Ensurepass

QUESTION 11

Your network consists of a single Active Directory domain. The domain contains a server that runs Windows Server 2008 R2. The server has Microsoft SharePoint Foundation 2010 installed. You need to allow users to create distribution lists from a SharePoint site. What should you do on the SharePoint Foundation 2010 server?

 

A.

Set the outgoing mail character set to 1200(Unicode).

B.

Enable the SharePoint Directory Management Service.

C.

Configure the site to accept messages from authenticated users only.

D.

Configure the site to use the default Rights Management server in Active Directory Domain Services.

 

Correct Answer: B

Explanation:

To configure WSS server in such a way that it allow users to create distribution lists from a SharePoint site, you need to enable the SharePoint Directory Management Service on the server. A distribution list contains the email addresses of existing address lists as well as the email addresses of other site members. Distribution lists are available only if the SharePoint Directory Management Service is enabled in Central Administration.

 

All new subsites that are created in an email-enabled site collection are automatically email-enabled also. If you choose to use an existing group during site creation, the distribution list for the parent site (if available) will be associated with the new site

 

Reference: Introduction to incoming email/ New site creation walkthrough

http://office.microsoft.com/en-us/help/HA100823061033.aspx

 

 

QUESTION 12

You manage a server that runs Windows Server 2008. The server has the Web Server (IIS) role installed. The server hosts an Internet-accessible Web site that has a virtual directory named /orders/. A Web server certificate is installed and an SSL listener has been configured for the Web site.

 

The /orders/ virtual directory must meet the following company policy requirements:

 

Be accessible to authenticated users only.

 

Allow authentication types to support all browsers.

 

Encrypt all authentication traffic by using HTTPS.

 

All other directories of the Web site must be accessible to anonymous users and be available without SSL

 

You need to configure the /orders/ virtual directory to meet the company policy requirements.

 

Which two actions should you perform? (Each correct answer presents part of the solution.

Choose two.)

 

A.

Configure the Web site to the Require SSL setting.

B.

Configure the /orders/ virtual directory to the Require SSL setting.

C.

Configure the Digest Authentication setting to Enabled for the /orders/ virtual directory.

D.

Configure the Basic Authentication setting to Enabled and the Anonymous Authentication setting to Disabled for the Web site.

E.

Configure the Basic Authentication setting to Enabled and the Anonymous Authentication setting to Disabled for the / orders/ virtual directory.

 

Correct Answer: BE

Explanation:

To configure the /salesorders/ virtual directory so that it is accessible to authenticated users only and it should allow authentication types to support all browsers, you need to configure the Basic Authentication setting to Enabled for the / salesorders / virtual directory, because the Basic authentication is supported by mostly all the browsers.

 

Next you need to Disable the Anonymous Authentication setting to for the / salesorders / virtual directory, so that only authenticated users can access the virtual directory. Finally, you need to configure only the /salesorders / virtual directory to the Require SSL setting so that only the authentication traffic to this directory is encrypted and all other directories of the Website must be accessible to anonymous users and be available without SSL.

 

To configure authentication for a virtual directory or a physical directory in a Web site, you need to configure the virtual directory for the Web site and not the website.

 

Reference: How to configure IIS Web site authentication

http://support.microsoft.com/kb/308160

QUESTION 13

You have a Windows Server 2008 R2 server that has the Web Server (IIS) server role installed. The server hosts multiple Web sites.

 

You need to configure the server to automatically release memory for a single Web site. You must achieve this goal without affecting the other Web sites.

 

What should you do?

 

A.

Create a new Web site and edit the bindings for the Web site.

B.

Create a new application pool and associate the Web site to the application pool.

C.

Create a new virtual directory and modify the Physical Path Credentials on the virtual directory.

D.

From the Application Pool Defaults, modify the Recycling options.

 

Correct Answer: B

Explanation:

To configure the server to automatically release memory for a single website without affecting the other Web sites, you need to create a new application pool and associate the Web site to the application pool

An application pool is a group of one or more URLs that are served by a worker process or a set of worker processes. Application pools set boundaries for the applications they contain, which means that any applications that are running outside a given application pool cannot affect the applications in the application pool. You can configure the server to automatically release memory or to release memory after reaching maximum used memory.

 

Reference: IIS 7.0: Managing Application Pools in IIS 7.0

http://technet2.microsoft.com/windowsserver2008/en/library/1dbaa793-0a05-4914-a065- 4d109db3b9101033.mspx?mfr=true

 

Reference: IIS 7.0: Configuring Recycling Settings for an Application Pool

http://technet2.microsoft.com/windowsserver2008/en/library/0d5770e3-2f6f-4e11-a47c- 9bab6a69ebc71033.mspx?mfr=true

 

 

QUESTION 14

You install the Windows Deployment Services (WDS) role on a server that runs Windows Server 2008 R2.

 

You plan to install Windows 7 on a computer that does not support Preboot Execution Environment (PXE). You have a Windows 7 image that is stored on the WDS server.

 

You need to start the computer and install the image that is stored on the WDS server.

 

What should you create?

 

A.

a capture image

B.

a CD-ROM that contains PXE drivers

C.

a discover image

D.

an install image

 

Correct Answer: C

Explanation:

To start the computer and install Windows Vista image stored on the WDS server, you should create the Discover image. If you have a computer that is not PXE enabled, you can create a discover image and use it to install an operating system on that computer. When you create a discover image and save it to media (CD, DVD, USB drive, and so on), you can then boot a computer to the media. The discover image on the media locates a Windows Deployment Services server, and the server deploys the install image to the computer. You can configure discover images to target a specific Windows Deployment Services server. This means that if you have multiple servers in your environment, you can create a discover image for each, and then name them based on the name of the server.

 

Reference: http://technet2.microsoft.com/WindowsVista/en/library/9e197135-6711-4c20- bfad-fc80fc2151301033.mspx?mfr=true

 

 

QUESTION 15

Your company has an Active Directory domain. The Terminal Services role is installed on a member server named TS01. The Terminal Services Licensing role service is installed on a new test server named TS10 in a workgroup.

 

You cannot enable the Terminal Services Per User Client Access License (TS Per User CAL) mode in the Terminal Services Licensing role service on TS10.

 

You need to ensure that you can use TS Per User CAL mode on TS10.

 

What should you do?

 

A.

Join TS10 to the domain.

B.

Disjoin TS01 from the domain.

C.

Extend the schema to add attributes for Terminal Services Licensing.

D.

Create a Group Policy object (GPO) that configures TS01 to use TS10 for licensing.

 

Correct Answer: A

Explanation:

To ensure that you could employ Terminal Services per User CAL mode on TK2, you need to connect TK2 to the Active Directory domain because TS Per User CAL tracking and reporting is supported only in domain-joined scenarios. Reference: TS Licensing/Are there any special considerations?

 

http://technet2.microsoft.com/windowsserver2008/en/library/5a4afe2f-5911-4b3f-a98a- 338b442b76041033.mspx?mfr=true

 

 

QUESTION 16

You have a Windows Server 2008 R2 server that has the Web Server (IIS) server role installed. The server contains a Web site.

 

You need to ensure that the cookies sent from the Web site are encrypted on users’ computers.

 

Which Web site feature should you configure?

 

A.

Authorization Rules

B.

Machine Key

C.

Pages And Controls

D.

SSL Settings

 

Correct Answer: B

Explanation:

To encrypt the cookies sent from the website on the users’ computer, you need to use machine key. Encrypting cookies is important to prevent tampering. A hacker can easily view a cookie and alter it. So to protect the cookie, machine key is used in ASP .NET 2.0. Encryption is based on a hash plus the actual data encrypted, so that if you try to change the data, it’s pretty difficult. ASP.NET’s ViewState uses the Machinekey config file section to configure the keys and such… this is important when the application is going to be run on a web farm, where load balancing webservers may be in no affinity mode. Reference: http://www.codeproject.com/KB/web-security/HttpCookieEncryption.aspx

 

 

QUESTION 17

Your company has a server that runs Windows Server 2008 R2. The server has the Web Server (IIS) role installed.

 

You need to activate SSL for the default Web site.

 

Which two actions should you perform? (Each correct answer presents part of the solution.

Choose two.)

 

A.

Obtain and import a server certificate by using the IIS Manager console.

B.

Select the Generate Key option in the Machine Key dialog box for the default Web site.

C.

Add bindings for the HTTPS protocol to the default Web site by using the IIS Manager console.

D.

Install the Digest Authentication component for the Web server role by using the Server Manager console.

 

Correct Answer: AC

Explanation:

To activate SSL for the default Web site on the server, you need to get an appropriate certificate and create an HTTPS binding on a site. On Windows Vista and Windows Server 2008, HTTP.sys handles SSL encryption/decryption in kernel mode, resulting in up to 20% better performance for secure connections.

 

Moving SSL to kernel mode requiresstoring SSL binding information in two places. First, the binding is stored in %windir%\system32\inetsrv\applicationHost.config for your site. When the site starts, IIS 7.0sends the binding to HTTP.sys and HTTP.sys starts listening for requests on the specified IP:Port (this works for all bindings).

 

Second, SSL configuration associated with the binding is stored in HTTP.sys configuration.When a client connects and initiates an SSL negotiation, HTTP.sys looks in its SSL configuration for the IP:Port pair that the client connected to. The HTTP.sys SSL configuration must include a certificate hash and the name of the certificate’s store for the SSL negotiation to succeed.

 

Reference: How to Setup SSL on IIS 7.0

 

http://learn.iis.net/page.aspx/144/how-to-setup-ssl-on-iis-7/

 

 

QUESTION 18

Your network contains a Windows Server 2008 R2 server that has the Web Server (IIS) server role installed.

 

You have a Web application that uses a custom application pool. The application pool is set to recycle every 1,440 minutes. The Web application does not support multiple worker processes. You need to configure the application pool to ensure that users can access the Web application after the application pool is recycled.

 

What should you do?

 

A.

Set the Shutdown Executable option to True.

B.

Set the Process Orphaning Enabled option to True.

C.

Set the Disable Overlapped Recycle option to True.

D.

Set the Disable Recycling for Configuration Changes option to True.

 

Correct Answer: C

Explanation:

Overlapped Recycling

In an overlapped recycling scenario, the process targeted for a recycle continues to process all remaining requests while a replacement worker process is created simultaneously. The new process is started before the old worker process stops, and requests are then directed to the new process. This design prevents delays in service, since the old process continues to accept requests until the new process has initialized successfully, and is instructed to shut down only after the new process is ready to handle requests.

Considerations When Recycling Applications

When applications are recycled, it is possible for session state to be lost. During an overlapped recycle, the occurrence of multi-instancing is also a possibility. Loss of session state: Many IIS applications depend on the ability to store state. IIS 6.0 can cause state to be lost if it automatically shuts down a worker process that has timed out due to idle processing, or if it restarts a worker process during recycling. Occurrence of multi-instancing: In multi-instancing, two or more instances of a process run simultaneously. Depending on how the application pool is configured, it is possible for multiple instances of a worker process to run, each possibly loading and running the same application code. The occurrence of an overlapped recycle is an example of multi- instancing, as is a Web garden in which two or more processes serve the application pool regardless of the recycling settings.

If your application cannot run in a multi-instance environment, you must configure only one

 

worker process for an application pool (which is the default value), and disable the overlapped recycling feature if application pool recycling is being used.

 

image010

 

Source: http://technet.microsoft.com/en-us/library/ms525803(VS.90).aspx

 

 

QUESTION 19

You manage a server that runs Windows Server 2008 R2. The Remote Desktop Services server role is installed on the server.

 

A Remote Desktop Services application runs on the server. Users report that the

application stops responding.

 

You monitor the memory usage on the server for a week. You discover that the application has a memory leak.

 

A patch is not currently available. You create a new resource-allocation policy in Windows System Resource Manager (WSRM). You configure a Process Matching Criteria named TrackShip and select the application. You need to terminate the application when the application consumes more than half of the available memory on the server.

 

What should you do?

 

A.

Configure the resource-allocation policy and set the maximum working set limit option to half the available memory on the server. Set the new policy as a Profiling Policy.

B.

Configure the resource-allocation policy and set the maximum working set limit option to half the available memory on the server. Set the new policy as a Managing Policy.

C.

Configure the resource-allocation policy and set the maximum committed memory option to half the available memory on the server. Set the new policy as a Profiling Policy.

D.

Configure the resource-allocation policy and set the maximum committed memory option to half the available memory on the server. Set the new policy as a Managing Policy.

 

Correct Answer: D

 

 

QUESTION 20

You manage a member server that runs Windows Server 2008 R2. The server has the Web Server (IIS) role installed.

 

The Web server hosts a Web site named Intranet1. Only internal Active Directory user accounts have access to the Web site.

 

The authentication settings for Intranet1 are configured as shown in the exhibit. (Click the Exhibit button.)

 

image012

 

You need to ensure that users authenticate to the Web site by using only the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2) encrypted Active Directory credentials.

 

Which two actions should you perform? (Each correct answer presents part of the solution.

Choose two.)

 

A.

Add the Digest Authentication role service and the URL Authorization role service to the

server.

B.

Add the Windows Authentication role service to IIS. Configure the Windows Authentication setting to Enabled in the Intranet1 properties.

C.

Configure the Basic Authentication setting to Disabled in the Intranet1 properties.

D.

Configure the Default domain field for the Basic Authentication settings on Intranet1 by adding the name of the Active Directory domain.

E.

Configure the Basic Authentication setting to Disabled and the Anonymous Authentication setting to Enabled in the Intranet1 properties.

 

Correct Answer: BC

Explanation:

To ensure that the users accessing the website are authenticated through MS-CHAPv2 encrypted Active Directory credentials, you should Add Windows Authentication role service to the IIS server. Enable the Windows Authentication settings in the intranet-e properties and disable the basic authentication setting in the intranet-e properties. Basic authentication is a set of basic rules that authenticate users. To implement MS-CHAPv2, you have to disable the basic authentication and then, add windows authentication role services to the IIS server. After adding it, you should enable it. The Windows Authentication role service will allow the website to be authenticated through MS-CHAPv2.

 

Instant Access to Download Latest Complete Collection of Microsoft 70-643 Real Exam

Try Microsoft 70-643 Free Demo