Ensurepass

QUESTION 81

You install the Web Server (IIS) role on a server that runs Windows Server 2008 R2. Your company’s default Web site has an IP address of 10.10.0.1.

 

You add a Web site named HelpDesk. The HelpDesk Web site cannot be started.

 

You need to configure the Helpdesk Web site so that it can be started.

 

What should you do?

 

A.

Run the iisreset /enable command on the server.

B.

Configure the Helpdesk Web site to use a host header.

C.

Run the appcmd add site /name: HelpDesk /id:2 /physicalPath: c:\HelpDesk /binding:http/*:80: helpdesk command on the server.

D.

Run the set-location Cliteralpath “d:\HelpDesk_content” HelpDesk ID:2 location port:80 domain:helpdesk command in the Microsoft Windows PowerShell tool on the server.

 

Correct Answer: B

 

 

QUESTION 82

Your company named Contoso, Ltd. has a Web server named WEB1.

 

The Web server runs Windows Server 2008. The fully qualified domain name of WEB1 is web1.contoso.com. The public DNS server has an alias record named owa.contoso.com that maps to web1.contoso.com. Users access WEB1 from the Internet by using http://owa.contoso.com.

 

The new company security policy states that the owa.contoso.com site must be available for Internet users only through secure HTTP (HTTPS) protocol. The security policy also states that users must not get security warnings when they connect to the site.

You need to request a certificate from a public certification authority (CA).

 

Which Common Name should you use?

 

A.

Contoso, Ltd.

B.

owa.contoso.com

C.

WEB1

D.

web1.contoso.com

 

Correct Answer: B

 

 

QUESTION 83

DRAG DROP

Your company has a server named VS1 that runs Windows Server 2008 R2 and Hyper-V. You want to create eight virtual servers that run Windows Server 2008 R2 and configure the virtual servers as an Active Directory forest for testing purposes. You discover that VS1 has only 30 GB of free hard disk space. You need to install the eight new virtual servers on VS1. What should you do? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)

 

image045

 

Correct Answer:

image047

 

 

QUESTION 84

You manage a server named Server2 that runs Windows Server 2008 R2. You install and test the Remote Desktop Services server role on Server2. You publish an application by using Remote Desktop Services. All users must connect to the Remote Desktop Services application by using the Remote Desktop Protocol.

 

You install and configure the RD Gateway role service on Server2. You configure a default domain policy to enable the Enable Connection through RD Gateway setting. Users report that they cannot connect to the Remote Desktop Services application. You need to ensure that users can access the Remote Desktop Services application on the intranet and from the Internet.

 

What should you do?

 

A.

Configure the Enable Connection through RD Gateway Group Policy setting to Disabled.

B.

Configure the Set RD Gateway server address Group Policy and configure the IP address of the RD Gateway server. Link the Group Policy object (GPO) to the domain.

C.

Configure Server Authentication on the Remote Desktop Connection client to Always connect, even if server authentication fails for all users.

D.

Enable the Set RD Gateway server authentication method Group Policy to the Ask for credential, use NTLM protocol setting. Link the Group Policy object (GPO) to the domain.

 

Correct Answer: B

Explanation:

How to use the Group Policy Management Console (GPMC) to enable connections through

 

RD Gateway. When this policy setting is enabled, when Remote Desktop Services clients cannot connect directly to an internal network resource (computer), the clients will attempt to connect to the computer through the RD Gateway server that is specified in the Set RD Gateway server address policy setting.

 

Source: http://technet.microsoft.com/en-us/library/cc726011.aspx

 

 

QUESTION 85

Your company has a single Active Directory domain. All the servers run Windows Server 2008 R2. You have a server named FS1 that has the File Services server role installed.

 

The disks are configured as shown in the following exhibit.

 

image032

 

You need to create a new drive volume to support data striping with parity.

 

What should you do?

 

A.

Add another disk. Create a New RAID-5 Volume.

B.

Create a new Striped Volume by using Disk 1 and Disk 2.

C.

Create a New Mirrored Volume by using Disk 1 and Disk 2.

D.

Create a New Spanned Volume by using Disk 1 and Disk 2.

 

Correct Answer: C

 

QUESTION 86

Your company has four regional offices. You install the Windows Deployment Services (WDS) role on the network.

 

Your company creates three images for each office. There are a total of 12 images for the company. The images will be used as standard images for workstations. You deploy the images by using WDS.

 

You need to ensure that each administrator can view only the images for his or her regional office.

 

What should you do?

 

A.

Create a global group for each regional office and place the computers in the appropriate global group.

B.

Create an organizational unit (OU) for each regional office and place the computers in the appropriate OU.

C.

Place all images into a single image group on the WDS server. Grant each administrator permissions to the image group.

D.

Place each regional office into a separate image group on the WDS server. Grant each administrator permissions to his or her regional offices image group.

 

Correct Answer: D

Explanation:

Image group: Each image group has a unique name and an ACL to specify users who are allowed to deploy OS images from the image group. An image group may contain multiple OS image containers. Source: http://msdn.microsoft.com/en- us/library/dd891274%28v=prot.10%29.aspx

 

 

QUESTION 87

Your company has an Active Directory domain. The company runs Remote Desktop Services.

 

Standard users who connect to the Remote Desktop Session Host Server are in the TSUsers organizational unit (OU). Administrative users are in the TSAdmins OU. No other users connect to the Remote Desktop Session Host Server.

 

You need to ensure that only members of OU1 can run the Remote Desktop Protocol files.

 

What should you do?

 

A.

Create a Group Policy object (GPO) that configures the Allow .rdp files from unknown publishers policy setting in the Remote Desktop Client Connection template to Disabled.

Apply the GPO to the TSUsers OU.

B.

Create a Group Policy object (GPO) that configures the Allow .rdp files from valid publishers and users default .rdp settings policy setting in the Remote Desktop Client Connection template to Disabled. Apply the GPO to the TSUsers OU.

C.

Create a Group Policy object (GPO) that configures the Allow .rdp files from valid publishers and users default .rdp settings policy setting in the Remote Desktop Client Connection template to Enabled. Apply the GPO to the TSAdmins OU.

D.

Create a Group Policy object (GPO) that configures the Specify SHA1 thumbprints of certificates representing trusted .rdp publishers policy setting in the Remote Desktop Client Connection template to Enabled. Apply the GPO to the TSAdmins OU.

 

Correct Answer: C

Explanation:

To ensure that only members of the TermSerAdmin OU can run the Remote Desktop Protocol files, you need to enable the Allow .rdp files from valid publishers and users default .rdp settings policy setting in the Remote Desktop Client Connection template.

 

This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client, such as the issuers in the client’s Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file).

 

If you enable this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.

 

If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked

 

Reference: Remote Desktop Connection Client

 

http://technet2.microsoft.com/windowsserver2008/en/library/76fb7e12-b823-429b-9887- 05dc70d28d0c1033.mspx?mfr=true

 

 

QUESTION 88

You have installed the Web Server (IIS) role on a server with Windows Server 2008.

Company uses SMTP for email.

 

You need prevent unauthorized transmissions without disrupting valid email traffic.

 

A.

Creata firewall role to block all outbound SMTP traffic.

B.

Configure High alert items to be removed in Windows Defender.

C.

Enable the TLS encryption option in the outbound security settings.

D.

Add an SMTP relay restriction that limits access to authorized server on the network.

 

Correct Answer: D

 

QUESTION 89

You have a w2k8 IIS server. Your company uses SMTP email. Now you want to prevent the sending of unauthorized email and restrict SMTP only to internal servers without affecting the current mail flow.

 

What should you do?

 

A.

Block all outbound email with a windows firewall rule

B.

Disable the high alerts in windows defender

C.

Enable tls-encryption on the outbound security

D.

You add a SMTP relay restriction that allows SMTP-relaying only from the servers in your domain

 

Correct Answer: D

 

 

QUESTION 90

Your network contains a server named Server1 that has Microsoft SharePoint Foundation 2010 installed.

 

You configure the incoming email settings to use the SharePoint Directory Management service to create distribution groups and contacts in an organizational unit (OU) named OU1. You need to ensure that email distribution groups created from SharePoint are automatically created in OU1.

 

What should you do?

 

A.

From Central Administration, create a new trust relationship.

B.

From Central Administration, modify the Directory Management Service Approval List.

C.

From Active Directory Users and Computers, delegate permissions to the SharePoint 2010 Timer service account in OU1.

D.

From Active Directory Users and Computers, delegate permissions to the SharePoint Central Administration v4 application pool identity in OU1.

 

Correct Answer: D

 

Instant Access to Download Latest Complete Collection of Microsoft 70-643 Real Exam

Try Microsoft 70-643 Free Demo