41. Your company has deployed Network Access Protection (NAP) enforcement for VPNs.

You need to ensure that the health of all clients can be monitored and reported.

What should you do?

A. Create a Group Policy object (GPO) that enables Security Center and link the policy to the domain.

B. Create a Group Policy object (GPO) that enables Security Center and link the policy to the Domain Controllers organizational unit (OU).

C. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the domain.

D. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the Domain Controllers organizational unit (OU).

Answer: A

 

42. Your company has deployed Network Access Protection (NAP).

You configure secure wireless access to the network by using 802.1x authentication from any access point.

You need to ensure that all client computers that access the network are evaluated by NAP.

What should you do?

A. Configure all access points as RADIUS clients to the Remediation Servers.

B. Configure all access points as RADIUS clients to the Network Policy Server (NPS).

C. Create a Network Policy that defines Remote Access Server as a network connection method.

D. Create a Network Policy that specifies EAP-TLS as the only available authentication method.

Answer: B

 

43. You install the Web Server (IIS) on a server that runs Windows Server 2008.

You install a Microsoft .NET Framework application on a Web site that is hosted on the server in a folder named \wwwroot.

The .NET Framework application must write to a log file that resides in the \Program Files\WebApp folder.

You need to configure the .NET Framework trust level setting for the Web site so that the application can write to the log file.

What should you do?

A. Set the .NET Framework trust level to Full for the Web site.

B. Set the .NET Framework trust level to High for the Web site.

C. Set the .NET Framework trust level to Minimal for the Web site.

D. Set the .NET Framework trust level to Medium for the Web site.

Answer: C

 

44. Your company has a main office and 15 branch offices. The company has a single Active Directory domain. All servers run Windows Server 2008.

You need to ensure that the VPN connections between the main office and the branch offices meet the following requirements:

All data must be encrypted by using end-to-end encryption.

The VPN connection must use computer-level authentication.

User names and passwords cannot be used for authentication.

What should you do?

A. Configure an IPsec connection to use tunnel mode and preshared key authentication.

B. Configure a PPTP connection to use version 2 of the MS-CHAP v2 authentication.

C. Configure a L2TP/IPsec connection to use the EAP-TLS authentication.

D. Configure a L2TP/IPsec connection to use version 2 of the MS-CHAP v2 authentication.

Answer: C

 

45. You manage a computer named FTPSrv1 that runs Windows Server 2008.

Your company policy requires that the FTP service be available only when required by authorized projects.

You need to ensure that the FTP service is unavailable after restarting the server.

What should you do?

A. Run the iisreset command on the FTPSrv1 server.

B. Run the net stop msftpsvc command on the FTP server.

C. Run the suspend-service msftpsvc cmdlet in Microsoft Windows PowerShell tool.

D. Run the WMIC /NODE:FTPSrv1 SERVICE WHERE caption=”FTP Publishing Service” CALL ChangeStartMode “Disabled” command on the FTP server.

Answer: D

 

46. Your company has a main office and 10 branch offices. Each office is configured as a separate site. Each office has a read-only domain controller (RODC) server.

Users in the remote offices are unable to log on to their user accounts.

You need to ensure that the cached credentials for user accounts are stored only on the RODC server for the users local office.

What should you do?

A. Configure a separate Password Replication Policy on each RODC computer account.

B. Add the user accounts to the Domain RODC Password Replication Allowed Group domain security group.

C. Set Allow on the Receive as permission only for the desired user accounts on the RODC computer account Security tab.

D. Create a separate security group for each office. Add the user accounts to the corresponding group. Add the groups to the Domain RODC Password Replication Allowed Group domain security group.

Answer: A

 

47. Your corporate network has a member server named RAS1 that runs Windows Server 2008. You configure RAS1 to use the Routing and Remote Access Service (RRAS).

The companys remote access policy allows members of the Domain Users group to dial in to RAS1. The company issues smart cards to all employees.

You need to ensure that smart card users are able to connect to RAS1 by using a dial-up connection.

What should you do?

A. Install the Network Policy Server (NPS) on the RAS1 server.

B. Create a remote access policy that requires users to authenticate by using SPAP.

C. Create a remote access policy that requires users to authenticate by using EAP-TLS.

D. Create a remote access policy that requires users to authenticate by using MS-CHAP v2.

Answer: C

 

48. You install the FTP role service on a server that runs Windows Server 2008. Users receive an error message when they attempt to upload files to the FTP site.

You need to allow authenticated users to upload files to the FTP site.

What should you do?

A. Run the ftp Ca 192.168.1.200 command on the server that runs Windows Server 2008.

B. Run the appcmd unlock config command on the server that runs Windows Server 2008.

C. Configure Write permissions on the FTP site. Configure the NTFS permissions on the FTP destination folder for the Authenticated Users group to Allow - Modify.

D. Configure Write permissions on the FTP site. Configure the NTFS permissions on the FTP destination folder for the Authenticated Users group to Allow C Write attributes.

Answer: C

 

49. Your company has a main office and 40 branch offices. Each branch office is configured as a separate Active Directory site that has a dedicated read-only domain controller (RODC).

An RODC server is stolen from one of the branch offices.

You need to identify the user accounts that were cached on the stolen RODC server.

Which utility should you use?

A. Dsmod.exe

B. Ntdsutil.exe

C. Active Directory Sites and Services

D. Active Directory Users and Computers

Answer: D

 

50. Your company has 10 servers that run Windows Server 2008. The servers have RDP enabled for server administration. RDP is configured to use default security settings. All administrators’ computers run Windows Vista.

You need to ensure the RDP connections are as secure as possible.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Set the security layer for each server to the RDP Security Layer.

B. Configure the firewall on each server to block port 3389.

C. Acquire user certificates from the internal certificate authority.

D. Configure each server to allow connections only to Remote Desktop client computers that use Network Level Authentication.

Answer: C AND D

 

Ccna ccnp ccie

등 인증시험의 덤프를 제공
우리회사의 홈페이지는 http://www.killtest.co.kr 입니다.
제 msn는 testkr@hotmail.com 입니다.
야호메일주소는 killtest@ymail.com 입니다.

Tags: 70-649

21. Your company has an Active Directory domain. The company runs Terminal Services.

Standard users who connect to the Terminal Server are in the TSUsers organizational unit (OU). Administrative users are in the TSAdmins OU. No other users connect to the Terminal Server.

You need to ensure that only members of the TSAdmins OU can run the Remote Desktop Protocol files.

What should you do?

A. Create a Group Policy object (GPO) that configures the Allow .rdp files from unknown publishers policy setting in the Remote Desktop Client Connection template to Disabled. Apply the GPO to the TSUsers OU.

B. Create a Group Policy object (GPO) that configures the Allow .rdp files from valid publishers and users default .rdp settings policy setting in the Remote Desktop Client Connection template to Disabled. Apply the GPO to the TSUsers OU.

C. Create a Group Policy object (GPO) that configures the Allow .rdp files from valid publishers and users default .rdp settings policy setting in the Remote Desktop Client Connection template to Enabled. Apply the GPO to the TSAdmins OU.

D. Create a Group Policy object (GPO) that configures the Specify SHA1 thumbprints of certificates representing trusted .rdp publishers policy setting in the Remote Desktop Client Connection template to Enabled. Apply the GPO to the TSAdmins OU.

Answer: B

 

22. Your company has an Active Directory domain. The company runs Terminal Services. You configure the main office printer as the default printer on the Terminal Server.

The company policy states that all remote client computers must meet the following requirements:

The main office printer must be the default printer of the client computers.

Users must be able to access their local printers during a terminal session.

You need to create a Group Policy Object by using the Terminal Services Printer Redirection template to meet the company policy.

What should you do?

A. Set the Easy Print driver first option to Disabled. Apply the GPO to the Terminal Server.

B. Set the Use Terminal Services Easy Print driver first option to Disabled. Apply the GPO to all the client computers.

C. Set the Do not set default client printer to be default printer in a session option to Enabled. Apply the GPO to the Terminal Server.

D. Set the Do not set default client printer to be default printer in a session option to Enabled. Apply the GPO to all the client computers.

Answer: C

 

23. Your company runs Terminal Services. You plan to install an application update for the lobapp.exe application on the Terminal Server. You find instances of the lobapp.exe processes left behind by users who have disconnected.

You need to terminate all instances of the lobapp.exe processes so that you can perform an application update.

What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

A. Run the Get-Process cmdlet on the Terminal Server.

B. Run the Tskill lobapp /a command on the Terminal Server.

C. End all instances of lobapp.exe in the Terminal Services Manager console.

D. Run the Tasklist /fi “IMAGENAME eq lobapp.exe” command on the Terminal Server.

Answer: B AND C

 

24. Your company has an Active Directory domain. The company runs Terminal Services. All Terminal Services accounts are configured to allow session takeover without permission.

A user has logged on to a server named Server2 by using an account named User1. The session ID for User1 is 1337.

You need to perform a session takeover for session ID 1337.

Which commands should you run?

A. Chgusr 1337 /disable, and then Tscon 1337

B. Takeown /U User1 1337, and then Tscon 1337

C. Tsdiscon 1337, and then Chgport /U User1 1337

D. Tsdiscon 1337, and then Tscon 1337

Answer: D

 

25. Your company has a single Active Directory domain. The company network is protected by a firewall.

Remote users connect to your network through a VPN server by using PPTP.

When the users try to connect to the VPN server, they receive the following error message: Error 721: The remote computer is not responding.

You need to ensure that users can establish a VPN connection.

What should you do?

A. Open port 1423 on the firewall.

B. Open port 1723 on the firewall.

C. Open port 3389 on the firewall.

D. Open port 6000 on the firewall.

Answer: B

 

26. Your company has a server that runs an instance of Active Directory Lightweight Directory Service (AD LDS).

You need to create new organizational units in the AD LDS application directory partition.

What should you do?

A. Use the Active Directory Users and Computers snap-in to create the organizational units on the AD LDS application directory partition.

B. Use the ADSI Edit snap-in to create the organizational units on the AD LDS application directory partition.

C. Use the dsadd OU <OrganizationalUnitDN> command to create the organizational units.

D. Use the dsmod OU <OrganizationalUnitDN> command to create the organizational units.

Answer: B

 

27. Your company has a single Active Directory domain. The domain has servers that run Windows Server 2008. You have a server named NAT1 that functions as a NAT server.

You need to ensure that administrators can access a server named RDP1 by using Remote Desktop Protocol (RDP).

What should you do?

A. Configure NAT1 to forward port 389 to RDP1.

B. Configure NAT1 to forward port 1432 to RDP1.

C. Configure NAT1 to forward port 3339 to RDP1.

D. Configure NAT1 to forward port 3389 to RDP1.

Answer: D

 

28. You install the Web Server (IIS) role on a server that runs Windows Server 2008. You configure a Web site named contoso.com and a Web application named Acctg on the Web server.

The Web server runs out of disk space. You move Acctg to another drive on the Web server.

The following table shows the current application configuration.

Application	Web location	Original location	New location
Acctg	contoso/Acctg	d:\Acctg	f:\Acctg

Users report that they cannot access Acctg.

You need to enable users to access Acctg.

Which command should you run on the server?

A. appcmd add app /site.name: contoso /path:/Acctg /physicalPath:d:\Acctg

B. appcmd add app /site.name: contoso /path:/Acctg /physicalPath:f:\Acctg

C. appcmd set app /site.name: contoso /path:/Acctg /physicalPath:d:\Acctg

D. appcmd set app /site.name: contoso /path:/Acctg /physicalPath:f:\Acctg

Answer: D

 

29. Your company has a server that runs Windows Server 2008. The server runs an instance of Active Directory Lightweight Directory Services (AD?LDS).

You need to replicate the AD?LDS instance on a test computer that is located on the network.

What should you do?

A. Run the repadmin /kcc <servername> command on the test computer.

B. Create a naming context by running the Dsmgmt command on the test computer.

C. Create a new directory partition by running the Dsmgmt command on the test computer.

D. Create and install a replica by running the AD LDS Setup wizard on the test computer.

Answer: D

 

30. Your company has users who connect remotely to the main office through a Windows Server 2008 VPN server.

You need to ensure that users cannot access the VPN server remotely from 22:00 to 05:00.

What should you do?

A. Create a network policy for VPN connections. Modify the Day and time restrictions.

B. Create a network policy for VPN connections. Apply an IP filter to deny access to the corporate network.

C. Modify the Logon hours for all user objects to specify only the VPN server on the Computer restrictions option.

D. Modify the Logon Hours for the default domain policy to enable the Force logoff when logon hours expire option.

Answer: A

 

31. You deploy a Windows Server 2008 VPN server behind a firewall. Remote users connect to the VPN by using portable computers that run Windows Vista with the latest service pack.

The firewall is configured to allow only secured Web communications.

You need to enable remote users to connect as securely as possible. You must achieve this goal without opening any additional ports on the firewall.

What should you do?

A. Create an IPsec tunnel.

B. Create an SSTP VPN connection.

C. Create a PPTP VPN connection.

D. Create an L2TP VPN connection.

Answer: B

 

32. Your network contains a server that runs Windows Server 2008. The server has the Network Policy Server (NPS) service role installed.

You need to allow only members of a global group named Group1 VPN access to the network.

What should you do?

A. Add Group1 to the RAS and IAS Servers group.

B. Add Group1 to the Network Configuration Operators group.

C. Create a new network policy and define a group-based condition for Group1. Set the access permission of the policy to Access granted. Set the processing order of the policy to 1.

D. Create a new network policy and define a group-based condition for Group1. Set the access permission of the policy to Access granted. Set the processing order of the policy to 3.

Answer: C

 

33. You have a server that runs Windows Server 2008.

You need to configure the server as a VPN server.

What should you install on the server?

A. Windows Deployment Services role and Deployment Server role service.

B. Windows Deployment Services role and Deployment Transport Role Service.

C. Network Policy and Access Services role and Routing and Remote Access Services role service.

D. Network Policy and Access Services role and Host Credential Authorization Protocol role service.

Answer: C

 

34. You have a Windows Server 2008 server that has the Web Server (IIS) server role installed. The server hosts multiple Web sites.

You need to configure the server to automatically release memory for a single Web site. You must achieve this goal without affecting the other Web sites.

What should you do?

A. Create a new Web site and edit the bindings for the Web site.

B. Create a new application pool and associate the Web site to the application pool.

C. Create a new virtual directory and modify the Physical Path Credentials on the virtual directory.

D. From the Application Pool Defaults, modify the Recycling options.

Answer: B

 

35. Your company has an Active Directory Rights Management Services (AD?RMS) server. Users have Windows Vista computers. An Active Directory domain is configured at the Windows Server 2003 functional level.

You need to configure AD?RMS so that users are able to protect their documents.

What should you do?

A. Install the AD?RMS client 2.0 on each client computer.

B. Add the RMS service account to the local administrators group on the AD?RMS server.

C. Establish an e-mail account in Active Directory Domain Services (AD?DS) for each RMS user.

D. Upgrade the Active Directory domain to the functional level of Windows Server 2008.

Answer: C

 

36. Your company has an Active Directory forest that runs at the functional level of Windows Server 2008. You implement Active Directory Rights Management Services (AD?RMS). You install Microsoft SQL Server 2005. When you attempt to open the AD?RMS administration Web site, you receive the following error message: “SQL Server does not exist or access denied.”

You need to open the AD?RMS administration Web site.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Restart IIS.

B. Install Message Queuing.

C. Start the MSSQLSVC service.

D. Manually delete the Service Connection Point in AD DS and restart AD?RMS.

Answer: A AND C

 

37. Network Access Protection (NAP) is configured for the corporate network.

Users connect to the corporate network by using portable computers.

The company policy requires confidentiality of data when the data is in transit between the portable computers and the servers.

You need to ensure that users can access network resources only from computers that comply with the company policy.

What should you do?

A. Create an IPsec Enforcement Network policy.

B. Create an 802.1X Enforcement Network policy.

C. Create a Wired Network (IEEE 802.3) Group policy.

D. Create an Extensible Authentication Protocol (EAP) Enforcement Network policy.

Answer: A

 

38. Your company has a single Active Directory domain and an enterprise root certificate authority. The company plans to use Network Access Protection (NAP) to protect the VPN connections.

You build two servers named NPS1 and VPN1. You configure the following functions on the two servers as shown in the following table.

Server Name	Server Function
NPS1	Network Policy Server (NPS), Remediation Server, System Health Validation Server
VPN1	VPN Server, RADIUS Server

You need to ensure that the system health policy is applied to all client computers that attempt VPN connections.

What should you do?

A. Reconfigure NPS1 as a RADIUS client.

B. Reconfigure VPN1 as a RADIUS client.

C. Add the NAP role to a domain controller.

D. Add the NAP role to an Enterprise Certificate server.

Answer: B

 

39. You have a server that runs Windows Server 2008. The Web Server (IIS) role is installed.

You plan to host multiple Web sites on the server. You configure a single IP address for the server. All Web sites are registered in DNS to point to the single IP address.

You need to ensure that each Web site only responds to requests by name from all client computers.

What should you do?

A. Configue a unique port for each Web site.

B. Configue a unique IP address for each Web site.

C. Configue a unique Host Header for each Web site.

D. Edit the Hosts file on the server to add all the Web site names associated to the network address.

Answer: C

 

40. Your company’s corporate network uses Network Access Protection (NAP).

Users are able to connect to the corporate network remotely.

You need to ensure that data transmissions between remote client computers and the corporate network are as secure as possible.

What should you do?

A. Apply an IPsec NAP policy.

B. Configure a NAP policy for 802.1x wireless connections.

C. Configure VPN connections to use MS-CHAP v2 authentication.

D. Restrict Dynamic Host Configuration Protocol (DHCP) clients by using NAP.

Answer: A

Ccna ccnp ccie 등 인증시험의 덤프를 제공
우리회사의 홈페이지는 http://www.killtest.co.kr 입니다.
제 msn는 testkr@hotmail.com 입니다.
야호메일주소는 killtest@ymail.com 입니다

Tags: 70-649

1. You install the Windows Deployment Services (WDS) role on a server that runs Windows Server 2008.When you attempt to upload spanned image files to the WDS server, you receive an error message.You need to ensure that the image files can be uploaded.

What should you do?

A. Grant the Authenticated Users group Full Control on the \REMINST directory.

B. Run the wdsutil /Convert command at the command prompt on the WDS server.

C. Run the wdsutil /Export command at the command prompt to export *.swm files to one destination *.wim on the WDS server.

D. Run the wdsutil /add-image /imagefile:\\server\share\sources\install.wim /image type:install command for each component file individually at the command prompt on the WDS server.

Answer: C

 

2. You install the Windows Deployment Services (WDS) role on a server that runs Windows Server 2008.

You plan to install Windows Vista on a computer that does not support Preboot Execution Environment (PXE). You have a Windows Vista image that is stored on the WDS server.

You need to start the computer and install the image that is stored on the WDS server.

What should you create?

A. a capture image

B. a CD-ROM that contains PXE drivers

C. a discover image

D. an install image

Answer: C

 

3. Your company has a server named VS1 that runs Windows Server 2008 and Microsoft Hyper-V. The VS1 server hosts 10 virtual servers.

A virtual server named VS-DB has one 64-GB fixed-size virtual hard disk (VHD). The VHD file name is disk1.vhd.You discover that VS-DB utilizes only 5 GB of the VHD.You turn off the VS-DB virtual server and want to regain the unused disk space on the VS1 physical server.You need to configure VS-DB to make the disk1.vhd file as small as possible.What should you do? (To answer, move the appropriate tasks from the list of tasks to the answer area and arrange them in the correct order.)

Tasks Answer Area

A. Compact the disk2.vhd file.

B. Delete the disk1.vhd file. Rename disk2.vhd to disk1.vhd.

C. Convert the disk2.vhd file to a new fixed-size VHD file named disk1.vhd.

D. Convert the disk1.vhd file to a new dynamically expanding VHD file named disk2.vhd.

E. Create a new differencing VHD file named disk2.vhd that has disk1.vhd as a parent disk.

Answer: D BEFORE A AND A BEFORE B AND ONLY D, A, B

 

4. Your company has a server that runs Windows Server 2008 and Microsoft Hyper-V.

You have two virtual machines that run Microsoft Windows 2003 Server.

You need to configure the virtual machines so that you can revert to a previous state.

What should you do?

A. Back up all the volumes on each Windows 2003 server.

B. Back up the system state on each Windows 2003 server.

C. Copy the .vmc files for each of the virtual machines to a backup folder.

D. Take a snapshot of the virtual machines by using the Virtual Services Manager console.

Answer: D

 

5. You have a server that runs Windows Server 2008. The server has the Windows Server virtualization role service installed.

You create a new virtual machine and perform an installation of Windows Server 2008 on the virtual machine. You configure the virtual machine to use the physical network card of the host server.

You notice that you are unable to access network resources from the virtual machine.

You need to ensure that the virtual host can connect to the physical network.

What should you do?

A. On the host server, install the MS Loopback adapter.

B. On the host server, enable the Multipath I/O feature.

C. On the virtual machine, install the MS Loopback adapter.

D. On the virtual machine, install Windows Server virtualization Guest Integration Components.

Answer: D

 

6. You have a server that runs Windows Server 2008. The server has the Windows Server virtualization role service installed and has one virtual machine. The virtual machine runs Windows Server 2008.

You plan to install a new application on the virtual machine.

You need to ensure that you can restore the virtual machine to its original state in the event the application installation fails.

What should you do?

A. Log on to the virtual host and enable the Remote Differential Compression Features.

B. Log on to the virtual host and enable the Windows Recovery Disk feature.

C. From Virtualization Management Console, create a snapshot.

D. From Virtualization Management Console, save the state of the virtual machine.

Answer: C

 

7. Your company named Contoso, Ltd. has a two-node Network Load Balancing cluster. The cluster is intended to provide high availability and load balancing for only the intranet Web site. The name of the cluster is web.contoso.com.

You discover that Contoso users can see the Network Load Balancing cluster in the network neighborhood and can connect to various services by using the web.contoso.com name. The web.contoso.com Network Load Balancing cluster is configured with only one port rule.

You need to configure the web.contoso.com Network Load Balancing cluster to accept only HTTP traffic.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Log on to one of the cluster nodes and run the wlbs disable all command.

B. Open the Network Load Balancing Clusters console and delete the default port rules.

C. Open the Network Load Balancing Clusters console and create a new Allow rule for TCP port 80.

D. Open the Network Load Balancing Clusters console and change the default port rule to a disabled port range rule.

Answer: B AND C

 

8. You have two servers named FC1 and FC2 that run Windows Server 2008 Enterprise Edition. Both servers have the Failover Clustering feature installed. You configure the servers as a two-node cluster.

The cluster runs an application named APP1. Business hours for your company are 09:00 to 17:00. APP1 must be available during these hours. You configure FC1 as the preferred owner for APP1.

You need to prevent failback of the cluster during business hours.

What should you do?

A. Set the Period option to 8 hours in the Failover properties.

B. Set the Allow failback option to allow failback between 17 and 9 hours in the Failover properties.

C. Enable the Prevent failback option in the Failover properties.

D. Enable the If resource fails, attempt restart on current node policy for all APP1 resources. Set the Maximum restarts for specified period to 0.

Answer: B

 

9. Your company has a single Active Directory domain. All the servers run Windows Server 2008. You have a server named FS1 that has the File Services role installed.

The disks are configured as shown in the following exhibit

You need to create a new drive volume to support data striping with parity.

What should you do?

A. Add another disk. Create a New RAID-5 Volume.

B. Create a new Striped Volume by using Disk 1 and Disk 2.

C. Create a New Mirrored Volume by using Disk 1 and Disk 2.

D. Create a New Spanned Volume by using Disk 1 and Disk 2.

Answer: A

 

10. Your company has a single Active Directory domain. All servers run Windows Server 2008.

You install an iSCSI storage area network (SAN) for a group of file servers.

Corporate security policy requires that all data communication to and from the iSCSI SAN must be as secure as possible.

You need to implement the highest security available for communications to and from the iSCSI SAN.

What should you do?

A. Create a Group Policy object (GPO) to enable the System objects: Strengthen default permission of internal systems objects setting.

B. Create a Group Policy object (GPO) to enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting.

C. Implement IPsec security in the iSCSI Initiator Properties. Set up inbound and outbound rules by using Windows Firewall.

D. Implement mutual Microsoft Challenge Handshake Authentication Protocol (MS-CHAPv2) authentication in the iSCSI Initiator Properties. Set up inbound and outbound rules by using Windows Firewall.

Answer: C

 

11. A server runs Windows Server 2008. The Terminal Services role is installed on the server.

You deploy a new application on the server. The application creates files that have an extension of .xyz.

You need to ensure that users can launch the remote application from their computers by double-clicking a file that has the .xyz extension.

What should you do?

A. Configure the Remote Desktop Connection Client on the users’ computers to point to the server.

B. Configure the application as a published application by using a Remote Desktop Program file.

C. Configure the application as a published application by using a Windows Installer package file.

D. Configure the application as a published application by using a Terminal Server Web Access Web site.

Answer: C

 

12. Your company has an Active Directory domain. The company has a server named Server1 that has the Terminal Services role and the Terminal Services Web Access role installed. All client computers run Windows XP Service Pack 2 (SP2).

You deploy and publish an application named TimeReport on Server1. The Terminal Services Web Access role uses Active Directory Domain Services (AD DS) and Network Level Authentication is enabled.

You need to ensure that the users can launch TimeReport on Server1 from the Terminal Services Web Access Web page.

What should you do?

A. Disable publishing to AD DS for the TimeReport remote application.

B. Install the Remote Desktop Client 6.1 application on the client computers that run Windows XP SP2.

C. Publish TimeReport on Server1 as a Microsoft Windows Installer package. Distribute the Windows Installer package to the users.

D. Install the Terminal Services Gateway (TS Gateway) role on Server1. Reconfigure the TimeReport remote application publishing to reflect the change in the infrastructure.

Answer: B

 

13. Your company has an Active Directory domain. The company has a server named Server1 that has the Terminal Services role and the Terminal Services Web Access role installed. The company has a server named Server2 that runs ISA Server 2006.

The company deploys the Terminal Services Gateway (TS Gateway) role on a new server named Server3. The company wants to use ISA as the SSL endpoint for Terminal Server connections.

You need to configure the TS Gateway role on Server3 to use ISA 2006 on Server2.

What should you do?

A. Configure the TS Gateway to use SSL HTTPS-HTTP bridging.

B. Configure the Terminal Services Connection Authorization Policy Store on Server3 to use Server2 as the Central Network Policy Server.

C. Export the SSL certificate from Server2 and install the SSL certificate on Server3. Configure the TS Gateway to use the SSL certificate from Server2.

D. Export a self-signed SSL certificate from Server3 and install the SSL certificate on Server2. Configure the ISA service on Server2 to use the SSL certificate from Server3.

Answer: A

 

14. You have a server that runs Windows Server 2008. The server has the Terminal Services Gateway (TS Gateway) role service installed.

You need to provide a security group access to the TS Gateway server.

What should you do?

A. Add the security group to the Remote Desktop Users group.

B. Add the security group to the TS Web Access Computers group.

C. Create and configure a Resource Authorization Policy.

D. Create and configure a Connection Authorization Policy.

Answer: D

 

15. Your company has an Active Directory domain. All servers in the domain run Windows Server 2008.

The Terminal Services Gateway (TS Gateway) role service is installed on a server named Server1. The Terminal Services role is installed on servers named Server2 and Server3. Server2 and Server3 are configured in a load balancing Terminal Server farm named TSLoad.

You install and configure the Terminal Services (TS) Session Broker service on a new server named Server4.

You need to configure Server2 and Server3 to join the TS Session Broker.

What should you do next?

A. Configure Server2 and Server3 to use the TS Gateway role service to access TS Session Broker.

B. Create a new Group Policy object (GPO) that assigns Server4 to Server2 and Server3 as their session broker server. Apply the GPO to Server2 and Server3.

C. Configure a Group Policy object (GPO) to set the Set TS Gateway server address option in the Terminal Services Security section to Server1. Apply the GPO to all client computers.

D. Configure a Group Policy object (GPO) to set the Require secure RPC communications option in the Terminal Services Security section to False. Apply the GPO to Server2 and Server3.

Answer: B

 

16. You have four Terminal Servers that run Windows Server 2008. The Terminal Servers are named Server1, Server2, Server3, and Server4.

You install the Terminal Server Session Broker role service on Server1.

You need to configure load balancing for the four Terminal Servers. You must ensure that Server2 is the preferred server for Terminal Services sessions.

Which tool should you use?

A. Group Policy Manager

B. Terminal Services Configuration

C. Terminal Services Manager

D. TS Gateway Manager

Answer: B

 

17. You manage a member server that runs Windows Server 2008. The server runs the Terminal Server Gateway (TS Gateway) role service.

You need to find out whether a user named User1 has ever connected to his office workstation through the TS Gateway server.

What should you do?

A. View the events in the Monitoring folder from the TS Gateway Manager console.

B. View the Event Viewer Security log.

C. View the Event Viewer Application log.

D. View the Event Viewer Terminal Services-Gateway log.

Answer: D

 

18. You manage a member server that runs Windows Server 2008. The server has the Terminal Services role installed. Microsoft Windows System Resource Manager (WSRM) is installed on the server.

Users report performance degradation on the Terminal Server. You monitor the server and notice that one user is consuming 100 percent of the processor time.

You create a resource-allocation policy named Policy1 that limits each user to 30 percent of the total processor time. You observe no performance improvement.

You need to configure WSRM to enforce Policy1.

What should you do?

A. Set Policy1 as the Profiling Policy.

B. Set Policy1 as the Managing Policy.

C. Restart the Terminal Services Configuration service.

D. Launch the WSRM application by using the user context of the Terminal Server System account.

Answer: B

 

19. Your company has an Active Directory domain. The Terminal Services role is installed on a member server named TS01. The Terminal Services Licensing role service is installed on a new test server named TS10 in a workgroup.

You cannot enable the Terminal Services Per User Client Access License (TS Per User CAL) mode in the Terminal Services Licensing role service on TS10.

You need to ensure that you can use TS Per User CAL mode on TS10.

What should you do?

A. Join TS10 to the domain.

B. Disjoin TS01 from the domain.

C. Extend the schema to add attributes for Terminal Services Licensing.

D. Create a Group Policy object (GPO) that configures TS01 to use TS10 for licensing.

Answer: A

 

20. Your company has a Windows Server 2003 Active Directory domain. A server named Server1 runs Windows Server 2008. The Terminal Services role is installed on Server1. A server named Server2 runs Windows Server 2003. The Terminal Services Licensing role service is installed on Server2.

You need to configure the Terminal Services Per User Client Access License (TS Per User CAL) tracking and reporting to work on both Server1 and Server2.

What should you do?

A. Rename Server1 to have the same computer name as the domain and join it to a workgroup.

B. Add Server1 to the servers managed by the Windows Server 2003 Terminal Services Licensing service.

C. Uninstall the Terminal Services Licensing role on Server2 and install that role on Server1. Configure TS Per User CAL tracking and reporting on Server1.

D. Activate the Terminal Services Licensing Server on Server 2.

Answer: C

Tags: 70-649