Microsoft 70-643 Online Practice Questions and Exam Preparation

Microsoft 70-643 Online Questions & Answers

• Question 161:

  Your network contains a server named Server1 that has Microsoft SharePoint Foundation 2010 installed.

  You configure the incoming email settings to use the SharePoint Directory Management service to create distribution groups and contacts in an organizational unit (OU) named OU1. You need to ensure that email distribution groups created from SharePoint are automatically created in OU1.

  What should you do?

  A. From Central Administration, create a new trust relationship.
  B. From Central Administration, modify the Directory Management Service Approval List.
  C. From Active Directory Users and Computers, delegate permissions to the SharePoint 2010 Timer service account in OU1.
  D. From Active Directory Users and Computers, delegate permissions to the SharePoint Central Administration v4 application pool identity in OU1.
  D. From Active Directory Users and Computers, delegate permissions to the SharePoint Central Administration v4 application pool identity in OU1.

  ---

  Configure Active Directory Incoming email uses the Microsoft SharePoint Directory Management Service to connect SharePoint sites to the directory services used by your organization. If you enable the Microsoft SharePoint Directory Management Service, users can create and manage distribution groups from SharePoint sites. SharePoint lists that use email can then be found in directory services, such as the Address Book. You must also select which distribution group requests from SharePoint lists require approval. The Microsoft SharePoint Directory Management Service can be installed on a server in the farm, or you can use a remote Microsoft SharePoint Directory Management Service. To use the Microsoft SharePoint Directory Management Service on a farm or server, you must configure the Central Administration application pool identity account to have the Create, delete, and manage user accounts right to the container that you specify in Active Directory.

  The preferred way to do this is by delegating the right to the Central Administration application pool identity account. An Active Directory administrator must set up the organizational unit (OU) and delegate the Create, delete, and manage user accounts right to the container. The advantage of using the Microsoft SharePoint Directory Management Service on a remote farm is that you do not have to delegate rights to the organizational unit for multiple farm service accounts. If the application pool account for Central Administration is different from the application pool account for the Web application of the list or site that is enabled for email, you must use the application pool account for the Web application when completing the following procedures. You must then delegate additional rights to the Central Administration application pool account. The following procedures are performed on a domain controller that runs Microsoft Windows Server 2003 SP1 (with DNS Manager) and Microsoft Exchange Server 2003 SP1. In some deployments, these applications might run on multiple servers in the same domain.

  Important: Membership in the Domain Administrators group or delegated authority for domain administration is required to complete this procedure.

  Create an organizational unit in Active Directory

  1.

  Click Start, point to Control Panel, point to Administrative Tools, and then click Active Directory Users and Computers.

  2.

  In Active Directory Users and Computers, right-click the folder for the second-level domain that contains your server farm, point to New, and then click Organizational Unit.

  3.

  Type the name of the organizational unit, and then click OK. After creating the organization unit, we recommend that you delegate the Create, delete, and manage user accounts right to the container.

  Important: Membership in the Domain Administrators group or the Enterprise Administrators group in Active Directory, or delegated authority for administration, is required to complete this procedure.

  Delegate right to the application pool account

  1.

  In Active Directory Users and Computers, find the organizational unit that you just created.

  2.

  Right-click the organizational unit, and then click Delegate control.

  3.

  On the Welcome page of the Delegation of Control Wizard, click Next.

  4.

  On the Users and Groups page, click Add, and then type the name of the application pool identity account that the Web application uses.

  5.

  In the Select Users, Computers, and Groups dialog box, click OK.

  6.

  On the Users or Groups page of the Delegation of Control Wizard, click Next.

  7.

  On the Tasks to Delegate page of the Delegation of Control Wizard, select the Create, delete, and manage user accounts check box, and then click Next.

  8.

  On the last page of the Delegation of Control Wizard, click Finish to exit the wizard. If you must add permissions for the application pool identity account directly, complete the following procedure.

  Important: Membership in the Account Operators group, Domain Administrators group, or the Enterprise Administrators group in Active Directory, or delegated authority for administration, is required to complete this procedure.

  Add permissions for the application pool account

  1.

  In Active Directory Users and Computers, click the View menu, and then click Advanced Features.

  2.

  Right-click the organizational unit that you just created, and then click Properties.

  3.

  In the Properties dialog box, click the Security tab, and then click Advanced.

  4.

  Click Add, and then type the name of the application pool identity account for the Web application.

  5.

  Click OK.

  6.

  In the Permission Entries section, double-click the application pool identity account.

  7.

  In the Permissions section, under Allow, select the Modify permissions check box.

  8.

  Click OK to close the Permissions dialog box.

  9.

  Click OK to close the Properties dialog box.

  10.

  Click OK to close the Active Directory Users and Computers plug-in. If you decide instead to use the remote Microsoft SharePoint Directory Management Service, you must know the URL for the Web service. This URL is typically in the following format: http:// server:adminport/_vti_bin/SharePointEmailWS.asmx.

  Source: http://technet.microsoft.com/en-us/library/cc262947.aspx

• Question 162:

  You have a w2k8 IIS server. Your company uses SMTP email. Now you want to prevent the sending of unauthorized email and restrict SMTP only to internal servers without affecting the current mail flow.

  What should you do?

  A. Block all outbound email with a windows firewall rule
  B. Disable the high alerts in windows defender
  C. Enable tls-encryption on the outbound security
  D. You add a SMTP relay restriction that allows SMTP-relaying only from the servers in your domain
  D. You add a SMTP relay restriction that allows SMTP-relaying only from the servers in your domain

• Question 163:

  Your network contains an Active Directory domain named adatum.com.

  You publish a RemoteApp named WebApp5. The Remote Desktop Connection (.rdp) file for WebApp5 is unsigned.

  When a user named User5 runs WebApp5 from the Remote Desktop Web Access (RD Web Access) website, Users is prompted for credentials.

  You need to prevent users from being prompted for credentials when they run WebApp5.

  What should you do?

  A. Enable form-based authentication for the Remote Desktop Web Access Website.
  B. Enable the Assign a default domain for logon Group Policy setting.
  C. Modify the Authentication Settings for the RDWeb virtual directory.
  D. Enable the Allow Delegating Default credentials Group Policy setting.
  E. Configure the SSL Settings for the RDWeb virtual directory.
  D. Enable the Allow Delegating Default credentials Group Policy setting.

  ---

  When applied to Terminal Services, Single Sign-On means using the credentials of the currently logged on user (also called default credentials) to log on to a remote computer. If you use the same user name and password logging on to your local computer and connecting to a Terminal Server, enabling Single Sign-On will allow you to do it seamlessly, without having to type in your password again. Locally logged on credentials are used for connecting to TS Web Access, however, they cannot be shared across TS Web Access and TS or TS Gateway. Thus you will need to enable the Group Policy settings described below in order to use locally logged on credentials for TS or TS Gateway connections.

  How to enable Single Sign-On?

  Single sign-On can be enabled using domain or local group policy.

  1.

  Log on to your local machine as an administrator.

  2.

  Start Group Policy Editor - "gpedit.msc".

  3.

  Navigate to "Computer Configuration\Administrative Templates\System\Credentials Delegation".

  4.

  Double-click the "Allow Delegating Default Credentials" policy.

  5.

  Enable the policy and then click on the "Show" button to get to the server list.

  6.

  Add "TERMSRV/" to the server list. You can add one or more server names. Using one wildcard (*) in a name is allowed. For example to enable Single Sign-On to all servers in "MyDomain.com" you can type "TERMSRV/*.MyDomain.com". (Notice the "Concatenate OS defaults with input above" checkbox on the picture above. When this checkbox is selected your servers are added to the list of servers enabled by OS by default. For Single Sign-On this default list is empty, so the checkbox has no effect.)

  7.

  Confirm the changes by clicking on the "OK" button until you return back to the main Group Policy Object Editor dialog.

  8.

  At a command prompt, run "gpupdate" to force the policy to be refreshed immediately on the local machine.

  9.

  Once the policy is enabled you will not be asked for credentials when connecting to the specified servers.

  

  

  

  http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal- serverconnections.aspx

• Question 164:

  Your network contains a server that has the Remote Desktop Session Host (RD Session Host) role service installed.

  You need to increase the bandwidth that is allocated for printing and for file transfers between the RD Session Host server and the Remote Desktop clients.

  What should you do?

  A. On the server, modify the RDP-Tcp settings.
  B. On the server, modify the FlowControlChannelBandwidth registry setting.
  C. On the clients, modify the FlowControlDisplayBandwidth registry setting.
  D. On the clients, modify the Local Resources settings of the Remote Desktop connections.
  B. On the server, modify the FlowControlChannelBandwidth registry setting.

  ---

  Display data prioritization

  Display data prioritization automatically controls virtual channel traffic so that display, keyboard, and mouse data is given a higher priority over other virtual channel traffic, such as printing or file transfers. This prioritization is designed to ensure that your screen performance is not adversely affected by bandwidth intensive actions, such as large print jobs. The default bandwidth ratio is 70:30. Display and input data will be allocated 70 percent of the bandwidth, and all other traffic, such as clipboard, file transfers, or print jobs, will be allocated 30 percent of the bandwidth.

  You can adjust the display data prioritization settings by making changes to the registry of the terminal server. You can change the value of the following entries under the HKEY_LOCAL_MACHINE\SYSTEM \CurrentControlSet\Services\TermDD subkey:

  FlowControlDisable FlowControlDisplayBandwidth FlowControlChannelBandwidth FlowControlChargePostCompression

  If these entries do not appear, you can add them. To do this, right-click TermDD, point to New, and then click DWORD (32-bit) Value

  You can disable display data prioritization by setting the value of FlowControlDisable to 1. If display data prioritization is disabled, all requests are handled on a first-in-first-out basis. The default value for FlowControlDisable is 0.

  You can set the relative bandwidth priority for display (and input data) by setting the FlowControlDisplayBandwidth value The default value is 70; the maximum value allowed is 255. You can set the relative bandwidth priority for other virtual channels (such as clipboard, file transfers, or print jobs) by setting the FlowControlChannelBandwidth value. The default value is 30; the maximum value allowed is 255. The bandwidth ratio for display data prioritization is based on the values of FlowControlDisplayBandwidth and FlowControlChannelBandwidth. For example, if FlowControlDisplayBandwidth is set to 150 and FlowControlChannelBandwidth is set to 50, the ratio is 150:50, so display and input data will be allocated 75 percent of the bandwidth.

  Source: http://technet.microsoft.com/en-us/library/cc772472(WS.10).aspx

• Question 165:

  Your network contains an FTP server that runs Windows Server 2008 R2. You need to prevent FTP users from viewing all folders named _private. What should you configure?

  A. FTP Authorization Rules
  B. FTP Directory Browsing
  C. FTP IPv4 Address and Domain Restrictions
  D. FTP Request Filtering
  D. FTP Request Filtering

  ---

  Section: Internet Information Server (IIS)

  

• Question 166:

  Your network contains a server named Server2 that runs Windows Server 2008 R2 Service Pack 1 (SP1). Server2 has the Hyper-V server role installed. The disks on Server2 are configured as shown in the exhibit. (Click the Exhibit button.)

  

  You create a new virtual machine (VM) named VM1. You plan to install Windows Server 2008 R2 SP1 on VM1. You need to configure Disk 2 on Server2 as the system drive of VM1.

  Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  A. On VM1, add a virtual hard disk (VHD) to an IDE controller.
  B. On VM1, add a virtual hard disk (VHD) to an SCSI controller.
  C. Convert Disk 2 to a dynamic disk.
  D. On VM1, add a physical hard disk to an SCSI controller.
  E. On VM1, add a physical hard disk to an IDE controller.
  F. Take Disk 2 offline.
  G. Convert Disk 2 to a GPT disk.
  A. On VM1, add a virtual hard disk (VHD) to an IDE controller.
  F. Take Disk 2 offline.

• Question 167:

  Your network contains an FTP server named Server1. Server1 has an FTP site named FTP1. You need to hide all of the files in FTP1 that have an .exe file extension. The solution must ensure that users can list other files in FTP1. What should you modify?

  A. the FTP authorization rules
  B. the FTP directory browsing
  C. the FTP request filtering
  D. the NTFS permissions
  C. the FTP request filtering

  ---

  Use the FTP Request Filtering feature page to define the request filtering settings for your FTP site.

  FTP request filtering is a security feature that allows Internet service providers (ISPs) and Application service providers to restrict protocol and content behavior. For example, using the File Name Extensions tab you can specify a list of file name extensions that are allowed or denied. Source: http://technet.microsoft.com/en-us/library/dd851560.aspx

• Question 168:

  Your company has a server that runs Windows Server 2008. The Windows SharePoint Services (WSS) role is installed on the Windows Server 2008 server.

  You need to configure WSS to support SMTP.

  What should you do?

  A. Bind the SharePoint Web site to port 25.
  B. Uninstall and reinstall the WSS role.
  C. Install the SMTP Server feature by using the Server Manager console.
  D. Install the Application Server role by using the Server Manager console.
  C. Install the SMTP Server feature by using the Server Manager console.

  ---

  To configure WSS to support SMTP, you should install the SMTP server feature through Server Manager Console. Based on SMTP, WSS works with any mail server or SMTP gateway. It acts as an SMTP relay (it does not store mail, only forwards it) and handles all incoming and outgoing SMTP traffic. For most installations, you'll simply have to modify your domain MX record and make a few configuration changes on your email server. When installing WSS on the same host as your mail server, you must make additional configuration changes, such as SMTP port numbers.

  Reference: http://www.networkcomputing.com/913/913sp3.html

• Question 169:

  Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 has the Streaming Media Services role installed.

  You discover that anonymous users can access video content stored on Server1. You need to ensure that user access to videos on the server requires authentication.

  What should you do?

  A. From the Windows Media Services console, configure the Authorization properties.
  B. From the Windows Media Services console, configure the Authentication properties.
  C. From Internet Information Services (IIS) Manager, configure the Authentication settings.
  D. From Internet Information Services (IIS) Manager, configure the .Net Authorization Rules settings.
  B. From the Windows Media Services console, configure the Authentication properties.

  ---

  About authentication

  Authentication is a fundamental aspect of security for a server running Windows Media Services. It confirms the identity of any user trying to access resources on your Windows Media server. Windows Media Services includes the following authentication plug-ins that you can enable to validate user credentials:

  WMS Anonymous User Authentication WMS Negotiate Authentication WMS Digest Authentication

  Authentication plug-ins work in conjunction with authorization plug-ins: after users are authenticated, authorization plug-ins control access to content. Windows Media Services authentication plug-ins fall into the following categories: Anonymous authentication. These are plug-ins that do not exchange challenge and response information between the server and a player, such as the WMS Anonymous User Authentication plug-in. Network authentication. These are plug-ins that validate users based on logon credentials, such as the WMS Negotiate Authentication plug-in.

  When a user tries to access a server or publishing point, the server tries to authenticate users through an anonymous authentication plug-in. If more than one anonymous authentication plug-in is enabled, the server only uses the first one listed. If that attempt fails or an anonymous authentication plug-in is not enabled, the server tries to authenticate the user by using a network authentication plug-in. If more than one network authentication plug-in is enabled, the server tries to use the first one that is also supported by the client.

  Source: http://technet.microsoft.com/en-us/library/cc754800.aspx

• Question 170:

  You manage a member server that runs Windows Server 2008 R2. The member server has the Web Server (IIS) server role installed. The server hosts a Web site that is only accessible to the executives of your company.

  The company policy states that the executives must access the confidential Web content by using user certificates.

  You need to ensure that the executives can only access the secure Web site by using their installed certificates.

  What should you do?

  A. Configure the SSL settings to Require 128-bit SSL on the confidential Web site.
  B. Configure the Client Certificates settings to Accept on the SSL settings for the confidential Web site.
  C. Configure the Client Certificates settings to Require on the SSL settings for the confidential Web site.
  D. Configure a Certificate Trust list to include the executives' certification authority (CA) certificate.
  C. Configure the Client Certificates settings to Require on the SSL settings for the confidential Web site.

  ---