Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com
QUESTION 1
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has a Routing and Remote Access computer named ABCSR01
running Network Access Protection.
How should you configure ABC-SR01 to ensure Point-to-Point (PP) authentication is used?
A. By using the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) protocol.
B. By using the Secure Shell (SSH) protocol.
C. By using the Extensible Authentication Protocol (EAP) protocol.
D. By using the Kerberos v5 protocol.
Answer: C
Explanation:
To configure the Point-to-Point Protocol (PPP) authentication method on ABC-SR01, you need to
configure Extensible Authentication Protocol (EAP) authentication method.
Microsoft Windows uses EAP to authenticate network access for Point-to-Point Protocol (PPP)
connections. EAP was designed as an extension to PPP to be able to use newer authentication
methods such as one-time passwords, smart cards, or biometric techniques.
Reference: Making sense of remote access protocols in Windows / DIAL-UP AUTHENTICATION
http://articles.techrepublic.com.com/5100-10878_11-1058239.html
QUESTION 2
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has a computer named ABC-SR01 using the default security
settings to run Remote Desktop.
How would you configure the Remote Desktop connection to ensure secure connections between
ABC-SR01 and accessing clients?
A. By configuring Windows Firewall to block communications via port 110 on the firewall.
B. By obtaining user certificates from the internal certificate authority.
By allowing connections to Remote Desktop client computers that use Network Level
Authentication only.
C. By configuring Windows Firewall to block communications via port 443 on the firewall.
D. By obtaining user certificates from the external certificate authority.
By allowing connections to Remote Desktop client computers that use Network Level
Authentication only.
E. By configuring Windows Firewall to block communications via port 1423 on the firewall.
Answer: B
Explanation:
To ensure the RDP connections are as secure as possible, you need to first acquire user
certificates from the internal certificate authority and then configure each server to allow
connections only to Remote Desktop client computers that use Network Level Authentication.
In the pre-W2008 Terminal Server, you used to enter the name of the server and a connection is
initiated to its logon screen. Then, at that logon screen you attempt to authenticate. From a
security perspective, this isn’t a good idea. Because by doing it in this manner, you’re actually
getting access to a server prior to authentication – the access you’re getting is right to a session
on that server – and that is not considered a good security practice.
NLA, or Network Level Authentication, reverses the order in which a client attempts to connect.
The new RDC 6.0 client asks you for your username and password before it takes you to the
logon screen. If you’re attempting to connect to a pre-W2008 server, a failure in that initial logon
will fail back to the old way of logging in. It shines when connecting to Windows Vista computers
and W2008 servers with NLA configured it prevents the failback authentication from ever
occurring, which prevents the bad guys from gaining accessing your server without a successful
authentication.
Reference: Server 2008 Terminal Services Part 2: NLA – Network Level Authentication
http://www.realtime-windowsserver.com/tips_tricks/2007/06/server_2008_terminal_services_2.htm
QUESTION 3
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has a computer named ABC-SR18 configured to host the
Internet Information Services (IIS) Web server role and SMTP gateway role.
ABC.com has a Marketing division using ABC-SR18 to send and receive e-mail from the Internet.
The ABC.com Marketing division accesses the Internet using the SMTP gateway on port 25.
How would you configure ABC-SR18 to send e-mail to Internet recipients after configuring the
SMTP gateway to relay messages?
A. By creating an SRV record for the SMTP gateway on an internal DNS server.
B. By creating a host (A) record for the SMTP gateway on an internal DNS server.
C. By configuring the SMTP email feature for the website on ABC-SR18.
D. By creating a CNAME record for the SMTP gateway on an internal DNS server.
Answer: C
Explanation: You need to configure the SMTP email feature for the website on ABC-SR18. The
Simple Message Transfer Protocol allows the emails to be sent to a specific address.
Reference: https://technet2.microsoft.com/windowsserver2008/en/library/4ade618d-ff7a-4359-
b6ba-4982f0bdf4a51033.mspx?mfr=true
QUESTION 4
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has a computer named ABC-SR15 configured to host the
Active Directory Lightweight Directory Services (AD LDS) service.
How would you replicate Active Directory Lightweight Directory Services (AD LDS) to a newly
deployed server?
A. By using the ADSI Edit Snap-in to replicate the AD LDS instance.
B. By creating and installing a replica of AD LDS running the AD LDS Setup wizard on ABC-SR15
C. By using the xcopy command to copy the entire AD LDS instance.
D. By using Active Directory Sites and Services to replicate the AD LDS instance.
Answer: B
Explanation: You need to run the AD LDS setup wizard on the computer in the lab to create and
install a replica of AD LDS. In the AD LDS setup wizard there will be an option to replicate the AD
LDS instance on another computer.
QUESTION 5
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has a computer named ABC-SR01 configured to host
virtualization role service and virtual machines installed with the KingSales application.
How would you configure the virtual machines to be recovered to the original state if installation of
KingSales fails?
A. By using an Automated System Recovery (ASR) disk on the virtual machine when the
application fails.
B. By installing and configuring third party backup software on Virtual machine.
C. By creating a snapshot of the virtual machine through the Virtualization Management Console.
D. By using the Windows Backup utility to backup the Virtual machines.
Answer: C
Explanation: To ensure that you can restore the Virtual machine to its original state if an
application installation fails, you should create a snapshot of the virtual machine using the
Virtualization Management Console. You can always restore the virtual machines in its original
state by using the snapshot you created.
QUESTION 6
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has two computers configured as follows:
• ABC-DC01 – configured as a domain controller.
• ABC-DC02 – configured as a Read-Only Domain Controller (RODC).
ABC.com Marketing division members makes use of ABC-DC01 to log onto the domain.
How would you ensure that ABC-DC02 can be used by the Marketing division to log onto the
domain?
A. By deploying a computer running Active Directory Certificate Services (AD CS).
B. By using a Password Replication Policy on the RODC.
C. By installing and configuring an Active Directory Federation Services (AD FS) front-end server.
D. By deploying a computer running Active Directory Lightweight Directory Services (AD LDS) and
Active Directory Domain Services (AD DS).
Answer: B
Explanation: You should use the Password Replication Policy on the RODC. This will allow the
users at the Dallas office to log on to the domain with RODC. RODCs don’t cache any user or
machine passwords.
QUESTION 7
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has a computer named ABC-SR21 in the default Web site
running WSUS for updates.
How would you configure a group policy with the port and intranet update location to ensure the
Secure Sockets Layer (SSL) is used on ABC-SR21?
A. By using https://ABC-sr21: 80 to indicate the default port and intranet update location.
B. By using https://ABC-sr21 to indicate the default port and intranet update location.
C. By using https://ABC-sr21: 1073 to indicate the default port and intranet update location.
D. By using https://ABC-sr21: 110 to indicate the default port and intranet update location.
Answer: B
Explanation: You need to use https://ABC-sr21 to configure a group policy object (GPO) that
specifies the intranet update locations on a default port. You also need a URL for a secure port
that the WSUS server is listening on. You should make use of a URL that specifies HTTPS. This
will secure the client computer channel. However, if you are using any port other than 443 for SSL,
you need to include that port in the URL, too.
Reference: WSUS SSL Client Configuration
http://www.techsupportforum.com/microsoft-support/windows-nt-2000-2003-server/115983-wsusssl-
client-configuration.html
QUESTION 8
You are employed as an enterprise administrator at ABC.com. The ABC.com has a domain
named ABC.com. All servers on the domain run Microsoft Windows Server 2008 and all client
computers run Microsoft Windows Vista. ABC.com has a computer named ABC-SR20 that hosts
the Internet Information Services (IIS) Web Server role though being configured not to utilize the
Windows Performance and Reliability Monitor. During the course of the day ABC.com instructs
you to install and configure Reliability Monitor.
How can you ensure ABC-SR20 collects reliability information keeping the system stability share
current?
A. By configuring the Remote Access Auto Connection Manager service to start automatically on
the ABC-SR20.
B. By configuring the Net Logon service to start automatically on the ABC-SR20.
C. By configuring the Task scheduler service to start automatically on the ABC-SR20.
D. By configuring the Error Reporting Services service to start automatically on the ABC-SR20.
Answer: C
Explanation: To configure the ABC-SR20 to collect the reliability monitor data, you need to
configure the Task scheduler service to start automatically.
Reliability Monitor uses data provided by the RACAgent scheduled task, a pre-defined task that
runs by default on a new installation of Windows Vista. The seamless integration between the
Task Scheduler user interface and the Event Viewer allows an event-triggered task to be created
with just five clicks.
In addition to events, the Task Scheduler in Windows Vista / Server 2008 supports a number of
other new types of triggers, including triggers that launch tasks at machine idle, startup, or logon.
Because you need Task Scheduler to collect reliability monitor data, you need to you need to
configure the Task scheduler service to start automatically.
Reference: Network Monitor 3.1 OneClick … now what? / Task Scheduler Changes in Windows
Vista and Windows Server 2008 – Part One
http://blogs.technet.com/askperf/
Reference: What allows the Reliability Monitor to display data?
http://www.petri.co.il/reliability_monitor_windows_vista.htm
QUESTION 9
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has three computers configured as follows:
• ABC-SR11 – configured with Event Log subscription monitoring
• ABC-SR12 – configured as a domain controller.
• ABC-SR13 – configured as a domain controller.
During the course of the day ABC.com instructs you to create the subscription using ABC-SR12 or
ABC-SR13 which fails as the operation does not complete.
How would you ensure that the subscription can be created using either ABC-SR12 or ABCMicrosoft
70-649: Practice Exam
SR13? (Choose two)
A. By running the command wecutil cs subscription.xml on ABC-SR11.
B. By creating subscription.xml custom view on ABC-SR11.
C. By running the wecutil qc command on ABC-SR12.
D. By running the winrm connect command on ABC-SR13.
E. By running the winrm allow command on ABC-SR13
Answer: A,B
Explanation: To configure a subscription on ABC-SR11, you need to first create an event
collector subscription configuration file and Name the file subscription.xml. You need to then run
the wecutil cs subscription.xml command on ABC-SR11.
This command enables you to create and manage subscriptions to events that are forwarded from
remote computers, which support WS-Management protocol. wecutil cs subscription.xml
command will create a subscription to forward events from a Windows Vista Application event log
of a remote computer at ABC.com to the ForwardedEvents log.
Reference: Wecutil
http://technet2.microsoft.com/windowsserver2008/en/library/0c82a6cb-d652-429c-9c3d-
0f568c78d54b1033.mspx?mfr=true
QUESTION 10
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. ABC.com has a computer named ABC-SR11 configured to run Internet
Information Services (IIS) Web server role hosting confidential company information.
ABC.com has a Marketing division accessing the confidential information which loads excessively
slow. During the course of the maintenance you discovered ABC-SR11 uses a high percentage of
processor time.
How would you gather information regarding the processor utilizing high percentages of processor
time?
A. By using Windows Reliability and Performance Monitor to check percentage of processor
capacity.
B. By using a counter log to track the processor usage.
C. By using the Performance Logs and Alerts.
D. By checking the security log for Performance events.
E. By checking the error log for performance events.
Answer: A
Explanation: Explanation
To gather additional data to diagnose the cause of the problem, you need to use the Resource
View in Windows Reliability and Performance Monitor to see the percentage of processor capacity
used by each application.
The Resource View window of Windows Reliability and Performance Monitor provides a real-time
graphical overview of CPU, disk, network, and memory usage. By expanding each of these
monitored elements, system administrators can identify which processes are using which
resources. In previous versions of Windows, this real-time process-specific data was only
available in limited form in Task Manager
Reference: Windows Reliability and Performance Monitor
http://technet.microsoft.com/en-us/library/cc755081.aspx
Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com