Ensurepass

QUESTION 211

Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 has the DHCP server role and the Remote Desktop Session Host (RD Session Host) role service installed.

 

Server1 hosts one RemoteApp program named App1.

 

You have 200 client computers that run Windows 7. The client computers obtain their IP configurations from the DHCP server.

 

You enable Remote Desktop IP Virtualization on Server1. You discover that some Remote Desktop connections to App1 are assigned the same IP address. You need to ensure that all Remote Desktop connections receive a unique IP address.

 

What should you do?

 

A.

Reconcile the DHCP scope.

B.

Change the properties of the DHCP scope.

C.

Change the Remote Desktop licensing settings.

D.

Change the mode for Remote Desktop IP Virtualization.

 

Correct Answer: B

 

 

QUESTION 212

Your network contains a server that runs Windows Server 2008 R2. The server has the Web Server (IIS) role installed.

 

The server has a Web application that uses HTTP. All authentication methods are enabled for the Web application.

 

You need to prevent passwords from being sent over the network in clear text.

Which two authentication methods should you disable? (Each correct answer presents part of the solution. Choose two.)

 

A.

Anonymous

B.

Basic

C.

Digest

D.

Forms

E.

Windows Integrated

 

Correct Answer: BD

Explanation:

Configure Basic Authentication (IIS 7)

Basic authentication requires that users provide a valid user name and password to access content. This authentication method does not require a specific browser, and all major browsers support it. Basic authentication also works across firewalls and proxy servers. For these reasons, it is a good choice when you want to restrict access to some, but not all, content on a server.

However, the disadvantage of Basic authentication is that it transmits unencrypted base64-encoded passwords across the network. You should use Basic authentication only when you know that the connection between the client and the server is secure. The connection should be established either over a dedicated line or by using Secure Sockets Layer (SSL) encryption and Transport Layer Security (TLS). For example, to use Basic authentication with Web Distributed Authoring and Versioning (WebDAV), you should configure SSL encryption.

http://technet.microsoft.com/en-us/library/cc772009(WS.10).aspx Configuring Forms Authentication (IIS 7)

Forms authentication uses client-side redirection to forward unauthenticated users to an HTML form where they can enter their credentials, which are usually a user name and password. After the credentials are validated, users are redirected to the page they originally requested.

Because Forms authentication sends the user name and password to the Web server as plain text , you should use Secure Sockets Layer (SSL) encryption for the logon page and for all other pages in your application except the home page. http://technet.microsoft.com/en-us/library/cc771077(WS.10).aspx Check this link on MSDN for a nice comparisation of all authentication methods:

 

http://msdn.microsoft.com/en-us/library/aa292114.aspx

 

 

 

 

QUESTION 213

Your network contains a Web server that runs a Server Core installation of Windows Server 2008 R2. You need to install the ASP.NET feature on the server.

 

What should you run?

 

A.

appcmd.exe

B.

dism.exe

C.

sconfig.cmd

D.

slmgr.vbs

 

Correct Answer: B

Explanation:

Enable ASP.NET on Windows Server 2008 R2

Windows Server 2008 R2 Server Core includes subsets of the 2.0/3.0/3.5 .NET Framework. The Framework makes it possible to run an almost full-featured version of ASP.NET. However, there are 3 limitations that you should take into consideration when working with ASP.NET on Server Core:

No MMC Snap-in. To configure, host, and manage Server Core hosted ASP.NET websites, you must do so via a remote connection from an IIS Management Console (i.e. MMC snap- in) running on a client computer. You can also manage practically every aspect of IIS sites and applications via a local administrative command console using the command line utility APPCMD.

No System.Web.Mail Namespace. The namespace System.Web.Mail is not supported because CDOSYS is not present on Server Core. The System.Web.Mail namespace was deprecated some time ago, so chances are that your code is no longer using them anyway. Use System.Net.Mail instead as it offers the same functionality.

 

The Web Application Tool (WAT) is not available on Windows Server 2008 R2 Core. Before installing the Web Server Role, IIS and dependencies, we must make sure that the .NET Framework is installed. To install the 2.0 and 3.0 .NET Framework, use the Deployment Image Servicing and Management

 

(DISM) utility using the following parameters:

 

dism /online /enable-feature /featurename:NetFx2-ServerCore dism /online /enable-feature /featurename:NetFx3-ServerCore

 

The optional server role that must be configured to enable ASP.NET on IIS 7 is called IIS- ASPNET. This role has various pre-requisites that must first be installed. The first one is

 

the Web Server Role, which can be enabled via following command:

 

dism /online /enable-feature /featurename:IIS-WebServerRole

 

Once you have enabled the IIS-WebServerRole, three additional roles must be installed prior to the installation of the IIS-ASPNET role:

IIS-ISAPIFilter

IIS-ISAPIExtensions

IIS-NetFxExtensibility

 

These roles are installed by issuing the following commands (in corresponding order):

 

dism /online /enable-feature /featurename:IIS-ISAPIFilter dism /online /enable-feature /featurename:IIS-ISAPIExtensions dism /online /enable-feature /featurename:IIS-NetFxExtensibility

 

Now, install the IIS-ASPNET optional feature using the following command:

 

dism /online /enable-feature /featurename:IIS-ASPNET

 

Source: http://code.msdn.microsoft.com/R2CoreASPNET

 

 

QUESTION 214

You create a managed service account.

 

You need to configure a Web application pool to use the managed service account.

 

What should you do first?

 

A.

Add the account to the IIS_IUSRS group.

B.

Run the New-WebServiceProxy cmdlet.

C.

Run the Install-ADServiceAccount cmdlet.

D.

Modify the permissions of the computer account.

 

Correct Answer: C

 

 

QUESTION 215

Your network contains a Web server that runs Windows Server 2008 R2.

Users can connect to the Default Web Site.

 

You create a new Web site and assign the site a host header. Users cannot connect to the new Web site by using the host header. You need to ensure that users can connect to the new Web site by using the host header.

 

What should you do?

 

A.

Create an Alias (CNAME) record in DNS for the host header.

B.

Create a service location (SRV) record in DNS for the host header.

C.

Modify the Windows Firewall configuration on the Web server.

D.

Modify the Windows Firewall configuration on the users’ computers.

 

Correct Answer: A

 

QUESTION 216

Your network contains a Web server that runs Windows Server 2008 R2. Remote management is configured for Internet Information Services (IIS). From IIS Manager Permissions, you add a user to a Web site.

 

You need to prevent the user from using Internet Information Services (IIS) Manager to modify the authorization rules of the Web site.

 

Which settings should you configure?

 

A.

Authorization Rules

B.

Feature Delegation

C.

IIS Manager Permissions

D.

IIS Manager Users

 

Correct Answer: B

Explanation:

image134

 

 

QUESTION 217

Your network contains an FTP server that runs Windows Server 2008 R2. You create an FTP site on the server and allow Read access for all users. You create an IIS Manager user account for a user named User1. You need to ensure that User1 can connect to the FTP site.

 

What should you do?

 

A.

Enable FTP user isolation

B.

Enable Basic authentication

C.

Add an FTP authorization rule

D.

Add a custom provider for FTP authentication

 

Correct Answer: D

Explanation:

image135

 

IIS Manager Authentication

IIS Manager authentication is a custom authentication method that requires users to provide a valid IIS Manager user name and password to gain access to content. IIS Manager authentication requires that the IIS Management Service is installed and configured to use both Windows credentials and IIS Manager credentials. (The IIS Management Service does not have to be running when you use IIS Manager authentication.)

 

Source: http://technet.microsoft.com/en-us/library/dd722688.aspx

 

 

QUESTION 218

You network contains an Active Directory domain named contoso.com. The domain contains an FTP server named Server1.

 

You create a domain user account named User1.

 

You create an FTP site on Server1 and configure the site to use a host name of public.contoso.com.

 

You need to log on to the FTP site as User1.

 

What should you specify as the username?

 

A.

contoso.com\user1

B.

public.contoso.com|user1

C.

user1

D.

user1@contoso.com

 

Correct Answer: B

 

 

QUESTION 219

Your network contains an FTP server named Server1. Server1 has an FTP site named FTP1. You need to hide all of the files in FTP1 that have an .exe file extension. The solution must ensure that users can list other files in FTP1.

 

What should you modify?

 

A.

the FTP authorization rules

B.

the FTP directory browsing

C.

the FTP request filtering

D.

the NTFS permissions

 

Correct Answer: C

Explanation:

Use the FTP Request Filtering feature page to define the request filtering settings for your FTP site. FTP request filtering is a security feature that allows Internet service providers (ISPs) and Application service providers to restrict protocol and content behavior. For example, using the File Name Extensions tab you can specify a list of file name extensions that are allowed or denied.

 

Source: http://technet.microsoft.com/en-us/library/dd851560.aspx

 

 

QUESTION 220

Your network contains two standalone servers named Server1 and Server2. Server1 has Microsoft SQL Server 2008 Reporting Services installed. Server2 has the SMTP Server

feature installed. You configure the Reporting Services on Server1 to send reports by using Server2.

 

You need to ensure that Server2 sends the reports.

 

What should you do on Server2?

 

A.

Configure a smart host

B.

Configure TLS encryption

C.

Modify the Relay restrictions settings

D.

Modify the Connection control settings

 

Correct Answer: C

Explanation:

To change the SMTP Virtual Server Relay Restrictions, one needs to use the Internet Information Servers (IIS) 6.0 Manager.

 

This is an IIS Role Service that needs to be installed (IIS 6 Management Console)

 

image137

 

 

Instant Access to Download Latest Complete Collection of Microsoft 70-643 Real Exam

Try Microsoft 70-643 Free Demo