Ensurepass

QUESTION 21

Your company has an Active Directory domain. The company runs Remote Desktop Services. A user has remotely logged on to the Remote Desktop Session Host Server. The user requires help to use an application.

 

When you connect to the Remote Desktop session, you cannot operate any applications.

 

You need to ensure that you can assist any user on the Remote Desktop Session Host Server.

 

What should you do?

 

A.

From the Remote Desktop Session Host Server run the Tscon /v command. Then reconnect to the session.

B.

Run the Chgusr /execute command on the Remote Desktop Session Host Server. Then reconnect to the session.

C.

Enable Use remote control with default user settings in the RDP-Tcp Properties.

D.

Enable Use remote control with the following settings in the RDP-Tcp Properties.

Configure the Level of control policy setting to Interact with the session. Instruct the user to log off and log back on.

 

Correct Answer: D

Explanation:

In Remote Desktop Session Host Configuration rightclick RDP-Tcp and choose properties.

 

image013

 

image014

 

 

QUESTION 22

Your company runs Windows Server 2008. The company network is configured as an Active Directory domain named contoso.com. The network has a Web server named WEB1. The domain users access WEB1 by using http://web1.

 

You generate a self-signed certificate for WEB1 and configure WEB1 to use SSL.

Users report that they get a warning message when they connect to WEB1 by using https://web1.

 

You need to ensure that users can connect to WEB1 without receiving a warning message.

 

What should you do?

 

A.

Add the https: //web1 name to the list of Trusted Sites zone on all the computers in the domain.

B.

Open the Certificates console on WEB1. Export the self-signed certificate to a web1.cer file. Install the web1.cer file on all the computers in the domain.

C.

Join WEB1 to the contoso.com domain. Reissue the self-signed certificate. Request all the users to use https://web1.contoso.com to connect to WEB1.

D.

Create a DNS Host (A) Record for WEB1 in the contoso.com zone. Reissue the self- signed certificate. Request all the users to use https: //webl.contoso.com to connect to WEB1.

 

Correct Answer: B

Explanation:

To ensure that the users can connect to TK2.com without getting warning messages, you should export the self-signed certificate to a TK2.cer file. Then, you install the tk2.cer file on all computers accessing the website. The users account will be authenticated through the certificate and they will not get any warning messages. The .cer file is an internet security certificate extension which confirms the authenticity of a website installed on a server.

 

 

QUESTION 23

You have a server that runs Windows Server 2008 R2. The server has the Web Server (IIS) server role installed.

 

The server contains a Web site that is configured to use only Windows Authentication.

 

You have a security group named Group1 that contains several user accounts.

 

You need to prevent the members of Group1 from accessing a Web site. You must not prevent other users from accessing the Web site.

Which Web site feature should you configure?

 

A.

Authentication

B.

Authorization Rules

C.

IIS Manager Permissions

D.

SSL Settings

 

Correct Answer: B

Explanation:

Add or Edit Allow Authorization Rule and Add or Edit Deny Authorization Rule Dialog Boxes

Use the Add Allow Authorization Rule,the Edit Allow Authorization Rule, the Add Deny Authorization Rule, or the Edit Deny Authorization Rule dialog box to define rules for access to content.

 

image016

 

 

image017

 

 

QUESTION 24

You install the Web Server (IIS) server role on a new server that runs Windows Server 2008 R2.

 

You install a Microsoft .NET Framework 1.0 application on a Web site on the Web server. The company security policy states that all applications must run by using the minimum level of permission.

 

You need to configure the Web site application so that it has the permissions to execute without creating any other content and without accessing any operating system components.

 

What should you do?

 

A.

Set the .NET Framework trust level to Full for the Web site.

B.

Set the .NET Framework trust level to Low for the Web site.

C.

Set the .NET Framework trust level to High for the Web site.

D.

Set the .NET Framework trust level to Medium for the Web site.

 

Correct Answer: A

Explanation:

To configure the website application to have permission to execute without creating other content or accessing Windows Server 2008 system components, you should configure the .NET Framework website trust level to full.

In the .NET Framework, code access security controls access to resources by controlling how code runs. When a user runs an application, the common language runtime assigns the application to any one of the following five zones:

 

My Computer – The application code is hosted directly on the user’s computer. Local Intranet – The application code runs from a file share on the user’s intranet. Internet – The application code runs from the Internet. Trusted Sites – The application code runs from a Web site that is defined as “Trusted” in Internet Explorer.

 

Untrusted Sites – The application code runs from a Web site that is defined as “Restricted” in Internet Explorer.

 

You can set the security level for each zone to High, Medium, Medium-low, or Low.

Reference: http://support.microsoft.com/kb/832742

 

 

QUESTION 25

Your company named Contoso, Ltd. runs Windows Server 2008 R2. You manage a Web server named Server1.

 

Internet users access Server1 by using http://www.contoso.com and https://www.contoso.com. The Server1 server uses an SSL certificate from a public certification authority (CA).

 

You install an additional Web server named Server2. You configure a Network Load Balancing cluster to distribute the incoming HTTP and HTTPS traffic between both Web servers.

 

You need to configure an SSL certificate on Server2 to support HTTPS connections.

 

You must ensure that all users can connect to https://www.contoso.com without receiving security warnings.

 

What should you do?

 

A.

Open the Internet Information Services (IIS) Manager console on Server2. Create a self- signed certificate.

B.

Open the Internet Information Services (IIS) Manager console on Server1. Export the SSL certificate to a .pfx file. Import the .pfx file to Server2.

C.

Open the Certificates snap-in on Server1. Export the SSL certificate to a .cer file. Import the .cer file to Server2.

D.

Request a new SSL certificate from the public CA. Use Server2 as the Common Name in the request. Install the new certificate on Server2.

 

Correct Answer: B

Explanation:

To export a certificate in PFX format using IIS Manager:

Start IIS Manager. Click Start, point to Administrative Tools, and then click Internet

 

Information Services (IIS) Manager.

In the console tree, click the name of the computer. In the IIS section of the center pane, double-click Server Certificates. Right-click the certificate (.cer file) in the center pane, and then click Export. Select the location for the exported file, type the name for the file (with the .pfx extension), and then type and confirm the password to encrypt the private key.

Click OK.

http://technet.microsoft.com/en-us/library/hh314619(v=ws.10).aspx

 

 

QUESTION 26

You have two servers that run Windows Server 2008 R2 named Server1 and Server2. Both servers have the Windows Media Services server role installed. Server2 is a License Clearing House.

 

You publish an audio file on Server1. The audio file is licensed by Server2.

 

You need to ensure that users are allowed to use the audio file for only two days.

 

What should you do?

 

A.

On Server1, modify the key ID.

B.

On Server1, modify the license key seed.

C.

On Server2, modify the license.

D.

On Server2, create a new package.

 

Correct Answer: C

Explanation:

Windows Media Rights Manager is a digital rights management (DRM) platform that can be used by content providers and retailers to distribute digital media files securely over a network, such as the Internet. The Windows Media Rights Manager SDK helps protect digital media content (such as songs and videos) by packaging Windows Media files in an encrypted file format. A packaged file contains a version of a “protected” file that was encrypted and locked with a “key” after business usage and distribution rules were added to the content header. This packaged file is also bundled with additional information from

 

the content provider and, optionally, from the distributor. The result is a protected Windows Media file that can only be played by a user who has obtained a license. The basic Windows Media Rights Manager process is as follows:

Playing the file. To play the file, the user needs a player that supports Windows Media Rights Manager.

Support for Windows Media Rights Manager was first added to Windows Media Player for Windows XP.

Players that were created using the Windows Media Player ActiveX control version 8 or later also support this DRM platform. With the appropriate version of the Player installed, the customer can then play the file according to the rules or rights that are included in the license. Licenses can have different rights, such as start times and dates, duration, and counted operations. For instance, default rights may allow the user to play the file on a specific computer and copy the file to a portable device. Licenses, however, are not transferable. If a customer sends a protected file to a friend, this friend must acquire a different license to play the file. This per-computer licensing scheme ensures that the protected file can only be played by the computer that has been granted the license key for that file.

 

Source: http://technet.microsoft.com/en-us/library/cc732309.aspx

 

 

QUESTION 27

You have two servers that run Windows Server 2008 named Server1 and Server2. Both servers have the Windows Server visualization role service installed.

 

You need to remotely manage the visualization settings of Server2 from Server1.

 

What should you do?

 

A.

From the command prompt, run vmconnect.exe server2.

B.

From the command prompt, run vmconnect.exe server1 server2.

C.

Open the Visualization Management Console. From the left-hand pane, right-click Server1, point to New and then click Virtual machine.

D.

Open the Virtualization Management Console. From the left-hand pane, right-click Virtualization Services and then click Connect to Server.

 

Correct Answer: D

Explanation:

To remotely manage the virtualization settings of Server2 from Server1, you need to right- click Virtualization Services from the Virtualization Management Console and then click Connect to Server.

 

You can manage multiple Hyper-V server instances in the management console’s left pane. Selecting a server instance displays that server’s VMs in the center Virtual Machines pane. You can manage the VMs by right-clicking them and selecting the desired commands on the context menu. The Connect command allows you to connect to a running VM, which starts the Virtual Machine Connection window.

 

Reference: A First Look at Windows Server 2008 Hyper-V

http://windowsitpro.com/Windows/Articles/ArticleID/97857/pg/2/2.html

 

 

QUESTION 28

You have a server that runs Windows Server 2008. The server has the Web Server (IIS) server role installed and all the Web Server role services installed.

 

You need to provide a user the ability to administer a Web site.

 

Which feature should you configure?

 

A.

.Net Roles

B.

.Net Users

C.

Authentication

D.

IIS Manager Permissions

 

Correct Answer: D

Explanation:

To provide a user the ability to administer a website, you need to configure IIS Manager Permissions feature on the server.

 

The IIS Manager Permissions feature is used to allow users to connect to sites and applications in IIS Manager. Permitted users can configure delegated features in any sites or applications for which they have permission. Users can be either IIS Manager users, which are credentials created in IIS Manager by using the IIS Manager Users feature, or

 

Windows users and groups on the local computer or on the domain to which the computer belongs.

 

Reference: IIS 7.0: Configuring Permissions for IIS Manager Users and Windows Users

http://technet2.microsoft.com/windowsserver2008/en/library/33aaec94-c0cb-4402-b91e- a5e3b9c3e0e01033.mspx?mfr=true

 

 

QUESTION 29

You have a server that runs Windows Server 2008 R2. The server has the Hyper-V server role installed.

 

You need to merge a differencing disk and a parent disk.

 

What should you do?

 

A.

Edit the parent disk.

B.

Inspect the parent disk.

C.

Edit the differencing disk.

D.

Inspect the differencing disk.

 

Correct Answer: C

Explanation: Merging Differencing Disks with Hyper-V A differencing disk is a disk that is a child of a parent disk. Differencing disks are very helpful in keeping disk images small, manageable and consistent, because you can create a base parent disk- such as a Windows 2008 Standard base image- and use it as the foundation for all other guest virtual machines and disks that will be based on Windows Server 2008. For example, I have a Windows Server 2008 guest that I use exclusively as sandbox for development. I am in the process of building out another guest based on Windows Server 2008 that will be for some TFS 2008 demos that I am working on for an upcoming series of talks. Rather than copy the Windows Server 2008 guest VPC over and over again, I can simply create one differencing disk for my development environment role and one for my TFS role. The result is a VHD that represents the intersection of the base/parent disk (in this case, a barebones install of Windows Server 2008 Standard) and any additional software I’ve installed or configuration changes I have made. This not only conserves disk space, but also saves me a lot of time in copying hefty giga-some-odd vhds around. Sometimes it is necessary to merge a differencing disk back to it’s parent or into a new disk. For example, you may be moving VHDs around as I did recently to a new, high speed E-SATA drive. My old drive hosted a vhd that I used as my development sandbox that used a parent on the old disk. I certainly don’t want to depend on my clunky old USB 2.0 drive for the parent (the IO cost alone would be just silly), and at a minimum, there is state on the differenced guest OS that I do not want to lose. The first thing to do is copy over the parent VHD, create a new differencing disk based on the same parent, but in the new location. Next, since the differenced guest VHD has state that you want to move over (lest you lose it), it is necessary to merge the state of the “old” differenced guest VHD with the new copy. To do so, under Server Manager, in the Hyper-V Manager, click “Edit Disk”, and locate the disk that you want to merge into a new differenced disk:

 

image018

 

On the next screen, under Action, select “Merge”:

 

image019

 

Select “To a new virtual disk”, and choose a name and path for the new disk that you

 

created in the initial copy:

 

image020

 

The “old” differenced disk, which is based on the original parent disk plus state from the “old” differenced disk is merged into the new disk on the drive you specified:

 

image021

 

That’s all there is to it. Differencing is a powerful feature in virtualization, and there is very nice support for migration of differenced disks right within the Server Manager.

 

Source: http://rickgaribay.net/archive/2008/08/15/merging-differencing-disks-with-hyper- v.aspx

 

 

QUESTION 30

You have a server that runs Windows Server 2008. The server has the Windows Server virtualization role service installed. You create a new virtual machine and perform an installation of Windows Server 2008 on the virtual machine. You configure the virtual machine to use the physical network card of the host server.

 

You notice that you are unable to access network resources from the virtual machine.

 

You need to ensure that the virtual host can connect to the physical network.

 

What should you do?

 

A.

On the host server, install the MS Loopback adapter.

B.

On the host server, enable the Multipath I/O feature.

C.

On the virtual machine, install the MS Loopback adapter.

D.

On the virtual machine, install Windows Server virtualization Guest Integration Components.

 

Correct Answer: D

Explanation:

To ensure that the virtual host can connect to the physical network, you need to install Windows Server virtualization Guest Integration Components on the virtual machine. The network adapter in the VM ported from Virtual Server to Windows Server is no longer recognized. Workaround is to add a legacy network adapter to the VM. In WSv, the network adapter seen by the guest OS is not an emulated device (DEC/Intel 21140 Ethernet adapter. It is an entirely new, high performance, purely synthetic device available as part of the Windows Server virtualization Integration Components call Microsoft VMBus Network Adapter

 

Reference: Archive for the ‘Virtual Server/PC/WSv/Hyper-V’ Category / Windows Server 2008 Common FAQ (condensed)

 

http://www.leedesmond.com/weblog/index.php?cat=6&paged=3

 

Instant Access to Download Latest Complete Collection of Microsoft 70-643 Real Exam

Try Microsoft 70-643 Free Demo