warning message, you need to configure the client computers to trust the certificate by installing the certificate on the client computers.
QUESTION NO: 17 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. ABC.com has a Finance department. All users in the Finance department are members of a security group named ABC_Finance. The ABC.com network contains a server named ABC-SR20 that runs the Web Server (IIS) role. Windows Authentication is used on ABC-SR20s Web site. The CIO does not want users in the Finance department to access the website. How would you prevent users in the Finance department from accessing the website while not affecting other users? A. You should use configure a Routing and Remote Access policy with a Windows Groups condition. Select Deny for the ABC_Finance group. B. You should configure the website to require Secure Sockets Layer (SSL). C. You should configure an Authorization Rule for the website. D. You should configure a Windows Firewall rule on the web server. Answer: C Explanation: You should configure Authorization rules for the website. This will not allow the ABC_Finance group to access the website while allowing all others to access it. Authorization rules are scripts, written in VBScript or JScript that you can include in role definitions and task definitions. An authorization rule determines whether the role or task is allowed. Reference: http://technet2.microsoft.com/windowsserver/en/library/8f2db3a0-feb4-4b7f-91fedcb29899a10d1033.mspx?mfr=true
QUESTION NO: 18 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. "Pass Any Exam. Any Time." - www.actualtests.com 16
Microsoft 70-643: Practice Exam The ABC.com network contains a member server named ABC-SR01. ABC-SR01 runs the Windows Server Virtualization role service. During the course of the day you receive instruction to create a new Windows Server 2008 virtual machine named ABC-VM01 on ABC-SR01. You configure ABC-VM01 to use the physical network adapter card on ABC-SR01. However, you notice that ABC-VM01 is not able to access any of the resources on the ABC.com network. How would you ensure that ABC-VM01 is able to access the resources on the ABC.com network? A. By installing Windows Server virtualization Guest Integration Components on ABC-VM01. B. By installing a second network adapter on ABC-SR01. C. By installing the MS loopback adapter on ABC-VM01. D. By running the Resource Manager on ABC-SR01. Answer: A Explanation: To ensure that the virtual host can connect to the physical network, you need to install Windows Server virtualization Guest Integration Components on the virtual machine. The network adapter in the VM ported from Virtual Server to Windows Server is no longer recognized. The workaround is to add a legacy network adapter to the VM. The network adapter seen by the guest OS is not an emulated device (DEC/Intel 21140 Ethernet adapter). It is an entirely new, high performance, purely synthetic device available as part of the Windows Server virtualization Integration Components call Microsoft VMBus Network Adapter Reference: Archive for the 'Virtual Server/PC/WSv/Hyper-V' Category / Windows Server 2008 Common FAQ (condensed) http://www.leedesmond.com/weblog/index.php?cat=6&paged=3
QUESTION NO: 19 You work as a network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows XP Professional. The ABC.com network contains two servers named ABC-SR01 and ABC-SR02. ABC-SR01 runs the Windows SharePoint Services (WSS) role and operates in standalone mode. You want to configure ABC-SR01 and ABC-SR02 in a WSS server farm. You install the WSS role on ABCSR02. During the installation you select the server farm mode. However, you cannot connect to ABC-SR01 from ABC-SR02.
17
Microsoft 70-643: Practice Exam Which two of the following actions should you perform to configure both servers in a WSS farm? A. You should set the Microsoft .NET Framework Trust Level to High on ABC-SR01. B. You should set the Microsoft .NET Framework Trust Level to High on ABC-SR02. C. You should uninstall the Windows SharePoint Services (WSS) role on ABC-SR01. D. You should uninstall the Windows SharePoint Services (WSS) role on ABC-SR02. E. You should reinstall the Windows SharePoint Services (WSS) role on ABC-SR01 and select the server farm mode during the process. F. You should reconfigure the Web Management Service on ABC-SR01 G. You should reconfigure the Web Management Service on ABC-SR02 Answer: C,E Explanation: To configure both ABC-SR01 and ABC-SR02 in the WSS server farm, you need to uninstall the WSS on ABC-SR01 and select the server farm mode when you reinstall it. The server farm mode will allow you to configure both ABC-SR01 and ABC-SR02 in the WSS server farm. Microsoft Windows SharePoint Services was designed to be useful in large server farms, supporting hundreds or thousands of SharePoint sites and millions of users. When you manage a server farm environment for Windows SharePoint Services, you need to make certain choices about configuring your environment, and you need to be aware of how Windows SharePoint Services works in that environment. This topic explains those choices, and describes how to work with Windows SharePoint Services in a large-scale, server farm environment. Reference: http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/enus/stsf15.mspx?mfr=true
QUESTION NO: 20 You work as a network administrator for ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. The ABC.com network contains two servers named ABC-SR01 and ABC-SR02 that are configured to host the Windows Media Services server role. ABC-SR02 is also configured as a License Clearing House. You receive instruction to publish a multimedia file that is licensed by ABC-SR02 on ABC-SR01. A new ABC.com policy states that end users must only be able to use the multimedia file for 24 hours. How would you enforce the new policy?
18
Microsoft 70-643: Practice Exam A. This can be accomplished by modifying the file permissions for the multimedia file on ABCSR01. B. This can be accomplished by modifying the file permissions for the multimedia file on ABCSR02. C. This can be accomplished by changing the license on ABC-SR01. D. This can be accomplished by changing the license on ABC-SR02. E. This can be accomplished by moving the multimedia file to ABC-SR02 and publishing the file. Answer: D Explanation: In order to ensure that users are permitted to use the multimedia file for only 24 hours you have to change the license on ABC-SR02. Windows Media Rights Manager lets content providers deliver songs, videos and other digital media content over the Internet in a protected, encrypted file format. The licenses in Windows Media Rights Manager can support a wide range of different business rules, including the number of times a file can be played. Reference: Architecture of Windows Media Rights Manager http://www.microsoft.com/windows/windowsmedia/howto/articles/drmarchitecture.aspx
QUESTION NO: 21 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. ABC.com has headquarters in London and a branch office in Paris. The London office and Paris office are connected by a VPN. You work at the London office. The ABC.com network contains two servers named ABC-SR01 and ABC-SR02. ABC-SR01 is located at the London office while ABC-SR02 is located at the Paris office. The Windows Server virtualization role is installed on both ABC-SR01 and ABC-SR02. ABC.com wants you to manage the virtualization settings on ABC-SR02. However, you are unable to travel to the Paris branch. How can you manage the virtualization settings on ABC-SR02 remotely? A. By opening the Virtualization Management Console on ABC-SR01 and selecting Connect To Server. B. By opening the Virtualization Management Console on ABC-SR01 and selecting New Virtual Machine. C. By running Windows Powershell and typing New Host. D. By running Windows Powershell and typing New VM.
19
Microsoft 70-643: Practice Exam Answer: C Explanation: To remotely manage the virtualization settings of ABCServer2 from ABCServer1, you need to right-click Virtualization Services from the Virtualization Management Console and then click Connect to Server. You can manage multiple Hyper-V server instances in the management consoles left pane. Selecting a server instance displays that servers VMs in the center Virtual Machines pane. You can manage the VMs by right-clicking them and selecting the desired commands on the context menu. The Connect command allows you to connect to a running VM, which starts the Virtual Machine Connection window. Reference: A First Look at Windows Server 2008 Hyper-V http://windowsitpro.com/Windows/Articles/ArticleID/97857/ABC/2/2.html
QUESTION NO: 22 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains a server named ABC-SR24 that runs all Web Server services roles, including the Web Server (IIS) server role. You have received instructions from the CIO to allow a ABC.com user named Mia Hamm to administer a website. How would you assign Mia Hamm the required access? A. By configuring the IIS Manager Permissions on ABC-SR24. B. By configuring the website to require Secure Sockets Layer (SSL) C. By configuring the Authentication feature on ABC-SR24. D. By installing the Global Catalog (GC) on ABC-SR24. E. By configuring the Website Certification feature on ABC-SR24. Answer: A Explanation: You need to configure the IIS Manager Permissions feature. This will allow the user to administer the website. This feature will allow users to connect to sites and applications in IIS Manager Reference: IIS 7.0: Configuring Permissions for IIS Manager Users and Windows Users
20
Microsoft 70-643: Practice Exam http://technet2.microsoft.com/windowsserver2008/en/library/33aaec94-c0cb-4402-b91ea5e3b9c3e0e01033.mspx?mfr=true
QUESTION NO: 23 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains a member server named ABC-SR14 that runs the Web Server (IIS) role. ABC.com wants to host several Websites on ABC-SR14. You need to configure ABC0SR14 and the websites as follows: ABC-SR14 should have only one IP address. The Websites should be registered in DNS. The Websites should point to ABC-SR14s IP address. Each Website should respond to its name request from all client computers. How should you configure ABC-SR14? A. The best option is to associate each website with ABC-SR14s IP address. B. The best option is to allocate a virtual directory to each website. C. The best option is to allocate a unique TCP port for each website. D. The best option is to modify the permissions of the root directory for each website. E. The best option is to allocate a unique Host Header to each website. Answer: E Explanation: You should configure and assign a unique Host Header to each website. This will allow the websites to responds only to the name requests from all client computers. A host header is a third piece of information that you can use in addition to the IP address and port number to uniquely identify a Web domain or, as Microsoft calls it, an application server. Reference: http://www.visualwin.com/host-header/
QUESTION NO: 24
21
Microsoft 70-643: Practice Exam You work as the enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. The ABC.com network contains a number of Terminal Servers, including a Terminal Servers named ABC-TS01. You receive instruction to end any sessions on ABC-TS01 that are inactive for more than 40 minutes. How can you achieve this while not affecting the settings on the other Terminal Servers? A. You need to run TSadmin and remove the inactive sessions. B. You need to modify the Default Domain Group Policy Object to configure the Idle Session Limit. C. You need to change the RDP-TCP settings from Terminal Services Configuration on ABCTS01. D. You need to modify the Idle Session Limit on the Sessions tab in the properties of each user account. Answer: C Explanation: Your best option in this scenario would be to change the RDP-TCP settings from the Terminal Services Configuration. This will result in all inactive sessions being disconnected after 40 minutes. You are able to configure the properties of the terminal servers RDP-TCP connection to provide better protection. The session time limits can be set to assist you in ensuring that the sessions are not left unattended and active for long periods of time. Reference: How Secure are Windows Terminal Services? / Securing the RDP-TCP Connection http://www.windowsecurity.com/articles/Windows_Terminal_Services.html
QUESTION NO: 25 You work as a network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows XP Professional. You are responsible for managing a server named ABC-TS01. ABC-TS01 is configured to host the Terminal Services role as well as the Terminal Services Web Access Role service. You receive instruction to add the Terminal Services Gateway role on ABC-TS01 and create a Terminal Services connection authorization policy. After this configuration you receive numerous complaints from users stating that they are unable to "Pass Any Exam. Any Time." - www.actualtests.com 22
Microsoft 70-643: Practice Exam access ABC-TS01. To ensure productivity within the company you need to make sure that the users are able to connect to ABC-TS01. How can this be accomplished? A. This can be accomplished by installing Routing and Remote Access on ABC-TS01 and configuring a Remote Access Policy. B. This can be accomplished by changing the RDP-TCP settings from Terminal Services Configuration on ABC-TS01. C. This can be accomplished by installing and configuring Terminal Services Resource Authorization Policy (RAP) on ABC-TS01. D. This can be accomplished by configuring the Terminal Services Profile path setting in the Default Domain GPO. Answer: C Explanation: To ensure that the users are able to make a connection to ABC-TS01, you need to install and configure the Terminal Services Resource Authorization Policy on ABC-TS01. RAPs are used to control which Terminal Servers can be accessed through the Terminal Services Gateway. Reference: http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-TerminalServices-Gateway-Part2.html
QUESTION NO: 26 You work as an enterprise administrator for ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows XP Professional. The ABC.com network contains a Terminal server named ABC-TS01. ABC-TS01 is used by the remote users to run the necessary applications from their workstations to accomplish their daily tasks. You receive instruction to stop new sessions on ABC-TS01. How can you accomplish this task without affecting current user sessions? A. By running the Change logon /disable command on ABC-TS01. B. By configure clearing the Terminal Services exception in Windows Firewall on ABC-TS01. C. By changing the permissions on the RDP-TCP connection on ABC-TS01.
23
Microsoft 70-643: Practice Exam D. By running the Net Stop TermService command on ABC-TS01. Answer: A Explanation: In order to stop new sessions on ABC-TS01without affecting the current user sessions, you need to run Change logon /disable command. This command will disable the subsequent logons from client sessions, but not from the console. This also ensures that the currently logged on users do not get affected. Reference: Change logon http://technet2.microsoft.com/windowsserver/en/library/85af3fd0-b518-4b91-9f9324c75173494e1033.mspx?mfr=true
QUESTION NO: 27 You work as a network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. The ABC.com network contains two servers named ABC-SR01 and ABC-SR02. ABC-SR01 runs Windows SharePoint Services (WSS) 3.0 while ABC-SR02 runs the SMTP service. During the course of the day You receive instruction to configure ABC-SR01 to use the SMTP service on ABC-SR02 for outgoing mail. Which two steps should you perform to ensure that ABC-SR01 can send email via ABC-SR02? A. This can be achieved by having a new application pool created on ABC-SR01. B. This can be achieved by having a new MX record for ABC-SR01 created on an internal DNS server. C. This can be achieved by having the SMTP service on ABC-SR02 configured to accept anonymous connections. D. This can be achieved by having a new application pool created on ABC-SR02. E. This can be achieved by having a new MX record for ABC-SR02 created on an internal DNS server. F. This can be achieved by having the SMTP service on ABC-SR02 configured to relay e-mail messages. G. This can be achieved by having the application pool linked with a new website. Answer: C,F Explanation: You are able to configure the SMTP service to accept relayed e-mail from servers in your farm. You can decide to accept relayed e-mail from all servers except those you specifically exclude. You are also able to block e-mail from all servers except those you specifically include. "Pass Any Exam. Any Time." - www.actualtests.com 24
Microsoft 70-643: Practice Exam You can include servers individually, or in groups by subnet or domain. You can enable both anonymous access and e-mail relaying but by doing this, you increase the possibility that the SMTP server will be used to relay unsolicited commercial e-mail (spam). Reference: Configure outgoing e-mail settings (Windows SharePoint Services) http://technet.microsoft.com/en-us/library/cc288949(TechNet.10).aspx
QUESTION NO: 28 You work as a network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. You are assigned a Terminal server named ABC-TS01. You use the TS RemoteApp Manager to deploy an application on ABC-TS01. Thereafter you set the security layer of the Terminal Servers to Negotiate. How would you ensure that users are not prompted for credentials when accessing the application? A. Your best option would be to configure the encryption setting in the RDP-TCP properties on ABC-TS01. B. Your best option would be to configure the Access Control Policy in the local Group Policy on ABC-TS01. C. Your best option would be to configure a Group Policy Object that enables Credential Delegation on all workstations. D. Your best option would be to configure a Group Policy Object that enables Windows Integrated Authentication on all workstations. E. Your best option would be to enable Windows Integrated Authentication on ABC-TS01. Answer: C Explanation: Your best option in this scenario would be Option C. You need to make the necessary changes to the Credential Delegation settings in the local group Policy on all user workstations in order to make sure that users are not prompted for credentials when accessing the application. Windows Vista introduces a new authentication package called the Credential Security Service Provider, or CredSSP, that provides a single sign-on (SSO) user experience when starting new Terminal Services sessions. CredSSP enables applications to delegate users' credentials from the "Pass Any Exam. Any Time." - www.actualtests.com 25
Microsoft 70-643: Practice Exam client computer (by using the client-side security service provider) to the target server (through the server-side security service provider) based on client policies. CredSSP policies are configured via Group Policy, and delegation of credentials is turned off by default In addition, a few of the policy settings might increase or decrease the risk. For example, the Allow Default Credentials with NTLM-only Server Authentication and Allow Fresh Credentials with NTLM-only Server Authentication policy settings remove the restriction to require the Kerberos authentication protocol for authentication between the client and server. Reference: Credential Security Service Provider and SSO for Terminal Services Logon http://technet2.microsoft.com/WindowsVista/en/library/6b6bf605-0b9f-45ed-990012aca2a0f2a21033.mspx?mfr=true
QUESTION NO: 29 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains a server named ABC-SR18 which runs the IIS role. The ABC.com network contains a server named ABC-SR07 which functions as an SMTP gateway. Only ABCSR07 can forward SMTP traffic through the firewall to the internet. ABC-SR07 is configured to relay SMTP traffic for all servers on the network. How would you configure a website on ABC-SR18 to send email to users on the internet?
A. The best option is configure the default gateway of ABC-SR18 to point to ABC-SR07. B. The best option is to install the DNS server service on ABC-SR18. C. The best option is to set up the SMTP email feature for the website on ABC-SR18. D. The best option is to configure the hosts file on ABC-SR18. Answer: C Explanation: You need to configure the SMTP email feature for the website on ABC-SR18. The Simple Message Transfer Protocol allows the emails to be sent to a specific address. Reference: http://technet2.microsoft.com/windowsserver2008/en/library/4ade618d-ff7a-4359b6ba-4982f0bdf4a51033.mspx?mfr=true
26
Microsoft 70-643: Practice Exam QUESTION NO: 30 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. ABC.com recently entered into partnership with Weyland Industries. Users from both companies connect to a computer named WEYLAND-TS01 which runs Terminal Services. ABC.com and Weyland Industries wants you to limit the total processor time to 25% for each network user. Which two of the following steps would enable you to limit the total processor time for each user? A. Install Windows System Resource Manager on WEYLAND-TS01. B. Install Routing and Remote Access on WEYLAND-TS01. C. Create a resource allocation policy on WEYLAND-TS01 and configure it as the Managing Policy. D. Create a remote access policy on WEYLAND-TS01 and configure it as the Managing Policy. E. Create a resource allocation policy on WEYLAND-TS01 and configure it as the Profiling Policy. F. Create a remote access policy on WEYLAND-TS01 and configure it as the Managing Policy. G. Configure the Processor Affinity setting for WINLOGON on WEYLAND-TS01. Answer: A,C Explanation: You need to install WSRM and configure a Resource Allocation Policy. The policy needs to be configured as the managing policy. You can set a policy as a managing policy by accessing the Resource Allocation Policies node in the left-hand pane. You can click on the policy and set it as the managing policy by clicking on the Set as Managing Policy link in the right pane.
QUESTION NO: 31 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. The ABC.com contains two domain controllers named ABC-DC01 and ABC-DC02. Both ABCDC01 and ABC-DC02 are configured as DNS servers with Active Directory integrated zones. The Active Directory integrated zones are configured to allow secure updates. The Key Management Service (KMS) is installed and activated on ABC-DC01.
27
Microsoft 70-643: Practice Exam During routine monitoring you notice that the KMS service locator records from the ABC.com zone are missing. How would you force the registration of the KMS service locator records in the ABC.com zone? A. By restarting the DNS service on ABC-DC01. B. By restarting the KMS service by running the net stop sppsvc command and then the net start sppsvc command on ABC-DC01. C. By forcing DNS replication on ABC-DC01. D. By installing the Global catalog on ABC-DC01. Answer: B Explanation: To force registration of the KMS service locator records in the ABC.com zone, you should run the net stop sppsvc command at the command prompt and then execute the net start sppsvc command. Restarting the KMS service will force registration of the SRV records in the ABC.com zone.
QUESTION NO: 32 You work as the enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. You are responsible for a Windows Server 2008 server named ABC-TS01. ABC-TS01 is configured to host the Terminal Services Gateway role. A new ABC.com policy states that all remote users need to connect to the internal servers via the Terminal Services Gateway. You therefore create a security group named ABCUsers and assign the remote users to this group. The remote users will use ABCUsers to connect to the internal servers. How would you assign the ABCUsers group access to the Terminal Services Gateway? A. You should create a resource authorization policy. Thereafter ABCUsers can be added to the policy. B. You should create a remote access policy. Thereafter ABCUsers can be added to the policy C. You should create a client authorization policy. Thereafter ABCUsers can be added to the policy. D. You should create a group policy. Thereafter ABCUsers can be added to the policy. Answer: C Explanation: You should consider making use of a Client Authorization Policy (CAP) policy because CAP policies are used to allow access through the Terminal Services Gateway server which ensures the network users connect to the internal servers through the gateway. "Pass Any Exam. Any Time." - www.actualtests.com 28
QUESTION NO: 33 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains a server named ABC-SR22 that runs the Web Server (IIS) role. ABC-SR22 also hosts an application named ABC_App. However, after you have modified ABC_App, the application does not work. When you check the event log you notice the error message: 503 Service Unavailable. You decide to fix ABC_App using the appcmd command line utility. What options should you use with the appcmd command? A. set config B. set apppool C. del apppool D. start apppool E. stop apppool F. lock config G. unlock config Answer: D Explanation: You need to execute appcmd start apppool on ABC-SR22 to connect to the server. When seeing this error: 503 Service Unavailable, means that the kernel HTTP driver that manages http connections for IIS, fails to create an IIS worker process to process the request. If the failure happens after each other in sequence, it will trigger Rapid Fail Protection. Reference: Troubleshooting IIS7 503 "Service unavailable" errors with startup debugging http://mvolo.com/blogs/serverside/archive/2007/05/19/Troubleshooting-IIS7-503-_2200_Serviceunavailable_2200_-errors-with-startup-debugging.aspx
QUESTION NO: 34 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains a server named ABC-SR08 which hosts the Windows SharePoint
29
Microsoft 70-643: Practice Exam Services (WSS) role. How would you configure ABC-SR08 to support SMTP? A. Use Server Manager to install the DNS Server role. B. Use Server Manager and install the SMTP Server feature. C. Use Server Manager to install the Web Server role. D. Configure an MX record in the domain DNS server. Answer: B Explanation: You need to install the SMTP server feature through Server Manager Console, to support SMTP. Based on SMTP, WSS works with any mail server or SMTP gateway. It acts as an SMTP relay (it does not store mail, only forwards it) and handles all incoming and outgoing SMTP traffic. For most installations, you'll simply have to modify your domain MX record and make a few configuration changes on your e-mail server. When installing WSS on the same host as your mail server, you must make additional configuration changes, such as SMTP port numbers. Reference: http://www.networkcomputing.com/913/913sp3.html
QUESTION NO: 35 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. The ABC.com network contains as member server named ABC-SR01. ABC-SR01 runs Microsoft Hyper-V and currently hosts eight virtual machines. During the course of the day you receive instruction from ABC.com to ensure that virtual machines connect directly to one another without connecting to the ABC.com network. How should you configure ABC-SR01? A. You should have the virtual LAN identification option enabled for each virtual machine. You should then set the Connection to None for the network interface card. B. You should have Local Area Connection disabled in each Virtual Machine. C. You should have the virtual LAN identification option enabled for each virtual machine. D. You should set the Network Location to Public in each Virtual Machine. E. You should disable the virtual switch. F. You should have the virtual LAN identification option enabled for each virtual machine. You should then set the Connection to Host for the network interface card.
30
Microsoft 70-643: Practice Exam Answer: F Explanation: To ensure that all the virtual machines connect to each other and you also meet the company policy, you need to first enable the Enable virtual LAN identification option for each virtual machine and then set the Connection to Host for the network interface card. You can use virtual LAN identification as a way to isolate network traffic. However, this type of configuration must be supported by the physical network adapter. Reference: Step-by-Step Guide to Getting Started with Hyper-V To create a virtual network http://technet2.microsoft.com/windowsserver2008/en/library/c513e254-adf1-400e-8fcbc1aec8a029311033.mspx?mfr=true
QUESTION NO: 36 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains a server named ABC-SR10 that runs the Web Server (IIS) role and hosts the company website. During routine monitoring you notice high traffic on the website which you suspect could be malicious. How would you determine the cause of the high traffic? A. The best option is to enable website logging to filter the logs for the source IP address, in the IIS server manager. B. The best option is to view the source IP address of the traffic by install a third-party traffic analysis software. C. The best option is to run the net session at command on ABC-SR10. D. The best option is to run the net stat/all command to view the traffic statistics Answer: A Explanation: The best option is to enable website logging which will filter the logs for the source IP address. With this you can see the people who visited the website. You will also find lots of other information.
QUESTION NO: 37 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client "Pass Any Exam. Any Time." - www.actualtests.com 31
Microsoft 70-643: Practice Exam computers run Windows Vista. The ABC.com network contains a file server named ABC-SR01. ABC-SR01 contains three 100 GB disk drives named Disk0, Disk1 and Disk2. All disks are configured as basic disks. Disk0 is used to host the operating system and all program and data files. The disk space on the other two disks has not been allocated. ABC.com recently requested that you configure RAID 1 on ABC-SR01. What should you do? A. You should convert Disk1 and Disk 2 to dynamic drives and use them to create a mirrored volume. B. You should convert all three disks to dynamic disks then use Disk1 and Disk2 to create a mirrored volume. C. You should create a partition on Disk1 and create another partition on Disk2. Configure the two partitions and a mirrored partition. D. You should rescan the disks then create a mirrored volume using Disk1 and Disk2. Answer: A Explanation: To configure the hard drives to support Raid1, you should create Disk1 and Disk 2 as dynamic drives and create a new mirrored volume using Disk1 and Disk 2. In data storage, disk mirroring or RAID1 is the replication of logical disk volumes onto separate physical hard disks in real time to ensure continuous availability. A mirrored volume is a complete logical representation of separate volume copies. Reference: technet2.microsoft.com/windowsserver/en/library/28af1c0d-8490-4ab0-8be049e5923c4bae1033.mspx
QUESTION NO: 38 You work as an enterprise administrator for ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. The ABC.com network contains a server named ABC-SR01. ABC-SR01 has the Windows SharePoint Services (WSS) role installed. ABC-SR01 contains highly confidential information. You receive instruction to allow a particular group of users access to ABC-SR01. You need to make sure that these users are only allowed to view items, open items and view versions on ABC-SR01. You decide to create a group named KingUsers that will be allowed to access the content on ABCSR01. You add the user to the KingUsers group.
32
Microsoft 70-643: Practice Exam How should you configure the WSS permissions for the KingUsers group? A. Your best option would be to grant the Read permissions to the KingUsers group. B. Your best option would be to grant the Limited Access permissions to the KingUsers group. C. Your best option would be to grant the Owner permissions to the KingUsers group. D. Your best option would be to grant the Read and Write permissions to the KingUsers group. E. Your best option would be to grant the Contribute permissions to the KingUsers group. Answer: A Explanation: In order to restrict the permissions of the group to viewing items, opening items and viewing versions, you need to assign Read permission. The Read permission level includes the View Items, Open Items, View Pages, and View Versions permissions (among others), all of which are needed to read documents, items, and pages on a SharePoint site. Reference: About security features of Windows SharePoint Services 3.0 http://office.microsoft.com/en-us/sharepointtechnology/HA100215781033.aspx
QUESTION NO: 39 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. The ABC.com network has several file servers. During the course of the day you install a new iSCSI based Storage Area Network (SAN) for the file servers. You want to ensure that network communications with SAN is secure. How would you implement the highest level of security? A. You should have IPSec security enabled in the iSCSI Initiator Properties and configure Windows Firewall. B. You should have Secure Mode transition enabled in the iSCSI Initiator Properties and make use of Windows Defender. C. You should apply data encryption through a Group Policy Object (GPO) and linking the GPO to the file servers. D. You should have a Certificate acquired from a third party Certification Authority (CA) and apply it to the file servers. Answer: A Explanation: In order to implement the highest security available for communication to and from an iSCSI SAN, you need to implement IPSec security. You can access the IPSec security by
33
Microsoft 70-643: Practice Exam opening the iSCSI Initiator Properties. After that you need to set inbound and outbound rules by using Windows Firewall.
QUESTION NO: 40 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains a member server named ABC-SR17 that runs the Web Server (IIS) role and hosts ABC.com's intranet Websites. ABC.com wants you to ensure that the intranet website uses encryption for the authentication traffic and that Active Directory credentials are used to the authenticate ABC.com users. However, ABC-SR17s performance should not be compromised. Which three of the following steps should you perform? A. You should enable the Digest Authentication setting on ABC-SR17. B. You should disable the Basic Authentication setting on ABC-SR17. C. You should enable the Windows Authentication setting on ABC-SR17. D. You should enable Active Directory Client Certificate Authentication on ABC-SR17. E. You should disable the Anonymous Authentication setting on ABC-SR17. F. You should enable Authorization Rules on ABC-SR17. G. You should enable Secure Sockets Layer (SSL) certificates on ABC-SR17. Answer: A,C,E Explanation: You need to disable Anonymous Authentication setting and enable Digest Authentication and Windows Authentication settings on ABC-SR17. If you do this I will configure the websites with accordance with the company policies. Reference: http://support.microsoft.com/kb/810572
QUESTION NO: 41 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. The ABC.com network contains two server named ABC-SR01 and ABC-SR02. The two servers are configured as a SQL failover cluster. "Pass Any Exam. Any Time." - www.actualtests.com 34
Microsoft 70-643: Practice Exam You to add an additional server named ABC-SR03 as a third node to the cluster. During your routine maintenance you discovered that the cluster does not failover on the third node. How would you ensure that the cluster can fail over to ABC-SR03? A. You should reinstall the Cluster Services role on ABC-SR01 and ABC-SR02. B. You should have the SQL resource added to the ABC-SR03. C. You should have ABC-SR03 configured as a preferred owner of the SQL resource. D. You should have ABC-SR03 configured as a possible owner of the SQL resource. Answer: D Explanation: You should consider configuring the third node as a possible owner to the resource as this will ensure that the cluster fails over on the third node.
QUESTION NO: 42 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. The ABC.com network contains a server named ABC-SR01 which runs the Windows Server Virtualization (WSV) server role. During the course of the day you receive instruction from ABC.com to create a virtual machine named ABC-VM01 and configure network communications only between ABC-VM01 and ABCSR01. You must prevent ABC-VM01 from communicating with the rest of the ABC.com network. What is the easiest way to enable network communication between ABC-VM01 and ABC-SR01? A. By creating a new virtual network switch. B. By configuring the virtual machine network interface to use DHCP. C. By installing an additional network adapter in ABC-SR01. D. By installing an additional network adapter in ABC-VM01. Answer: A Explanation: To configure the network communications between the virtual machines and the host server and prevent communications with other network servers, you have to create and configure a virtual network switch. Like traditional network security switches, the virtual switch integrates network policy enforcement and access control. The product features virtual network partitioning, a firewall, and virtual network discovery capabilities. It also secures communication between virtual environments and enables policy based switching and traffic monitoring. Reference: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1307117,00.html "Pass Any Exam. Any Time." - www.actualtests.com 35
QUESTION NO: 43 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. The ABC.com network contains as member server named ABC-SR01. ABC-SR01 runs Microsoft Hyper-V and currently hosts eight virtual machines. How can you ensure that all the virtual machines are shut down before the server itself shuts down? A. By configuring the System Failure options in Startup and Recovery. B. By opening the general properties on each virtual machine. You should then have the Shut down on Prompt option enabled. C. You should consider opening the Automatic stop action properties on each virtual machine. You should then enable the Shut down on the guest operating system option. D. By configuring a scheduled task for each virtual machine. Answer: C Explanation: To ensure that each virtual machine running on the server shuts down before the server shutdown, you should enable the Shut down the guest operation system option in the Automatic stop action properties on each virtual machine. When you enable the Shut down the guest operating system option, the server turns off the virtual machines before shutting down itself. It is very important to shut down the virtual machines before shutting down the server because it can corrupt the virtual machine files. The Automatic Stop action properties can be accessed on the virtual machine.
QUESTION NO: 44 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains a member server named ABC-SR16 by which has the Web server role installed. You have received instructions from the CIO to allow the employees on the ABC.com network to upload files to ABC-SR16. How should you configure the Web server to allow files to be uploaded to a Web site? Choose two. "Pass Any Exam. Any Time." - www.actualtests.com 36
Microsoft 70-643: Practice Exam A. You should allow Write permission in the properties of the Web site. B. You should allow Modify permission in the properties of the Web site. C. You should allow Modify NTFS permissions on the destination folder for the Authenticated Users group. D. You should allow Read NTFS permissions on the destination folder for the Authenticated Users group. Answer: A,C Explanation: You should allow writing to the Web site whilst ensuring that the users accessing the FTP site have NTFS permissions to the folder.
QUESTION NO: 45 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. ABC.com has headquarters in London and branch office in Paris. All servers on the ABC.com network run Windows Server 2008 Enterprise Edition and all client computers run Windows Vista. The London network contains a server named ABC-SR01 which hosts the ABC.com web site. During the course of the day you receive instruction from ABC.com to transfer an application named KingSales to ABC-SR01. How would you ensure that the KingSales application will run on the company Web site? A. By selecting the web site in the Internet Information Services (IIS) Manager console then selecting the Add Application option. B. By configuring the KingSales application directory as a virtual directory in the company web site. C. By creating a new Application Pool in the Internet Information Services (IIS) Manager console. D. By creating a new Web site in the Internet Information Services (IIS) Manager console. Answer: A Explanation:
QUESTION NO: 46 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from ABC.com to install a Network Load "Pass Any Exam. Any Time." - www.actualtests.com 37
Microsoft 70-643: Practice Exam Balancing (NLB) cluster for the company Web site. ABC.com wants you to configure the cluster to ensure that only traffic on TCP port 80 can access the cluster. How should you configure the cluster? A. You should configure Windows Firewall to block all ports except TCP port 80 blocked on each node in the cluster. B. You should have the default port rule deleted in the Network Load Balancing Clusters console and then create a new Allow rule for TCP port 80. C. You should configure the Network Load Balancing cluster to run in Unicast mode. D. You should configure the Network Load Balancing cluster to run in Mulitcast mode. E. You should have the default port rule deleted in the Network Load Balancing Clusters console. Answer: B Explanation: The default port rule on the NLB cluster allows traffic on all ports. The default port rule should be deleted and another one created that only permits traffic on TCP port 80.
QUESTION NO: 47 You work as an enterprise administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains a server named ABC-SR17 by which has the IIS role and the SMTP service installed. You have received instructions from the CIO to configure ABC-SR17 to forward all mail to ABC.com's ISP (Internet Service Provider). How should you configure ABC-SR17? A. By running the adprep/dm: getfromiis command. B. By configuring the smart host setting to use the mail server of the ISP. C. By configuring an MX record in the local DNS zone to point to the mail server of the ISP. D. By configuring the Masquerade Domain setting to use the mail server of the ISP. Answer: B Explanation: You need to set smart host setting to use the ISP mail server. A smart host server helps you in delivering all your mail. IT processes bounce-backs, retries and general mail delivery. Due to the processor-intensive nature of the mail delivery system with millions of spam messages, a server can get overwhelmed processing mails. It doesnt have enough time to do normal web serving. To address this issue, you should use smart host on your ISP mail server to manage the "Pass Any Exam. Any Time." - www.actualtests.com 38
Microsoft 70-643: Practice Exam mail delivery and the related tasks.
QUESTION NO: 48 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. ABC.com has headquarters in London and branch office in Paris. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. The ABC.com network contains a server named ABC-SR01 which hosts the virtualization role service and a Windows Server 2008 virtual machine named ABC-VM01. During the course of the day ABC.com asks you to deploy a new application on ABC-VM01. ABC.com additionally wants you to be able to have restored ABC-VM01 to its original state if the application causes problems. What step should you take before installing the application? A. You should perform an Automated System Recovery (ASR) backup of the virtual machine. B. You should have third party backup software used to backup the state of Virtual machine and store it on the server. C. You should have a snapshot created of the virtual machine through the Virtualization Management Console. D. You should consider backing up the virtual machine by running the Windows Backup utility in the virtual machine. Answer: C Explanation: To ensure that you can restore the Virtual machine to its original state if an application installation fails, you should create a snapshot of the virtual machine using the Virtualization Management Console. You can always restore the virtual machines in its original state by using the snapshot you created.
QUESTION NO: 49 You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 Enterprise Edition and all client computers run Windows Vista. The ABC.com network contains a server named ABC-SR01 which is configured as a Web server. ABC-SR01 hosts the company intranet website. The fully qualified domain name of ABC-SR01 is ABC-SR01.ABC.com. The private IP address of ABC-SR01 is 192.168.1.100. A publicly
39
Microsoft 70-643: Practice Exam accessible IP address is mapped to the internal IP address of ABC-SR01. The public DNS server has an alias record named intranet.ABC.com which maps to ABCSR01.ABC.com. The network users currently access ABC-SR01 from the Internet using the URL http://intranet.ABC.com. The ABC.com written security policy states that all communications over the Internet should be secured using SSL. Network users should access the company intranet website using the URL: HTTPS://intranet.ABC.com. You must ensure that network users are not prompted with security warnings when connecting to intranet.ABC.com. To this end, you intend to purchase a certificate from a third-party certification authority (CA). What common name should you use when ordering the certificate? A. You should use ABC-SR01.ABC.com. B. You should use the 192.167.1.100. C. You should use ABC-SR01. D. You should use intranet.ABC.com. E. You should use the public IP address of ABC-SR01. F. You should intranet. Answer: D Explanation:
Exam Set 2 ( 36 Questions)
QUESTION NO: 50 Your company has recently increased in size, after acquiring another company twice the size. You have been given the task to set up a cluster in the main datacenter. You have been given the scope of the project and decided that the cluster will have to consist of eight nodes for high availability. Which editions of Windows Server 2008 will not be suitable for the eight nodes in the cluster? (Choose all that apply.) A. Windows Server 2008 Standard Edition "Pass Any Exam. Any Time." - www.actualtests.com 40
Microsoft 70-643: Practice Exam B. Windows Server 2008 Enterprise Edition C. Windows Server 2008 Datacenter Edition D. Windows Web Server 2008 Answer: A,D Explanation:
QUESTION NO: 51 You have been asked to install the first Windows Server 2008 server in the domain. This server will be for testing purposes, so you will use older hardware with minimum hardware requirements for Windows Server 2008. You have decided to install a 32-bit edition of Server 2008 Standard Edition. What is the minimum amount of disk space required to install the Standard Edition of Server 2008? A. B. C. D. 8 GB 10 GB 12 GB 40 GB
Answer: D Explanation:
QUESTION NO: 52 You have recently moved from Windows Server 2003 to Windows Server 2008. You were previously using Virtual Server 2005 for your virtualization needs. You have now installed the Hyper-V role on your machine. Which of the following differences would you expect to see? A. B. C. D. You can expect to see reduced processing efficiency. You can now support x64 client processing and operating systems. You can expect lower server consolidation. None of the above.
Answer: B Explanation:
41
QUESTION NO: 53 You are utilizing the virtualization abilities of Windows Server 2008. You need to install multiple virtualized operating systems on a host computer with each virtualized operating system running in isolation from the other operating systems installed. You realize that you require more resources for one of the OSs. How is this possible to achieve using Hyper-V? A. B. C. D. A new physical hard drive must be installed to the physical computer. Adjust the virtual machine configurations for that VM. A new physical machine must be added to supplement the host. Downtime will need to be scheduled to reconfigure the entire network configurations.
QUESTION NO: 54 The news team shows up at your desk looking to put the video from a recent report they did on the stations Web server. The piece uses clips that were licensed from one of the major networks, so they need to ensure that the individual viewers are tracked to account for licensing fees. What is the best way to accomplish this? A. Use a Reverse Proxy Server and activity tracking logs to determine the number of viewers B. Use Digest Authentication to ask the public to register and sign in C. Use digital rights management to force users to acquire a license for the content D. Broadcast the piece at specific times and track the number of simultaneous views using Performance Monitor Answer: C Explanation:
QUESTION NO: 55 You have been asked to install Windows Media Services on a newly installed Windows Server 2008 Standard Edition system. You are unable to find the Streaming Media Role in the list of available roles. What should you do?
42
A. B. C. D.
Microsoft 70-643: Practice Exam UABCrade to Enterprise Edition Reinstall using a Server Core installation Download the latest release package from www.iis.net/downloads and install it first Format and reinstall Standard Edition
Answer: C Explanation:
QUESTION NO: 56 IIS 7 introduced a number of new configuration tools to help you automate administrative tasks. Which of the following tools cannot be used to administer IIS 7 on Server Core? A. Notepad B. AppCmd C. Windows PowerShell D. IIS Manager Answer: D Explanation:
QUESTION NO: 57 You have been asked by the security team to force the use of SSL on all Web applications. You want to configure this at the server level so that no one can modify it. What should you do to prevent people from changing this setting? A. Add an access section to the web.config files of each application and add a Deny file access control entry the files access control list. B. Set the overrideModeDefault attribute on the access attribute in the ApplicationHost.config C. Create a location tag in each web.site config containing the access tag and set the allowOverride attribute D. Perform the administrative work on behalf of the users. Answer: B Explanation:
43
QUESTION NO: 58 After a recent security audit you have been asked to disable anonymous authentication on your FTP site. What is the most secure option available using the authentication modules that are shipped with the FTP Publishing Service? A. B. C. D. Basic Windows Digest Client Certificate
Answer: A Explanation:
QUESTION NO: 59 You have installed SMTP Server to receive mail from outside users as well as let remote users authenticate and relay through. A user calls you telling you that their ISP has blocked port 25 and recommends using port 465 instead. What should you do to enable the user to connect? A. B. C. D. Create a new virtual server bound to port 465 Add a port binding to the existing virtual server Add the users IP address to the relay restrictions allow list Ask the user to use another SMTP Server
QUESTION NO: 60 You are the administrator for a small, single office company with 20 typical office users. The company currently has two Windows Server 2003 domain controllers, one of which also hosts Exchange Server. As part of your Windows Server 2008 uABCrade plan, youve been asked to add a terminal server to facilitate greater remote access. The company plans to add additional terminal servers as the year progresses. Which one of the following do you recommend for the placement of the TS Licensing role service?
44
Microsoft 70-643: Practice Exam A. For security reasons, you do not recommend installing the TS Licensing role service on a domain controller after the uABCrade. B. You recommend a dedicated server for the TS Licensing role service. C. You recommend that the License server be installed on a domain controller after the uABCrade. D. You recommend that the License server be installed on the new server which will be purchased for the Terminal Server role service. Answer: C Explanation:
QUESTION NO: 61 Your manager stresses the incorporation of vendor best practices. She has asked you to ensure that the discovery scope used for the companys TS Licensing role service servers adheres to the best practices established by Microsoft. Which one of the following settings will you configure for your domain based computers? A. B. C. D. This workgroup This domain This forest Configure later
QUESTION NO: 62 Your company has a server named TSWA that has the Terminal Services Web Access server role and the Terminal Services Gateway server role. The company has 25 Microsoft Windows XP SP2 remote client computers in the domain. You deploy a new application on the TSWA server. You make the new application available to users by publishing a Microsoft Windows Installer package that has a GPO. You discover that you can launch the new application from the TS2 server and the TSWA server by using the Terminal Services Web Access Web page. However, the users are unable to launch the application. You need to ensure that the users are able to launch the application. What do you need to do? A. Install the RDP 6.1 client on the client computers. "Pass Any Exam. Any Time." - www.actualtests.com 45
Microsoft 70-643: Practice Exam B. Deactivate the Network Level Authentication option on the Server2 server and the Server3 server. C. Install the Internet Explorer 7.0 browser application on the client computers. D. Configure the Terminal Services Resource Access Policy (TSRAP) to include the Server3 server only. Answer: A Explanation:
QUESTION NO: 63 Your company has an AD domain. The company also has a server named Server1 that has the Terminal Server Gateway role. There are two more servers named Server2 and Server3 that have the Terminal Server role. Server2 and Server3 are configured in a load-balancing Terminal Server farm named TSL. The company deploys the Terminal Server Broker Service feature on a new server named Server4. The TSL farm is added to the Terminal Server Broker Service configuration on Server4. After configuring the published applications to use the Terminal Server Broker Service feature, you observe that the Terminal Server Broker Service feature does not receive any server registrations. You need to ensure that the Terminal Server Broker Service feature receives server registrations. What do you need to do? A. Create a new GPO that assigns Server4 to Server2 and Server3 as their session broker server. Apply the policy to Server2 and Server3. B. Configure Server2 and Server3 to use the Terminal Server Gateway role to access the Terminal Server Broker Service feature. C. Configure a group policy to set the Require secure RPC communications option in the Terminal Services Security section to False. Apply the policy to Server2 and Server3. D. Configure a group policy to set the Set TS Gateway server address option in the Terminal Services section to Server1. Apply the policy to all client computers. Answer: A Explanation:
QUESTION NO: 64 You are the network administrator for your company. You install a Windows Server 2008 computer named TermSrv, which you want to configure as a Terminal Server. TermSrv is located behind a firewall. You want to enable remote users to connect to internal network resources.
46
Microsoft 70-643: Practice Exam Which Terminal Services role should you install on the TermSrv server to allow remote users to connect to internal network resources? A. B. C. D. Terminal Services Web Access Terminal Services Session Broker Terminal Services RemoteApp Terminal Services Gateway
Answer: D Explanation:
QUESTION NO: 65 You are the network administrator for your company network, which consists of a single Active Directory domain. You install Terminal Services on a Windows Server 2008 computer. You install an application and configure RemoteApp to allow remote users to access the application on the terminal server. You use the Active Directory mode deployment to make RemoteApp program available to users. You click the Hide in TS Web Access option in the TS RemoteApp Manager to ensure that the RemoteApp program is not available from TS Web Access. Later, the management asks you to make the program available through TS Web Access. What should you do to ensure that the RemoteApp program is available from TS Web Access? A. Recreate the .msi package for the RemoteApp program. B. Click the program in the RemoteApp Programs list, and then in the Actions pane for the program, click Properties C. Select the Block remote users from starting unlisted programs. Remote users will only be able to start RemoteApps that you list. (Recommended) option on the Terminal Server tab in the RemoteApp Deployment Settings dialog box. D. Select the Allow users to start both listed and unlisted programs option on the Terminal Server tab in the RemoteApp Deployment Settings dialog box. Answer: A Explanation:
QUESTION NO: 66 You are the administrator for ABC.com. The company's network contains Windows Server 2008 domain controllers operating at a domain functional level of Windows 2000 native. The network "Pass Any Exam. Any Time." - www.actualtests.com 47
Microsoft 70-643: Practice Exam contains a Windows Server 2003 Server that is acting as the Windows Media Server for the network. Clients in the network use Windows XP computers with Windows Media 10 installed. The Windows Media Server is used by all departments to view streaming media presentations from the Internet and from other offices. Due to limited bandwidth, users have complained recently that when momentary network problems interrupt the media stream, they frequently must reconnect to the Media Server, resulting in delays and broken connections. There are also reports that it takes a long time before the presentation starts. What should you suggest to solve this problem and improve the performance of the streaming media? (Choose two. Each answer is a part of the complete solution.) A. B. C. D. E. Enable Advanced Fast Start Raise the domain functional level to Windows Server 2003 Enable Fast Cache Enable Fast Reconnect Raise the forest functional level to Windows Server 2008
Answer: A,D Explanation:
QUESTION NO: 67 You are the system administrator for ABC.com. You want to ensure that all new computers have the Windows Vista operating system and the same applications installed. You prepare a reference computer with the appropriate software installed. You want to create an image to deploy to new computers with Windows Deployment Services (WDS). You need to create an image that can be used to save the configured operating system, applications, and settings to apply to the new computers. Which type of image should you create? A. B. C. D. Discover image Install image Capture image Windows PE image
48
Microsoft 70-643: Practice Exam QUESTION NO: 68 You are the network administrator for your company. A Windows Server 2008 server named FTPSrv1 is configured as a File Transfer Protocol (FTP) server and contains several FTP sites. The manager of the marketing department asks you to create a new FTP site for the users in the marketing department. Before creating the FTP site, you discover that FTPSrv1 is running low on disk space. You want to remove FTP sites that are no longer used by users. To identify unused site, you want to first list all FTP sites on FTPSrv1. Which tool should you use? A. B. C. D. IISVdir.vbs ConvLog.exe IISFtp.vbs IISFtpdr.vbs
QUESTION NO: 69 You are the systems administrator for your company. You have a virtual machine that runs Windows Server 2008. You want to install an application on the virtual machine. You want to be able to restore the virtual machine to its original state if the application installation fails. What should you do? A. B. C. D. Create a snapshot of the virtual machine. Perform a back up of all the volumes on the virtual machine. Copy the .vmc file to an alternate location. Save the state of the virtual machine.
Answer: A Explanation:
QUESTION NO: 70 Your company has a main office and a branch office. You have installed Windows Server 2008 servers in the main office and branch office. You need to activate five Windows Vista client computers in the branch office using Volume Activation Management Tool (VAMT). You have installed VAMT on a Windows Server 2008 computer in a branch office that has network access to "Pass Any Exam. Any Time." - www.actualtests.com 49
Microsoft 70-643: Practice Exam all client computers in the branch office. The client computers in the branch office do not have access to the Internet. The VAMT host computer, however, has direct access to the Internet. What should you do to activate the client computers in the branch office using VAMT? A. B. C. D. Use MAK Independent Activation. Use MAK Proxy Activation. Use KMS Activation process. Use System Management Center (SMS) 2003 SP3
QUESTION NO: 71 You are the Web administrator for a large aircraft manufacturer. The network contains three Web servers Web1, Web 2, and Web3. You must configure a new site on Web3. The server administrator has provided the following information to use for the new site: Site name: Dreamcraft Site ID: 85 Physical location: C:\dreamcraft Domain name: verigon.com Port: 55 Which of the following commands would create the site with the required settings? A. appcmd set config /name:dreamcraft /id:85 /physicalPath:c:\dreamcraft /binding:http/*.55:verigon.com B. appcmd add vdir /name:dreamcraft /id:85 /physicalPath:c:\dreamcraft /binding:http/*.55:verigon.com C. appcmd add site /name:dreamcraft /id:85 /physicalPath:c:\dreamcraft /binding:http/*.55:verigon.com D. appcmd add site /id:85 /name:dreamcraft /physicalPath:c:\dreamcraft /binding:http/*.55:verigon.com. Answer: C "Pass Any Exam. Any Time." - www.actualtests.com 50
Microsoft 70-643: Practice Exam Explanation:
QUESTION NO: 72 You are a network administrator in your organization. You have configured a Windows Server 2008 computer named WSS-1 as a Key Management Service (KMS) host. WSS-1 is also configured as a Windows SharePoint Services server. Your organization had 18 Windows Vista KMS client computers and you recently added 10 more Windows Vista KMS client computers in your organization. These 10 additions were installed using a Windows Vista image file. The KMS host is unable to activate any of the KMS client computers in the organization. What should you do? A. B. C. D. E. Install KMS on a dedicated Windows Server 2008. run sysprep /generalize on the Vista reference computer used to create the image. run slmgr.vbs /rearm Vista reference computer used to create the image. run slmgr.vbs /dli on the KMS host computer. run slmgr.vbs /cpri on the KMS host computer.
QUESTION NO: 73 You are the network administrator of your company. The company's network consists of a single Active Directory domain. Your network contains servers running the Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition , Windows Server 2008 Web Edition and Window Server 2008 Enterprise Edition. You want to install the Streaming Media Services role on one of the servers on the network. The server will be configured as a Terminal Services server and will have the Streaming Media Services role installed to allow multicast streaming of digital media content to clients over the intranet. On which edition(s) of Windows Server could you install the Streaming Media Services role to perform mulicast streaming of digital media content ? (Choose all that apply.) A. B. C. D. Windows Server 2003 Standard Windows Server 2003 Enterprise Windows Server 2008 Web Edition Windows Server 2008 Enterprise "Pass Any Exam. Any Time." - www.actualtests.com 51
Microsoft 70-643: Practice Exam Answer: D Explanation:
QUESTION NO: 74 You install Terminal Services on a Windows Server 2008 computer named TS1. You install several business applications on TS1. You want to enable all users on the network to access these application remotely. To achieve this, you add all applications to the RemoteApps list. You also want to ensure that malicious users are unable to access any program not listed in the RemoteApps list. What should you do? A. Remove the business applications from the RemoteApps list. B. Select the Block remote users from starting unlisted programs. Remote users will only be able to start RemoteApps that you list. (Recommended) option on the Terminal Server tab in the RemoteApp Deployment Settings dialog box. C. Select the Allow users to start both listed and unlisted programs option on the Terminal Server tab in the RemoteApp Deployment Settings dialog box. D. Clear the Make a remote desktop connection to this terminal server available in TS Web Access option on the Terminal Server tab in the RemoteApp Deployment Settings dialog box. Answer: B Explanation:
QUESTION NO: 75 You are the system administrator for a large textile firm. The company has one main office and several branch offices. You have installed several Windows Server 2008 Server Core computers. You want to ensure that the servers have the latest security updates by configuring automatic updates on these servers. What should you do? A. B. C. D. Run control timedate.cpl. Run cscript Scregedit.wsf /cs 0. Run cscript scregedit.wsf /AU /4. Run Cscript scregedit.wsf /AU /1.
52
Microsoft 70-643: Practice Exam Answer: C Explanation:
QUESTION NO: 76 You are implementing Terminal Services and must choose a licensing mode. You must support 40 users that will connect to the terminal servers from any of 63 different computers. The following requirement must be met: The lowest number of CALs possible must be purchased. In addition, the following desired result may be met: All 40 users must be able to connect from any of the 63 computers. You choose to implement perdevice CALs. Which of the follow describes what you have accomplished? Select the best answer. A. B. C. D. Neither the requirement nor the desired result have been met. The requirement is not met, but the desired result is. The requirement is met, but the desired result is not. Both the requirement and the desired result have been met.
QUESTION NO: 77 You have created a virtual machine running Windows Server 2008 Web Edition as the guest operating system. The server has 8 GB of RAM and the stated virtual machine is the only function running on the server other than standard operating system tasks. The server has two dual-core processors running at 3 GHz each. The virtual disk is stored on a RAID 0 three drive array and each drive is a SATA 10,000 RPM drive. The virtual machine performs well when users access the web services from remote; however, the performance is very poor when an administrator accesses the virtual machine for administration. Additionally, the mouse acts sporadic and the graphics seem to be very slow. What should you try in order to resolve these problems? Select the best answer. A. B. C. D. Search for update mouse and video drivers for your video card on the Internet Reinstall the virtual machine Replace the mouse and video card Install the Hyper-V Integration Services "Pass Any Exam. Any Time." - www.actualtests.com 53
Microsoft 70-643: Practice Exam Answer: D Explanation:
QUESTION NO: 78 You are implementing a terminal server solution. The requirement is that the users must be able to connect to the terminal server without retyping their passwords. An optional result is that the users be able to use DDE between applications. You do the following: -Ensure that the terminal server and the client computers are in the same domain. -Ensure that all client computers are running Vista or Windows 2008 Server. -Enable the group policy called Allow Delegating Default Credentials on the clients. -Ensure that the users have the rights to log onto the terminal server. What result(s) have been met? Select the best answer. A. B. C. D. Neither required nor optional results have been met Both required and optional results have been met The optional result has been met, but not the required result The required result has been met, but not the optional result
QUESTION NO: 79 You have completed the installation of Windows SharePoint Services on a Windows 2008 Server that is running the Enterprise Edition of the operating system. The installation is a standalone installation and you have connected to the Central Administration web site. Which one of the following is not an Administrator Task in the Administrator Tasks list? Select the best answer. A. Incoming e-mail settings "Pass Any Exam. Any Time." - www.actualtests.com 54
Microsoft 70-643: Practice Exam B. Create a backup schedule C. Add anti-virus protection D. Create SharePoint Sites Answer: B Explanation:
QUESTION NO: 80 You have installed a .NET application and configured it to operate in an application pool named NetApp2. The pool .NET framework version is set to v2.0.50727 and the managed pipeline mode is set to Integrated. The trust level is set to Low. The .NET application does not use a database, but rather saves data into plain text files. Users are complaining that the application is not working properly. They say that they can read data, but every time they try to save new data, they receive an error. What change should be made? Select the best answer. A. B. C. D. Set the managed pipeline mode to Classic Set the trust level to Medium Set the trust level to Minimal Set the .NET Framework version to 1.0.3405
QUESTION NO: 81 You want to enable a TS Session Broker load balancing solution. You have three terminal servers that you want to participate in the farm and one is running Windows Server 2003 while the remaining two are running Windows Server 2008. One of the Windows Server 2008 servers is in the Marketing domain and the other is in the EnterpriseNetwork domain. The Windows Server 2003 server is also in the EnterpriseNetwork domain. What two actions must be taken before these three servers can operate in a TS Session Broker solution? Choose two. A. Join the single Windows Server 2008 server to the EnterpriseNetwork domain B. UABCrade the Windows Server 2003 server to Windows Server 2008 "Pass Any Exam. Any Time." - www.actualtests.com 55
Microsoft 70-643: Practice Exam C. Join the Windows Server 2003 server to the Marketing domain D. Install ADAM on the Windows Server 2003 server Answer: A,B Explanation:
QUESTION NO: 82 Windows Media Services is a required component for a new corporate communications project that you have been asked to plan and implement. You must ensure that the organization's firewall allows the proper protocols to communicate through the Internet firewall. What TCP ports will you need to open in order to support both protocols that ma be used to transfer media content? Select the best answer. A. B. C. D. TCP ports 80 and 445 TCP ports 80 and 554 UDP ports 21 and 554 TCP ports 21 and 445
QUESTION NO: 83 You are planning to use Windows Server 2008 and WDS to deploy Windows Vista and Windows Server 2008 machines. In your lab, you have two servers that you plan to configure as test machines for WDS testing. One of the machines is an Itanium-based machine and the other uses standard Intel Xeon processors. What machine and edition of Windows Server 2008 will you use for your test server? Select the best answer. A. Xeon machine running Windows Server 2008 Standard Edition B. Xeon machine running Windows Server 2008 Web Edition C. Itanium machine running Windows Server 2008 Standard Edition D. Itanium machine running Windows Server 2008 Web Edition Answer: A
56
Microsoft 70-643: Practice Exam Explanation:
QUESTION NO: 84 While implementing three virtual servers using Hyper-V, you have to decide on the disk type. You do not want the virtual disk to consume any more space than is needed at any point in time. You also want each virtual machine to have a virtual disk that stands alone without any referenced to other virtual machines. Which virtual disk type will you deploy? Select the correct answer. A. Differencing B. Physical disk C. Dynamically expanding D. Fixed Answer: C Explanation:
QUESTION NO: 85 You have installed the FTP Role Service on the server at 134.12.15.89. When users attempt to connect, they are unable to reach the FTP server. The server is on your private network and your Internet connection passes through a firewall. The users are attempting to connect through the Internet using their home systems. Only standard FTP is being used with no enhanced security. What action should you take? Select the best answer. A. B. C. D. Open port 21 in the firewall for the entire network Open port 21 in the firewall for 134.12.15.89 Open port 80 in the firewall for the entire network Open port 80 in the firewall for 134.12.15.89
57

70 643

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

70 643

Transféré par

Droits d'auteur :

Formats disponibles

Microsoft 70-643

TS: Windows Server 2008 Applications Infrastructure, Configuring

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

Microsoft 70-643: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

Microsoft 70-643: Practice Exam Reference: http://www.codeproject.com/KB/web-security/HttpCookieEncryption.aspx

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

Microsoft 70-643: Practice Exam http://technet2.microsoft.com/windowsserver2008/en/library/33aaec94-c0cb-4402-b91ea5e3b9c3e0e01033.mspx?mfr=true

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

Microsoft 70-643: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

Microsoft 70-643: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com

Exam Set 2 ( 36 Questions)

"Pass Any Exam. Any Time." - www.actualtests.com

Microsoft 70-643: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

Microsoft 70-643: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

Answer: A,D Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Microsoft 70-643: Practice Exam Explanation:

Microsoft 70-643: Practice Exam Answer: D Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Microsoft 70-643: Practice Exam Answer: C Explanation:

Microsoft 70-643: Practice Exam Answer: D Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Microsoft 70-643: Practice Exam Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

Vous aimerez peut-être aussi