Ensurepass

QUESTION 41

You have two servers that run Windows Server 2008 named Server1 and Server2. You install Windows SharePoint Services (WSS) 3.0 on Server1. You install the SMTP feature on Server2.

 

You configure the outgoing email settings on Server1 to use the SMTP service on Server2.

 

You need to ensure that email messages from Server1 are forwarded to users.

What should you do?

 

A.

On Server2, create a new application pool, and then associate the application pool with a new Web site.

B.

On Server2, configure the SMTP service to accept anonymous connections and to relay email messages.

C.

On Server1, create a new application pool. On an internal DNS server, create a new MX record for Server1.

D.

On Server1, create a new application pool. On an internal DNS server, create a new MX record for Server2.

 

Correct Answer: B

Explanation:

You can configure the SMTP service to accept relayed email from servers in your farm. You can decide to accept relayed email from all servers except those you specifically exclude. Alternatively, you can block email from all servers except those you specifically include. You can include servers individually, or in groups by subnet or domain. You can enable both anonymous access and email relaying but by doing this, you increase the possibility that the SMTP server will be used to relay unsolicited commercial email (spam).

 

Reference: Configure outgoing email settings (Windows SharePoint Services)

 

http://technet.microsoft.com/en-us/library/cc288949(TechNet.10).aspx

 

 

QUESTION 42

Your company has an Active Directory domain. You have a server that runs Windows Server 2008. The Terminal Services role is installed on the server.

 

The company security policy does not allow users to copy and paste information to a local computer during a Terminal Services session.

 

You deploy the remote application named APP1.

 

You need to configure Terminal Services to meet the security requirement.

 

What should you do?

 

A.

Enable the Use temporary folders per session option.

B.

Change the Security Encryption Level to FIPS Compliant.

C.

Deselect the Clipboard option in the RDP Settings for the published application.

D.

Disable the Drive option in the RDP-Tcp Client Setting properties for the server.

 

Correct Answer: C

Explanation:

To ensure that the users are not allowed to copy and paste information to a local computer during a Terminal Services session, you need to deselect the Clipboard option in the RDP Settings for the published application

When connecting to a terminal server using an RDP client, many of the local resources are available within the remote session, including the client file system, smart cards, audio (output), serial ports, printers (including network), and the clipboard. These redirection facilities allow users to easily take advantage of the capabilities of their client device from within the remote session. Similarly clipboard can be used to copy and paste information to local computer. To stop the copy paste, you need to go to Terminal Services Configuration and on the Client Settings tab, under Disable the following Clipboard mapping to disable client clipboard mapping.

 

Reference: Configure settings for mapping client devices/ Using Terminal Services Configuration

 

http://technet2.microsoft.com/windowsserver/en/library/17d44d9a-cf4b-4a6a-94ec- 093cb5f8b2b71033.mspx?mfr=true

 

Reference: Frequently Asked Windows Terminal Services Questions! / New Features and Improvements

 

http://www.msterminalservices.org/faq/WindowsTerminalServices/?page=5

 

 

 

 

 

 

 

QUESTION 43

Your network consists of a single Active Directory domain. The network contains a Remote Desktop Session Host Server that runs Windows Server 2008 R2, and client computers that run Windows 7. All computers are members of the domain.

 

You deploy an application by using the RemoteApp Manager. The Remote Desktop Session Host Server’s security layer is set to Negotiate.

You need to ensure that domain users are not prompted for credentials when they access the application.

 

What should you do?

 

A.

On the server, modify the Password Policy settings in the local Group Policy.

B.

On the server, modify the Credential Delegation settings in the local Group Policy.

C.

On all client computers, modify the Password Policy settings in the local Group Policy.

D.

On all client computers, modify the Credential Delegation settings in the local Group Policy.

 

Correct Answer: D

Explanation:

Configuration

CredSSP policies, and by extension the SSO functionality they provide to Terminal Services, are configured via Group Policy. Use the Local Group Policy Editor to navigate to Local Computer Policy\Computer

Configuration\Administrative Templates\System\Credentials Delegation , and enable one or more of the policy options.

Source: http://technet.microsoft.com/en-us/library/cc749211(WS.10).aspx

 

One needs to enable the policy on the client computers, because one want to allow the client computer to reuse the credentials.

 

image026 image027

 

Navigate to Computer Configuration | Administrative Templates | System | Credentials Delegation

Enable the Allow Delegating Default Credentials Setting

 

image029

 

image031

 

Add all servers who are trusted for Credential Delegation.

 

Source: http://technet.microsoft.com/en-us/library/cc749211(WS.10).aspx

 

 

QUESTION 44

You have a server named Server1 that runs Windows Server 2008 R2. The server has the Web Server (IIS) server role installed.

 

You have an SMTP gateway that connects to the Internet. The internal firewall prevents all computers, except the SMTP gateway, from establishing connections over TCP port 25.

 

You configure the SMTP gateway to relay email for Server1.

 

You need to configure a Web site on Server1 to send email to Internet users.

 

What should you do?

 

A.

On Server1, install the SMTP Server feature.

B.

On Server1, configure the SMTP Email feature for the Web site.

C.

On an internal DNS server, create an MX record for Server1.

D.

On an internal DNS server, create an MX record for the SMTP gateway.

 

Correct Answer: B

 

 

QUESTION 45

You install a new server named MediaSrv2 that runs Windows Server 2008. The server has the Streaming Media Services role installed. All client computers run Windows Vista and use the Windows Media Player 11 application.

 

You configure a Publishing Point and assign a content source that has video media. Users are unable to pause and rewind the media player.

 

You need to ensure that the users are able to control the playback of the streaming media.

 

What should you do?

 

A.

Reconfigure the Publishing Point as an on-demand publishing point.

B.

Configure MediaSrv2 to only use the Real Time Streaming Protocol (RTSP).

C.

Configure MediaSrv2 to only use the Hypertext Transfer Protocol (HTTP).

D.

Enable Publishing Points ACL Authorization on the Publishing Point.

 

Correct Answer: A

Explanation:

To ensure that the users have full playback control of the streaming media, you should reconfigure the Publishing Point as an on-demand publishing point. On-demand publishing point distributes the content only when it is requested by a client. Users that receive this content might be able to modify its playback by pausing, rewinding, or fast-forwarding the stream. This type of publishing point is commonly used when the content originates from a file, such as a playlist or other Windows Media file, and can be used for personalized radio stations, online video stores, and self-paced training applications. On-demand publishing points always deliver their content as a unicast stream.

 

Reference: http://technet2.microsoft.com/windowsserver2008/en/library/0e1137b9-d97a- 4eae-a6f1-8c0f7227a3b11033.mspx?mfr=true

 

 

QUESTION 46

Your company has an Active Directory domain. All servers in the domain run Windows Server 2008 R2. The RD Gateway role service is installed on a server named Server1. The Remote Desktop Services server role is installed on servers named Server2 and Server3. Server2 and Server3 are configured in a load balancing Remote Desktop Server farm

named Farm1. You install and configure the RD Connection Broker service on a new server named Server4. You need to configure Server2 and Server3 to join the RD Connection Broker.

 

What should you do next?

 

A.

Configure Server2 and Server3 to use the RD Gateway role service to access RD Connection Broker.

B.

Create a new Group Policy object (GPO) that assigns Server4 to Server2 and Server3 as their connection broker server. Apply the GPO to Server2 and Server3.

C.

Configure a Group Policy object (GPO) to set the Set RD Gateway server address option in the Remote Desktop Services section to Server1. Apply the GPO to all client computers.

D.

Configure a Group Policy object (GPO) to set the Require secure RPC communications option in the Remote Desktop Services section to False. Apply the GPO to Server2 and Server3.

 

Correct Answer: B

Explanation:

Policy settings in this node control configuration of a Remote Desktop Session Host server that is a member of a load-balanced Remote Desktop Session Host server farm.

 

Join RD Connection Broker

This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server. If the policy setting is enabled, the RD Session Host server joins the farm that is specified in the Configure RD Connection Broker Farm Name setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker Server name policy setting.

 

If you enable this setting, you must also enable the “Configure RD Connection Broker Farm Name” and Configure RD Connection Broker Server name policy settings, or configure these settings by using either the Remote Desktop Session Host Configuration tool or the Terminal Services WMI provider.

Configure RD Connection Broker farm name This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. Therefore, you must use the same farm name for all RD Session Host servers in the same loadbalanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker. !If you enable this policy setting, you must specify the name of a farm in RD Connection Broker.

 

Configure RD Connection Broker server name

This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm. The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server.

Source: http://technet.microsoft.com/en-us/library/ee791821(WS.10).aspx

 

 

QUESTION 47

Your company has an Active Directory domain. The company runs Remote Desktop Services. You configure the main office printer as the default printer on the Remote Desktop Session Host Server.

 

The company policy states that all remote client computers must meet the following requirements:

 

You need to create a Group Policy Object by using the Remote Desktop Session Host Services Printer Redirection template to meet the company policy.

 

What should you do?

 

A.

Set the Easy Print driver first option to Disabled. Apply the GPO to the Terminal Server.

B.

Set the Use Terminal Services Easy Print driver first option to Disabled. Apply the GPO to all the client computers.

C.

Set the Do not set default client printer to be default printer in a session option to Enabled. Apply the GPO to the Terminal Server.

D.

Set the Do not set default client printer to be default printer in a session option to Enabled. Apply the GPO to all the client computers.

 

Correct Answer: C

Explanation:

To set a Group Policy Object by using the Remote Desktop Services Printer Redirection template, you should access the session options and set the `Do not set default client printer’ to default printer Enabled. Apply GPO to the Remote Desktop Session Host Server. When you set the default client printer to default printer enabled, the main printer will become the default printer. The GPO will set the policy of accessing the main office printer by default and the user printers will also be accessible during Remote Desktop Connection so if the default printer is busy or has any problem, the next available printer (user printer) will automatically print the required document.

 

 

QUESTION 48

You manage a member server that runs Windows Server 2008 R2. The server has the Remote Desktop Services server role installed. Windows System Resource Manager (WSRM) is installed on the server.

 

Users report performance degradation on the Remote Desktop Session Host Server. You monitor the server and notice that one user is consuming 100 percent of the processor time. You create a resource-allocation policy named Policy1 that limits each user to 30 percent of the total processor time. You observe no performance improvement.

 

You need to configure WSRM to enforce Policy1.

 

What should you do?

 

A.

Set Policy1 as the Profiling Policy.

B.

Set Policy1 as the Managing Policy.

C.

Restart the Remote Desktop Configuration service.

D.

Launch the WSRM application by using the user context of the Remote Desktop Session Host Server System account.

 

Correct Answer: B

Explanation:

Resource-Allocation Policies

WSRM uses resource-allocation policies to determine how computer resources, such as CPU and memory, are allocated to processes running on the computer. There are two resource-allocation policies that are specifically designed for computers running Terminal Services. The two Terminal Services-specific resource-allocation policies are:

 

To implement the Equal_Per_Session resource-allocation policy Open the Windows System Resource Manager snap-in.

In the console tree, expand the Resource Allocation Policies node. Right-click Equal_Per_Session, and then click Set as Managing Policy. If a dialog box appears informing you that the calendar will be disabled, click OK.

 

Source: http://technet.microsoft.com/en-us/library/cc771218(WS.10).aspx

 

 

QUESTION 49

Your company has a single Active Directory domain named contoso.com. All servers in the domain run Windows Server 2008.

 

The DNS service is installed on two domain controllers named DC1 and DC2. Both DNS servers host Active Directory integrated zones that are configured to allow the most secure updates only.

 

DC1 has Key Management Service (KMS) installed and activated.

 

You discover that the service locator records from the contoso.com zone hosted on DC1 and DC2 are missing.

 

You need to force registration of the KMS service locator records in the contoso.com zone.

 

What should you do?

 

A.

Configure the contoso.com zone to accept non-secure updates.

B.

On DC1 at the command prompt, run the slmgr.vbs Crearm script.

C.

On DC1 at the command prompt, run the net stop sppsvc command, and then run the net start sppsvc command.

D.

On DC2 at the command prompt, run the net stop netlogon command, and then run the net start netlogon command.

 

Correct Answer: C

Explanation:

To force registration of the KMS service locator records in the contoso.com zone, you should run the net stop sppsvc command at the command prompt and then execute the net start sppsvc command. This whole procedure is to start the KMS service locator records to force registration in the contoso.com zone.

 

 

QUESTION 50

You have a server that runs the Terminal Services Gateway (TS Gateway) role service. Users need to connect remotely through the gateway to desktop computers located in their offices.

 

You create a security group named Remote1 for the users who need to connect to computers in their offices. You need to enable the users to connect to the TS Gateway.

 

What should you do?

 

A.

Add the Remote1 security group to the local remote desktop users group on the TS Gateway server.

B.

Create a client authorization policy. Add the Remote1 security group and enable Device redirection.

C.

Create a resource authorization policy. Add the Remote1 security group and enable Users to connect to any resource.

D.

Create a Group Policy object and enable the Set TS Gateway authentication method properties to Ask for credentials, use Basic protocol. Apply the policy to the TS Gateway server.

 

Correct Answer: B

Explanation:

To enable the remote users belonging to RemoteUsersGrp1 to connect to the TS Gateway, you need to create a client authorization policy. Add the RemoteUsersGrp1 security group and enable Device redirection. A connection authorization policy (CAP) allows you to control who can connect to the Terminal Server through the Terminal Services Gateway. The Device Redirection gives you the option of disabling redirection for trusted a remote client devices. The tab contains a series of checkboxes that you can use to disable things like disk drives, the Windows clipboard, printers, serial ports, and even plug and play devices.

Reference: Configuring the Windows Server 2008 Terminal Services Gateway (Part 2)/ Create a Terminal Services Gateway CAP

http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Terminal- Services-Gateway-Part2.html

 

Reference: An Overview of Longhorn Server’s Terminal Service Gateway (Part 4)

 

http://www.msterminalservices.org/articles/Overview-Longhorn-Servers-Terminal-Service- Gateway-Part4.html

 

Instant Access to Download Latest Complete Collection of Microsoft 70-643 Real Exam

Try Microsoft 70-643 Free Demo