Microsoft 70-643 Online Practice Questions and Exam Preparation

Microsoft 70-643 Online Questions & Answers

• Question 131:

  You are evaluating whether to purchase Windows Server 2008 R2 Service Pack 1 (SP1).

  Several weeks ago, you installed Windows Server 2008 R2 SP1 on a server. During the installation, you did not enter a product key.

  You need to identify how many days remain until the license status of the server will change to Unlicensed.

  Which tool should you use?

  A. System Configuration
  B. Windows Activation
  C. Action Center
  D. Act.exe
  B. Windows Activation

  ---

  Ref: http://www.windowsvalley.com/is-windows-activated-check-windows-activation-status/

• Question 132:

  You manage a Web server named Server1 that runs Windows Server 2008 R2. Server1 has the SMTP Server feature installed.

  You need to manage the SMTP server settings.

  Which tool should you use?

  A. Component Services
  B. Iisreset
  C. Internet Information Services (IIS) Manager
  D. Internet Information Services (IIS) 6.0 Manager
  E. Ftp
  F. Local Security Policy
  G. Performance Monitor
  H. Security Configuration Wizard (SCW)
  I. Services
  J. System Configuration
  D. Internet Information Services (IIS) 6.0 Manager

  ---

  The utility in Windows Server 2008 to configure SMTP services is the Internet Information Services (IIS) 6.0 Manager Console, which can be installed into IIS 7 by adding the IIS 6 Management Console module of the IIS 6 Compatability Role Service to the Web Server Role in Server Manager (note: this is a separate module from the IIS 6 Metabase module, which is also required for SMTP). After adding the IIS 6 Compatability Role Service in addition to adding the SMTP Feature itself, the Internet Information Services (IIS) 6.0 Manager Console should be visible in the Administrative Tools folder and should portray your local SMTP server.

  http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/a14a14c0-2406-4cfcbb6d-0f6284401513/

• Question 133:

  You install the Web Server (IIS) server role on a new server that runs Windows Server 2008 R2. You install a Microsoft .NET Framework application on a Web site on the Web server. The application launches a process that presents a real-

  time graphical report to the Web browser and creates a text report file on the hard disk drive.

  The company security policy states that the application must not perform any of the following tasks:

  Write to the event log.

  Access Open Database Connectivity (ODBC) data sources.

  Make network or Web service calls.

  You need to configure the Web site so that the application can be executed. You must ensure that the application meets the outlined security requirements.

  What should you do?

  A. Set the .NET Framework trust level to Full for the Web site.
  B. Set the .NET Framework trust level to Low for the Web site.
  C. Set the .NET Framework trust level to High for the Web site.
  D. Set the .NET Framework trust level to Medium for the Web site.
  D. Set the .NET Framework trust level to Medium for the Web site.

  ---

  Use the .NET Trust Levels feature page to set the trust element in the web.config file. The trust element enables you to configure the level of code access security (CAS) that is applied to an application.

  Full (internal) - Specifies unrestricted permissions. Grants the ASP.NET application permissions to access any resource that is subject to operating system security. All privileged operations are supported. High (web_hightrust.config) Specifies a high level of code access security, which means that the application cannot do any one of the following things by default:

  Call unmanaged code.

  Call serviced components.

  Write to the event log. Access Message Queuing service queues. Access ODBC, OleDb, or Oracle data sources. Medium (web_mediumtrust.config) - Specifies a medium level of code access security, which means that, in addition to High

  Trust Level restrictions, the ASP.NET application cannot do any of the following things by default:

  Access files outside the application directory.

  Access the registry.

  Make network or Web service calls. Low (web_lowtrust.config) - Specifies a low level of code access security, which means that, in addition to Medium Trust Level restrictions, the application cannot do any of the following things by default:

  Write to the file system.

  Call the Assert method.

  Minimal (web_minimaltrust.config) - Specifies a minimal level of code access security, which means that the application has only execute permissions. Source:

  http://technet.microsoft.com/en-us/library/cc754779.aspx

• Question 134:

  Your network contains a server named Server1. Server1 has the Streaming Media Services role installed.

  The network contains two subnets named Subnet1 and Subnet2. You create an on-demand publishing point named Publishing1 on Server1. You need to ensure that only users from Subnet1 can access Publishing1.

  What should you configure from the Windows Media Services console?

  A. From the properties of Server1, configure the Limits settings.
  B. From the properties of Server1, configure the Authentication settings.
  C. From the properties of Publishing1, configure the Credentials settings.
  D. From the properties of Publishing1, configure the Authorization settings.
  D. From the properties of Publishing1, configure the Authorization settings.

  ---

  WMS IP Address Authorization

  The WMS IP Address Authorization plug-in is used to control access to your content based on client Internet Protocol (IP) addresses. You can add specific IP addresses or ranges of IP addresses for which you want to allow or restrict access. You can configure the following options on the General tab for this plug-in.

  

  Source: http://technet.microsoft.com/en-us/library/cc770273.aspx

• Question 135:

  You deploy a server that has Microsoft SharePoint Foundation 2010 installed.

  You create a Web application named WebApp1.

  You need to enable anonymous access to WebApp1.

  Which settings should you configure first?

  A. Anonymous Policy
  B. Authentication Providers
  C. User Permissions
  D. User Policy
  B. Authentication Providers

  ---

  Enable anonymous access for a zone of a Web application

  1.

  From Administrative Tools, open the SharePoint Central Administration Web site application.

  2.

  On the Central Administration home page, click Application Management.

  3.

  On the Application Management page, in the Application Security section, click Authentication providers.

  4.

  On the Authentication Providers page, make sure the Web application that is listed in the Web Application box (under Site Actions) is the one that you want to configure. If the listed Web application is not the one that you want to configure, click the drop-down arrow to the right of the Web Application drop- down list box and select Change Web Application.

  5.

  In the Select Web Application dialog box, click the Web application that you want to configure.

  6.

  On the Authentication Providers page, click the zone of the Web application on which you want to enable anonymous access. The zones that are configured for the selected Web application are listed on the Authentication Providers page.

  7.

  On the Edit Authentication page, in the Anonymous Access section, select Enable Anonymous Access, and then click Save.

  At this point, the Web application zone has been enabled for anonymous access. Source: http://technet.microsoft.com/en-us/library/cc561167.aspx

• Question 136:

  Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 has the Remote Desktop Session Host (RD Session Host) role service installed.

  You need to ensure that Remote Desktop users can use the user interface elements of Windows Aero.

  What should you do on Server1?

  A. Change the display settings.
  B. Add the Desktop Experience feature.
  C. Install a DirectX 10 compliant video adapter.
  D. Add the Quality Windows Audio Video Experience feature.
  B. Add the Desktop Experience feature.

  ---

  Section: Remote Desktop Services (RDS)

  When a user uses Remote Desktop Connection to connect to a Remote Desktop Session Host (RD Session Host) server, the desktop that exists on the RD Session Host server is reproduced, by default, in the remote session. To make the remote session look and feel more like the user's local Windows 7 desktop experience, install the Desktop Experience feature on an RD Session Host server that is running Windows Server R2. Desktop Experience installs components and features of Windows 7, such as Windows Media Player, Windows Defender, and Windows Calendar Source: http://technet.microsoft.com/en-us/library/cc772567.aspx

• Question 137:

  You manage a server that runs Windows Server 2008. The server has the Web Server (IIS) role installed. The server hosts an Internet-accessible Web site that has a virtual directory named /orders/. A Web server certificate is installed and

  an SSL listener has been configured for the Web site.

  The /orders/ virtual directory must meet the following company policy requirements:

  Be accessible to authenticated users only.

  Allow authentication types to support all browsers.

  Encrypt all authentication traffic by using HTTPS.

  All other directories of the Web site must be accessible to anonymous users and be available without SSL

  You need to configure the /orders/ virtual directory to meet the company policy requirements.

  Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  A. Configure the Web site to the Require SSL setting.
  B. Configure the /orders/ virtual directory to the Require SSL setting.
  C. Configure the Digest Authentication setting to Enabled for the /orders/ virtual directory.
  D. Configure the Basic Authentication setting to Enabled and the Anonymous Authentication setting to Disabled for the Web site.
  E. Configure the Basic Authentication setting to Enabled and the Anonymous Authentication setting to Disabled for the / orders/ virtual directory.
  B. Configure the /orders/ virtual directory to the Require SSL setting.
  E. Configure the Basic Authentication setting to Enabled and the Anonymous Authentication setting to Disabled for the / orders/ virtual directory.

  ---

  To configure the /salesorders/ virtual directory so that it is accessible to authenticated users only and it should allow authentication types to support all browsers, you need to configure the Basic Authentication setting to Enabled for the /

  salesorders / virtual directory, because the Basic authentication is supported by mostly all the browsers.

  Next you need to Disable the Anonymous Authentication setting to for the / salesorders / virtual directory, so that only authenticated users can access the virtual directory. Finally, you need to configure only the /salesorders / virtual directory to

  the Require SSL setting so that only the authentication traffic to this directory is encrypted and all other directories of the Website must be accessible to anonymous users and be available without SSL.

  To configure authentication for a virtual directory or a physical directory in a Web site, you need to configure the virtual directory for the Web site and not the website.

  Reference: How to configure IIS Web site authentication http://support.microsoft.com/kb/308160

• Question 138:

  Your network contains a server named Server2 that has Microsoft SharePoint Foundation 2010 Service Pack 1 (SP1) installed.

  Server2 has a web application named Web1.

  Web1 contains a site collection named Site1.

  Users access Site1 by using the URL http://server2.contoso.com.

  You need to ensure that the users can access Site1 by using the URL http://site1.contoso.com.

  The solution must not create additional Internet Information Services (IIS) websites.

  What should you configure?

  To answer, select the appropriate link in the answer area.

  Hot Area:

  

  

• Question 139:

  Your company has a single Active Directory domain. All servers run Windows Server 2008 R2. You install an iSCSI storage area network (SAN) for a group of file servers.

  Corporate security policy requires that all data communication to and from the iSCSI SAN must be as secure as possible.

  You need to implement the highest security available for communications to and from the iSCSI SAN.

  What should you do?

  A. Create a Group Policy object (GPO) to enable the System objects: Strengthen default permission of internal systems objects setting.
  B. Create a Group Policy object (GPO) to enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting.
  C. Implement IPsec security in the iSCSI Initiator Properties. Set up inbound and outbound rules by using Windows Firewall.
  D. Implement mutual Microsoft Challenge Handshake Authentication Protocol (MS-CHAPv2) authentication in the iSCSI Initiator Properties. Set up inbound and outbound rules by using Windows Firewall.
  C. Implement IPsec security in the iSCSI Initiator Properties. Set up inbound and outbound rules by using Windows Firewall.

  ---

  Security

  Microsoft iSCSI Initiator supports using and configuring Challenge Handshake Authentication Protocol (CHAP) and Internet Protocol security (IPsec). All supported iSCSI HBAs also support CHAP; however, some may not support IPsec.

  Ipsec

  IPsec is a protocol that provides authentication and data encryption at the IP packet layer. The Internet Key Exchange (IKE) protocol is used between peers to allow the peers to authenticate each other and negotiate the packet encryption

  and authentication mechanisms to be used for the connection. Because Microsoft iSCSI Initiator uses the Windows TCP/IP stack, it can use all of the functionality that is available in the Windows TCP/IP stack. For authentication, this includes

  preshared keys, Kerberos protocol, and certificates. Active Directory is used to distribute the IPsec filters to computers running Microsoft iSCSI Initiator. 3DES and HMAC-SHA1 are supported, in addition to tunnel and transport modes.

  Because iSCSI HBA has a TCP/IP stack embedded in the adapter, the iSCSI HBA can implement IPsec and IKE, so the functionality that is available on the iSCSI HBA may vary. At a minimum, it supports preshared keys and 3DES and

  HMAC-SHA1.

  Microsoft iSCSI Initiator has a common API that is used to configure IPsec for Microsoft iSCSI Initiator and iSCSI HBA.

  Easier Firewall configuration for Windows Server 2008 R2 and Windows 7 Allowing the use of an Internet Storage Name Service (iSNS) server through the firewall is possible directly from the iSCSICLI command-line utility. However, you can

  still controll it through the Windows Firewall with Advanced Security, if desired.

  To enable iSNS traffic for use with Microsoft iSCSI Initiator Use the following command to enable iSNS traffic through the firewall. This allows you to use an iSNS server with the local Microsoft iSCSI Initiator:

  iscsicli FirewallExemptiSNSServer

  Source: http://technet.microsoft.com/en-us/library/ee338480.aspx

• Question 140:

  Your network contains two servers named Server1 and Server2 that have the Web Server (US) server role installed.

  You need to ensure that you can administer Server2 from Server1 by using Internet Information Services (IIS) Manager. The solution must minimize the number of role services installed on Server2.

  What should you install on Server2?

  To answer, select the appropriate role service or role services from the Add Role Services dialog box in the answer area.

  Hot Area: