Ensurepass

QUESTION 61

You install the Windows SharePoint Services (WSS) role on a server that runs Windows Server 2008. You create a group named SPReviewers that will access content on the WSS server.

 

You need to restrict the permissions for the SPReviewers group to viewing items, opening items, and viewing versions.

Which permissions should you configure for the SPReviewers group?

 

A.

Read

B.

Design

C.

Contribute

D.

Limited Access

 

Correct Answer: A

Explanation:

To restrict the permissions of the group to viewing items, opening items, and viewing versions, you need to assign Read permission. The Read permission level includes the View Items, Open Items, View Pages, and View Versions permissions (among others), all of which are needed to read documents, items, and pages on a SharePoint site.

 

Reference: About security features of Windows SharePoint Services 3.0

 

http://office.microsoft.com/en-us/sharepointtechnology/HA100215781033.aspx

 

QUESTION 62

Your company has a single Active Directory domain. All servers run Windows Server 2008 R2.

 

You install an iSCSI storage area network (SAN) for a group of file servers.

 

Corporate security policy requires that all data communication to and from the iSCSI SAN must be as secure as possible.

 

You need to implement the highest security available for communications to and from the iSCSI SAN.

 

What should you do?

 

A.

Create a Group Policy object (GPO) to enable the System objects: Strengthen default permission of internal systems objects setting.

B.

Create a Group Policy object (GPO) to enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting.

C.

Implement IPsec security in the iSCSI Initiator Properties. Set up inbound and outbound rules by using Windows Firewall.

D.

Implement mutual Microsoft Challenge Handshake Authentication Protocol (MS- CHAPv2) authentication in the iSCSI Initiator Properties. Set up inbound and outbound rules by using Windows Firewall.

 

Correct Answer: C

Explanation:

Security

Microsoft iSCSI Initiator supports using and configuring Challenge Handshake Authentication Protocol (CHAP) and Internet Protocol security (IPsec). All supported iSCSI HBAs also support CHAP; however, some may not support IPsec.

 

Ipsec

IPsec is a protocol that provides authentication and data encryption at the IP packet layer. The Internet Key Exchange (IKE) protocol is used between peers to allow the peers to authenticate each other and negotiate the packet encryption and authentication mechanisms to be used for the connection. Because Microsoft iSCSI Initiator uses the Windows TCP/IP stack, it can use all of the functionality that is available in the Windows TCP/IP stack. For authentication, this includes preshared keys, Kerberos protocol, and certificates. Active Directory is used to distribute the IPsec filters to computers running Microsoft iSCSI Initiator. 3DES and HMAC-SHA1 are supported, in addition to tunnel and transport modes. Because iSCSI HBA has a TCP/IP stack embedded in the adapter, the iSCSI HBA can implement IPsec and IKE, so the functionality that is available on the iSCSI HBA may vary. At a minimum, it supports preshared keys and 3DES and HMAC-SHA1. Microsoft iSCSI Initiator has a common API that is used to configure IPsec for Microsoft iSCSI Initiator and iSCSI HBA.

 

Easier Firewall configuration for Windows Server 2008 R2 and Windows 7 Allowing the use of an Internet Storage Name Service (iSNS) server through the firewall is possible directly from the iSCSICLI command-line utility. However, you can still controll it through the Windows Firewall with Advanced Security, if desired.

 

To enable iSNS traffic for use with Microsoft iSCSI Initiator Use the following command to enable iSNS traffic through the firewall. This allows you to use an iSNS server with the local Microsoft iSCSI Initiator:

 

iscsicli FirewallExemptiSNSServer

Source: http://technet.microsoft.com/en-us/library/ee338480.aspx

QUESTION 63

Your company has an Active Directory domain. The company has a server named Server1 that has the Remote Desktop Services server role and the RD Web Access role service installed. The company has a server named Server2 that runs ISA Server 2006.

 

The company deploys the Remote Desktop Gateway (RD Gateway) role on a new server named Server3. The company wants to use ISA as the SSL endpoint for Remote Desktop connections. You need to configure the RD Gateway role on Server3 to use ISA 2006 on Server2.

 

What should you do?

 

A.

Configure the RD Gateway to use SSL HTTPS-HTTP bridging.

B.

Configure the Remote Desktop Connection Authorization Policy Store on Server3 to use Server2 as the Central Network Policy Server.

C.

Export the SSL certificate from Server2 and install the SSL certificate on Server3. Configure the RD Gateway to use the SSL certificate from Server2.

D.

Export a self-signed SSL certificate from Server3 and install the SSL certificate on Server2.

Configure the ISA service on Server2 to use the SSL certificate from Server3.

 

Correct Answer: A

Explanation:

To enhance security for an RD Gateway server, you can configure Microsoft Internet Security and Acceleration (ISA) Server or a non-Microsoft product to function as a Secure Sockets Layer (SSL) bridging device. The SSL bridging device can enhance security by terminating SSL sessions, inspecting packets, and re-establishing SSL sessions. You can configure ISA Server communication with the RD Gateway server in either of the two following ways:

HTTPS-HTTPS bridging. In this configuration, the RD Gateway client initiates an SSL (HTTPS) request to the SSL bridging device. The SSL bridging device initiates a new HTTPS request to the RD Gateway server, for maximum security. HTTPS-HTTP bridging. In this configuration, the RD Gateway client initiates an SSL (HTTPS) request to the SSL bridging device. The SSL bridging device initiates a new HTTP request to the RD Gateway server. To use HTTPS-HTTPS or HTTPS-HTTP bridging, you must enable the Use SSL Bridging setting on the RD Gateway server. Source: http://technet.microsoft.com/en-us/library/cc772387.aspx

 

 

QUESTION 64

You install the Web Server (IIS) role on a server that runs Windows Server 2008. Your companys human resources department has a Web site named www.contoso.com/hr.

 

You need to create a virtual directory on the company Web site for the HR department.

 

Which command should you run on the Web server?

 

A.

appcmd add app /app.name:contoso /path:/hr/physicalPath:c:\websites\hr

B.

appcmd add site/name:hr/physicalPath:c:\websites\hr

C.

appcmd add vdir/app.name:contoso /path:/hr/physicalPath:c:\websites\hr

D.

appcmd set vdir/vdir.name:hr/path:/hr /physicalPath:c:\websites\hr

 

Correct Answer: C

Explanation:

The syntax to add a virtual directory to the root application in a site is:

appcmd add vdir /app.name:string/ /path:string /physicalPath:string

 

The variable app.namestring is the site name and the / following the name specifies that the virtual directory should be added to the root application of the site. The variable pathstring is the virtual path of the virtual directory, such as /sl, and physicalPathstring is the physical path of the virtual directory’s content in the file system.

 

For example, to add a virtual directory named sl with a physical location of c:\websites to the root application in a site named contoso, you need to type the following command prompt

appcmd add vdir /app.name: contoso / path:/sl /physicalPath:c:\websites\sl

 

Reference: IIS 7.0: Create a Virtual Directory

 

http://technet2.microsoft.com/windowsserver2008/en/library/87d8a3d7-8d90-4626-8f85- 3c782ec9a5331033.mspx?mfr=true

 

 

QUESTION 65

You have two servers named FC1 and FC2 that run Windows Server 2008 R2 Enterprise. Both servers have the Failover Clustering feature installed. You configure the servers as a two-node cluster. The cluster runs an application named APP1. Business hours for your

company are 09:00 to 17:00. APP1 must be available during these hours. You configure FC1 as the preferred owner for APP1. You need to prevent failback of the cluster during business hours.

 

What should you do?

 

A.

Set the Period option to 8 hours in the Failover properties.

B.

Set the Allow failback option to allow failback between 17 and 9 hours in the Failover properties.

C.

Enable the Prevent failback option in the Failover properties.

D.

Enable the If resource fails, attempt restart on current node policy for all APP1 resources. Set the Maximum restarts for specified period to 0.

 

Correct Answer: B

Explanation:

Failback timing

You can set a group to fail back to its preferred node as soon as the Cluster service detects that the failed node has been restored, or you can instruct the Cluster service to wait until a specified hour of the day, such as after peak business hours.

Important

Failback only occurs when you have defined a preferred nodes list for a resource group and failback is allowed for that resource group. If you specify that a group failback to a preferred node and then restart the node to test the failback policy you set, the resource group will not failback. A resource group will not failback when a node is restarted after a planned shutdown and restart. To test the failback policy, you must press the reset button on the node.

 

Source: http://technet.microsoft.com/en-us/library/cc737785.aspx

 

 

QUESTION 66

You have a Terminal Server that runs Windows Server 2008.

 

You create a Windows Installer package for Microsoft Office Word 2007 by using Terminal Services RemoteApp (TS RemoteApp). You install the package on a client computer.

 

You double-click on a Word document and receive the following error. Windows cannot

open this file. You need to ensure that you can open the Word document by double-clicking on the file.

 

What should you do?

 

A.

Recreate the Windows Installer package.

B.

Modify the file association on the client computer.

C.

Modify the file association on the TS RemoteApp server.

D.

Install the Windows Installer package by using msiexec.exe.

 

Correct Answer: C

 

 

QUESTION 67

Your company has an Active Directory domain. The company runs Remote Desktop Services. All Remote Desktop Services accounts are configured to allow session takeover without permission. A user has logged on to a server named Server2 by using an account named User1. The session ID for User1 is 1337.

 

You need to perform a session takeover for session ID 1337.

 

Which commands should you run?

 

A.

Chgusr 1337 /disable, and then Tscon 1337

B.

Takeown /U User1 1337, and then Tscon 1337

C.

Tsdiscon 1337, and then Chgport /U User1 1337

D.

Tsdiscon 1337, and then Tscon 1337

 

Correct Answer: D

Explanation:

image039

 

Wrong answers:

chgport

Lists or changes the COM port mappings to be compatible with MS-DOS applications. Source: http://technet.microsoft.com/en-us/library/cc771976(WS.10).aspx chgusr

Changes the install mode for the terminal server.

Source: http://technet.microsoft.com/en-us/library/cc755189(WS.10).aspx takeown Enables an administrator to recover access to a file that previously was denied, by making the administrator the owner of the file.

 

Source: http://technet.microsoft.com/en-us/library/cc753024(WS.10).aspx

 

 

QUESTION 68

You have a server that runs Windows Server 2008. You install the Windows Media Services server role on the server. You plan to publish an audio file to the Internet by using Media Server.

You need to create a license for the audio file.

 

What should you do first?

 

A.

Publish the audio file to a new Web site.

B.

Publish the audio file to the Windows Media Services server.

C.

Package the audio file as a Windows Installer application.

D.

Package the audio file by using Windows Media Rights Manager.

 

Correct Answer: D

 

QUESTION 69

You manage a new server that runs Windows Server 2008 R2. You plan to install the Streaming Media Services server role on the server.

 

Users will access content on the new server by using Windows Media Player for Windows 7 and Windows Media Player for Mac.

 

You need to install the Streaming Media Services server role on the server to support both media players.

 

What should you do?

 

A.

Install Session Initiation Protocol (SIP).

B.

Install Simple Object Access Protocol (SOAP).

C.

Install Stream Control Transmission Protocol (SCTP).

D.

Install RPC over HTTPS.

 

Correct Answer: B

Explanation:

SCTP: No support in Mac

SIP: Identification over VoIP

SOAP: Access object web

 

 

QUESTION 70

You implement a member server that runs Windows Server 2008 R2. The member server has the Web Server (IIS) role installed. The member server also hosts intranet Web sites.

 

Your company policy has the following requirements:

 

You need to configure all the Web sites on the server to meet the company policy.

 

Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

 

A.

Configure the Basic Authentication setting on the server to Enabled.

B.

Configure the Digest Authentication setting on the server to Enabled.

C.

Configure the Windows Authentication setting on the server to Enabled.

D.

Configure the Anonymous Authentication setting on the server to Disabled.

E.

Configure the Active Directory Client Certificate Authentication setting on the server to Enabled.

 

Correct Answer: BCD

 

 

Instant Access to Download Latest Complete Collection of Microsoft 70-643 Real Exam

Try Microsoft 70-643 Free Demo