Docstoc

Practice Test - Gattner

Document Sample
Practice Test - Gattner Powered By Docstoc
					Microsoft 70-643




    70-643 TS: Windows Server 2008 Applications
             Infrastructure, Configuring
                   Practice Test

                   Updated: Jan 19, 2010
                       Version 6.0
                                   Microsoft 70-643: Practice Exam
QUESTION NO: 1

CertKiller.com has a domain with Active Directory running on it. Windows Server 2008 is installed
on all the servers. You plan to deploy an image to 50 computers with no operating system
installed. For this you install Microsoft Windows Deployment Services on the network. When you
install the image on a test computer, a driver error shows up on the screen. What would you do to
change the image to include the correct driver?

A. Configure and map the image file to the installation folder which hosts the correct driver
B. Take the image file and mount it. Using the System Image Manager (SIM) utility, change the
image file
C. Open WDS server and update the driver through Device Manager
D. Take the image file and mount it. Run the sysprep utility to get the correct driver
E. None of the above

Answer: B




                                                               m
Explanation:
                                                       .co
To include the correct driver, you should mount the image file and change it using System Image
Manager (SIM). You need to include the correct driver in the image file so it will install with all the
correct drivers.
                                                sts

You should not configure and map the image file to the installation folder hosting the correct driver
because the image file is deployed in full. Windows Server 2008 will not consider the contents of
                                         lTe


the folder where image file resides. It will deploy the image file only with all its content


You cannot update the driver through Device Manager on WDS server. It has nothing to do with
                                 tua




the image file.


You cannot mount the image file and run sysprep utility. The sysprep utility cannot get the correct
                          Ac




driver for you and change the image file. The sysprep utility is related to WDS server and the
deployment of images to the client computers.



QUESTION NO: 2

CertKiller.com has a server that runs Windows Server 2008. As an administrator at CertKiller.com,
you install Microsoft Windows Deployment Service (WDS). While testing an image, you find out
that the image is outdated. What should you do to remove the image from the server?

A. Open the command prompt on the WDS server and execute WDSUTIL/Remove-Image and
/ImageType:install options
B. Open the command prompt on the WDS server and execute theWDSUTIL command
with/Export-Image and /ImageType: install options

                        "Pass Any Exam. Any Time." - www.actualtests.com                                  2
                                 Microsoft 70-643: Practice Exam
C. Open the command prompt on the WDS server and execute theWDSUTIL with /Export-Image
and /ImageType: boot options
D. Open the command prompt on the WDS server and execute theWDSUTIL command with
/Remove-Image and /ImageType:boot options
E. All of the above

Answer: A

Explanation:
To remove the image from the server, you should execute WDSUTIL/remove-image on the
command prompt at the WDS server. Then execute the WDSUTIL/image- type :install command
and install the new image. The WDSUTIL is a command specific to modify and view the images at
WDS server. You need to remove the image and then install the updated one using these
commands.




                                                           m
You cannot use the export-image parameter with WDSUTIL in this scenario. You have to remove
the image not to export it to a folder.
                                                    .co
You should not use the /image- type :boot parameter because you need to install a fresh image.
You don't need to boot the service for this.
                                             sts

QUESTION NO: 3
                                      lTe



CertKiller.com has four branch offices. To deploy the images, you install Microsoft Windows
Deployment Services (WDS) on the network. CertKiller.com creates 4 images for each branch
                               tua




office. There are a total of 16 images for CertKiller.com. You deploy these images through WDS. A
problem occurs in one branch office where the administrator reports that when he boots the WDS
client computer, some of the images for his regional office do not show up in the boot menu. What
                         Ac




should you do to ensure that every administrator can view all the images for his branch office?

A. Create separate image group for each branch office on the WDS server
B. Create a unique organizational unit for each branch office and create profiles for each computer
in the branch office
C. Organize a global group for each branch office and create profiles of each computer in a branch
office
D. Create a Global Unique Identifier for each computer to recognize its branch office and connect
it to the WDS server
E. None of the above

Answer: A

Explanation:


                      "Pass Any Exam. Any Time." - www.actualtests.com                           3
                                 Microsoft 70-643: Practice Exam
To ensure that every administrator can view all the images for his branch office, you should create
a separate image group for each branch office on the WDS server. A separate image will enable
all the administrators to view each image from their machine in the branch office.


You should not create an OU for each branch office. There is no logic in creating an OU for each
branch office and profiles for each computer in the branch office.


You should not organize a global group for each branch office. A global group can host all the
branch offices of CertKiller.com



QUESTION NO: 4

Microsoft Windows Deployment Services (WDS) is running on a Windows 2008 server. When you
try to upload spanned image files onto the WDS server, you receive an error message.




                                                           m
What should you do to ensure that image files can be uploaded?
                                                    .co
A. Combine the spanned image files into a single WIM file
B. Grant the Authenticated Users group Full Control on the \REMINST directory
                                              sts
C. Run the WDSutil/Convert command from command line on the WDS server
D. Run the WDSutil/add-image/imagefile:\\server\share\sources\install.wim/image type: install
command for each component file individually at the command line on WDS server
                                      lTe


E. None of the above

Answer: A
                               tua




Explanation:
When you try to upload spanned image files onto the WDS server, you received an error message
because you can only mount a single WIM file once for read/write access and therefore you need
                         Ac




to combine the spanned image files into a single WIM file to correct the problem .


Reference: The Desktop Files The Power User's Guide to WIM and ImageX / Using /mount, /
mountrw , and /delete
http://technet.microsoft.com/en-us/magazine/cc137794.aspx



QUESTION NO: 5

CertKiller.com has a Windows Server 2008 server within a single Active Directory domain. You are
the administrator of a server named CKWDS which runs Windows Server 2008. You install the
Windows Deployment Services (WDS) role on CKWDS. You are instructed to deploy the image of
a reference computer on 30 client computers. After capturing the reference computer image, you
find out that all the client computers have the same name. What should you do to ensure that each
                          "Pass Any Exam. Any Time." - www.actualtests.com                      4
                                 Microsoft 70-643: Practice Exam
client computer receives a unique security identifier?

A. Open the WDS snap-in and create an image group. Redeploy the image on all client computers
B. Execute wdsutil/nickname:yes command on CKWDS server command prompt and redeploy the
image on all client computers
C. Execute wdsutil/ser-server/prestageusingMAC:yes command on the CKWDS server command
prompt and redeploy the image on all client computers
D. Execute imagex/securityid:yes command on the CKWDS server command prompt and
redeploy the image to the client computers

Answer: C

Explanation:
To ensure that each client computer receives a unique security identifier, you should execute
wdsutil /ser-server/ prestageusingMAC :yes command on the CKWDS server command prompt
and redeploy the image on all client computers. Unique security identifier is a data structure of




                                                           m
variable length that identifies user, group, and computer accounts. Every account on a network is
issued a unique SID when the account is first created. Internal processes in Windows refer to an
                                                     .co
account's SID rather than the account's user or group name.
                                              sts
Reference: www.guardianedge.com/resources/glossary/active-directory.php
                                       lTe


QUESTION NO: 6

CertKiller.com has a server that runs Windows Server 2008. You installed the Windows
                                tua




Deployment Services (WDS) role on the server. You decide to install Windows Vista on a
computer that does not support Preboot Execution Environment (PXE). The Windows Vista image
is stored on the WDS server. You need to start the computer and install the Windows Vista image
stored on the WDS server. What should you create to achieve this task?
                         Ac




A. Image Boost
B. Discover image
C. PXE drivers image
D. WDS image
E. None of the above

Answer: B

Explanation:
To start the computer and install Windows Vista image stored on the WDS server, you should
create the Discover image. If you have a computer that is not PXE enabled, you can create a
discover image and use it to install an operating system on that computer. When you create a
discover image and save it to media (CD, DVD, USB drive, and so on), you can then boot a

                       "Pass Any Exam. Any Time." - www.actualtests.com                             5
                                 Microsoft 70-643: Practice Exam
computer to the media. The discover image on the media locates a Windows Deployment
Services server, and the server deploys the install image to the computer. You can configure
discover images to target a specific Windows Deployment Services server. This means that if you
have multiple servers in your environment, you can create a discover image for each, and then
name them based on the name of the server.


Reference : http://technet2.microsoft.com/WindowsVista/en/library/9e197135-6711-4c20-bfad-
fc80fc2151301033.mspx?mfr=true



QUESTION NO: 7

You are an enterprise administrator for CertKiller.com. CertKiller.com has recently updated a
master installation. CertKiller.com plans to have the master image captured for deployment.
CertKiller.com has later discovered that the master installation needs to be resealed.




                                                           m
What should you do?

A. The Windows SIM utility should be used to reseal.
                                                    .co
B. The Sysprep utility should be used to reseal.
                                             sts
C. The imagex command line utility should be used to reseal.
D. The Windows PE utility should be used to reseal.
                                      lTe


Answer: B

Explanation:
                               tua




The Microsoft Sysprep Utility shipped with Windows can be used to prepare installation images of
Windows by removing all the unique system information from the existing Windows installation.
Incorrect Answers:
A: The Windows System Image Manager (SIM) tool can not be used for this purpose because the
                         Ac




tool is used to create unattended Windows Setup answer files.
C: The ImageX utility can not be used for this purpose because the ImageX utility is used to
capture modify and apply WIM images.
D: The Windows PE utility can not be used for this purpose because the Windows PE utility is
used to boot from a CD to service a hard disk.



QUESTION NO: 8

You are an enterprise administrator for CertKiller.com. CertKiller.com has recently acquired 25
new client computers. CertKiller.com later installed the Windows Deployment Service (WDS) role
to a server named CKSERVER1. CertKiller.com wants to make use of Windows Deployment
Service (WDS) to deploy Windows Vista RTM to the PXE compliant client computers. You are
required to make the required configurations to the Windows Deployment Service (WDS) for the
                      "Pass Any Exam. Any Time." - www.actualtests.com                          6
                                Microsoft 70-643: Practice Exam
answer file.


What should you do? (Choose two)

A. The Boot.wim file must be added from the Path\Sources folder of the Windows Vista RTM
media to the image store.
B. The Install.wim file should be added from the Path\Sources folder of the Windows Vista RTM
media to the image store.
C. The PXE Server Initial Settings must be configured to allow both known and unknown clients.
D. On a FAT32 formatted disk create a Path\RemoteInstall folder.

Answer: A,D

Explanation:
The Boot.wim file packaged with Windows Server 2008 or Windows Vista SP1 media can be used
for taking advantage of the enhancements of Windows Server 2008. The Windows Deployments




                                                         m
Services are additionally not supported on FAT 32 formatted disks.
Incorrect Answers:
                                                   .co
B: You should not make use of the Install.wim file shipped with Windows Server 2008 because
you would be effectively mixing up images.
                                            sts
C: You should not configure PXE server initial settings as this is not required since you have
chosen the most restrictive settings possible.
                                     lTe



QUESTION NO: 9
                              tua




You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a server
named CKSERVER1 to host the Windows Deployment Service (WDS) role. CertKiller.com has
later created a Windows Vista image stored on CKSERVER1. CertKiller.com wants you to install
Windows Vista from the image on a client computer which is not PXE compliant.
                        Ac




What should you do?

A. A Discover image should be used to boot the computer and discover CKSERVER1.
B. A DOS-bootable disk must be used to install the image with the SIM command.
C. A disk containing PXE drivers should be created.
D. A new image should be captured for non PXE compliant computers.

Answer: A

Explanation:
You should make use of the discover image only when network clients do not support PXE
because the discover image is used to discover the Windows Deployment Services (WDS) server
CKSERVER1.

                      "Pass Any Exam. Any Time." - www.actualtests.com                           7
                                 Microsoft 70-643: Practice Exam
Incorrect Answers:
B: You should not make use of a DOS bootable disk because the discovery image should be used
for discovering CKSERVER1.
C: You should not make a disk which contain PXE drivers because the discovery image should be
used for discovering CKSERVER1.
D: You should not make a new image because CKSERVER1 has images to use and you are
required to discover the Windows Deployment Services (WDS) server.



QUESTION NO: 10

You are an enterprise administrator for CertKiller.com. CertKiller.com has recently deployed
Windows Deployment Service (WDS) to a member server. CertKiller.com has later discovered that
the software does not function as expected. CertKiller.com wants to know why the image store
doest not work and why the enhancements of the Windows 2008 Windows Deployment Service




                                                           m
(WDS) can not be used? (Choose two)

                                                    .co
A. The Install.wim file must be used from Windows Server 2008 or Windows Vista SP1 media to
take advantage of the enhancements.
B. The Boot.wim file must be used from Windows Server 2008 or Windows Vista SP1 media to
                                             sts
take advantage of the enhancements.
C. The Path/RemoteInstall folder must be on a NTFS volume.
D. Only the known clients should be allowed with the PXE Server Initial Settings.
                                      lTe



Answer: B,C
                               tua




Explanation:
The Boot.wim file packaged with Windows Server 2008 or Windows Vista SP1 media can be used
for taking advantage of the enhancements of Windows Server 2008. The Windows Deployments
Services are additionally not supported on FAT 32 formatted disks.
                         Ac




Incorrect Answers:
A: You should not make use of the Install.wim file shipped with Windows Server 2008 because
you would be effectively mixing up images.
D: You should not configure PXE server initial settings as this is not required since you have
chosen the most restrictive settings possible. Section 2, Configure Microsoft Windows activation (9
Questions)



QUESTION NO: 11

CertKiller.com has upgraded all of the servers in its network to Windows Server 2008.
CertKiller.com also directed you to install Windows Vista on all client machines. You install
Windows Vista on the client machines and Windows Server 2008 on the servers. You use a
Multiple Activation Key (MAK) to activate the new operating systems on the network. You use
                       "Pass Any Exam. Any Time." - www.actualtests.com                          8
                                 Microsoft 70-643: Practice Exam
proxy activation over the internet using the Volume Activation Management Tool (VAMT). The
Windows Vista client computers were successfully activated using this method but the Windows
Server 2008 failed to activate using VAMT. What should you do to ensure that the Windows
Server 2008 is activated on all the servers?

A. Contact Microsoft Support Center and activate the Windows server 2008 over the phone
B. Upgrade VAMT using Windows Server 2008 RTM for VAMT to function with Windows Server
2008 Volume Licensing
C. Upgrade VAMT using Key Management Service (KMS) for Windows Server 2008 RTM to
function with Windows Server 2008 Volume Licensing
D. Contact Microsoft Support Center and activate Windows Server 2008 over the internet using
MAK only
E. All of the above

Answer: B




                                                           m
Explanation:
To ensure that the Windows Server 2008 is activated on all the servers, you should upgrade
                                                    .co
VAMT using Windows Server 2008 RTM for VAMT. You have to update VAMT at Windows Server
2008 RTM for VAMT to function with Windows Server 2008 volume licensing. VAMT (Volume
                                              sts
Activation Management Tool) is a volume licensing tool for all flavors of Windows Vista.


There are various activation methods available for volume licensing. These methods use two
                                      lTe


types of customer specific keys: Multiple Activation Key (MAK) and Key Management Service
(KMS).
The VAMT tool is used to activate the license through a proxy over the internet. VAMT is a tool for
                               tua




Windows Vista and to use it for Windows Server 2008, it needs an update.
                         Ac




QUESTION NO: 12

CertKiller.com has added 4 servers to its network. As an administrator at CertKiller.com, you
install Windows Server 2008 Enterprise edition on two servers and Windows Server 2008 storage
server enterprise on the other two servers. You want to automatically activate both editions of
Windows Server 2008 without any administrator or Microsoft intervention. You also want the
activation to occur every 6months. Which volume activation service should you use to
automatically activate both editions of Windows Server 2008?

A. Multiple Activation Key(MAK)
B. Volume Activation Management Tool (VAMT)
C. Volume Activation 1.0 (VA 1.0)
D. Key Management Service (KMS)
E. None of the above


                      "Pass Any Exam. Any Time." - www.actualtests.com                            9
                                 Microsoft 70-643: Practice Exam
Answer: D

Explanation:
You should use KMS to activate both editions of Windows Server 2008. KMS automatically
activates Windows Vista and Windows Server 2008. Computers that are been activated by KMS
are required to reactivate by connecting to a KMS host at least once every six months.


The VL editions of Windows Serve 2008 and Windows Vista are installed as KMS clients by
default. The clients can automatically discover the KMS hosts on the network with a properly
configured KMS infrastructure. The clients can also activate using KMS infrastructure without
administrative or user intervention.



QUESTION NO: 13




                                                           m
CertKiller has main office and a branch office. The main office is running 20 Windows Server 2008
computers and 125 computers running Windows XP Professional. The branch office is running 3
                                                    .co
Windows Server 2008 computers and 50 Windows XP Professional.
Computers in the main office have access to Internet. All servers have the same security
configuration and there are no plans in the near future to add new servers or systems to the
                                             sts
network.


You installed the Volume Activation Management Tool (VAMT) on a server named CertKiller_DC1
                                      lTe


in the main office and added all servers to the VAMT server and configured the servers for Multiple
Activation Key (MAK) independent activation.
                               tua




Servers at the branch office are unable to activate Windows Server 2008. What should you do to
activate Windows server 2008 on all servers?
                         Ac




A. Install a Management Activation Key (MAK) server on the network
B. Configure MAK Proxy activation on all servers in the branch office
C. Configure Windows Management Instrumentation (WMI) Firewall Exception on all servers in the
branch office
D. Open VAMT on CertKiller_DC1 and export the Computer Information List (CIL). Send this file to
Microsoft Technical support for activation
E. None of the above

Answer: B

Explanation:
To activate Windows server 2008 on all servers, you need to configure MAK Proxy activation on
all servers in the branch office. The MAK can be activated by using two methods, MAK
Independent Activation and MAK Proxy Activation.


                      "Pass Any Exam. Any Time." - www.actualtests.com                          10
                                 Microsoft 70-643: Practice Exam
MAK Independent Activation is used when each computer is activated individually by connecting
to Microsoft servers over the Internet or by telephone and MAK Proxy Activation is used when the
Volume Activation Management Tool (VAMT) is installed on a server and you need to activate
multiple computers at the same time through a single connection to Microsoft servers over the
Internet or phone.


Therefore, instead of MAK Independent Activation you need to use MAK Proxy activation on all
servers in the branch office.


Reference : Frequently Asked Questions About Volume License Keys for Windows Vista and
Windows Server 2008
http://www.microsoft.com/licensing/resources/vol/ActivationFAQ/default.mspx



QUESTION NO: 14




                                                            m
You are the network administrator for CertKiller. You configured a Windows server 2008 server
                                                     .co
named CertKiller_KM1 as a Key Management Service (KMS) host.


This server is also configured as a Windows Sharepoint Services server. This network currently
                                              sts

has 18 computers with the Windows Vista KMS client and you have recently added 10 more
Windows Vista KMS client systems to the network.
                                       lTe


These 10 additional client computers are installed using a Windows Vista image file. The KMS
host is unable to activate any of the KMS client computers in the network. What should you do?
                                tua




A. Install KMS on a dedicated Windows Sever 2008
B. Run Sysprep /generalize on the Vista reference computer used to create image
C. Run slmgr.vbs/rearm Vista reference computer used to create image
                         Ac




D. Run slmgr.vbs/dli on the KMS host computer
E. Run slmgr.vbs/cpri on the KMS host computer
F. None of the above

Answer: B

Explanation:
To activate the KMS client computers in the network, you need to run the Sysprep /generalize on
the Vista reference computer used to create the image. sysprep /generalize is used to reset
activation and other system-specific information as the last step before storing or capturing the VM
image. If sysprep /generalize is not used, the activation timer will run down while the product is in
storage and the KMS host will be unable to activate any of the KMS client computers in the
network.



                       "Pass Any Exam. Any Time." - www.actualtests.com                           11
                                  Microsoft 70-643: Practice Exam
Reference: KMS host is unable to activate any of the KMS client computers in the network
http://blog.windowsvirtualization.com/virtualization/faq-virtalization-and-volume-activation-20



QUESTION NO: 15

CertKiller.com has an Active Directory domain. You are an administrator at CertKiller.com. You
administer a server named CKKMS that runs Windows Server 2008. CertKiller.com has instructed
you to deploy Windows Server 2008 on 12 new servers. You install the first two servers. The
servers fail to activate Windows Server 2008 using CKKMS. You need to activate the new servers
through the KMS server. What should you do to achieve this task?

A. Configure the Windows Firewall to have Windows Management Instrumentation exceptions on
the new servers.
B. Complete the installation of the remaining 10 servers




                                                             m
C. Install Volume Activation Management Tool (VAMT) on the CKKMS server and configure
Multiple Activation Key (MAK) service
                                                      .co
D. Install VAMT and configure MAK independent activation
E. All of the above
                                               sts
Answer: B

Explanation:
                                       lTe


To activate the new server through KMS server, you should complete the installation of the
remaining 10 servers. The Key Management Service is a Windows service. KMS is a trusted
mechanism that, once the KMS host is activated, allows volume client computers within the
                                tua




enterprise to activate themselves without any interactions with Microsoft. KMS activation of
Windows Server 2008 follows a hierarchical structure. Each successive product group can activate
all the groups below it, and the KMS can be hosted on any edition that it can activate.
                          Ac




QUESTION NO: 16

CertKiller.com has a single Active Directory domain named CertKiller.com. All servers in the
domain run Windows Server 2008. There are two domain controllers in the network: ED1 and ED2
and the DNS service is installed on the domain controllers. Both DNS servers host Active
Directory integrated zones that are configured to allow secure updates. ED1 has Key Management
Services (KMS) installed and activated. During maintenance, you find that the KMS service locater
records from the CertKiller.com zone hosted on ED1 and ED2 are missing. You need to force
registration of the KMS service locator records in the CertKiller.com zone. What should you do to
correct this problem?

A. Execute slmgr.vbs script on ED1 at the command prompt


                       "Pass Any Exam. Any Time." - www.actualtests.com                           12
                                 Microsoft 70-643: Practice Exam
B. Configure non-secure updates on CKing.com
C. Execute the net stop netlogon command on ED2 and run net start logon command
D. At the command prompt on ED1, run net stop sppsvc command and after that execute the net
start sppsvc command

Answer: D

Explanation:
To force registration of the KMS service locator records in the CertKiller.com zone, you should run
the net stop sppsvc command at the command prompt and then execute the net start sppsvc
command. This whole procedure is to start the KMS service locator records to force registration in
the CertKiller.com zone.



QUESTION NO: 17




                                                           m
CertKiller.com has an Active Directory domain. You are the administrator of a server named
                                                    .co
CKKMS that runs Windows Server 2008. You install and configure the Key Management Service
(KMS) on CKKMS. You plan to deploy Windows Server 2008 on 10 new servers. You install the
first two servers. The servers fail to activate by using KMS1. You need to activate the new servers
                                              sts
by using the KMS server. What should you do to achieve this task?

A. Configure Windows Management Instrumentation (WMI) exceptions in Windows Firewall on the
                                      lTe


new servers.
B. Install Volume Activation Management Tool (VAMT) on the KMS server and configure Multiple
Activation Key (MAK) Proxy Activation.
                               tua




C. Install Volume Activation Management Tool (VAMT) on the KMS server and configure Multiple
Activation Key (MAK) Independent Activation.
D. Complete the installation of the remaining eight servers.
E. None of the above
                         Ac




Answer: D

Explanation:
To activate the new servers using KMS server, you should complete the installation of the
remaining eight servers. The Key Management Service is a Windows service. KMS is a trusted
mechanism that, once the KMS host is activated, allows volume client computers within the
enterprise to activate themselves without any interactions with Microsoft. KMS activation of
Windows Server 2008 follows a hierarchical structure. Each successive product group can activate
all the groups below it, and the KMS can be hosted on any edition that it can activate.



QUESTION NO: 18


                      "Pass Any Exam. Any Time." - www.actualtests.com                          13
                                Microsoft 70-643: Practice Exam
You are an enterprise administrator for CertKiller.com. CertKiller.com has its headquarters in
Miami and a branch office in Toronto. The Toronto office has recently acquired twelve new client
computers and three servers. CertKiller,com wants you to have the client computers and servers
deployed with Windows Vista and Windows Server 2008. CertKiller.com wants to know which
operating systems at the Toronto office are eligible for KMS licensing.


What should you do?

A. Windows Vista and Windows Server 2008 are eligible.
B. Windows Server 2008 and Windows Vista are not eligible.
C. Windows Server 2003 is eligible.
D. Windows XP is eligible.

Answer: A

Explanation:




                                                           m
The Microsoft Operating systems Windows Vista and Windows Server 2008 are both capable of
running the Microsoft Key Management Services (KMS) service.
Incorrect Answers:
                                                    .co
B: This information is incorrect because the operating systems can support Microsoft Key
                                             sts
Management Services (KMS).
C: This information is incorrect because the operating systems can not support Microsoft Key
Management Services (KMS).
                                      lTe


D: This information is incorrect because the operating systems can not support Microsoft Key
Management Services (KMS).
                               tua




QUESTION NO: 19

You are an enterprise administrator for CertKiller.com. CertKiller.com has recently decided to
                         Ac




setup a research subnet which will have no Internet access. CertKiller.com has later decided to
have the research subnet computers activated. CertKiller.com wants to know the most efficient
way to activate the 15 volume-license.


What should you do?

A. The KMS host activation should be used.
B. The Retail key activation should be used.
C. The MAK proxy activation must be used.
D. The MAK-independent activation must be used.

Answer: C




                      "Pass Any Exam. Any Time." - www.actualtests.com                            14
                                  Microsoft 70-643: Practice Exam
Explanation:
You should make use of MAK proxy activation as it is suited for activating fewer than 25
computers running Windows Vista which are not connected to the Internet. MAK proxy activation
also makes use of an XML file to gather the installation IDs from the clients to be activated.
Incorrect Answers:
A: You should not make use of this action because insufficient amounts of computers are on the
research subnet to support a KMS host.
B: You should not perform this action because it is stated that you previously obtained the required
licenses.
D: You should not make use of MAK-independent activation as this would require activating each
computer via telephone. Section 3, Configure Windows Server Hyper-V and virtual machines (22
Questions)



QUESTION NO: 20




                                                             m
CertKiller.com has a single Active Directory domain named CertKiller.com. For security,
                                                      .co
CertKiller.com has an ISA 2006 server functioning as a firewall. You configure user access
through virtual private network services by deploying PPTP (Point-to-Point Tunneling Protocol).
When a user connects to the VPN service, an error occurs. The error message says "Error 721:
                                               sts

The remote computer is not responding." What should you do to ensure that the users connect to
the VPN service?
                                        lTe


A. Open the port 2200 on the firewall
B. Open the port 1423 on the firewall
C. Open the port 1723 on the firewall
                                tua




D. Open the port 721 on the firewall
E. All of the above
                          Ac




Answer: C

Explanation:
To ensure that users can connect to VPN service, you should open the port 1723 on the firewall.
The port 1723 is a TCP port for PPTP tunnel maintenance traffic. For VPN connections, you need
to open this port for PPTP tunnel maintenance traffic and permit IP Type 47 Generic Routing
Encapsulation (GRE) packets for PPTP tunnel data to pass to your RRAS server's IP address.


You cannot open port 721. The port 721 on the firewall is a printer port so it is not related to VPN
connection



QUESTION NO: 21 DRAG DROP



                       "Pass Any Exam. Any Time." - www.actualtests.com                            15
                                 Microsoft 70-643: Practice Exam
CertKiller has a server named CK1 that runs Windows Server 2008 and Microsoft Virtual Server
2005 R2.
You want to create eight virtual servers that run Windows Server 2008 and configure the virtual
servers as an Active Directory forest for testing purposes in the CertKiller Lab. You discover that
CK1 has only 30 GB of hard disk space that is free. You need to install the eight new virtual
servers on CK1.


From the steps shown, what steps need to be completed in a specific order?




                                                             m
                                                     .co
                                               sts
                                       lTe


Answer:
                                tua
                         Ac




Explanation:




                       "Pass Any Exam. Any Time." - www.actualtests.com                           16
                                  Microsoft 70-643: Practice Exam




To install the eight new servers on CK1, you need to create a virtual server with a 10 GB fixed-size
virtual hard disk and then install Windows Server 2008. After that, you should create eight




                                                             m
differencing virtual hard disks and then create eight virtual servers with a differencing virtual hard
disk attached.
                                                      .co
The virtual hard disk should be created first because you need space for eight virtual servers. The
                                               sts
fixed-size virtual hard disk can be created through a virtual server. Then you install Windows
Server 2008 on it. After that you have to allocate the space for eight virtual servers. To do that,
you create differencing virtual hard disk to solve the space problem. Then you create the eight
                                       lTe


virtual servers with differencing virtual hard disk attached .
                                tua




QUESTION NO: 22

When you create a virtual machine in Windows server 2008, the guest OS configuration (memory,
disk, network, etc) can be saved into a file. What is the format of the file which stores the
                          Ac




configuration details?

A. HTML formatted file
B. XML formatted file
C. Text file
D. Word file
E. None of the above

Answer: B

Explanation:
The XML formatted file stores the guest OS configuration details such as memory, disk, and
network to create the Virtual Machine.


Reference: Testing Windows Server 2008 using Virtual PC (step-by -step) / Create a Virtual
                    "Pass Any Exam. Any Time." - www.actualtests.com                               17
                                 Microsoft 70-643: Practice Exam
Machine
http://blogs.technet.com/josebda/archive/2007/08/05/testing-windows-server-2008-using-virtual-
pc-step-by-step.aspx



QUESTION NO: 23

CertKiller runs Microsoft virtual server 2005 R2 on a Windows Server 2008 server. This server
hosts 5 virtual machines.


For some time, you have been experiencing performance degradation. Upon investigation it is
revealed that you are running low on disk space on the volume where the virtual machine disk files
are stored.


You plan to move some of the virtual disk image files onto other volume. What should you do?




                                                            m
A. Shutdown the virtual machines and delete the symbolic link from the folder
                                                     .co
%systemroot%\ProgramData\Microsoft\Windows\virtualisation\Virtual Machines and then move
VHD files to new volume
B. Create a new symbolic link to the virtual machine's XML configuration file and then move VHD
                                              sts
files to new volume
C. Open the virtual machine's configuration file and update any references to physical paths and
then move VHD files to new volume
                                       lTe


D. In the Windows Virtualization Management MMC console Move the virtual machines files to
new volume
E. None of the above
                               tua




Answer: A

Explanation:
                         Ac




:
To move some of the virtual disk image files onto other volume, you need to shutdown the virtual
machine and Delete the symbolic link from the folder systemroot %\ ProgramData
\Microsoft\Windows\virtualization\Virtual Machines and then move VHD files to new volume.


Windows Server 2008 Hyper-V stores a list of virtual machines in systemroot %\ ProgramData
\Microsoft\Windows\virtualization\Virtual Machines folder. It also contains a set of symbolic links
that are linked to the actual config files for each virtual machine. Therefore you need to shutdown
the virtual machine and Delete the symbolic link from the folder before moving files.


Reference : Moving a Windows Server 2008 Hyper-V virtual machine
http://www.adopenstatic.com/cs/blogs/ken/archive/2008/01/14/15467.aspx



                      "Pass Any Exam. Any Time." - www.actualtests.com                           18
                                  Microsoft 70-643: Practice Exam



QUESTION NO: 24

CertKiller.com has a server that runs Windows Server 2008. The server virtualization role service
is installed on this server. It also hosts a virtual machine. The Virtual machine runs Windows
Server 2008. You are planning to install a new application on the virtual machine. You have to
ensure that you can restore the Virtual machine to its original state if the application installation
fails. What should you do to achieve this objective?

A. Create a snapshot of the Virtual machine from the Virtualization Management Console
B. Backup the Virtual machines using Windows Backup utility
C. Save the state of the virtual machine through Virtualization Management Console
D. Use a third-party backup software to backup the date on Virtual machine and put it on the
server




                                                              m
Answer: A

Explanation:
                                                       .co
To ensure that you can restore the Virtual machine to its original state if an application installation
fails, you should create a snapshot of the virtual machine using the Virtualization Management
                                                sts

Console. You can always restore the virtual machines in its original state by using the snapshot
you created.
                                        lTe



QUESTION NO: 25
                                 tua




CertKiller.com has a server named CKS which runs Windows Server 2008 and Microsoft Hyper-V.
You have installed two virtual machines on this server which run Windows Server 2003. What
should you do to configure the virtual machines to revert back to their original state in their event
                          Ac




of system failure?

A. Create a backup of .vmc files for each virtual machine using Windows backup utility
B. On each virtual machine running Windows Server 2003, create a backup of all volumes
C. Using Virtual Services Manager, take a snapshot of the virtual machines.
D. Create restore points on each virtual machine by using the Windows Server 2003 system
restore

Answer: C

Explanation:
To configure the virtual machines to revert back to their original state in the event of system
failure, you should create a snapshot of the virtual machines through Virtual services manager.
You can revert the VM back to its original state by using the snapshot you created.


                       "Pass Any Exam. Any Time." - www.actualtests.com                              19
                                  Microsoft 70-643: Practice Exam



QUESTION NO: 26

CertKiller.com has a server named CKV1 which runs Windows Server 2008 and Microsoft Hyper-
V. 30 virtual machines are hosted on CKV1. CertKiller.com has instructed you to configure CKV1
to shut down each virtual machine running on it before it shut downs itself. What should you do to
achieve this task?

A. Open the Automatic stop action properties on each virtual machine and Enable the Shut down
the guest operating system option.
B. Write a custom shutdown script for each virtual machine
C. Open the Automatic stop action properties on each virtual machine and Disable the Never shut
down option.
D. Open the general properties of each virtual machine and Enable the Shut down on Prompt




                                                             m
option.
E. None of the above

Answer: A
                                                      .co
Explanation:
                                               sts

To ensure that each virtual machine running on the server shuts down before the server
shutdown, you should enable the Shut down the guest operation system option in the Automatic
                                        lTe


stop action properties on each virtual machine. When you enable the Shut down the guest
operating system option, the server turns off the virtual machines before shutting down itself. It is
very important to shut down the virtual machines before shutting down the server because it can
                                tua




corrupt the virtual machine files. The Automatic Stop action properties can be accessed on the
virtual machine.
                          Ac




QUESTION NO: 27

You are an enterprise administrator for CertKiller.com. All the servers on the network run Windows
Server 2008. The network contains a server named CertKillerServer1 that runs Microsoft Hyper-V
and hosts three virtual machines.


To fulfill a network requirement, you need to configure all of the virtual machines to connect to
each other. However, the company policy states that the virtual machines must not connect to the
company network.


Which of the following options would you choose to ensure that all of the virtual machines connect
to each other and also meet the company policy?



                       "Pass Any Exam. Any Time." - www.actualtests.com                             20
                                  Microsoft 70-643: Practice Exam
A. Enable the Enable virtual LAN identification option for each virtual machine
B. Enable the Enable virtual LAN identification option for each virtual machine and then set the
Connection to Host for the network interface card.
C. Enable the Enable virtual LAN identification option for each virtual machine and then Set the
Connection to None for the network interface card
D. Select the Not connected option for each virtual machine.

Answer: B

Explanation:
To ensure that all the virtual machines connect to each other and you also meet the company
policy, you need to first enable the Enable virtual LAN identification option for each virtual machine
and then set the Connection to Host for the network interface card. You can use virtual LAN
identification as a way to isolate network traffic. However, this type of configuration must be
supported by the physical network adapter.




                                                             m
Reference : Step-by-Step Guide to Getting Started with Hyper-V To create a virtual network
                                                      .co
http://technet2.microsoft.com/windowsserver2008/en/library/c513e254-adf1-400e-8fcb-
c1aec8a029311033.mspx?mfr=true
                                               sts

QUESTION NO: 28
                                       lTe


You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. The Windows Server virtualization role service is installed on
two servers named CertKillerServer1 and CertKillerServer2.
                                tua




Which of the following options would you choose to remotely manage the virtualization settings of
CertKillerServer2 from CertKillerServer1?
                          Ac




A. From the Virtualization Management Console, right-click Virtualization Services and then click
Connect to Server.
B. Run vmconnect.exe CertKillerServer2.
C. Run vmconnect.exe CertKillerServer1 CertKillerServer2.
D. From the Virtualization Management Console, right-click CertKillerServer1 on the left pane,
point to New, and then click Virtual machine.

Answer: A

Explanation:
To remotely manage the virtualization settings of CertKillerServer2 from CertKillerServer1, you
need to right-click Virtualization Services from the Virtualization Management Console and then
click Connect to Server.


                       "Pass Any Exam. Any Time." - www.actualtests.com                            21
                                 Microsoft 70-643: Practice Exam
You can manage multiple Hyper-V server instances in the management console's left pane.
Selecting a server instance displays that server's VMs in the center Virtual Machines pane. You
can manage the VMs by right-clicking them and selecting the desired commands on the context
menu. The Connect command allows you to connect to a running VM, which starts the Virtual
Machine Connection window.


Reference : A First Look at Windows Server 2008 Hyper-V
http://windowsitpro.com/Windows/Articles/ArticleID/97857/pg/2/2.html



QUESTION NO: 29

You are an enterprise administrator for CertKiller.com. All the servers on the network run Windows
Server 2008. The network contains a server that has the Windows Server virtualization role
service installed.




                                                            m
You create a new virtual machine, install Windows Server 2008 on it, and configure it to use the
                                                     .co
physical network card of the host server. After this installation and configuration of the virtual
machine, you are unable to access network resources from the virtual host server.
                                              sts

Which of the following options would you choose to ensure that the virtual host can connect to the
physical network?
                                       lTe


A. Install the MS Loopback adapter on the virtual machine.
B. Enable the Multipath I/O feature on the host server.
C. Install Windows Server virtualization Guest Integration Components on the virtual machine.
                                tua




D. Install the MS Loopback adapter on the host server.
E. None of the above
                         Ac




Answer: C

Explanation:
To ensure that the virtual host can connect to the physical network, you need to install Windows
Server virtualization Guest Integration Components on the virtual machine.
The network adapter in the VM ported from Virtual Server to Windows Server is no longer
recognized. The workaround is to add a legacy network adapter to the VM. The network adapter
seen by the guest OS is not an emulated device (DEC/Intel 21140 Ethernet adapter). It is an
entirely new, high performance, purely synthetic device available as part of the Windows Server
virtualization Integration Components call Microsoft VMBus Network Adapter


Reference: Archive for the 'Virtual Server/PC/ WSv /Hyper-V' Category / Windows Server 2008
Common FAQ (condensed)
http://www.leedesmond.com/weblog/index.php?cat=6&paged=3

                       "Pass Any Exam. Any Time." - www.actualtests.com                              22
                                 Microsoft 70-643: Practice Exam



QUESTION NO: 30

You are an enterprise administrator for CertKiller.com. CertKiller.com recently deployed the Hyper-
V role to a member server. A new CertKiller.com trainee wants to know which feature is only
available on Hyper-V and not Virtual PC or Virtual Server.


What should you do?

A. Only Hyper-V supports 64-bit guest support.
B. Only Hyper-V supports 64-bit host support.
C. Only Hyper-V supports Network Load Balancing
D. Only Hyper-V can assign a host processor to a virtual machine on multiprocessor hosts.

Answer: A




                                                            m
Explanation:
                                                       .co
This information is correct because the Windows Server Hyper-V technology only supports 64-bit
guests.
Incorrect Answers:
                                              sts

B: This information is not correct because all three of the Microsoft technologies allow 64-bit host
support.
                                       lTe


C: This information is not correct because Microsoft Virtual Server and Windows Server Hyper-V
support Network Load Balancing (NLB).
D: This information is not correct because Windows Server Hyper-V Virtual PC and Virtual Server
                                tua




support assigning a host processor to a virtual machine on multiprocessor hosts.
                         Ac




QUESTION NO: 31

You are an enterprise administrator for CertKiller.com. CertKiller.com has recently decided to have
physical to virtual conversions performed of servers. A new CertKiller.com trainee wants to know
which of the tools can be used for helping physical to virtual conversion of servers.


What should you do?

A. The Virtual Server Migration Toolkit can be used.
B. The Hyper-V tool can be used.
C. The Virtual Server tool can be used.
D. The Virtual PC tool can be used.

Answer: A



                       "Pass Any Exam. Any Time." - www.actualtests.com                           23
                                 Microsoft 70-643: Practice Exam
Explanation:
You should make use of the Virtual Server migration Toolkit which can be downloaded free and
simplifies the migration from physical-to-virtual (P2V).
Incorrect Answers:
B: You should not make use of the Windows Hyper-V utility because assisted physical-to-virtual
migration is not a feature of Windows Hyper-V utility.
C: You should not make use of the Virtual Server utility because assisted physical-to-virtual
migration is not a feature of Virtual Server utility.
D: You should not make use of the Virtual PC utility because assisted physical-to-virtual migration
is not a feature of Virtual PC utility.



QUESTION NO: 32

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member




                                                            m
server named CKSERVER1 hosting the Hyper-V role for hosting several Windows Server 2008
hosts. CertKiller.com has recently discovered that their database application is automatically
                                                     .co
shutting down. CertKiller.com wants you to troubleshoot the problem to determine what is wrong.


What should you do?
                                              sts

A. The Resource Manager must be started on CKSERVER1.
B. The Resource Manager must be viewed on the virtual machines running the database.
                                       lTe


C. The Event Viewer logs must be viewed on the virtual machines running the database.
D. The Event Viewer logs must be viewed on CKSERVER1.
                               tua




Answer: C

Explanation:
You should make use of the Event Viewer because this situation should be handled like any other
                         Ac




application failing on a physical server by checking the Event Viewer and on the virtual server
should be handled the same way using the Event Viewer.
Incorrect Answers:
A: You should not make use of the Resource Manager because the Event Viewer gives you
details about why the application failed and the Resource Manager informs you when running low
on resources like RAM.
B: You should not make use of the Resource Manager because the Event Viewer gives you
details about why the application failed and the Resource Manager informs you when running low
on resources like RAM.
D: You should not make use of the Event Viewer on CKSERVER1 because the application fails on
the virtual machines.




                      "Pass Any Exam. Any Time." - www.actualtests.com                           24
                                 Microsoft 70-643: Practice Exam


QUESTION NO: 33

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a Server Core
installation of Microsoft Windows Server 2008. CertKiller.com has recently decided that they
should make use of Hyper-V. CertKiller.com wants you to install the Hyper-V role on the Server
Core installation of Windows Server 2008.


What should you do?

A. The servermanagercmd.exe -allSubFeatures Microsoft -Hyper-V command must be run on the
server.
B. The Add Roles Wizard should be run using Server Manager to add the Hyper-V role.
C. The servermanager.exe -install Microsoft -Hyper-V command must be run on the server.
D. The start /w ocsetup Microsoft -Hyper-V command must be run on the server.




                                                            m
Answer: D

Explanation:
                                                      .co
When running Server Core Windows Server 2008 you should make use of the start /w ocsetup
Microsoft -Hyper-V command to have the Hyper-V role installed.
                                              sts

Incorrect Answers:
A: You should not make use of these options because the servermanagercmd.exe and
                                       lTe


servermanager.exe commands are not used to install Hyper-V on a Server Core installation.
B: You should not make use of the Add Roles Wizard because the Hyper-V role can not be
installed on a Server Core computer.
                               tua




C: You should not make use of these options because the servermanagercmd.exe and
servermanager.exe commands are not used to install Hyper-V on a Server Core installation.
                         Ac




QUESTION NO: 34

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of Microsoft
Windows Server 2008 as their network operating system. A new CertKiller.com trainee wants to
know which file extension is used by the XML configuration file for a virtual machine in Hyper-V.


What should you do?

A. The XML configuration file has a .bak extension.
B. The XML configuration file has a .vhd extension.
C. The XML configuration file has a .vmc extension.
D. The XML configuration file has a .vsv extension.




                      "Pass Any Exam. Any Time." - www.actualtests.com                              25
                                  Microsoft 70-643: Practice Exam
Answer: C

Explanation:
The XML configuration file would have a . vmc extension because the . vmc file holds the
configuration files used for virtual machines.
Incorrect Answers:
A: The XML configuration file would not have a .bak extension because the .bak extension file is a
generic backup file.
B: The XML configuration file would not have a .vhd extension because the .vhd extension file
holds the drive content for the virtual machine.
D: The XML configuration file would not have a .vsv extension because the .vsv extension is a
save-state file.



QUESTION NO: 35




                                                              m
You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of Microsoft
                                                      .co
Windows Server 2008 as their network operating system. A new CertKiller.com trainee wants to
know which of the options presented below are not requirements for running Hyper-V [Choose 2].
                                               sts
What should you do?

A. Windows Server 2008 64-bit version is not required.
                                        lTe


B. Microsoft Internet Information Services (IIS) is not required.
C. Processor hardware-assisted virtualization is not required.
D. Processor DEP is not required.
                                tua




Answer: A,B

Explanation:
                          Ac




The information stated here is correct because Microsoft Internet Information Services (IIS) is not
required to run Hyper-V.
Incorrect Answers:
C: The information stated here is incorrect because Windows Server Hyper-V requires processor
hardware-assisted virtualization and processor DEP.
D: The information stated here is incorrect because Windows Server Hyper-V requires processor
hardware-assisted virtualization and processor DEP.



QUESTION NO: 36

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 for hosting the Hyper-V role. CertKiller.com has decided to create a
virtual machine with Windows Server 2003. CertKiller.com has later discovered that the virtual

                       "Pass Any Exam. Any Time." - www.actualtests.com                          26
                                 Microsoft 70-643: Practice Exam
machine is running extremely slow. You have just investigated and discovered that some devices
are not identified in Device Manager. CertKiller.com wants you to determine what the problem is.


What should you do?

A. Integration Services must be installed.
B. Turbo mode must be enabled on the virtual machine running Windows Server 2003.
C. Windows Server 2003 must be patched with the latest patch.
D. Windows Server 2008 must be patched with the latest patch.

Answer: A

Explanation:
You should make use of integration services to have the required virtual drivers installed to have
the operating system running at its best performance.
Incorrect Answers:




                                                            m
B: You should not consider making use of the turbo mode because there is no turbo mode which
exists in Hyper-V.
                                                     .co
C: You should not consider taking this action because keeping operating system patches are
important but will not fix the virtual driver problems.
                                              sts
D: You should not consider taking this action because keeping operating system patches are
important but will not fix the virtual driver problems.
                                       lTe



QUESTION NO: 37
                               tua




You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 for hosting the Hyper-V role. CertKiller.com has decided to create
three virtual machines running Windows Sever 2003. CertKiller.com later planned to install
patches on one of the servers running Windows Server 2003. CertKiller.com wants to ensure that
                         Ac




errors occurring during the patches are easily avoided by rolling back the changes.


What should you do?

A. The machine should be freeze and copied.
You should then start the machine and apply the patches.
B. An undo disk must be created before installing any patches.
C. A snapshot must be created before installing any patches.
D. Transaction logging must be enabled to enable undoing changes.

Answer: C

Explanation:



                      "Pass Any Exam. Any Time." - www.actualtests.com                           27
                                Microsoft 70-643: Practice Exam
You should create a snapshot before applying the patches to insure, should trouble arise , you
would be able to reload the snapshot to the moment before applying the patches.
Incorrect Answers:
A: You should not use this because the computer need not be stopped to create a snapshot so
freezing the computer is not required.
B: You should not make use of this because earlier versions of Microsoft Virtual Servers used
undo disks but Hyper-V does not use undo disks.
D: You should not make use of this because the Windows Server Hyper-V role does not support
using transaction logging.



QUESTION NO: 38

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of two member
servers named CKSERVER1 and CKSERVER2 both hosting the Hyper-V role. You have recently




                                                          m
decided to log onto CKSERVER1 to use the computer. You are later directed by CertKiller.com to
manage the virtualization settings on CKSERVER2 from CKSERVER1.
                                                   .co
What should you do?
                                            sts
A. The mmc vmconnect.msc CKSERVER2 command must be run from the command prompt.
B. The vmconnect.exe CKSERVER2 command must be run from the command prompt.
C. On CKSERVER1 open the Virtualization Manager Console and right click Virtualization
                                     lTe


Services and click connect CKSERVER2.
D. On CKSERVER1 open the Virtualization Management Console and right click CKSERVER1
and select new and specify CKSERVER2.
                              tua




Answer: C

Explanation:
                        Ac




You should make use of the Virtualization Manager Console because like most consoles the
server focus can be switched among multiple servers.
Incorrect Answers:
A: You should not consider making use of this command line because the vmconnect,msc console
does not exist.
B: You should not make use of the vmconnect.exe command because the command is used to
connect to a virtual machine not edit the settings.
D: You should not consider making use of this command because you are required to connect to a
virtual server not create a new virtual server.



QUESTION NO: 39



                      "Pass Any Exam. Any Time." - www.actualtests.com                       28
                                Microsoft 70-643: Practice Exam
You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 for hosting the Hyper-V role. CertKiller.com has created several
virtual machines on CKSERVER1. CertKiller.com is planning to update applications on
CKSERVER1 virtual machines. CertKiller.com wants to ensure that the virtual machines can be
rolled back to the original state if errors occur.


What should you do?

A. The virtual machines must be backed up.
B. CKSERVER1 must be shutdown and the state of the virtual machine saved.
C. The Remote Differential Compression feature must be enabled.
D. A snapshot must be created using the Virtualization Management Console.

Answer: D

Explanation:




                                                          m
You should consider taking this action because before deploying applications and configurations
you should first create a snapshot and test the configurations. Should problems occur you are able
to reload the snapshot.
                                                    .co
Incorrect Answers:
                                              sts
A: You should not consider making use of this option because even though backing up could be
used it is easier to create a snapshot.
B: You should not consider following this action because this is intended as a way to quickly roll
                                      lTe


back to a base build of the server.
C: You should not consider trying to use this feature because the Windows Server Hyper-V does
not have a Remote Differential Compression feature.
                               tua




QUESTION NO: 40
                         Ac




You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Hyper-V role. CertKiller.com has recently asked you to
merge a differencing disk with the parent disk of CKSERVER1.


What should you do?

A. The differencing disk must be inspected.
B. The parent disk must be inspected.
C. The parent disk must be edited.
D. The differencing disk must be edited.

Answer: D




                      "Pass Any Exam. Any Time." - www.actualtests.com                         29
                                 Microsoft 70-643: Practice Exam
Explanation:
You should make use of this option because when editing the differencing disk you are able to
merge the disk with the parent disk.
Incorrect Answers:
A: You should not consider making use of these options because you are required to merge the
two disks not inspect the disks.
B: You should not consider making use of these options because you are required to merge the
two disks not inspect the disks.
C: You should not make us of this option because editing the parent disk would not affect or
merge the disks.



QUESTION NO: 41

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member




                                                            m
server named CKSERVER1 hosting the Hyper-V role. CertKiller.com has recently created a virtual
machine which must be able to communicate with CKSERVER1 but not the other servers on the
network.
                                                     .co
What should you do?
                                              sts

A. The network connection on the virtual machine must be disabled.
B. The firewall must be opened to disable communications except CKSERVER1 IP address.
                                       lTe


C. A new virtual network switch must be created.
D. The Microsoft Loopback Adapter must be installed.
                               tua




Answer: C

Explanation:
You should make use of a new virtual network switch using the Hyper-V software because the
                         Ac




switch can be used to communicate between the virtual network and the host computer.
Incorrect Answers:
A: You should not consider having the connection disabled because the host machine will not be
able to communicate with the virtual machine.
B: You should not consider making use of the firewall as this is not an efficient way to control
access as you would repeatedly have to apply settings to the firewall to create another virtual
server.
D: You should not consider installing the Microsoft Loopback Adapter because this utility is used to
test connectivity to itself. Section 4, Configure high availability (12 Questions)



QUESTION NO: 42



                      "Pass Any Exam. Any Time." - www.actualtests.com                           30
                                 Microsoft 70-643: Practice Exam
CertKiller.com has a Windows Server 2008 server that has a Windows Server Virtualization (WSV)
server role installed on it. You create a new virtual machine. You need to configure the network
communications between the virtual machines and the host server. You also need to configure it
to prevent communications with other network servers. What should you do first to achieve this
task?

A. Configure a Microsoft Loopback Adapter
B. Configure the interface card to broadcast a unique IP address for the virtual machine
C. Create and configure a virtual network switch
D. Configure the Internet Connection Sharing
E. None of the above

Answer: C

Explanation:
To configure the network communications between the virtual machines and the host server and




                                                            m
prevent communications with other network servers, you have to create and configure a virtual
network switch. Like traditional network security switches, the virtual switch integrates network
                                                     .co
policy enforcement and access control. The product features virtual network partitioning, a firewall,
and virtual network discovery capabilities. It also secures communication between virtual
                                              sts
environments and enables policy based switching and traffic monitoring.


Reference: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1307117,00.html
                                       lTe



QUESTION NO: 43
                                tua




CertKiller.com hosts a single Active Directory domain. All servers run Windows Server 2008. You
are instructed to install an iSCSI storage area network (SAN) for a group of file servers. Corporate
security policy requires that all data communication to and from an iSCSI SAN must be very
                         Ac




secure. You are assigned the task to implement the highest security available for communications
to and from the iSCSI SAN. What should you do to achieve this task?

A. Create a Group Policy Object (GPO) to enable System objects
B. Create a Microsoft Challenge Handshake Authentication Protocol (MS-CHAPv2) authentication
in iSCSI Initiator Properties.
C. Open iSCSI Initiator Properties and implement IPSec security. Set up inbound and outbound
rules by using Windows Firewall
D. Open iSCSI Initiator Properties and implement Secure Mode transition. Set outbound and
inbound rules by using Windows Defender

Answer: C




                       "Pass Any Exam. Any Time." - www.actualtests.com                           31
                                Microsoft 70-643: Practice Exam
Explanation:
To implement the highest security available for communication to and from an iSCSI SAN, you
should implement IPSec security. You can access the IPSec security by opening the iSCSI
Initiator Properties. After that you need to set inbound and outbound rules by using Windows
Firewall.



QUESTION NO: 44

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Web server role. CertKiller.com has recently discovered
that network traffic to CKSERVER1 is increasing and the performance of CKSERVER1 is
decreasing. CertKiller.com wants you to create a solution which solves the deteriorating
performance problem.




                                                          m
What should you do?

                                                   .co
A. A second Web server must be added and DNS round-robin used to distribute Web requests
between the two servers.
B. Failover clustering must be used to support Web site with multiple servers in a cluster.
                                             sts
C. The Web site must emigrated to a more powerful server.
D. Network Load Balancing (NLB) must be used to create a Web farm to support the Web site.
                                     lTe


Answer: D

Explanation:
                              tua




You should consider making use of Network Load Balancing as this would be effective in the long
and short term and allows you to control the workload distribution.
Incorrect Answers:
A: You should not consider making use of DNS round-robin because this might be a short term
                        Ac




solution but growth is expected to increase.
B: You should not make use of the cluster because the cluster would not enable sustaining the
website at increased loads but delegates control if a server fails.
C: You should not consider emigrating to a new server which might solve current traffic problems
but traffic is expected to grow so this solution would not work.



QUESTION NO: 45

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 a database server. CertKiller.com has recently decided to configure a
failover cluster for CKSERVER1 with all nodes able to access a SAN with adequate storage
available. CertKiller.com wants you to configure the options for the quorum configuration.


                      "Pass Any Exam. Any Time." - www.actualtests.com                         32
                                Microsoft 70-643: Practice Exam
What should you do?

A. The quorum configuration must use the Node And File Share Majority.
B. The quorum configuration must use the No Majority. Disk Only option.
C. The quorum configuration must use the Node and Disk Majority option.
D. The quorum configuration must use the Node Majority option.

Answer: C

Explanation:
You should consider making use of this option because it is recommended using this quorum
configuration when your configuration consists of even numbers of nodes which have plenty of
shared storage options.
Incorrect Answers:
A: You should not consider making use of this option because it is not recommended for even
numbers of nodes which have plenty of shared storage options.




                                                          m
B: You should not consider making use of this configuration as it is generally not recommended
because it can be used for testing environments or in special circumstances when no other
configuration is suitable.
                                                   .co
D: You should not consider using this quorum configuration because the configuration is
                                             sts
recommended for failover clusters with odd numbers of nodes.
                                      lTe


QUESTION NO: 46

You are an enterprise administrator for CertKiller.com. CertKiller.com has hired a new trainee
                              tua




recently. The new CertKiller.com trainee wants to know what the process is called when a member
server named CKSERVER1 a host in a NLB cluster fails and the missing node is detected as no
heartbeat is received from the failed node and the remaining nodes discover the node is no longer
available and the cluster redistributes the load across the remaining nodded.
                        Ac




What should you do?

A. The process is known as Virtual scalability.
B. The process is known as Virtual distribution.
C. The process is known as Convergence.
D. The process is known as Hot-swapping system.

Answer: C

Explanation:
The process convergence is used to redistribute work amongst the clusters other members when
the network topology of the hosts remains stable.



                      "Pass Any Exam. Any Time." - www.actualtests.com                           33
                                 Microsoft 70-643: Practice Exam
Incorrect Answers:
A: You should not consider making use of virtual scalability and virtual distribution as these terms
do not exist.
B: You should not consider making use of virtual scalability and virtual distribution as these terms
do not exist.
D: You should not consider describing this as a hot-swapping system though it can be described
by convergence.



QUESTION NO: 47

You are an enterprise administrator for CertKiller.com. CertKiller.com has recently decided to have
a two tier system deployed on the network. CertKiller.com has requested that the front tier be the
Web server and back tier be the SQL Server in their configuration. CertKiller.com wants you to
ensure that fault tolerance is highly important whilst maintaining a high level of performance.




                                                             m
What should you do?
                                                     .co
A. The front and back end must be configured as NLB clusters.
B. The front end must be configured as an NLB cluster and back end must be configured as the
                                               sts
failover cluster.
C. The front and back end must be configured as failover clusters.
D. The front end must be configured as the failover cluster and back end must be configured as
                                       lTe


the NLB cluster.

Answer: B
                                tua




Explanation:
You should make use of this configuration because the Web servers will work together providing
higher performance so when a server fails the other should continue working.
                          Ac




Incorrect Answers:
A: You should not consider making these configurations because the front end server should be
configured as a NLB cluster and the back end server should be configured as the failover cluster.
C: You should not consider making these configurations because the front end server should be
configured as a NLB cluster and the back end server should be configured as the failover cluster.
D: You should not consider configuring the front end server as the failover cluster because the
back end cluster must be configured this way.



QUESTION NO: 48

You are an enterprise administrator for CertKiller.com. The CertKiller.com network currently has a
failover cluster configured with three nodes supporting the network printers which provide print
services. CertKiller.com recently tested the cluster and failed over each node whilst testing that
                        "Pass Any Exam. Any Time." - www.actualtests.com                           34
                                 Microsoft 70-643: Practice Exam
printing works. CertKiller.com discovered the process is successful on the first two nodes but fails
on the third.


What should you do?

A. You must ensure the third node is configured as a possible owner of the print services.
B. The first node must be removed as the preferred owner for the print services.
C. Failback must be configured on the first server.
D. The third node must be configured as the preferred owner of the print services.

Answer: A

Explanation:
If the first two nodes operate normally the failure can be placed on the third node not being the
possible owner of the print services.
Incorrect Answers:




                                                            m
B: You should not consider making these configuration changes because changing the preferred
owner would not fix the problem as you are not a possible owner of the third node.
                                                     .co
C: You should not consider making use of the configuration because this option may be configured
but will not configure the third node to operate normally.
                                              sts
D: You should not consider making these configuration changes because changing the preferred
owner would not fix the problem as you are not a possible owner of the third node.
                                       lTe



QUESTION NO: 49
                                tua




You are an enterprise administrator for CertKiller.com. CertKiller.com has recently decided to have
a failover cluster created to provide services for the CertKiller.com SQL Servers. CertKiller.com
has ran the High Availability Wizard to create the SQL service group but the wzard generated an
error indicating no disks are available when required to select the storage.
                         Ac




What should you do?

A. The disk must be converted to a dynamic disk which can be recognized by the cluster.
B. A new disk must be added to one of the nodes and create a new volume on the disk.
C. A new volume must be created on an existing disk on one of the nodes.
D. An additional shared disk must be added to one of the nodes and you should create a new
volume on the disk.

Answer: D

Explanation:
You should consider making use of this configuration because adding a centralized shared disk
usable by both nodes and creating a volume you should rerun the wizard and the disk should

                       "Pass Any Exam. Any Time." - www.actualtests.com                           35
                                 Microsoft 70-643: Practice Exam
show.
Incorrect Answers:
A: You should not consider making use of this configuration because the cluster would work on a
basic or dynamic disk as long as the disk is shared.
B: You should not consider making use of this configuration because adding and preparing the
disk on another node will not enable it to be seen by the other nodes.
C: You should not consider making use of this configuration because adding and preparing the
disk on another node will not enable it to be seen by the other nodes.



QUESTION NO: 50

You are an enterprise administrator for CertKiller.com. CertKiller.com currently has two member
servers named CKSERVER1 and CKSERVER2 configured as a SQL failover cluster.
CertKiller.com additionally planned adding a third server onto the cluster. CertKiller.com later




                                                            m
discovered that the cluster does not fail over on the third node.


What should you do?
                                                     .co
A. The third node must be configured as a preferred owner of the SQL resource.
                                              sts
B. The third node must be configured as a possible owner of the SQL resource.
C. The SQL resource must be removed from the group.
D. The SQL resource must be added to the third node.
                                       lTe



Answer: B
                               tua




Explanation:
You should consider configuring the third node as a possible owner to the resource as this will
ensure that the cluster fails over on the third node.
Incorrect Answers:
                         Ac




A: You should not have the third node configured as the preferred owner as this will not work
unless the ode is also configured as the possible owner.
C: You should not have the SQL resource removed from the group because this will not ensure
the resource is available to the cluster.
D: You should not have the SQL resource added to the third node because the resource should be
tied to a group.



QUESTION NO: 51

You are an enterprise administrator for CertKiller.com. CertKiller.com has recently installed a new
two-node Network Load Balancing cluster which will provide high availability and load balancing
for the CertKiller.com web site. CertKiller.com recently asked you to configure the Network Load
Balancing cluster to support only TCP port 80.
                       "Pass Any Exam. Any Time." - www.actualtests.com                           36
                                 Microsoft 70-643: Practice Exam


What should you do?

A. The Network Load Balancing Clusters console must be opened and the default port rule must
be changed to a disabled port range rule except port 80.
B. The Network Load Balancing Clusters console must be opened and the Port Wizard must be
run to reset the port rules to port 80.
C. The Network Load Balancing Clusters console must be opened and a new Allow rule must be
created for TCP port 80.
D. The Network Load Balancing Clusters console must be opened and the default port rule must
be deleted and create a new Allow rule for TCP port 80.

Answer: D

Explanation:
You should consider having the NLB console opened and deleting the default port rule to create a




                                                            m
new one to ensure that the NB cluster supports only port 80.
Incorrect Answers:
                                                     .co
A: You should not consider having the NLB console opened this way because you firstly should
delete the default port rule and create a new one.
                                              sts
B: You should not consider opening the NLB console and using the Port Wizard as there is no port
wizard which exists.
C: You should not consider having the NLB console opened this way because you firstly delete the
                                       lTe


ort rule and create a new one.
                               tua




QUESTION NO: 52

You are an enterprise administrator for CertKiller.com. CertKiller.com currently makes use of a
member server named CKSERVER1 which has three disk drives installed. CertKiller.com has
                         Ac




installed the operating system on the first drive and the other disks are unprepared. CertKiller.com
has requested that you configure a redundant drive system to hold the data files.


What should you do? (Choose two)

A. A new spanned volume must be created.
B. A new mirrored volume must be created using disks two and three.
C. A stripped volume must be created across disk two and disk three.
D. The second and third disk must be initialized as basic disks.
E. The second and third disks must be initialized as dynamic disks.

Answer: B,E




                       "Pass Any Exam. Any Time." - www.actualtests.com                          37
                                  Microsoft 70-643: Practice Exam
Explanation:
You should consider having the second and third disks mirrored whilst configuring the second and
third disks as dynamic disks as this will ensure redundancy for data files.
Incorrect Answers:
A: You should not consider having the second disk initialized as a stripped or spanned volume
because these volume types are no redundant.
C: You should not consider having the second disk initialized as a stripped or spanned volume
because these volume types are no redundant.
D: You should not consider having the second disk initialized as a basic disk because basic disks
do not support RAID. Section 5, Configure storage (7 Questions)



QUESTION NO: 53

Exhibit:




                                                             m
                                                      .co
                                               sts
                                       lTe
                                tua
                          Ac




CertKiller.com has servers that run Windows Server 2008 in single Active Directory domain. You
are an administrator of a server called EFS. A file services role is installed on EFS. CertKiller.com
requires the data disk drives to provide redundancy. The disks are configured as shown in the
exhibit. You need to configure the hard disk drives to support RAID 1. What should you do to
achieve this task? (Choose two answers. Each answer is the part of a complete solution)

A. Create a group volume by using Disk1 and Disk 0
B. Create Disk1 and Disk 2 as dynamic drives
C. Create and configure a striped volume across Disk1 and Disk2
D. Using the Disk 1 and Disk 2, create a new mirrored volume

Answer: B,D

Explanation:


                       "Pass Any Exam. Any Time." - www.actualtests.com                            38
                                 Microsoft 70-643: Practice Exam
To configure the hard drives to support Raid1, you should create Disk1 and Disk 2 as dynamic
drives and create a new mirrored volume using Disk1 and Disk 2. In data storage, disk mirroring or
RAID1 is the replication of logical disk volumes onto separate physical hard disks in real time to
ensure continuous availability. A mirrored volume is a complete logical representation of separate
volume copies.


Reference: technet2.microsoft.com/windowsserver/en/library/28af1c0d-8490-4ab0-8be0-
49e5923c4bae1033.mspx



QUESTION NO: 54

CertKiller.com has a server running Windows Server 2008. The Windows Server Virtualization role
service is installed on this server. For maximum storage capacity you need to merge a parent disk
and a differencing disk. What should you do to achieve this task?




                                                            m
A. Edit the differencing disk
B. Edit parent disk
C. Configure the Merge settings on differencing disk
                                                       .co
D. Configure the Merge settings on Parent disk
                                              sts

Answer: A
                                       lTe


Explanation:
For maximum storage capacity, you need to merge a parent disk and a differencing disk by editing
the differencing disk. A differencing disk is a child and it can be merged with the parent disk. The
                               tua




differencing disk stores all changes that would otherwise be made to the parent disk if the
differencing disk was not being used. The differencing disk provides an ongoing way to save
changes without altering the parent disk. You can use the differencing disk to store changes
indefinitely, as long as there is enough space on the physical disk where the differencing disk is
                         Ac




stored. The differencing disk expands dynamically as data is written to it and can grow as large as
the maximum size allocated for the parent disk when the parent disk was created.


Reference: http://technet2.microsoft.com/windowsserver/en/library/d9ef5bd9-6ca2-488b-a960-
f3f8ecd6ecc51033.mspx?mfr=true



QUESTION NO: 55 DRAG DROP

CertKiller.com has a server that runs Windows Server 2008 and has Microsoft Hyper-V installed
on it. It is called CKVS. CKVS hosts 10 virtual servers. One of the virtual servers named VSV has
one 64 GB fixed size virtual hard disk (VHD). The VHD file is named disk0.vhd.


While testing VSV, you find out that it utilizes only 5 GB of the VHD. You turn off the VSV to make
                      "Pass Any Exam. Any Time." - www.actualtests.com                           39
                                 Microsoft 70-643: Practice Exam
the disk1.vhd file as small as possible. What should you do to achieve this task? (To answer,
move the appropriate tasks from the list of tasks to the answer area and arrange them in the
correct order.)




                                                           m
                                                    .co
Answer:
                                             sts
                                      lTe
                               tua
                         Ac




Explanation:
Convert the disk1.vhd file to a new dynamically expanding VHD file named disk2.vhd
Compact the disk2.vhd file
Delete the disk1.vhd file. Rename disk2.vhd to disk1.vhd


Pending. Send your suggestion to feedback@CertKiller.com




                      "Pass Any Exam. Any Time." - www.actualtests.com                          40
                                 Microsoft 70-643: Practice Exam
QUESTION NO: 56

You are an enterprise administrator for CertKiller.com. CertKiller.com has recently decided to
acquire a new disk subsystem for the CertKiller.com SAN. CertKiller.com then tested the hardware
solutions before acquiring them by attaching the new disk subsystem to the network.
CertKiller.com wants to provision the disks and create logical unit numbers (LUNs) for assigning to
a member server named CKSERVER1. CertKiller.com later opens the Storage Manager for SAN
and you see no new hardware but are able to access the hardware using the vendor provided
software. CertKiller.com wants to be able to manage the new disk subsystem using Storage
Manager for SAN.


What should you do?

A. Storage Manager must be used for configuring CKSERVER1 as an iSNS server.
B. Configure iSCSI Initiator on CKSERVER1 to specify the new hardware as a favorite target.




                                                           m
C. Choose to Rescan Disks option in Disk Management.
D. From a vendor choose a disk subsystem which has a Virtual Disk Service hardware provider.

Answer: D
                                                    .co
Explanation:
                                             sts
You should consider making use of the vendor provided VDS hardware provider as this will
expose disk subsystems in Windows and specific vendors use specific VDS providers.
Incorrect Answers:
                                      lTe


A: You should not consider having CKSERVER1 configured as an ISNS server because this
would not enable physical discovery of the device.
B: You should be aware that the iSCSI connection is already discovered and the device will not be
                               tua




physically discoverable because the vendor VDS hardware provider is also required.
C: You should not consider making use of the Disk Management console because without the
Vendor VDS hardware provider the device will not be physically discoverable.
                         Ac




QUESTION NO: 57

You are an enterprise administrator for CertKiller.com. CertKiller.com recently requested that you
mange server storage. You are in the process of designing a storage solution for a new application
server named CKSERVER1. The application on CKSERVER1 makes heavy use of temporary
storage. CertKiller.com wants to have three 25 GB disks allocated as storage. CertKiller.com
requested that excellent write performance is a must whilst ensuring as much available disk space
as possible.


What should you do?



                      "Pass Any Exam. Any Time." - www.actualtests.com                          41
                                 Microsoft 70-643: Practice Exam
A. A stripped volume must be created.
B. A simple volume must be created.
C. A RAID-5 volume must be created.
D. A spanned volume must be created.

Answer: A

Explanation:
To achieve the highest read or write performance you should consider having a striped volume
created because the volume would use all three disks and offers the best read and write
performance.
Incorrect Answers:
B: You should not consider making use of a simple volume because only one disk would be used
and the highest read or write performance will not be provided.
C: You should not consider making use of the RAID-5 volume because only two disks would be




                                                            m
used and excellent read but not write performance will be provided.
D: You should not consider making use of a spanned volume although it can combine the disks it
                                                     .co
will not provide the highest read or write performance.
                                              sts
QUESTION NO: 58

You are an enterprise administrator for CertKiller.com. CertKiller.com currently has a member
                                       lTe


server named CKSERVER1 which has three hard disk drives installed. CertKiller.com has
installed Windows and each of the disks has 15 GB of space available. CertKiller.com has
requested that you provide fault tolerance for the network whilst maximizing disk space.
                                tua




What should you do?

A. A stripped volume with parity must be created using all three disks.
                         Ac




B. A stripped volume must be created using the second and third disks.
C. A stripped volume must be created on the second and third disk.
D. A striped volume must be created on all three disks.

Answer: A

Explanation:
You should consider having a stripped volume created with parity to ensure if a disk fails that your
data would still be accessible and disk space is maximized.



QUESTION NO: 59




                       "Pass Any Exam. Any Time." - www.actualtests.com                          42
                                 Microsoft 70-643: Practice Exam
You are an enterprise administrator for CertKiller.com. CertKiller.com currently makes use of a
member server named CKSERVER1 on their network. CertKiller.com recently asked you to
configure CKSERVER1 to provide fault tolerance for the volume containing the operating system.
CertKiller.com informed you that CKSERVER1 has each disk configured as a basic disk with the
operating system on the first disk.


What should you do?

A. Disk 0 and 1 must be converted to dynamic disks
You should then configure the disks as a mirrored volume.
B. Disk 1 must be converted to a dynamic disk and configured as a new mirrored volume using
disk 0 and disk 1.
C. A new mirrored volume must be created using disk 0 and disk 1.
D. Disk 0 must be converted to a dynamic disk and configure a new mirrored volume using disk 0
and disk 1.




                                                            m
Answer: A

Explanation:
                                                     .co
You should be aware that RAID subsystems require dynamic disks and by configuring the storage
                                              sts
as a mirrored set using disk 0 and 1.
Incorrect Answers:
B: You should not consider making use of these options because you are not able to make use of
                                       lTe


basic disks to create mirrored or RAID volumes.
C: You should not consider making use of these options because you are not able to make use of
basic disks to create mirrored or RAID volumes.
                               tua




D: You should not consider making use of these options because you are not able to make use of
basic disks to create mirrored or RAID volumes.
                         Ac




QUESTION NO: 60

Windows Server 2008 is installed on two servers named CKS2 and CKS3. The Terminal services
role is installed on both of these servers and the Terminal Services Gateway role is also installed
on CKS3.


Applications are published on CKS2 through Remote Desktop Connection configuration file (.rdp
file). Users download the .rdp files from CKS2 using TSWeb virtual directory.


You decide to reconfigure the applications on CKS2 to employ Terminal Services Gateway role on
CKS3. You export the Remote program settings on CKS2 and import them on CKS3.


The users report that they cannot access remote applications installed on CKS3. They can access

                      "Pass Any Exam. Any Time." - www.actualtests.com                           43
                                 Microsoft 70-643: Practice Exam
remote applications on CKS2 through Terminal Services Gateway role on CKS3.


You try to find out the problem. During the process you have ensured that the application paths to
both servers are identical. Which action should you perform to ensure that the users could access
and use the remote applications on CKS3?

A. Configure CKS3 to connect to CKS2 to access remote application files
B. Install and configure the Terminal Services Session Directory feature on CKS3 and configure
CKS2 to use this feature to for application files.
C. Disable the User Authentication on CKS3 and implement it on CKS2
D. Reconfigure the .rdp files on CKS3 and distribute the files to the users
E. All of above

Answer: D

Explanation:




                                                           m
When you exported the Remote program settings on CKS2 and import them on CKS3, only the
RemoteApp Programs list and deployment settings are exported or imported. Any . rdp files or
                                                    .co
Windows Installer packages that were created from the programs were not exported or imported
and therefore the users reported that they cannot access remote applications installed on CKS3.
                                             sts

To ensure that the users could access and use the remote applications on CKS3, you need to r
econfigure the . rdp files on CKS3 and distribute the files to the users
                                      lTe



Reference : Windows Server2008 Terminal Services RemoteApp Step-by-Step Guide / To import
the RemoteApp Programs list and deployment settings
                               tua




http://download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea-
3fb9d1f37063/Windows_Server_2008_Terminal_Services_RemoteApp_Step-by-
                         Ac




Step_Guide.doc#DSDOC_BKMK_TerminalServerSettings61d2425



QUESTION NO: 61

You have installed Terminal services on a Windows 2008 Server. You install several business
applications on this server.


You now want all the users on the network to access these applications remotely. To achieve this,
you add all applications to the RemoteApps list.


To ensure that malicious users are not able to access any applications listed in RemoteApps list
what should you do?



                      "Pass Any Exam. Any Time." - www.actualtests.com                           44
                                  Microsoft 70-643: Practice Exam
A. Remove the business applications from RemoteApps list
B. Select the Do not allow users to start unlisted program on initial connection (Recommended)
option in TSRemoteApp Manager on the Terminal Server tab under Connection settings
C. Select Allow users to start both listed and unlisted program option on initial connection option in
TSRemoteApp Manager on the Terminal Server tab under Connection settings.
D. Uncheck the Make a remote desktop connection to this terminal server available in TS Web
Access option on the Terminal Server tab in the RemoteApp Deployment Settings dialog box
E. None of the above

Answer: B

Explanation:
:
To ensure that malicious users are not able to access any applications listed in RemoteApps list,
you need to Select the Do not allow users to start unlisted program on initial connection




                                                             m
(Recommended) option in TS RemoteApp Manager on the Terminal Server tab under Connection
settings. This setting helps to protect against malicious users, or a user unintentionally starting a
program from an . rdp file on initial connection      .co
Reference : Windows Server 2008 Terminal Services RemoteApp Step-by-Step Guide / Configure
                                               sts
terminal server settings
http://technet2.microsoft.com/windowsserver2008/en/library/61d24255-dad1-4fd2-b4a3-
a91a22973def1033.mspx?mfr=true
                                       lTe



QUESTION NO: 62
                                tua




CertKiller.com has a network containing servers that run Windows Server 2008. To handle name
resolution for the users, a server named CKDNS is configured as a DNS server on the network.
                          Ac




CKDNS has an Active Directory Integrated zone that hosts DNS data for users on the network.
While monitoring the server, you find out that the primary zone on CKDNS contains some entries
from a computer that is unknown and not part of the domain. What should you do to prevent this?

A. Open the DNS server snap-in and right click on the DNS server node. Click on Scavenge
resource records
B. Set the DNS server to automatic scavenging of stale records
C. In DNS manager snap-in and set the option to Set Aging/scavenging for all zones
D. Open the properties of primary zone and select Secure Dynamic Updates Only option
E. All of the above

Answer: D




                       "Pass Any Exam. Any Time." - www.actualtests.com                            45
                                 Microsoft 70-643: Practice Exam
QUESTION NO: 63

CertKiller.com has a server that runs Windows Server 2008. The Terminal Services role is
installed on the server. As an administrator at CertKiller.com, you deploy a new application on the
server. The application creates a file that has an extension of .bdc


You need to make sure that the users can launch the application remotely from their computer by
double-clicking on the .bdc extension. What should you do to achieve this objective?

A. Use Terminal Server Web Access website to configure the application as a published
application
B. Configure the remote desktop connection on the client computers to point the terminal services
server
C. Configure the Remote Desktop file to configure the application as a published application
D. Use a Windows Installer package file to configure the application as a published application




                                                            m
Answer: D

Explanation:                                         .co
To make sure that the users can launch application remotely from their computer by double-
clicking on the . bdc extension, you should use a Windows Installer package file to configure the
                                              sts
application as a published application
                                       lTe


QUESTION NO: 64

CertKiller.com has a Terminal Server running Windows Server 2008. Through Terminal Services
                               tua




RemoteApp (TS RemoteApp), you create a Windows Installer package for Microsoft Office Word
2007. After installing the package on a client machine, you double-click on a Word document and
receive the error, "Windows cannot open this file". You need to make sure that you can open the
                         Ac




Word Document by double clicking on the file. What should you do to solve this problem?

A. use msiexec.exe to install the windows installer package
B. Delete the windows installer package and re-create a new one
C. Change the file association on the TSRemoteApp server
D. Create the Windows installer package again by using TSRemoteApp

Answer: C

Explanation:
To make sure you can open the Word document file after installing MS Word 2007 on the client
machine using Terminal services RemoteApp , you should change the file association on the
TSRemoteApp server.


Reference: http://forums.technet.microsoft.com/fr-FR/winserverTS/thread/213c907c-7d0c-43d7-
                      "Pass Any Exam. Any Time." - www.actualtests.com                           46
                                  Microsoft 70-643: Practice Exam
970c-2226a8dc55ee/



QUESTION NO: 65

You are an enterprise administrator for CertKiller.com. The corporate network of the company
consists of an Active Directory domain. All the servers on the network run Windows Server 2008.
The network runs Terminal Services to enable remote users to run commonly required
applications from their terminal.


A remote user logged on to the Terminal Server requires some help on the application he wants to
run. However, when you connect to the Terminal Server session, you cannot operate any
applications. Which of the following options would you choose to ensure that you can assist any
user on the Terminal Server?




                                                              m
A. From the Terminal Server, run the Chgusr /execute command and then reconnect to the
session.
                                                       .co
B. In the RDP-Tcp Properties on the Terminal Server, enable the Use remote control option with
default user settings.
C. In the RDP-Tcp Properties on the Terminal Server, enable the Use remote control with the
                                                sts
following settings option and then configure the Level of control policy setting to Interact with the
session. Ask the user to log off and log back on.
D. From the Terminal Server, run the Tscon /v command and then reconnect to the session.
                                        lTe



Answer: C
                                tua




Explanation:
To ensure that you can assist any user on the Terminal Server, you need to enable the Use
remote control with the following settings option and then configure the Level of control policy
setting to Interact with the session. Ask the user to log off and log back on.
                          Ac




You can configure remote control with the Level of control to Interact with the session. When this
option is selected, the user's session can be actively controlled with your keyboard and mouse.


Reference : Need to monitor a terminal services session? Use Shadow. / How to Configure
Remote Control Settings
http://www.myitforum.com/articles/16/view.asp?id=5808



QUESTION NO: 66

You are an enterprise administrator for CertKiller.com. The corporate network of the company
consists of an Active Directory domain. All the servers on the network run Windows Server 2008.
The network runs a Terminal Server named CertKillerServer2 to enable remote users to run
commonly required applications from their terminal.
                       "Pass Any Exam. Any Time." - www.actualtests.com                       47
                                  Microsoft 70-643: Practice Exam


You have recently been asked to deploy a Terminal Services application called App1 on
CertKillerServer2. To deploy the application, you first confirmed from the application vendor that
the application can be deployed in a Terminal Services environment.


The features of App1 are that it does not use Microsoft Windows Installer packages for installation
and makes changes to the current user registry during installation. Which of the following options
would you choose to install the application to support multiple user sessions? (Select all that
apply)

A. Run the change user /install command on CertKillerServer2
B. Install the application.
C. Run the change user /execute command on CertKillerServer2.
D. Run the change logon /disable command on CertKillerServer2.
E. Run the change logon /enable command on CertKillerServer2.




                                                             m
F. Run the mstsc /v:CertKillerServer2/console command from the client computer to log on to
CertKillerServer2.

Answer: A,B,C
                                                      .co
                                               sts
Explanation:
To install the application to support multiple user sessions in the above scenario, you need to first
run the change user /install command on CertKillerServer2 because
                                       lTe


You must put a Terminal Services server in Install mode to install or remove programs on the
server. You can put a Terminal Services server in Install mode either by using the Add/Remove
Programs tool in Control Panel to add or remove a program, or by using the change user
                                tua




command at a command prompt. You need to then install the application.


When you are finished installing the program, you need to return the Terminal Services server to
                          Ac




Execute mode, to execute the application. Therefore, to return to the Execute mode, you need to
run the change user /execute command on CertKillerServer2.


Reference : HOW TO: Use the CHANGE USER Command to Switch to Install Mode in Windows
2000 Terminal Services
http://support.microsoft.com/kb/320185



QUESTION NO: 67

You are an enterprise administrator for CertKiller.com. The corporate network of the company
consists of a single Active Directory domain. All the servers on the network run Windows Server
2008 and all the client computers run Windows Vista. All computers are members of the domain.
The network runs a Terminal server named CertKillerServer2.

                       "Pass Any Exam. Any Time." - www.actualtests.com                              48
                                  Microsoft 70-643: Practice Exam


You have recently deployed an application called App1 by using the TS RemoteApp Manager.
You set the Terminal Servers security layer to Negotiate. Which of the following options would you
choose to ensure that domain users are not prompted for credentials when they access the
application?

A. Modify the Password Policy settings in the local Group Policy on all the client computers.
B. Modify the Credential Delegation settings in the local Group Policy on all client computers.
C. Modify the Credential Delegation settings in the local Group Policy on the terminal server,
CertKillerServer2.
D. Modify the Password Policy settings in the local Group Policy on the terminal server,
CertKillerServer2.
E. None of the above

Answer: B




                                                             m
Explanation:
To ensure that domain users are not prompted for credentials when they access the application,
                                                      .co
you need to modify the Credential Delegation settings in the local Group Policy on all client
computers.
                                               sts

WindowsVista introduces a new authentication package called the Credential Security Service
Provider, or CredSSP , that provides a single sign-on (SSO) user experience when starting new
                                       lTe


Terminal Services sessions. CredSSP enables applications to delegate users' credentials from the
client computer (by using the client-side security service provider) to the target server (through the
server-side security service provider) based on client policies. CredSSP policies are configured via
                                tua




Group Policy, and delegation of credentials is turned off by default


In addition, a few of the policy settings might increase or decrease the risk. For example, the Allow
                          Ac




Default Credentials with NTLM-only Server Authentication and Allow Fresh Credentials with
NTLM-only Server Authentication policy settings remove the restriction to require the Kerberos
authentication protocol for authentication between the client and server.


Reference: Credential Security Service Provider and SSO for Terminal Services Logon
http://technet2.microsoft.com/WindowsVista/en/library/6b6bf605-0b9f-45ed-9900-
12aca2a0f2a21033.mspx?mfr=true



QUESTION NO: 68

You are an enterprise administrator for CertKiller.com. The corporate network of the company
consists of a single Active Directory domain. All the servers on the network run Windows Server
2008 and all the client computers run Windows XP Service Pack 2 (SP2). All computers are

                       "Pass Any Exam. Any Time." - www.actualtests.com                            49
                                Microsoft 70-643: Practice Exam
members of the domain.


The network runs a server named CertKillerServer1 on which the Terminal Services role and the
Terminal Services Web Access role are installed. The Network Level Authentication is enabled on
the server. The Terminal Services Web Access role uses Active Directory Domain Services (AD
DS).


You have been assigned the task to deploy and publish an application called App1 on
CertKillerServer1. Which of the following options would you choose to ensure that the users can
launch App1 on CertKillerServer1 from the Terminal Services Web Access Web page?

A. Publish App1 on CertKillerServer1 as a Microsoft Windows Installer package. Distribute the
Windows Installer package to the users.
B. Install the Terminal Services Gateway (TS Gateway) role on CertKillerServer1 and then
reconfigure the remote application publishing for App1 to reflect the change.




                                                          m
C. Disable publishing to AD DS for the App1.
D. Install the Remote Desktop Client 6.1 application on the client computers.
E. None of the above                               .co
Answer: D
                                             sts

Explanation:
To ensure that the users can launch App1 on CertKillerServer1 from the Terminal Services Web
                                      lTe


Access Web page, you need to install the Remote Desktop Client 6.1 application on the client
computers, which eases the deployment of Windows Server 2008 Terminal services on the client
computers that run Windows XP Service Pack 2.
                               tua




Because the Remote Desktop Client 6.1 application supports Terminal Services Web Access, the
Windows XP users can launch App1 on CertKillerServer1 from their Terminal Services Web
                         Ac




Access Web page.


Reference: Download Microsoft Remote Desktop Connection (Terminal Services Client 6.1) for
Windows XP SP2
http://www.dabcc.com/article.aspx?id=8044


Section 2, Configure Terminal Services gateway (17 Questions)



QUESTION NO: 69

CertKiller.com has an Active Directory domain. There are two servers named CKS1 and CKS2
that have Windows Server 2008 as their operating system. The Terminal Services gateway role is
active on CKS1 and the Terminal Services role is active on CKS2.

                      "Pass Any Exam. Any Time." - www.actualtests.com                          50
                                  Microsoft 70-643: Practice Exam


The printers in the network support PostScript only. Users must have the facility to print on the
printers that do not have prime driver support. What should you do to make sure that the Terminal
Services provides primary printer support automatically?

A. Configure a new group policy that supports terminal server fallback printer driver behavior as a
setting and turn it to Default to PS if the server is unable to find any driver. Set the policy on all
client machines in the domain
B. Configure all printers to use PostScript on CKS2 and create a new group policy to support the
printer instances. Add the policy on all client machines in the domain
C. Delete the PostScript and install the driver for all the printers on all the client machines. Create
a group policy that adds the printer automatically to all the servers and instate the policy on all
client machines
D. Configure a new group policy object (GPO) that supports Specify terminal server fallback
printer driver behavior setting to Default to PS if one is not found option. Apply the GPO to CKS2




                                                              m
E. None of the above

Answer: D                                              .co
Explanation:
                                                sts
To make sure that the Terminal Services provide primary printer support automatically, you need
to c onfigure a new group policy object (GPO) that supports Specify terminal server fallback printer
driver behavior setting to Default to PS if one is not found option. Apply the GPO to CKS2. This
                                        lTe


setting allows the use of Adobe PostScript (PS) fallback printer driver by Terminal Server if no
suitable printer driver can be found.
                                 tua




Reference : Terminal Services in Windows Server 2003 Service Pack 1 / New fallback printer
driver capability
http://technet2.microsoft.com/windowsserver/en/library/2284b19b-30a6-42b5-9bd1-
                          Ac




ff301f7248b01033.mspx?mfr=true
Reference : Terminal Services Printing / What existing functionality is changing
http://technet2.microsoft.com/windowsserver2008/en/library/484d57e7-feb4-4dcc-9d13-
152c053516471033.mspx?mfr=true



QUESTION NO: 70

The Terminal Services role is installed on two Windows 2008 servers named Srv1 and Srv2. Srv2
is also running the Terminal Services Gateway role.


Applications on Srv1 are published using a Remote Desktop Connection configuration file (.rdp
file). Users download the .rdp files from the TSrvWeb virtual directory on Srv1.



                       "Pass Any Exam. Any Time." - www.actualtests.com                              51
                                 Microsoft 70-643: Practice Exam
You reconfigure the applications on Srv1 to use the Terminal Services Gateway role on Srv2 and
export the Remote Program settings from Srv1 and import them to Srv2.


Users are complaining that they cannot access the remote applications on Srv2. Users can access
the remote applications on Srv1 by using the Terminal Services Gateway on Srv2. You already
verified that the application paths on both servers are identical. In order to ensure that users can
access the applications on Srv2. What should you do?

A. Disable the Network level Authentication feature on Srv2
B. Re-create the .rdp files on Srv2 and redistribute the files to the users
C. Copy the .rdp files from Srv1 to a new TSrvWeb virtual directory on Srv2
D. Configure and activate the Terminal Server Session Directory feature on Srv2, configure Srv1
to use the Terminal Server Session Directory feature
E. None of the above




                                                            m
Answer: B

Explanation:
                                                     .co
When you exported the Remote program settings on Srv1 and import them on Srv2 , only the
RemoteApp Programs list and deployment settings are exported or imported. Any . rdp files or
                                              sts
Windows Installer packages that were created from the programs were not be exported or
imported and therefore t he users reported that they cannot access remote applications installed
on Srv2.
                                       lTe



To ensure that the users could access and use the remote applications on Srv2, you need Re-
create the . rdp files on Srv2 and redistribute the files to the users
                               tua




Reference : Windows Server2008 Terminal Services RemoteApp Step-by-Step Guide / To import
the RemoteApp Programs list and deployment settings
                         Ac




http://download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea-
3fb9d1f37063/Windows_Server_2008_Terminal_Services_RemoteApp_Step-by-
Step_Guide.doc#DSDOC_BKMK_TerminalServerSettings61d2425



QUESTION NO: 71

The Terminal Services role is installed on two Windows 2008 servers named Srv1 and Srv2. Srv2
is running Terminal Services Gateway role. Applications on Srv1 are published using a Remote
Desktop Connection configuration file (.rdp file). Users download the .rdp files from the TSrvWeb
virtual directory on Srv1. You reconfigure the applications on Srv1 to use the Terminal Services
Gateway role on Srv2 and export the Remote Program settings from Srv1 and import them to
Srv2. Users are complaining that they cannot access the remote applications on Srv2. Users can

                      "Pass Any Exam. Any Time." - www.actualtests.com                           52
                                  Microsoft 70-643: Practice Exam
access the remote applications on Srv1 by using the Terminal Services Gateway on Srv2. You
have already verified that the application paths on both servers are identical. In order to ensure
that users can access the applications on Srv2. What should you do?

A. Disable the Network level Authentication feature on Srv2
B. Re-create the .rdp files on Srv2 and redistribute the files to the users
C. Copy the .rdp files from Srv1 to a new TSrvWeb virtual directory on Srv2
D. Configure and activate the Terminal Server Session Directory feature on Srv2, configure Srv1
to use the Terminal Server Session Directory feature.
E. None of the above

Answer: B



QUESTION NO: 72




                                                             m
The corporate network of CertKiller consists of 10 servers that run Windows Server 2008. You
                                                      .co
have recently enabled RDP on the servers to provide remote administration to the servers. All the
computers that will be used to provide remote administration run Windows Vista.
                                               sts
You configured RDP on the servers with default security settings. However, you are not satisfied
with the default security setting and need to ensure that the RDP connections are as secure as
possible.
                                       lTe



Which of the following two actions would you perform to configure secure RDP connections?
(Each correct answer presents a part of the solution. Select two).
                                tua




A. Acquire user certificates.
B. Block port 3389 of the firewall on each server.
C. Set the security layer for each server to the RDP Security Layer.
                          Ac




D. Configure each server to allow connections only to RDP client computers that use Network
Level Authentication.

Answer: A,D

Explanation:
:
To configure secure RDP connections, you need to first Acquire user certificates and then
configure each server to allow connections only to Remote Desktop client computers that use
Network Level Authentication .


The Network Level Authentication is selected on each server to allow connections to Remote
Desktop client computers because only Vista clients are used to connect to the Terminal Server


                       "Pass Any Exam. Any Time." - www.actualtests.com                              53
                                  Microsoft 70-643: Practice Exam
Reference : Configuring the Windows Server 2008 Terminal Services Gateway (Part 1)
http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Terminal-Services-
Gateway-Part1.html



QUESTION NO: 73

CertKiller.com consists of a single Active Directory domain. A server at CertKiller.com named CK2
has the Terminal services role and the Terminal Services web access role installed. CertKiller.com
also has a server named CKISA that runs ISA Server 2006.


You are assigned the task to deploy Terminal Services Gateway (TS Gateway) role on a new
server called CK4.CertKiller.com. CertKiller.com wants to employ ISA as the SSL endpoint for
Terminal Server connections. After doing the necessary configurations, you succeed in deploying
the TS Gateway role on CK4.CertKiller.com. Now you have to configure ISA for TS connections.




                                                             m
To do this you need to configure the TS gateway on CK4 to use ISA 2006 on CK2. What should
you do to achieve this objective?
                                                      .co
A. On CK4, configure the Terminal Services Connection Authorization Policy store to use CK2 ass
the Central network policy server
                                               sts
B. Design an SSL certificate from CK4 and export it to install the SSL certificate on CK2. Set the
ISA service on CK2 to use SSL certificate on CK4
C. Set the TS gateway to use SSL HTTPS-HTTP bridging
                                       lTe


D. Export an SSL certificate on CK4 and install it on CK2. Set the TS gateway to accept SSL
certificate from CK2
                                tua




Answer: C

Explanation:
To configure the TS gateway on CK4 to use ISA 2006 on CK2, you have to configure the TS
                          Ac




gateway to use SSL HTTPS-HTTP bridging. The HTTPS-HTTP bridging works when the TS
gateway client initiates an SSL (HTTPS) request to the SSL bridging device. A new HTTP request
to the TS Gateway server is started by the SSL bridging device.



QUESTION NO: 74

CertKiller.com runs Terminal services on an Active Directory domain. As an administrator of
CertKiller.com, you configure the main office printer as the default printer on a Terminal server.
CertKiller.com has a stringent security policy which states that all the remote client computers
must meet the following requirements:


* The default printer on client computers must be the main office printer
* Users must also be able to access their local printers during a terminal session
                        "Pass Any Exam. Any Time." - www.actualtests.com                             54
                                  Microsoft 70-643: Practice Exam


To meet the company policy, you have to set a Group Policy Object by using the Terminal
Services Printer Redirection template. What should you do to achieve this objective?

A. In a session options, set the 'Do not set default client printer' to default printer Enabled. Apply
GPO to the Terminal Server
B. Set the Terminal services option on print to default printer and disable Easy printer driver. Apply
the GPO to the Terminal Server
C. Apply the GPO to all the client computers and configure their printer options to Set default
printer for office printer and local printers as user printers
D. Configure Easy Printer driver and disable the first option. Apply the GPO to the Terminal Server
E. None of the above

Answer: A

Explanation:




                                                             m
To set a Group Policy Object by using the Terminal Services Printer Redirection template, you
should access the session options and set the 'Do not set default client printer' to default printer
                                                      .co
Enabled and apply the GPO to the Terminal Server. When you set the default client printer to
default printer enabled, the main printer will become the default printer. The GPO will set the policy
                                               sts
of accessing the main office printer by default and the user printers will also be accessible during
their terminal session so if the default printer is busy or has any problems, the next available
printer (user printer) will automatically print the required document.
                                       lTe



QUESTION NO: 75
                                tua




You are an administrator at CertKiller.com. You manage a server named CK2 that runs Windows
Server 2008. You are instructed to publish an application using Terminal Services. All users must
be able to connect to the Terminal Services application by using the Remote Desktop Protocol. To
                          Ac




achieve this, you install and configure the Terminal Services Gateway (TS Gateway) role service
on CK2. You also configure a default domain policy to enable the Enable Connection through TS
gateway setting. But Users report that they cannot connect to the Terminal Services application.
What should you do to ensure that the users can access the Terminal Services application on the
intranet from the Internet?

A. Disable the Enable Connection through TS Gateway Group Policy setting
B. Configure the Remote Desktop connection on each client computer to Always Connect even if
the server authentication fails.
C. Create a GPO and link the TS Gateway server authentication to the domain
D. Create and configure the Set TS Gateway server address Group Policy and also configure the
IP address of the TS Gateway server. Link the configured GPO to the domain



                       "Pass Any Exam. Any Time." - www.actualtests.com                            55
                                 Microsoft 70-643: Practice Exam
Answer: D

Explanation:
To ensure that the users can access the Terminal Services application on the intranet from the
internet, you should create and configure the Set TS Gateway server address group policy and
also configure the IP address of the TS Gateway server. After that, link the configure GPO to the
domain.



QUESTION NO: 76

CertKiller.com has an Active Directory domain. All servers in the domain run Windows Server
2008. You install a Terminal Services Gateway (TS Gateway) role service on a server named S11.
The Terminal services role is installed on servers called S2 and S3. Both of these servers are
configured in a load balancing Terminal Server farm named TSFrm. You install and configure the




                                                           m
Terminal Services (TS) Session Broker service on a new server named S4. You need to configure
S2 and S3 to join the TS Session Broker. What should you do to achieve this task?
                                                    .co
A. Create a new Group Policy object (GPO) that assigns S4 to S2 and S3 as their session broker
server. Apply the GPO to S2 and S3.
                                              sts
B. Configure a Group Policy object (GPO) to set the Set TS Gateway server address option in the
Terminal Services Security section to Server1. Apply the GPO to all client computers.
C. Configure S2 and S3 to use the TS Gateway role service to access TS Session Broker.
                                      lTe


D. Configure a Group Policy object (GPO) to set require secure RPC communications option in the
Terminal Services Security section to False. Apply the GPO to S2 and S3.
                               tua




Answer: A

Explanation:
To configure S2 and S3 to join the TS session broker, you should create a new GPO that assigns
                         Ac




S4 to S2 and S3 as their session broker server. After that you can apply the GPO to S2 and S3.
The Group Policy Object will enable all three servers to act as session broker servers and when
you apply the GPO to the S2 and S3 server, both servers join the TS session broker.



QUESTION NO: 77

CertKiller.com has an active directory domain. You are the administrator of ES1, a server that runs
Windows Server 2008 and has the Terminal Services role and the Terminal Services Web Access
role installed on it. You install the Terminal Services Gateway role on ES1 and create the Terminal
Services connection authorization policy. Users are reporting that they cannot access ES1. What
should you do to ensure that the users can connect to ES1?




                      "Pass Any Exam. Any Time." - www.actualtests.com                          56
                                Microsoft 70-643: Practice Exam
A. Install and configure the Terminal Services Resource Authorization Policy (RAP) on ES1
B. Configure the Network Access Protection on ES1 and start the Terminal services gateway
service
C. Create a Terminal Services Group Policy Object and allow users to connect remotely to the
Terminal services setting on the GPO. Link the GPO to the domain controller
D. Create a Terminal services GPO and Set the TS Roaming profiles setting on the GPO
E. None of the above

Answer: A

Explanation:
To ensure that the users can connect to ES1, you should install and configure the Terminal
Services Resource Authorization Policy on ES1. RAP's are used to control which Terminal
Servers can be accessed through the Terminal Services Gateway.
Reference: http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Terminal-




                                                          m
Services-Gateway-Part2.html



QUESTION NO: 78
                                                   .co
                                             sts
You are an Administrator at CertKiller.com, you manage a member server that runs Windows
Server 2008. The Terminal Server Gateway (TS Gateway) role is installed on the member server.
You want to find out whether a group of users have ever connected to their workstations remotely
                                     lTe


through the TS Gateway server. What should you do to achieve this task?

A. Open the TS gateway console and view the events in the monitoring field
                              tua




B. View the Windows Server 2008 Event Viewer for TS Gateway connections
C. View Event Viewer security log
D. View the Event Viewer Terminal Services-gateway log
                        Ac




Answer: D

Explanation:
To find out whether a group of users have ever connected to their workstations remotely through
TS Gateway Server, you should check the Event View Terminal Services-gateway log. You can
access the Event Viewer Terminal Services-gateway log through the Windows Event Viewer. The
log will tell you about the connections made to the workstation through TS Gateway server.



QUESTION NO: 79

You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. The company has many remote users.



                      "Pass Any Exam. Any Time." - www.actualtests.com                         57
                                 Microsoft 70-643: Practice Exam
One of the servers on the network named CertKillerServer1 has the Terminal Services Gateway
(TS Gateway) role installed on it. The remote users of the company need to connect remotely to
desktop computers located in their offices through the gateway.


To ensure secure connections to the gateway, you created a security group named
RemoteUsersGrp1 for the remote users who need to connect to computers in their offices. Which
of the following options would you choose to enable the remote users to connect to the TS
Gateway? (Select two. Both the selected options will form a part of the answer.)

A. Create a resource authorization policy.
B. Create a client authorization policy.
C. Create a Group Policy object enable the Set TS Gateway authentication method properties to
Ask for credentials, use Basic protocol.
D. Add the RemoteUsersGrp1 security group and enable Device redirection.
E. Add the RemoteUsersGrp1 security group to the local remote desktop users group on the TS




                                                            m
Gateway server.
F. Add the RemoteUsersGrp1 security group and enable Users to connect to any resource.
G. Apply the policy to the TS Gateway server.        .co
Answer: B,D
                                              sts

Explanation:
To enable the remote users belonging to RemoteUsersGrp1 to connect to the TS Gateway, you
                                       lTe


need to create a client authorization policy. Add the RemoteUsersGrp1 security group and
enable Device redirection. A connection authorization policy (CAP) allows you to control who can
connect to the Terminal Server through the Terminal Services Gateway.
                               tua




The Device Redirection gives you the option of disabling redirection for trusted and remote client
devices. The tab contains a series of checkboxes that you can use to disable things like disk
                         Ac




drives, the Windows clipboard, printers, serial ports, and even plug and play devices.


Reference: Configuring the Windows Server 2008 Terminal Services Gateway (Part 2)/ Create a
Terminal Services Gateway CAP
http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Terminal-Services-
Gateway-Part2.html


Reference: An Overview of Longhorn Server's Terminal Service Gateway (Part 4)
http://www.msterminalservices.org/articles/Overview-Longhorn-Servers-Terminal-Service-
Gateway-Part4.html



QUESTION NO: 80


                      "Pass Any Exam. Any Time." - www.actualtests.com                           58
                                 Microsoft 70-643: Practice Exam
You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. One of the servers, CertKillerServer1 has the Terminal Services
Gateway (TS Gateway) role installed on it.
Which of the following options would you choose to provide a security group access to the TS
Gateway server?

A. Add the security group to the Remote Desktop Users group.
B. Add the security group to the TS Web Access Computers group.
C. Create and configure groups that can access Terminal Server through the TS Gateway through
a Resource Authorization Policy.
D. Create and configure groups that can access Terminal Server through the TS Gateway through
a Connection Authorization Policy.
E. None of the above

Answer: D




                                                           m
Explanation:
To provide a security group access to the TS Gateway server, you need to create and configure a
                                                    .co
Connection Authorization Policy. A connection authorization policy (CAP) allows you to control
who can connect to the Terminal Server through the Terminal Services Gateway. You can
                                             sts
configure what groups can access the Terminal Server through the TS Gateway.


Reference: Configuring the Windows Server 2008 Terminal Services Gateway (Part 2) / Create a
                                      lTe


Terminal Services Gateway CAP
http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Terminal-Services-
Gateway-Part2.html
                               tua




QUESTION NO: 81
                         Ac




You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 for hosting the Terminal Services role. A new CertKiller.com trainee
wants to know which TCP port should be opened on the CertKiller.com firewall to enable clients to
initiate RDP connections to terminal server through Terminal Services Gateway.


What should you do?

A. TCP port 80 must be opened.
B. TCP port 443 must be opened.
C. TCP port 25 must be opened.
D. TCP port 3389 must be opened.

Answer: B


                      "Pass Any Exam. Any Time." - www.actualtests.com                         59
                                Microsoft 70-643: Practice Exam
Explanation:
You should consider having the secured port 443 opened because the Terminal Services Gateway
communicates with clients using Secure Sockets Layer (SSL).
Incorrect Answers:
A: You should not consider having port 80 opened because this port is required for HTTP traffic
required for clients to communicate with the Web server behind the firewall.
C: You should not consider having port 25 opened because this port is used for SMTP traffic and
is not required for communication with the Terminal Services Gateway.
D: You should not consider having port 3389 opened because the port is used for direct RDP
connections without the Terminal Services Gateway and you require using the Gateway.



QUESTION NO: 82

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member




                                                           m
server named CKSERVER1 hosting the Terminal Server Gateway role. CertKiller.com has
decided to make use of a self signed server certificate which is used by SSL communications.
                                                    .co
CertKiller.com additionally wants to use an ISA server named CKSERVER2 as an SSL endpoint
for the Terminal Services Gateway. CertKiller.com wants to know which steps must be taken to
ensure CKSERVER2 communicates with CKSERVER1.
                                             sts

What should you do?
                                      lTe


A. The SSL certificate of CKSERVER1 must be exported to CKSERVER2.
B. The SSL certificate of CKSERVER2 must be exported to CKSERVER1.
C. HTTPS-HTTP bridging must be enabled between CKSERVER2 and CKSERVER1.
                               tua




D. TCP port 443 must be opened on CKSERVER2.

Answer: A
                         Ac




Explanation:
You should consider taking the action in this option because when external clients access the
internal Terminal Services Gateway via the ISA Server the ISA Server acts as a client to Terminal
Services gateway, exporting the certificate solves the problem.
Incorrect Answers:
B: You should not consider exporting the certificate this way because you are required to Terminal
Services Gateway certificate to the ISA Server.
C: You should not consider making the configurations suggested because you would not be using
the ISA Server an SSL endpoint for Terminal Services Gateway connections and will be sent
unencrypted through HTTP.
D: You should be aware that this port is required for communication but will not ensure the ISA
Server is able to communicate with the Terminal Services Gateway.



                      "Pass Any Exam. Any Time." - www.actualtests.com                         60
                                Microsoft 70-643: Practice Exam



QUESTION NO: 83

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Terminal Services Gateway role. CertKiller.com wants the
network users to connect to internal servers through the gateway. CertKiller.com additionally
created a security group named KingRemote for users connecting to the servers.


What should you do?

A. A group policy must be created and applied to all servers which the users use to connect.
The group policy should then specify connections to servers.
B. A resource authorization policy must be created and add KingRemote security group.
C. The KingRemote security group must be added to the remote desktop users group on each




                                                         m
server.
D. A client authorization policy must be created and add KingRemote security group.

Answer: D
                                                   .co
Explanation:
                                            sts

You should consider making use of a Client Authorization Policy (CAP) policy because CAP
policies are used to allow access through the Terminal Services Gateway server which ensures
                                     lTe


the network users connect to the internal servers through the gateway.
Incorrect Answers:
A: You should not consider making use of a group policy this way because the policy would not
                              tua




ensure you connect through to the Terminal Services Gateway server.
B: You should not consider creating a Resource Authorization Policies (RAP) because RAP
policies are used to grant access to resources once connected to the Terminal Services Gateway
server.
                        Ac




C: You should not consider having the KingRemote security group added to the remote desktop
users group as this will not ensure you would get through to the Terminal Services Gateway
server.



QUESTION NO: 84

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Terminal Services Server role and has a published
application. CertKiller.com has additionally installed the Terminal Services Gateway role on a
member server named CKSERVER2 for the published application to be available on the intranet
and Internet.


What should you do?
                      "Pass Any Exam. Any Time." - www.actualtests.com                         61
                                 Microsoft 70-643: Practice Exam
A. The Terminal Services Gateway role must be installed on the server with the application.
You should then link the two Terminal Services together.
B. The Set Terminal Services Gateway server authentication method Group Policy must be
enabled to ask for credentials.
You should then use NTLM protocol settings and link the GPO to the domain.
C. A default domain policy must be configured to enable the Enable Connection Through the
Terminal Services Gateway settings.
You should then configure the Set Terminal Services Gateway server address group policy and
configure the IP address of the Terminal Services Gateway.
D. On the Remote Desktop Connection Server Authentication must be configured to Always
Connect even when server authentication fails for all users.

Answer: C

Explanation:




                                                           m
You should consider having a default domain policy configured with the proper settings to ensure
that the users who do not directly connect to the terminal server are successful on the intranet.
Incorrect Answers:                                  .co
A: You should not consider making use of the configuration here because the gateway is used to
allow external user's access to internal resources using a tunnel so a second gateway is not
                                             sts
required.
B: You should not consider making use of the configuration here because you are required to
direct users to the gateway not require the usage of credentials for access.
                                      lTe


D: You should not consider making use of the configuration here because the configuration used
here would allow for a very serious security problem allowing anyone to connect.
                               tua




QUESTION NO: 85
                         Ac




You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 which has the Terminal Services Gateway role installed.
CertKiller.com has requested that you specify which security group is allowed access to
CKSERVER1.


What should you do?

A. A Connection Authorization Policy must be created and configured.
B. A Resource Authorization Policy must be created and configured.
C. The Remote Desktop Users group must be added to the security group.
D. The Terminal Services Web Access Computers group must be added to the security group.

Answer: A



                      "Pass Any Exam. Any Time." - www.actualtests.com                         62
                               Microsoft 70-643: Practice Exam
Explanation:
You should consider making use of a CAP policy because the CAP policies are used to control
which network users are able to access the Terminal Services Gateway server.
Incorrect Answers:
B: You should not consider making use of RAP policies because RAP policies are used to specify
the groups which remote users are able to access.
C: You should not consider having the Remote Desktop Users group added to the security group
because the Remote Desktop Users group is used to specify who are able to access the Terminal
Server.
D: You should not consider making use of the configuration suggestions because the Web access
does not need to be on the Terminal Server you should have the computer account of the
Terminal Services Web Access server added to the security group. Section 3, Configure Terminal
Services load balancing (8 Questions)




                                                        m
QUESTION NO: 86
                                                  .co
CertKiller.com is running Windows Server 2003 and Windows Server 2008 servers on their
corporate network domain. The Terminal Service Gateway role is installed on a Windows Server
2008 server named Serv1.
                                           sts

The Terminal Services role is installed on servers named Serv2 and Serv3, which are running
                                    lTe


Windows Server 2003. Serv2 and Serv3 are configured in a load balancing terminal Server Farm
name CertKillerTSLoad.
                              tua




A Terminal Server Broker Service is installed on a Windows Server 2008 server named Serv4 and
CertKillerTSLoad farm is added to the Terminal Server Broker Service configuration on Serv4.


You configured some applications to use TS Session Load Balancing Service and found that
                        Ac




TSSession Broker Load Balancing is not providing load balancing for Serv2 and Serv3.


What do you need to do to enable TS Session Broker Load Balancing Service on Serv2 and
Serv3?

A. Add Serv2 and Serv3 to the Session Broker Computers local group on Serv4
B. Load Balancing Service cannot be configured on Serv2 and Serv3 servers because Windows
Server2003-based terminal servers cannot use the TSSession Broker Load Balancing feature
C. Run remote Desktop Connection (RDC) version5.2 on clients connecting to Serv2 and Serv3
D. None of the above

Answer: B




                     "Pass Any Exam. Any Time." - www.actualtests.com                      63
                                 Microsoft 70-643: Practice Exam
Explanation:
:
The TS Session Broker Load Balancing Service is not providing load balancing for Serv2 and
Serv3 because Windows Server2003-based terminal servers cannot use the TSSession Broker
Load Balancing feature.


Reference: Windows Server 2008 TS Session Broker Load Balancing Step-by-Step Guide
http://technet2.microsoft.com/windowsserver2008/en/library/f9fe9c74-77f5-4bba-a6b9-
433d823bbfbd1033.mspx?mfr=true



QUESTION NO: 87

The CertKiller.com network domain is running Windows Server 2003 and Windows Server 2008
servers. The Terminal Services Gateway role is installed on a Windows 2008 server.




                                                           m
The Terminal Services role is installed on servers named New1, New2 and New3 and configured
                                                    .co
in a load balancing terminal Server Farm name NewTSLoad.


New2 and New 3 are running Windows Server 2003. A Terminal Server Broker Service is installed
                                             sts

on a new server named New1 and NewTSLoad farm is added to the Terminal Server Broker
Service configuration on New1.
                                      lTe


When you check event logs, you find an event ID: 1023 is getting generated. The event ID
description indicates TS session Broker farm service is in inconsistent state. What should you do?
                               tua




A. Install Terminal Server Broker Service on Windows Server 2008 servers.
B. Move Terminal server broker service on Windows server 2003 named New2 or New3.
C. Enable Terminal server broker service on Windows 2003 servers
                         Ac




D. Disable Terminal server broker service for Windows 2003 servers
E. None of the above

Answer: A

Explanation:
The Event ID: 1023 is getting generated and the event ID description indicates that TS session
Broker farm service is in inconsistent state because Terminal servers that are running Microsoft
Windows Server 2003 do not support TS Session Broker load balancing and therefore for load
balancing you need to install Terminal Server Broker Service on Windows Server 2008 servers .


Reference : Windows Server 2008 TS Session Broker Load Balancing Step-by-Step Guide
http://technet2.microsoft.com/windowsserver2008/en/library/f9fe9c74-77f5-4bba-a6b9-
433d823bbfbd1033.mspx?mfr=true

                      "Pass Any Exam. Any Time." - www.actualtests.com                         64
                                 Microsoft 70-643: Practice Exam



QUESTION NO: 88

CertKiller.com has servers that run Windows Server 2008. There are four terminal servers
installed in the domain. They are named CK2, CK3, CK4 and CK5. As an administrator at
CertKiller.com, you install the Terminal Server Session Broker role service on CK2.


What tool should you use to configure load balancing for the four terminal servers? You also have
to make sure that CK2 is the preferred server for TS sessions.

A. TS Gateway Manager
B. Group Policy Manager
C. Terminal Services Manager
D. Terminal Services Configuration.




                                                            m
E. None of the above

Answer: D                                            .co
Explanation:
You should use Terminal Services Configuration to configure load balancing for the four terminal
                                              sts

servers. It will also make CK3 the preferred server for TS sessions. Using NLB with Terminal
Services provide increased availability, scalability, and load-balancing performance, as well as the
                                       lTe


ability to distribute a large number of Terminal Services clients over a group of terminal servers.
                               tua




QUESTION NO: 89

You are an enterprise administrator for CertKiller.com. The corporate network of the company
consists of a single Active Directory domain. All the servers on the network run Windows Server
                         Ac




2008. The network consists of four servers configured as follows:
CertKillerServer1: The Terminal Services Gateway role service is installed.CertKillerServer2: The
Terminal Services role is installed and is configured in a load balancing Terminal Server farm
named TSLoad.CertKillerServer3: The Terminal Services role is installed is configured in a load
balancing Terminal Server farm named TSLoad.CertKillerServer4: Recently perfectly configured
with the Terminal Services (TS) Session Broker service that works correctly.


To handle the load distribution to the Terminal Server farm you have recently deployed a hardware
load balancing device that has specialized support for terminal servers and routing tokens to the
Terminal Server farm.


However, after this installation, you discovered that the TS Session Broker service has started
failing. Which of the following options would you choose to ensure that the TS Session Broker
works correctly?
                         "Pass Any Exam. Any Time." - www.actualtests.com                       65
                                  Microsoft 70-643: Practice Exam


What Group Policy object (GPO) should you create and apply to the Terminal Server farm?

A. Create a GPO that enables the Use TS Session Broker Load Balancing policy setting in the
Session Directory section of the Terminal Server Group Policy template and apply it to the
Terminal Server farm.
B. Create a GPO that disables the Use IP Address Redirection policy setting in the TS Session
Broker section of the Terminal Server Group Policy template and apply it to the Terminal Server
farm.
C. Create a GPO that enables the Use IP Address Redirection policy setting in the Session
Directory section of the Terminal Server Group Policy template and apply it to the Terminal Server
farm.
D. Create a GPO that disables the Use TS Session Broker Load Balancing policy setting in the
Session Directory section of the Terminal Server Group Policy template and apply it to the
Terminal Server farm.




                                                             m
E. None of the above

Answer: B                                             .co
Explanation:
                                               sts
To ensure that the TS Session Broker works correctly in the above given scenario, you need to
create a GPO that disables the Use IP Address Redirection policy setting in the TS Session
Broker section of the Terminal Server Group Policy template.
                                       lTe



The TS Session Broker service is failing because you have recently deployed a hardware load
balancing device that has specialized support for terminal servers and routing tokens to the
                                tua




Terminal Server farm. When routing tokens are used the IP address of the terminal server is not
sent to the client. Instead, the IP address is embedded in a token. This can happen when you
disable Use IP Address Redirection policy setting.
                          Ac




When a client reconnects to the load balancer, the routing token is used to redirect the client to
their existing session on the correct terminal server in the farm.


Reference: TS Session Broker
http://technet2.microsoft.com/windowsserver2008/en/library/8a46c71e-cc7d-4bf0-82cc-
8261f7c3069c1033.mspx?mfr=true



QUESTION NO: 90

You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. On the corporate network a Network Load Balancing cluster
named nlb.CertKiller.com is configured. The two hosts of the cluster are named as CertKillerWeb1

                       "Pass Any Exam. Any Time." - www.actualtests.com                              66
                                  Microsoft 70-643: Practice Exam
and CertKillerWeb2.


A single port rule has been configured for the cluster according to which all HTTP traffic is evenly
distributed between both of the hosts.


Which of the following options would you choose to configure the cluster in such a way that
CertKillerWeb2 handles all HTTPS traffic for nlb.CertKiller.com while ensuring the even distribution
of HTTP traffic between CertKillerWeb1 and CertKillerWeb2? (Choose two. Each correct answer
presents part of the solution.)

A. Change the Handling priority option for the TCP 443 port rule to the value of 0 in the properties
for CertKillerWeb1
B. Create a new port rule for port TCP 443 that has the Filtering mode option set to Single host in
the properties for the cluster.
C. Change the Handling priority option for the TCP 443 port rule to the value of 1 in the properties




                                                             m
for CertKillerWeb2.
D. In the properties for the cluster, create a new port rule for port TCP 443 that has the Filtering
                                                      .co
mode option set to Multiple host and the Affinity option set to the value of Single.

Answer: B,C
                                               sts

Explanation:
To configure the cluster so that CertKillerWeb2 handles all HTTPS traffic for nlb.CertKiller.com
                                        lTe


and evenly distribute the HTTP traffic between CertKillerWeb1 and CertKillerWeb2: You need to
create a new port rule for port TCP 443 that has the Filtering mode option set to Single host in the
properties for the cluster. The Single Host filtering mode directs the specified network traffic to a
                                tua




single host. For example, in an IIS Web farm in which only one server contains the SSL certificate
for a secure Web site, the single host port rule will direct port TCP 443 (SSL port) traffic to that
particular server.
                          Ac




And then in the properties for CertKillerWeb2, change the Handling priority option for the TCP 443
port rule to the value of 1


In Host Parameters, the Priority (Unique host identifier) specifies the handling priority option. This
parameter specifies a unique ID for each host. The host with the lowest numerical priority among
the current members of the cluster handles all of the cluster's network traffic that is not covered by
a port rule. You can override these priorities or provide load balancing for specific ranges of ports
by specifying rules on the Port rules tab of the Network Load Balancing Properties dialog box. In
this scenario there are two hosts, so the value 1 will equally distribute the load.


Reference: Network Load Balancing Step-by-Step Guide: Configuring Network Load Balancing
with Terminal Services To create an NLB cluster
http://technet2.microsoft.com/windowsserver2008/en/library/6e3fc3a6-ef42-41cf-afed-

                       "Pass Any Exam. Any Time." - www.actualtests.com                            67
                                  Microsoft 70-643: Practice Exam
602a60f562001033.mspx?mfr=true


Reference: Network Load Balancing Overview
http://www.tech-faq.com/network-load-balancing.shtml



QUESTION NO: 91

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 for running applications. CertKiller.com has an installation of a
program which does not use Microsoft Windows Installer packages but makes changes to the
registry during installation. CertKiller.com wants you to ensure that this application supports
multiple sessions.


What should you do?




                                                             m
A. The application must be installed for each user which uses the program.
                                                      .co
B. The chgusr /install command must be run and install the application.
When done installing run the chgusr /execute command.
C. The application must be installed using the RDC in console mode.
                                               sts
D. The chgusr /execute command must be run and install the application.
When done installing run the chgusr /install command.
                                        lTe


Answer: B

Explanation:
                                tua




When you are installing the application the first time the installer forces the application to create .
ini files in the system directory so when running the program first time the program locates the . ini
files in the system folder and copies it to the individual user's folders.
Incorrect Answers:
                          Ac




A: You should not consider installing the application on each user's computer because the
workload would be increased and will not ensure the application works for new users.
C: You should not consider installing the application using RDC in console mode because multiple
users are accessing the application on the computer.
D: You should not consider making use of the command syntax because you should first install the
application before executing the program.



QUESTION NO: 92

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of two member
servers named CKSERVER1 and CKSERVER2. CertKiller.com has requested that you configure
CKSERVER1 and CKSERVER2 for LOAD Balancing.


                       "Pass Any Exam. Any Time." - www.actualtests.com                            68
                                Microsoft 70-643: Practice Exam
What should you do?

A. An NPS listing must be configured on both servers.
B. Remote desktop must be configured to require secure RDC communications to the servers.
C. CKSERVER1 and CKSERVER2 must be added to a Session Broker Computer.
D. The CKSERVER1 Remote Desktop console must be opened and add CKSERVER2 to the
partner list.
You should then open CKSERVER2 Remote Desktop console and add CKSERVER1 to the
partner list.

Answer: C

Explanation:
You should consider having CKSERVER1 and CKSERVER2 added to the session broker
computer because the Terminal Services Session Broker enables a user to reconnect to an
existing session when using a load-balanced Terminal Server farm. Additionally the Session




                                                           m
Broker distributes the load between servers in the farm.
Incorrect Answers:
                                                    .co
A: You should not consider configuring NPS listing because NPS listing is used to centralize
storage, validation and management of Terminal Services access.
                                             sts
B: You should not consider having the security increased because this would not help Load
Balancing.
D: You should not consider making use of the utility suggested because there is no Remote
                                      lTe


Desktop console or partner list.
                               tua




QUESTION NO: 93

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Terminal Services role. CertKiller.com additionally has a
                         Ac




printer supporting only PostScript. CertKiller.com later ensures the users can print without
PostScript drivers installed. CertKiller.com wants you to ensure that Terminal Services
automatically provides generic printer support for the printer.


What should you do?

A. A GPO must be created which specified a Terminal Server fallback printer driver behavior
policy to PostScript if printer not found.
You should then apply the policy to all client computers.
B. A GPO must be created which specifies a Terminal Server fallback printer driver behavior policy
to PostScript if printer not found.
You should then apply the policy to CKSERVER1.
C. The PostScript driver must be added to CKSERVER1.


                      "Pass Any Exam. Any Time." - www.actualtests.com                         69
                                  Microsoft 70-643: Practice Exam
D. A GPO must be created which automatically installs PostScript drivers to all computers.

Answer: B

Explanation:
You should consider having the GPO created and applied to CKSERVER1 because this will
ensure that Terminal Services automatically provides generic printer support for a printer.
Incorrect Answers:
A: You should not consider having this GPO created because the GPO should be applied at the
Server not at the clients.
C: You should not consider having the Post Script driver added to CKSERVER1 because this will
not ensure that every client computer.
D: You should not consider having this GPO created because the GPO should be applied at the
Server not at the clients and will not point to the terminal session to the printer using the driver.
Section 4, Configure resource allocation for Terminal Services (4 Questions)




                                                             m
QUESTION NO: 94                                       .co
As an administrator at CertKiller.com, you install a member server named ebms1 that has
                                               sts
Windows Server 2008 as its primary operating system. The Terminal Services role is installed on
ebms1.
                                        lTe


The Terminal Server user profiles are in a folder named UPT on a server called CKTS. On
CKTS3, a home folder is placed for each user. As you monitor CKTS, you find out that there is
only 5% of hard disk space remaining because the users are saving their files in their profiles on
                                tua




CKTS instead of using their home folders.


You have to limit the amount of disk space allocated to each user to 200 MB. What should you do
                          Ac




to achieve that?

A. On the ebms1, configure a group policy object. Configure a default quota limit to 200 MB and
set a warning level policy
B. Create a new group policy object and link it to the CKTS. Configure the UPT folder to limit the
disk space quota to allocate 200 MB to all users.
C. Configure the disk quotas for the volume that hosts UPT folder. Limit the users to use only 200
MB of space.
D. Configure each profile by activating disk quota on each profile. Apply folder redirection settings
to redirect the users to save their files on CKTS3
E. None of the above

Answer: C



                       "Pass Any Exam. Any Time." - www.actualtests.com                            70
                                 Microsoft 70-643: Practice Exam
Explanation:
To limit the amount of disk space allocated to each user to 200 MB, you need to configure the disk
quotas for the volume that hosts the UPT folder and then limit the users to use only 200 MB of
space.
Configuring a quota limit through group policy will not help in Terminal services scenario. Also disk
quotas cannot be configured for each user profile rather it is configured on a volume or a folder.


Reference : WorKing with Quotas
http://technet2.microsoft.com/windowsserver2008/en/library/31790148-eaf1-4115-8a50-
4ce7a4503d211033.mspx?mfr=true


Reference : Setting Up File Sharing Services
http://safari.phptr.com/9780596514112/setting_up_file_sharing_services




                                                            m
QUESTION NO: 95
                                                     .co
In Windows Server 2008, Windows System resource manager (WSRM) uses resource-allocation
policies to determine how computer resources, such as CPU and memory, are allocated to
processes running on the computer.
                                               sts

Name the two resource-allocation policies that are specifically designed for computers running
                                       lTe


Terminal Services in Windows sever 2008 Terminal services environment?

A. Equal-Per-User and Equal-Per-Session
B. Per_user_Equal and Per_Session_Equal
                                tua




C. Equal_Per_User and Equal_Per_Session
D. User_Per_Equal and Session_Per_Equal
E. None of the above
                         Ac




Answer: C

Explanation:
:
The two resource-allocation policies that are specifically designed for computers running Terminal
Services in the Windows sever 2008 Terminal services environment are Equal_Per_User and
Equal_Per_Session


Reference : Terminal Services and Windows System Resource Manager /Resource-Allocation
Policies
http://technet2.microsoft.com/windowsserver2008/en/library/a25ed552-a42d-4107-b225-
fcb40efa8e3c1033.mspx?mfr=true



                       "Pass Any Exam. Any Time." - www.actualtests.com                           71
                                 Microsoft 70-643: Practice Exam



QUESTION NO: 96

You are an enterprise administrator for CertKiller.com. All the servers on the network run Windows
Server 2008. The network consists of 20 servers on which the Terminal Services role and the
Microsoft Windows System Resource Manager (WSRM) features are installed.


On one of the servers called CertKillerServer1, you have recently configured a resource-allocation
policy with all of the required custom settings. Which of the following options would you choose to
configure the WSRM settings on all servers to match the WSRM settings on CertKillerServer1?

A. Configure the Remote WSRM accounting option of CertKillerServer1 on each server by
enabling the Accounting function on each server.
B. Export the registry key, HKLM\SYSTEM\CurrentControlSet\Services\WSRM on




                                                           m
CertKillerServer1 and import the registry key on other servers.
C. Using the WSRM console on CertKillerServer1, export the WSRM settings to a shared folder
                                                    .co
and then import the WSRM settings from others servers using the WSRM console from the shared
folder.
D. Backup the system state data on and then restore the System State data on each server.
                                              sts
E. None of the above

Answer: C
                                      lTe


Explanation:
To configure the WSRM settings on all the servers to match the WSRM settings on
                               tua




CertKillerServer1, you need to use the WSRM console on CertKillerServer1 to export the WSRM
information to a shared folder. Use the WSRM console to import the WSRM information from the
shared folder. The WSRM settings can be imported or exported using command line or WSRM
console.
                         Ac




Enabling accounting function will not help also, you cannot copy the registry settings from one
system to another to duplicate the WSRM settings. You also cannot use Backup tool for this
purpose because you cannot copy the system state from the system to another to duplicate the
WSRM settings from one computer to another.


Reference : Implementing Windows System Resource Manager/ Running WSRM in a clustered
Environment
http://www.docstoc.com/docs/284328/redp3701



QUESTION NO: 97



                      "Pass Any Exam. Any Time." - www.actualtests.com                            72
                                 Microsoft 70-643: Practice Exam
You are an enterprise administrator for CertKiller.com. The corporate network of the company
consists of an Active Directory domain. All of the servers on the network run Windows Server
2008. The network runs the Terminal services role on a server to enable remote users to run
commonly required applications from their terminal.


A Terminal Services application called App1 that runs on the server has suddenly stopped
responding. To diagnose the problem, you monitored the memory usage on the server for a week
and discovered that App1 application has a memory leak.


To resolve the problem, you first looked for a patch but no patch was currently available. So you
created a new resource-allocation policy in Microsoft Windows Server Resource Manager and
configured a Process Matching Criteria named TrackMem for the application.


Which of the following options would you choose to terminate the application when the application
consumes more than half of the available memory on the server? (Select two. Each selected




                                                            m
answer will form a part of the answer)

                                                     .co
A. Configure the resource-allocation policy and set the maximum working set limit option to half
the available memory on the server.
B. Configure the resource-allocation policy and set the maximum committed memory option to half
                                              sts
the available memory on the server.
C. Set the new policy as a Profiling Policy.
D. Set the new policy as a Managing Policy.
                                       lTe



Answer: B,D
                                tua




Explanation:
To terminate the application when the application consumes more than half of the available
memory on the server, you need to configure the resource-allocation policy and set the maximum
                         Ac




committed memory option to half the available memory on the server and then set the new policy
as a Managing Policy.


A memory limit should be set when an application is leaking memory from the Memory tab. Select
the Use Maximum Committed Memory For Each Process check box. In Maximum Committed
Memory Limit Per Process, you can type a value in megabytes. The Maximum Committed Memory
Limit Per Process field allows you to limit the memory on per process basis.


Now you're ready to set the new resource allocation policy to manage the computer. In the
console tree, click Resource Allocation Policies. In the details pane, right-click the resource
allocation policy you want to set, and then click Set As Managing Policy. This is because this
policy is for computer management and not for profile management.


Reference: Use Windows System Resource Manager to control a server's powers

                       "Pass Any Exam. Any Time." - www.actualtests.com                           73
                                Microsoft 70-643: Practice Exam
http://articles.techrepublic.com.com/5100-10878_11-5054954.html




Section 5, Configure Terminal Services licensing (7 Questions)



QUESTION NO: 98

There is an Active Directory domain at CertKiller.com's corporate network. On the member server,
CK1, terminal services is installed and on a new test server called CK2 in a workgroup
environment, the Terminal Licensing role is installed.


On CK2, you wanted to enable the Terminal Services per User Client Access License (CAL) mode
but you were not able to do so. What should you do to ensure that you can employ Terminal




                                                          m
Services per User CAL mode on CK2?

A. Connect CK2 to the Active Directory domain      .co
B. Configure Terminal Service Per User CAL on CK1 and connect CK2 to CK1
C. Configure the license keys obtained from Microsoft Clearinghouse and enter these into the
                                             sts
licensing server
D. Configure a group policy object for CK1 to sue CK2 for licensing. Apply the GPO on CK1
E. None of the above
                                     lTe



Answer: A
                              tua




Explanation:
To ensure that you could employ Terminal Services per User CAL mode on CK2, you need to
connect CK2 to the Active Directory domain because TS Per User CAL tracking and reporting is
supported only in domain-joined scenarios.
                        Ac




Reference : TS Licensing/Are there any special considerations?
http://technet2.microsoft.com/windowsserver2008/en/library/5a4afe2f-5911-4b3f-a98a-
338b442b76041033.mspx?mfr=true



QUESTION NO: 99

The Terminal Services role is installed on a member server named Srv1. The Terminal Services
Licensing role is installed on a new test server named TestSrv in a workgroup.


You cannot enable the Terminal Services Per User Client Access License (CAL) mode in the
Terminal Services Licensing role on TestSrv.


What should you do to ensure that you could use the Terminal Services Per User CAL mode on
                     "Pass Any Exam. Any Time." - www.actualtests.com                      74
                                  Microsoft 70-643: Practice Exam
test server?

A. Join TestSrv to the domain.
B. Obtain license keys from Microsoft Clearinghouse. Enter the keys into the Licensing server.
C. Configure Srv1 to use TestSrv for the Terminal Services Licensing role. Reconfigure Test
Server for the Terminal Services Per User CAL mode
D. Install the Terminal Services Gateway role on Srv1. Configure a group policy object that
configures Server1 to use test Server for licensing. Apply the policy to Srv1
E. None of the above

Answer: A

Explanation:
To ensure that you could employ Terminal Services per User CAL mode on CK2, you need to
connect CK2 to the Active Directory domain because TS Per User CAL tracking and reporting is
supported only in domain-joined scenarios.




                                                             m
Reference : TS Licensing / Are there any special considerations?
                                                      .co
http://technet2.microsoft.com/windowsserver2008/en/library/5a4afe2f-5911-4b3f-a98a-
338b442b76041033.mspx?mfr=true
                                               sts

QUESTION NO: 100
                                       lTe


CertKiller.com has a server that runs Windows Server 2003. It has an Active Directory domain.
There is a server named CK7 on the network that runs Windows Server 2008. Another server
                                tua




named CK9 runs Windows Server 2003. The terminal services role is installed on CK7 and the
Terminal Services Licensing role service is installed on CK9. You need to set the Terminal
Services Per User Client Access License (TS Per User CAL) tracking and reports to work on both
the servers. What should you do to achieve this objective?
                          Ac




A. On CK9, uninstall the terminal services licensing role and install it on CK7. Then, configure TS
Per User CAL tracking and reporting on CK7
B. Configure the CK7 by adding terminal services licensing role on it. Install terminal services role
on CK9 and activate Tracking and reporting
C. Configure the Terminal Services Licensing Server on CK9
D. Add CK7 in the Windows Server 2003 Terminal services licensing service

Answer: A

Explanation:
To set the Terminal Services Per User CAL tracking and reports to work on both the servers, you
should uninstall the terminal services licensing role on CK9 and install it on CK7. After that, you
should configure TS Per User CAL tracking and reporting on CK9.

                       "Pass Any Exam. Any Time." - www.actualtests.com                            75
                                 Microsoft 70-643: Practice Exam



QUESTION NO: 101

You are an enterprise administrator for CertKiller.com. The corporate network of the company
consists of a single Active Directory domain. All the servers on the network run Windows Server
2008. The network consists of two servers configured as follows:
CertKillerServer1 (Member server): The Terminal Services role is installed.CertKillerServer2 (Test
server in a workgroup environment): The Terminal Services Licensing role service is installed.


You wanted to use Terminal Services Per User Client Access License (TS Per User CAL) mode
on CertKillerServer2. However, you were not able to enable the TS Per User CAL mode in the
Terminal Services Licensing role service on CertKillerServer2.


Which of the following options would you choose to ensure that you can use TS Per User CAL




                                                           m
mode on CertKillerServer2?

A. Disjoin CertKillerServer1 from the domain.       .co
B. Extend the schema to add attributes for Terminal Services Licensing.
C. Join CertKillerServer2 to the domain.
                                              sts
D. Create a Group Policy object (GPO) that configures CertKillerServer1 to use CertKillerServer2
for licensing.
E. None of the above
                                      lTe



Answer: C
                               tua




Explanation:
To ensure that you can use TS Per User CAL mode on CertKillerServer2, you need to join
CertKillerServer2 to the domain. This is because the TS Per User CAL tracking and reporting is
supported only in domain-joined scenarios (the terminal server and the license server are
                         Ac




members of a domain) and is not supported in workgroup mode.


Reference : Terminal Services Licensing (TS Licensing) / Are there any special considerations
about TSLicensing?
http://technet2.microsoft.com/windowsserver2008/en/library/04bf6206-1546-4326-a9a0-
b32bc50aeb8d1033.mspx?mfr=true



QUESTION NO: 102

You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. The corporate network consists of a web server named
CertKillerServer1, which uses an SSL certificate from a public certification authority (CA). The
users access the server through Internet using the URLS: http://www.CertKiller.com and
                        "Pass Any Exam. Any Time." - www.actualtests.com                         76
                                   Microsoft 70-643: Practice Exam
https://www.CertKiller.com.


Due to heavy traffic on the server, the company has decided to configure a Network Load
Balancing cluster on the network so that the traffic can be load balanced between two servers.


To implement the idea, an additional Web server named CertKillerServer2 was installed and the
Network Load Balancing cluster configured using both the servers to distribute the incoming HTTP
and HTTPS traffic between both the Web servers.


Which of the following options would you choose to configure an SSL certificate on
CertKillerServer2 to support HTTPS connections so that all users can connect to
https://www.CertKiller.com without receiving security warnings?

A. Export the SSL certificate to a .pfx file. Import the .pfx file to CertKillerServer2 from IIS Manager
console on CertKillerServer1.




                                                               m
B. Create a self-signed certificazte from IIS Manager console on CertKillerServer2.
C. Request a new SSL certificate from the public CA. Use CertKillerServer2 as the Common
                                                       .co
Name in the request and then install the new certificate on CertKillerServer2.
D. Export the SSL certificate to a .cer file and Import the .cer file to CertKillerServer2 from the
Certificates console on CertKillerServer1.
                                                sts

Answer: A
                                         lTe


Explanation:
To configure an SSL certificate on CertKillerServer2 also to support HTTPS connections so that all
users can connect to https://www.CertKiller.com without receiving security warnings, you need to
                                 tua




configure the same certificate that exists on CertKillerServer1 on CertKillerServer2. To do this you
need to export the SSL certificate to a . pfx file and import the . pfx file to CertKillerServer2. The
certificate can be exported to pfx file therefore you need to export it to . pfx file and not . cer file.
                          Ac




Reference: Exporting Existing SSL OWA Certificates from Exchange 2003 FES to Exchange
2007 SP1 CAS on Windows2008
http://telnetport25.wordpress.com/2008/03/28/exporting-existing-ssl-owa-certificates-from-
exchange-2003-fes-to-exchange-2007-sp1-cas-on-windows-2008/



QUESTION NO: 103

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Terminal Services role. CertKiller.com has requested that
you ensure that an application installed to CKSERVER1 supports multiple users.


What should you do?

                        "Pass Any Exam. Any Time." - www.actualtests.com                              77
                                Microsoft 70-643: Practice Exam
A. The Mstsc command must be used.
B. The Qappsrv command must be used.
C. The chglogon command must be used.
D. The chgusr command must be used.

Answer: D

Explanation:
You should make use of the chguser command because running the command before installing
the application would create . ini files for the application in the system directory ensuring when
users run the application they will be capable of saving their personal settings.
Incorrect Answers:
A: You should not consider making use of the Remote Desktop Connection (mstsc.exe) because
the command is used to launch the Terminal Services client.
B: You should not consider making use of the Qappsrv command because the Qappsrv command




                                                           m
is used to display the list of all terminal servers on the network.
C: You should not consider making use of the chglogon command because the chglogon
                                                    .co
command is used to enable or disable logons from client sessions on the terminal server.
                                             sts
QUESTION NO: 104

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
                                      lTe


server named CKSERVER1 hosting the Terminal Server role. CertKiller.com recently created and
distributed RDP files for a KingRemote program. CertKiller.com later discovers the application
performs poorly and requires moving to a more powerful server. CertKiller.com wants you to
                               tua




ensure that the users are able to connect to the KingRemote program.


What should you do? (Choose two)
                         Ac




A. On the old server Terminal Services RemoteApp Manager you must change the Terminal
Server settings to the server name of the more powerful server.
B. The properties of the existing RDP file should be modified and redistributed to the users.
C. A new Terminal Services Web Access site must be created for the new terminal server and
publish the application to the new site.
D. An RDP file must be re-created for the KingRemote program after migrating and distributing the
file to the users.

Answer: C,D

Explanation:
You should follow these instructions because the new TS Web access site would list the
KingRemote program and point to the new location. The old RDp file will no longer be used
because you are required to re-create the file and distribute the file to users.

                      "Pass Any Exam. Any Time." - www.actualtests.com                         78
                                 Microsoft 70-643: Practice Exam
Incorrect Answers:
A: You should not consider this configuration because you ill be able to change the server name in
Terminal Server Settings but is only performed when local servers are part of a farm and will not
help solve the problem.
B: You should not consider modifying the existing RDP file because you would only be able to
modify some of the settings but not the location of the KingRemote program to which it would be
pointing. Section 6, Configure Terminal Services client connections (12 Questions)



QUESTION NO: 105

CertKiller.com is running Windows Server 2008 on a server called CKS2. The Terminal Services
role is installed on CKS2.


You installed a new Terminal Services application on CKS2. The new application vendor assured




                                                            m
you that the application can be installed in a Terminal Services environment. He also informed you
that the application does not use Windows Installation packages for installation and that it makes
                                                     .co
changes in the user registry during installation process.


After the installation, the users complained that application is not responding. When you
                                              sts

diagnosed the problem, you found that the sessions are disconnected and that the application is
not accepting multiple sessions. What should you do to make sure that the application accepts
                                       lTe


multiple sessions?

A. Execute the command chguser/install on CKS2 and install the application. Execute the
chgusr/execute after installing the application on the CKS2
                                tua




B. Execute chgusr/disable on CKS2 and install the application. Run the chgusr on user computers
to allow multiple sessions
C. Execute chglogon/execute command after installing the application on the CKS2 and execute
                         Ac




chglogon/muliplesessions on each client computer
D. Run mstsc/v:CKS2/enable command on the client computer and then install the application
E. None of the above

Answer: A

Explanation:
To make sure that the application accepts multiple sessions on a terminal server, you need to
execute the command chguser /install on CKS2 and install the application. Execute the chgusr
/execute after installing the application on the CKS2. IF you install an application using chuser
/install command the application will be installed for multiple users to be able to use them,
otherwise they will be installed in single user mode and can only be run directly from the server
itself by the local admin.
Reference : Forums / Topic Title : Why reinstall apps after Terminal Server installation?

                       "Pass Any Exam. Any Time." - www.actualtests.com                             79
                                 Microsoft 70-643: Practice Exam
http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=45&threadid=83425&enterthr
ead=y



QUESTION NO: 106

CertKiller network has a terminal server named TERM1 running on Windows server 2008.


You are running some business applications on the terminal server for the remote users in a
branch office of the company, who will be remotely accessing these applications from this terminal
server. You have configured the user accounts to provide them a Terminal Services-specific
profile and a home folder.


While testing the connection, you discover that the Terminal server profile has failed to load and
the event ID: 1046 has been generated and logged to the event viewer. What should you do now?




                                                           m
A. Specify a new location for the Terminal Services profile path, ensuring that the path does not
exceed 256 characters                               .co
B. Specify the Terminal Services profile path by using Group Policy
C. Establish a remote session with the terminal server and check that the user's desktop and other
                                              sts
settings
D. None of the above
                                      lTe


Answer: A

Explanation:
                               tua




The event ID: 1046 generates when the profile path is more than 256 characters in length.
Therefore to resolve the problem, you need to specify a new location for the Terminal Services
profile path, ensuring that the path does not exceed 256 characters.
                         Ac




Reference: Event ID 1046 - Terminal Services User Configuration
http://technet2.microsoft.com/windowsserver2008/en/library/f4c0f0c3-19c9-4220-b1c6-
07c3590db9f41033.mspx?mfr=true



QUESTION NO: 107

CertKiller.com has a server that runs Terminal Services. As an administrator at CertKiller.com, you
plan to install an application update for an application named tsap.exe on the Terminal Server.
While checking the application, you notice that instances of the tsap.exe process are running even
after the users have disconnected.


In order to perform an application update, you need to terminate all instances of tsap.exe process.
Which two actions would you perform to achieve this objective? (Choose two answers. Each
                       "Pass Any Exam. Any Time." - www.actualtests.com                          80
                                 Microsoft 70-643: Practice Exam
answer is a part of a complete solution)

A. Open Terminal Services Manager Console and end all instances of tsap.exe
B. Execute the TSapp - getprocess command on Terminal server
C. End all instances of the tsap.exe and restart the server. Execute a appkill command to stop the
application immediately
D. On the Terminal Server, execute Tskill tsap/a command
E. None of the above

Answer: A,D

Explanation:
To terminate all instances of tsap.exe process, you have to end all instances of tsap.exe process
by accessing the Terminal Services Manager Console. The processes are displayed there. You kill
the unwanted process by terminating a process. Use Microsoft Management Console to access
the Terminal Services Manager console snap-in. After doing this, you have to execute a Tskill




                                                            m
tsap /a command to end active processes. You can end the process by right-clicking on the
process in the processes tab in Terminal Services Manager and clicking End process or you can
                                                     .co
use tskill command to do this. If you end a process through this command, no notification will be
sent to the user. The process is ended immediately.
                                              sts

QUESTION NO: 108
                                       lTe


CertKiller.com has an Active Directory domain installed on a server that runs Windows Server
2008. Another server named S3 also runs Windows Server 2008. All client machines have
                               tua




Windows Vista. CertKiller.com has instructed you to install the Terminal Services role, Terminal
Services Gateway role and Terminal Services Web Access role service on S3. To protect the
network, you want to ensure that all client machines have firewall, antivirus software and anti-
spyware software installed. Which actions should you perform to achieve this task? (Select two
                         Ac




answers. Each answer is a part of a complete solution)

A. Configure Windows Authorization Access domain local security group and add Terminal
Services client computers
B. Configure Terminal Services client computers to access the Terminal Services health policy.
C. Set the Request clients to send a health option statement in the Terminal Services client
access policy
D. Install and configure Network Access Protection (NAP) on a server in the domain

Answer: C,D

Explanation:
To ensure that all client machines have firewall, antivirus software and anti-spyware software
installed, you should set the Request clients to send a health option statement in the Terminal

                      "Pass Any Exam. Any Time." - www.actualtests.com                             81
                                Microsoft 70-643: Practice Exam
Services client access policy and install and configure Network Access Protection (NAP) on a
server in the domain



QUESTION NO: 109

CertKiller.com has an Active Directory domain. Terminal Services is installed on a server. All
terminal services accounts are configured to allow session takeover without permission. A user is
logged on to a server named S2 using an account named U1. The terminal session ID for U1 is
1209. Which command should you run to perform a session takeover for Terminal session ID
1209?

A. Beown/U U1 1209, and the execute TSconnection 1209
B. Tsdiscon 1209, and then Tscon 1209
C. Chgport/U U1 1209




                                                           m
D. chguser 1209, Tscon 1209
E. None of the above

Answer: B
                                                    .co
Explanation:
                                             sts

To perform a session takeover for the Terminal session ID 1209, you should run Tsdiscon 1209
and then Tscon 1209. You can use the tsdiscon command to disconnect an active Terminal
                                      lTe


Services session. The session remains attached to the Terminal Services server in a disconnected
state. Programs that are currently in use continue to run. When you reconnect to the Terminal
Services server, you can reconnect by using the same session from which you disconnected. You
                               tua




can resume working without any loss of data in the programs that were running when you
disconnected. You can use the tscon command to connect to another Terminal Services user
session. You can connect to sessions that are in an active or disconnected state. When you
connect to another session, you are disconnected from your previous session. If you create more
                         Ac




than one session on a server, you can use this option to switch between the sessions.


Reference: http://support.microsoft.com/kb/321703 - http://support.microsoft.com/kb/321705



QUESTION NO: 110

You are an enterprise administrator for CertKiller.com. All the servers on the network run Windows
Server 2008. The network consists of a Terminal Server.


Which of the following options would you choose to configure the Terminal Server to end any
sessions that are inactive for more than one hour?



                      "Pass Any Exam. Any Time." - www.actualtests.com                         82
                                 Microsoft 70-643: Practice Exam
A. Modify the RDP-Tcp settings from Terminal Services Configuration.
B. Modify the User logon mode setting from Terminal Services Configuration.
C. Create a new group from Terminal Services Manager.
D. Delete the inactive sessions from Terminal Services Manager.

Answer: A

Explanation:
To configure the Terminal Server to end any sessions that are inactive for more than one hour,
you need to modify the RDP- Tcp settings from Terminal Services Configuration.


You can configure the properties of the terminal server's RDP-TCP connection to provide better
protection. You can set session time limits that help to ensure that sessions are not left unattended
and active for long periods




                                                            m
Reference : How Secure are Windows Terminal Services? / Securing the RDP-TCP Connection
http://www.windowsecurity.com/articles/Windows_Terminal_Services.html
                                                     .co
QUESTION NO: 111
                                               sts

You are an enterprise administrator for CertKiller.com. The corporate network of the company
consists of a single Active Directory domain. All the servers on the network run Windows Server
                                       lTe


2008. The network contains a server named CertKillerServer1 that has the Terminal Services role
is installed on it.
                                tua




You have recently deployed a remote application called APP1 on the Terminal server. You need to
ensure that the company's security policy that states that users should not be allowed to copy and
paste information to a local computer during a Terminal Services session, requirements must be
                         Ac




met while configuring Terminal Services.


Which of the following options would you choose to accomplish this task?

A. In the RDP-Tcp Client Setting properties for the server, disable the Drive option.
B. In the RDP Settings for the published application, deselect the Clipboard option.
C. Enable the Use temporary folders per session option.
D. Change the Security Encryption Level to FIPS Compliant.

Answer: B

Explanation:
To ensure that the users are not allowed to copy and paste information to a local computer during
a Terminal Services session, you need to deselect the Clipboard option in the RDP Settings for
the published application

                       "Pass Any Exam. Any Time." - www.actualtests.com                           83
                                  Microsoft 70-643: Practice Exam
When connecting to a terminal server using an RDP client, many of the local resources are
available within the remote session, including the client file system, smart cards, audio (output),
serial ports, printers (including network), and the clipboard. These redirection facilities allow users
to easily take advantage of the capabilities of their client device from within the remote session.
Similarly clipboard can be used to copy and paste information to local computer. To stop the copy
paste, you need to go to Terminal Services Configuration and on the Client Settings tab, under
Disable the following Clipboard mapping to disable client clipboard mapping.


Reference : Configure settings for mapping client devices/ Using Terminal Services Configuration
http://technet2.microsoft.com/windowsserver/en/library/17d44d9a-cf4b-4a6a-94ec-
093cb5f8b2b71033.mspx?mfr=true


Reference : Frequently Asked Windows Terminal Services Questions! / New Features and
Improvements
http://www.msterminalservices.org/faq/WindowsTerminalServices/?page=5




                                                              m
QUESTION NO: 112
                                                       .co
You are an enterprise administrator for CertKiller.com. The corporate network of the company
                                                sts

consists of an Active Directory domain. All the servers on the network run Windows Server 2008.
The network runs Terminal services to enable remote users to run commonly required applications
                                        lTe


from their terminal.


An organizational unit (OU) called TermSerUsers have been configured for the standard users
                                 tua




who connect to the Terminal Server and an OU called TermSerAdmin is configured for the
administrative users.


Besides these two types of users, no other user can connect to the Terminal Server. Which of the
                          Ac




following options would you choose to ensure that only members of the TermSerAdmin OU can
run the Remote Desktop Protocol files?

A. Create a GPO and disabled the Allow .rdp files from unknown publishers policy setting in the
Remote Desktop Client Connection template. Apply the GPO to the TermSerUsers OU.
B. Create a GPO) and enable the Allow .rdp files from valid publishers and users default .rdp
settings policy setting in the Remote Desktop Client Connection template. Apply the GPO to the
TermSerUsers OU.
C. Create a GPO and enable the Allow .rdp files from valid publishers and users default .rdp
settings policy setting in the Remote Desktop Client Connection template. Apply the GPO to the
TermSerAdmin OU.
D. Create a GPO and enable the Specify SHA1 thumbprints of certificates representing trusted
.rdp publishers policy setting in the Remote Desktop Client Connection template. Apply the GPO
to the TermSerAdmin OU.
                       "Pass Any Exam. Any Time." - www.actualtests.com                              84
                                   Microsoft 70-643: Practice Exam
Answer: C

Explanation:
To ensure that only members of the TermSerAdmin OU can run the Remote Desktop Protocol
files, you need to enable the Allow . rdp files from valid publishers and users default . rdp settings
policy setting in the Remote Desktop Client Connection template.


This policy setting allows you to specify whether users can run Remote Desktop Protocol (. rdp )
files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by
an authority recognized by the client, such as the issuers in the client's Third-Party Root
Certification Authorities certificate store. This policy setting also controls whether the user can start
an RDP session by using default . rdp settings (for example, when a user directly opens the
Remote Desktop Connection [RDC] client without specifying an . rdp file).


If you enable this policy setting, users can run . rdp files that are signed with a valid certificate.




                                                                m
Users can also start an RDP session with default . rdp settings by directly opening the RDC client.
When a user starts an RDP session, the user is asked to confirm whether they want to connect.
                                                        .co
If you disable this policy setting, users cannot run . rdp files that are signed with a valid certificate.
Additionally, users cannot start an RDP session by directly opening the RDC client and specifying
                                                 sts
the remote computer name. When a user tries to start an RDP session, the user receives a
message that the publisher has been blocked
                                         lTe


Reference: Remote Desktop Connection Client
http://technet2.microsoft.com/windowsserver2008/en/library/76fb7e12-b823-429b-9887-
05dc70d28d0c1033.mspx?mfr=true
                                  tua




QUESTION NO: 113
                           Ac




You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 running a Server Core installation of Windows Server 2008.
CertKiller.com has requested that you enable Remote Desktop on CKSERVER1 and enable the
server to accept connections from clients configured with RDP versions before 6.0


What should you do?

A. The cscript scregedit.wsf /CS 1 command must be used.
B. The cscript scregedit.wsf /CS 0 command must be used.
C. The cscript scregedit.wsf /AR 1 command must be used.
D. The cscript scregedit.wsf /AR 0 command must be used.




                        "Pass Any Exam. Any Time." - www.actualtests.com                                85
                                 Microsoft 70-643: Practice Exam
Answer: A,B

Explanation:
By using the cscript scregedit.wsf /CS 0 command you would effectively be ensuring that the
client operating systems running Windows XP Professional or previous versions of Windows are
able to establish Remote Desktop connections as this command enables them to. Additionally the
cscript scregedit.wsf /CS 1 command ensures that Remote Desktop connections are accepted.
Incorrect Answers:
C: You should not consider making use of this command because the cscript scregedit.wsf /AR 1
command is used to block Remote Desktop connections on a local Server Core installation of
Windows Server 2008.
D: You should not consider making use of this command because the cscript scregedit.wsf /AR 0
command is used to block Remote Desktop connections to client operating systems running
Windows XP Professional or previous versions of Windows.




                                                           m
QUESTION NO: 114
                                                    .co
You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Terminal Services role. The CertKiller.com network users
                                             sts
connect to CKSERVER1 for running a line-of-business application. CertKiller.com later discovers
that the user profiles are consuming the total disk capacity of CKSERVER1. CertKiller.com wants
the users to have the ability to save their own data whilst preventing profiles from consuming the
                                      lTe


storage capacity of CKSERVER1.


What should you do?
                               tua




A. Disk quotas must be configured for the logical disk of each user connecting to CKSERVER1.
B. Group Policy must be used to assign Terminal Services roaming user profiles to users who
                         Ac




connect to CKSERVER1.
C. Group Policy must be used to assign mandatory profiles to users connecting to CKSERVER1.
D. Disk quotas must be configured for the disk on CKSERVER1 where the user profiles are
stored.

Answer: D

Explanation:
You should implement disk quotas because implementing disk quotas would ensure that the size
of the user profiles are not exhausting the storage capacity of the hard disk.
Incorrect Answers:
A: You should not consider assigning each user local disk as disk quotas as you would additionally
be required to store profiles in separate locations with more storage capacity.
B: You should not consider using the Terminal Services Roaming profile because the roaming
profile is stored on a remote server not the local computer and assigning each user local disk as
                      "Pass Any Exam. Any Time." - www.actualtests.com                          86
                                 Microsoft 70-643: Practice Exam
disk quotas would not solve the problem.
C: You should not consider having mandatory profiles used because mandatory profiles would not
allow the users to save their own data.



QUESTION NO: 115

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Terminal Services role. CertKiller.com network users
complained about applications responding slowly. You investigate using the quser command and
notice multiple disconnected sessions with idle times of two days. CertKiller.com wants you to
reduce the strain by eliminating disconnected sessions which are idle for two days.


What should you do?




                                                           m
A. The Tscon command must be used.
B. The Tskill command must be used.
C. The Rwinsta command must be used.
D. The Tsdicon command must be used.
                                                    .co
                                              sts
Answer: C

Explanation:
                                      lTe


You should make use of the Rwinsta command because the Rwinsta command is used for
resetting sessions to delete a user session on the terminal server which should free up additional
resources.
                               tua




Incorrect Answers:
A: You should not make use of the Tscon command because the Tscon command is used to
connect to a disconnected session and does not end user sessions.
B: You should not make use of the Tskill command because the Tskill command is used to end
                         Ac




individual processes on the terminal server and does not end user sessions.
D: You should not make use of the Tsdicon command because the Tsdicon command is used to
disconnect user sessions which are currently connected, you are required to delete disconnected
sessions not disconnect active ones.



QUESTION NO: 116

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Terminal Services role. CertKiller.com has a network user
using Windows XP Professional SP1 trying to access the Terminal server. CertKiller.com
discovers that the user can not use 32-bit color when accessing programs on the Terminal server.


What should you do?
                      "Pass Any Exam. Any Time." - www.actualtests.com                          87
                                Microsoft 70-643: Practice Exam
A. Windows XP SP1 must be upgraded to Windows XP SP2 and install Remote Desktop
Connection 6.0.
B. RDC 6.0 must be installed.
C. RDC 6.1 must be installed.
D. Windows XP SP1 must be upgraded to Windows XP SP2.

Answer: A

Explanation:
You should ensure that the network user is upgraded to SP2 and that RDC 6.0 is also installed to
ensure that the user is able to make use of 32-bit color whilst accessing the terminal server.
Incorrect Answers:
B: You should not consider taking this course of action because you also require upgrading
Windows XP Professional SP2 to upgrade to RDC6.0 and RDC 6.1.
C: You should not consider taking this course of action because you also require upgrading




                                                           m
Windows XP Professional SP2 to upgrade to RDC6.0 and RDC 6.1.
D: You should not consider taking this course of action although it is partially correct you also
                                                    .co
require RDC 6.0 to be installed. Section 7, Configure Terminal Services server options (8
Questions)
                                             sts

QUESTION NO: 117
                                      lTe


CertKiller.com has servers with Windows Server 2008 installed as the primary operating system.
The servers are in an Active Directory domain. CKS1 is a server, which has the Terminal Services
gateway role installed. The Terminal Services role is installed on CKS2 and CKS3. Both servers
                               tua




are configured in a load balancing terminal server farm called TSF.


Another administrator installs Terminal service broker on a new server called CKS4 and
                         Ac




configures the TSF farm to be added to the Terminal Server Broker Service configuration on
CKS4.


Due to a requirement, you setup the published applications to employ the Terminal Server Broker
Service. You discover that CKS2 and CKS3 are not accepted in the Terminal Server broker
service. What should you do to ensure that Terminal Server Broker Service accepts the CKS2 and
CKS3 connections?

A. Open the Session Broker Computers local group on CKS4 and add CKS2 and CKS3
B. Configure and set a Group Policy Object and set the Allow reconnection option to True for
Terminal services security section and apply it to the CKS2 and CKS3
C. Configure and set a GPO to set the Deny reconnection option to True for Terminal Server
Broker Service and apply it to CKS2 and CKS3



                      "Pass Any Exam. Any Time." - www.actualtests.com                         88
                                 Microsoft 70-643: Practice Exam
D. Configure the Windows Authorization Access domain for CKS3 and add CKS2 and CKS4 in the
Active Directory domain
E. None of the above

Answer: A

Explanation:
For terminal servers to use TSSession Broker, you must add the computer account for each
terminal server in the farm to the Session Directory Computers local group on the TSSession
Broker server. Therefore to ensure that Terminal Server Broker Service accepts the CKS2 and
CKS3 connections, you need to open the Session Broker Computers local group on CKS4 and
add CKS2 and CKS3.


Reference : Windows Server 2008 TS Session Broker Load Balancing Step-by-Step Guide / Add
each terminal server in the farm to the Session Directory Computers local group




                                                            m
http://technet2.microsoft.com/windowsserver2008/en/library/f9fe9c74-77f5-4bba-a6b9-
433d823bbfbd1033.mspx?mfr=true
                                                     .co
QUESTION NO: 118
                                              sts

CertKiller.com has an Active Directory domain. It has Terminal services installed on some of the
Windows Server 2008 computers in the domain. All client machines have Windows Vista as their
                                       lTe


operating system.


Due to the nature of their work, users are required to view some training videos on Windows
                               tua




Media Player 11 during their Terminal Services sessions. What should you do to ensure that the
users can run Windows Media Player 11 during their Terminal services sessions?

A. On the terminal server, install the Quality Audio Video feature.
                         Ac




B. Open the Terminal server settings and enable the 'allow desktop applications to run on
session'. Disable the default settings
C. Install and configure the Desktop Experience feature on the terminal server
D. Create a group policy object that allows Windows Media Player 11 to set the differential
services code point value to 10 and apply the policy to the client machines that want to use
Windows Media Player 11
E. All of the above

Answer: C

Explanation:
When Desktop Experience is installed on Windows Server 2008, the user can use Windows Vista
features, such as Windows Media Player, desktop themes, and photo management within their
remote connection. Therefore to ensure that the users could run Windows Media Player 11 during

                      "Pass Any Exam. Any Time." - www.actualtests.com                         89
                                 Microsoft 70-643: Practice Exam
the Terminal services session, you need to Install and configure the Desktop Experience feature
on the terminal server


Reference : Windows Server 2008 Technical Overview / Terminal Services
http://www.microsoft.com/technet/windowsserver/longhorn/evaluate/whitepaper.mspx?wt.svl=glob
alheadline



QUESTION NO: 119

As an administrator at CertKiller.com, you manage a member server running Windows Server
2008. A Terminal Services role is installed on the server along with Microsoft Windows System
Resource Manager (WSRM).


Users are complaining about degradation in performance on Terminal Server. You notice that a




                                                           m
single user is consuming 100% of the processor time. To rectify the problem, you create a
resource-allocation policy named Policy1 which limits each user to 30% of the total processor
                                                    .co
time. Still, there is no improvement in the performance. What should you do to configure WSRM to
force Policy1?
                                              sts
A. Configure each user account to allocate a resource quota on WSRM application
B. Configure Policy1 to accept the WSRM resource quota for each user
C. Restart the Server and the Terminal Services configuration service
                                      lTe


D. Configure policy1 as the Managing Policy
E. None of the above
                               tua




Answer: D

Explanation:
To configure WSRM to force Policy1, you should configure policy1 as a Managing policy. You can
                         Ac




set a policy as a managing policy by accessing the Resource Allocation Policies node in the left-
hand pane. You can click on the policy and set it as the managing policy by clicking on the "Set as
Managing Policy" link in the right pane.



QUESTION NO: 120

You are an enterprise administrator for CertKiller.com. The corporate network of the company
consists of an Active Directory domain. All the servers on the network run Windows Server 2008.
The network runs a Terminal server named CertKillerServer2 to enable remote users to run
commonly required applications from their terminal.


Which of the following options would you choose to prevent new sessions on the Terminal Server
without affecting current user sessions?
                       "Pass Any Exam. Any Time." - www.actualtests.com                     90
                                 Microsoft 70-643: Practice Exam
A. Run Tskill /server:CertKillerServer2/A command
B. Run Taskkill /S CertKillerServer2 /fi "MODULES eq TermSrv" command
C. Run Change user /execute disable command
D. Run Change logon /disable command

Answer: D

Explanation:
To prevent new sessions on the Terminal Server without affecting current user sessions, you need
to run Change logon /disable command. This command disables subsequent logons from client
sessions, but not from the console. This also ensures that the currently logged on users do not get
affected.


Reference: Change logon
http://technet2.microsoft.com/windowsserver/en/library/85af3fd0-b518-4b91-9f93-




                                                           m
24c75173494e1033.mspx?mfr=true



QUESTION NO: 121
                                                    .co
                                              sts
You are an enterprise administrator for CertKiller.com. You are part of a network team required to
provide network support for businesses at other locations. CertKiller.com recently decided to have
a process implemented requiring other businesses to use an application server on the
                                      lTe


CertKiller.com network. CertKiller.com wants the users to use Remote Desktop Connections on
computers running Windows XP professional or Windows Vista. CertKiller.com wants you to
determine if they require purchasing client access licenses (CALs) for Terminal services.
                               tua




What should you do?

A. On the application server Terminal Services must be installed and purchase per user Client
                         Ac




Access Licensing (CAL).
B. On the application server Terminal Services must be installed and purchase per device Client
Access Licensing (CAL).
C. On the application server Remote Desktop for Administration must be used and purchase per
user Client Access Licensing (CAL).
D. ON the application server Remote Desktop for Administration must be used and purchase no
Client Access Licensing (CAL).

Answer: A

Explanation:
You are required to make use of the application server to additionally host the Terminal Services
role because this would effectively allow you to connect more than two users concurrently whilst
also purchasing the required licenses you would require additional per devices Terminal Services

                      "Pass Any Exam. Any Time." - www.actualtests.com                          91
                                  Microsoft 70-643: Practice Exam
CAL's for the vast amount of computers.
Incorrect Answers:
B: You are required to make use of the application server to additionally host the Terminal
Services role but it would be better using per user CAL's because your number of devices
exceeds the user numbers.
C: You should not make use of Remote Desktop for Administration because this unlicensed
version of Terminal Services would only allow two concurrent desktop sessions.
D: You should not make use of Remote Desktop for Administration because this unlicensed
version of Terminal Services would only allow two concurrent desktop sessions.



QUESTION NO: 122

You are an enterprise administrator for CertKiller.com. The CertKiller.com network consists of a
single Active Directory domain named CertKiller.com. CertKiller.com makes use of a member




                                                              m
server named CKSERVER1 hosting the Terminal Services role. The network users using
CKSERVER1 complain about not being able to print successfully to local printers. CertKiller.com
                                                       .co
wants you to ensure that CKSERVER1 uses a generic PostScript printer driver when Terminal
Services can not locate a suitable driver.
                                                sts

What should you do?

A. Configure the Specify Terminal Server Fallback Printer Driver policy setting with the PS option
                                        lTe


in a Group Policy Object (GPO).
The GPO must then be applied to ensure CKSERVER1 falls within the scope of the policy.
B. Configure the User Terminal Services Easy Printer Driver First policy setting in a Group Policy
                                 tua




Object (GPO).
The GPO must be applied so CKSERVER1 falls within the scope of the policy.
C. On CKSERVER1 Client Sessions tab of RDP-Tcp properties and select the Windows Printer
                          Ac




option.
D. On CKSERVER1 Client Sessions tab of RDP-Tcp properties select the Default To Main Client
Printer option.

Answer: A

Explanation:
You are required to configure a fallback printer driver by configuring the GPO with the required
policy settings you would effectively ensure that the generic Post Script printer driver will be used if
a suitable drive can not be found.
Incorrect Answers:
B: You should not consider making use of this policy setting because the policy setting would
improve printing consistency but would not ensure a fallback printer.
C: You should not consider making use of this policy setting because this setting would prevent

                       "Pass Any Exam. Any Time." - www.actualtests.com                             92
                                 Microsoft 70-643: Practice Exam
the Terminal Services clients from printing to the local printers and does not ensure a fallback
printer driver.
D: You should not consider making use of this policy setting because this option would be usefull
for changing the default printer within a Terminal Services session to a ptinter local to
CKSERVER1 and will not configure a fallback driver.



QUESTION NO: 123

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Terminal Services role. CertKiller.com has decided to
have each Terminal Services account configured to allow session takeover without permission.
CertKiller.com wants you to takeover a session from user Rory Allen (account name RAllen) with
session ID of 2345.




                                                           m
What should you do?

                                                    .co
A. The command Tsdiscon 2345 must be run and then run chgport /U RAllen 2345.
B. The command Tsdiscon 2345 must be run and then run Tscon 2345.
C. The command Takeown /U RAllen 2345 must be run and then run TScon 2345.
                                             sts
D. The command chgusr 2345 /disable must be run and then run Tscon 2345.

Answer: B
                                      lTe


Explanation:
You should first have the user Rory Allen's user session removed with the tsdicon command and
                               tua




then reconnect with the tscon command.
Incorrect Answers:
A: You should not consider making use of this command because the chgport command does not
take over a user's session.
                         Ac




C: You should not consider making use of the takedown command because the takedown
command does not exist.
D: You should not consider making use of the chgusr command because the chgusr command is
used to change the user mode from install mode to execute mode.



QUESTION NO: 124

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Terminal Services role. CertKiller.com has recently
requested that you configure CKSERVER1 to end any sessions which are inactive for more that
one hour.


What should you do?
                      "Pass Any Exam. Any Time." - www.actualtests.com                          93
                                 Microsoft 70-643: Practice Exam
A. Modify the User Logon Mode setting from the Terminal Services Configuration.
B. Modify the RDP-Tcp settings from Terminal Services Configuration.
C. Delete the inactive sessions from Terminal Services Manager.
D. Create a new group from the Terminal Services Manager.

Answer: B

Explanation:
You should make use of the Terminal Services Configuration console in order to modify when a
session should automatically be ended.
Incorrect Answers:
A: You should not consider making use of this option because you are required to modify the
RDP-Tcp settings and not the logon mode settings.
C: You should not consider making use of the Terminal Services Manager because the Terminal
Services Manager does not automatically end any sessions.




                                                           m
D: You should not consider making use of the Terminal Services Manager because the Terminal
Services Manager does not automatically end any sessions.
                                                    .co
QUESTION NO: 125
                                              sts

CertKiller.com has a server that runs Windows Server 2008. CertKiller.com has WSUS (Windows
Server Update Services) installed on this server. This server is located on the CertKiller.com's
                                      lTe


intranet. WSUS is installed on the default website.


Due to a company policy, you configured the update and statistics servers to employ SSL (Secure
                               tua




Socket Layer). Which URLs should you use to configure a group policy object (GPO) that specifies
the intranet update locations on a default port?

A. https://server1: 80
                           Ac




B. http://server1: 1073
C. https://server1: 8080
D. https://server1
E. None of the above

Answer: D

Explanation:
To configure a group policy object (GPO) that specifies the intranet update locations on a default
port, you need to use https://server1 . You must include a URL for a secure port that the WSUS
server is listening on. Because you cannot require SSL on the server, the only way to ensure that
client computers use a secure channel is to make sure they use a URL that specifies HTTPS. If
you are using any port other than 443 for SSL, you must include that port in the URL, too.


                       "Pass Any Exam. Any Time." - www.actualtests.com                         94
                                 Microsoft 70-643: Practice Exam
Reference : WSUS SSL Client Configuration
http://www.techsupportforum.com/microsoft-support/windows-nt-2000-2003-server/115983-wsus-
ssl-client-configuration.html


Reference : Specify Intranet Microsoft Update Service Location
http://technet2.microsoft.com/windowsserver/en/library/ac90c1de-9e04-46fd-b8ab-
0bb4ab8515461033.mspx?mfr=true



QUESTION NO: 126

CertKiller.com has a server that runs Windows Server 2008. This server is running IIS 7.0 and one
.ASP NET application for Sales department users.


You previously had another version of ASP NET installed on this server. You want the new




                                                           m
application to use the specific version of ASP NET at the virtual directory\ASP.NET application
level.
                                                    .co
What you should do to choose the specific version of .ASP NET for a specific application?
                                              sts
A. In IIS management console, navigate to the Website or ASP.NET application folder, in the
Properties tab go to the ASP NET tab and choose the version to use
B. Run Aspnet_regiis.exe tool to check version of ASP.NET
                                      lTe


C. You need to uninstall previous version of ASP.NET before installing a new version
D. None of the above
                               tua




Answer: A

Explanation:
To choose the specific version of .ASP NET for a specific application, you need to open the IIS
                         Ac




management console, and then navigate to the Website or ASP.NET application folder. In the
Properties tab and go to the ASP NET tab and choose the version to use.


Reference : Configure a Web Application to Use a Specific Version of ASP.NET / Configuring an
ASP.NET Application to Use a Specific Version of ASP.NET
http://www.codeguru.com/csharp/.net/net_asp/miscellaneous/article.php/c10879/



QUESTION NO: 127

CertKiller.com uses Windows Server 2008 on all its servers. The CertKiller network contains a
single active directory domain named CK1.com. The network also has a web server running a
website named CK2.com. The users on the domain access the web server by using
http://CK2.com.
                        "Pass Any Exam. Any Time." - www.actualtests.com                      95
                                  Microsoft 70-643: Practice Exam


To implement SSL, you generate a self-signed certificate for CK2.com and configure it to use
Secure Socket Layer (SSL).


After the implementation, users complain that when they try to connect to the web server using
https://CK2.com, they get a warning message. What should you do to ensure that the users are
able to connect to CK2.com without getting warning messages?

A. Export the self-signed certificate to a CK2.cer file by accessing the certificate from the
certificates console on CK2. Install the CK2.cer file on all computers in the domain
B. Configure the security zones on all computers in the domain. Put http://CK2.com in the trusted
zone.
C. Configure the DNS host records on CK2.com and reissue the self-signed certificate. Ask users
to connect to CK2.CK1.com to access resources on http://CK2.com
D. Connect the CK2.com to CK1 server and reissue the certificate. Ask the users to use




                                                             m
https://CK2.com instead of http://CK2.com

Answer: A                                             .co
Explanation:
                                               sts
To ensure that the users can connect to CK2.com without getting warning messages, you should
export the self-signed certificate to a CK2.cer file. Then, you install the CK2.cer file on all
computers accessing the website. The users account will be authenticated through the certificate
                                       lTe


and they will not get any warning messages. The . cer file is an internet security certificate
extension which confirms the authenticity of a website installed on a server.
                                tua




QUESTION NO: 128

As an administrator at CertKiller.com, you install the Web server (IIS) role on a server that runs
                          Ac




Windows Server 2008. You create a new site called CertKiller.com. You need to install an
application on the website called webcontent. You copy the application to the server. What should
you do to add the application on the website?

A. Create a virtual directory and copy the website contents in it. Copy the application in the
directory and install it
B. Execute appcmd command on the command prompt on the server
C. Open the IIS Manager Console and select the website. Select Add Application
D. Execute appcmd -t on the command prompt on the server
E. None of the above

Answer: C




                       "Pass Any Exam. Any Time." - www.actualtests.com                          96
                                 Microsoft 70-643: Practice Exam
Explanation:
To add the application on the website, you should use the IIS Manager Console and select the
website. The website is listed in the IIS Manager Console and you can access it through the
navigation tree. Right-click on the website name and select 'Add Application'. The wizard will walk
you through the process of adding the application to a website.


Reference: www.tech-faq.com/securing-webservers.shtml



QUESTION NO: 129

You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. One of the servers, CertKillerServer1 has the Web Server (IIS)
role installed on it. A web developer of the company created a website that runs a web application
called App1 using ASP.NET 3.0 and hosted it on CertKillerServer1.




                                                            m
The CertKillerServer1 was already running other ASP.NET applications. The new web application
                                                     .co
App1 must run under a security context that is separate from any other ASP.NET application on
the Web server.
                                              sts

To fulfill this requirement, you create a local user account and grant account rights and
permissions to run App1. Which of the following options would choose to configure authentication
                                       lTe


for the new website to support App1?

A. Enable the ASP.NET Impersonation setting and specify the new local user account by editing
the ASP.NET Impersonation setting.
                               tua




B. Enable the Windows Authentication setting.
C. Enable the Forms Authentication setting and retain all the default settings.
D. Configure the ASP.NET State service to log on to the new local user account by using the
                         Ac




Services console.

Answer: A

Explanation:
To configure authentication for the new website to support App1 so that it may run under a
security context that is separate from any other ASP.NET application on the Web server, you need
to enable the ASP.NET Impersonation setting and specify the new local user account by editing
the ASP.NET Impersonation setting.


Impersonation is when ASP.NET executes code in the context of an authenticated and authorized
client. By default, ASP.NET does not use impersonation and instead executes all code using the
same user account as the ASP.NET process, which is typically the ASPNET account. Using
impersonation, ASP.NET applications can optionally execute the processing thread using the

                      "Pass Any Exam. Any Time." - www.actualtests.com                           97
                                  Microsoft 70-643: Practice Exam
identity of the client on whose behalf they are operating.


Reference : ASP.NET Impersonation
http://msdn.microsoft.com/en-us/library/aa292118(VS.71).aspx



QUESTION NO: 130

You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. One of the servers, CertKillerServer1 has the Web Server (IIS)
role installed.


The server hosts a Web application called App1 that uses a custom application pool, which is set
to recycle every 1,440 minutes. App1 does not support multiple worker processes. Which of the
following options would you choose to configure the application pool to ensure that users can




                                                             m
access App1 after the application pool is recycled?

                                                      .co
A. Set the Disable Overlapped Recycling option to True.
B. Set the Shutdown Executable option to True.
C. Set the Disable Recycling for Configuration Changes option to True.
                                               sts
D. Set the Process Orphaning Enabled option to True.

Answer: A
                                       lTe


Explanation:
To configure the application pool to ensure that users can access App1 after the application pool
                                tua




is recycled, you need to set the Disable Overlapped Recycling option to True.
If your application cannot run in a multi-instance environment, you must configure only one worker
process for an application pool (which is the default value), and disable the overlapped recycling
feature if application pool recycling is being used.
                          Ac




Reference : IIS Process Recycling / Considerations When Recycling Applications
http://msdn.microsoft.com/en-us/library/ms525803.aspx



QUESTION NO: 131

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Web services role. CertKiller.com currently has no web
sites but uses two Web applications named KingApp and TestApp. CertKiller.com has requested
that you configure the applications to use port 80 without host headers whilst ensuring one
application performance does not affect the other.


What should you do?
                       "Pass Any Exam. Any Time." - www.actualtests.com                         98
                                 Microsoft 70-643: Practice Exam
A. Each Web application must be assigned its own application pool.
B. Both Web applications must be assigned to the same application pool.
C. A single Web site must be created which contains both Web applications.
D. Two Web sites must be created one for each Web application.

Answer: A,C

Explanation:
You should make use of the same website because you are required to have both applications
accessible via port 80. In addition by creating separate application pools you ensure that problems
with one application do not affect the other application.
Incorrect Answers:
B: You should not consider having both applications assigned to the same application pool
because you will not be able to ensure that problems with one application are not affecting the
other application.




                                                           m
D: You should not consider taking this action because Internet Information Services will not allow
you to have multiple site-bindings to port 80 so you will not be able to start multiple Web sites.
                                                    .co
QUESTION NO: 132
                                              sts

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Web Services role. CertKiller.com has recently created a
                                      lTe


Website named CertKiller Intranet which contains five Web applications. CertKiller.com
additionally informs you that one application requires a new request handler processed using a
.NET library. CertKiller.com wants you to meet requirements whilst maximizing security.
                               tua




What should you do?

A. A new module mapping must be added for the specific Web application requiring it.
                         Ac




B. A new module mapping must be added for the CertKiller Intranet Website.
C. A managed handler must be added to the CertKiller Intranet Website.
D. A new managed handler must be added for the specific Web application requiring it.

Answer: D

Explanation:
You should consider adding the managed Handler because the managed handler applied to the
Web application allows the application to call a .NET library to process the request and makes the
solution more secure.
Incorrect Answers:
A: You should not consider making use of module mappings because module mappings can not
be used to provide access to .NET libraries.
B: You should not consider making use of module mappings because module mappings can not

                      "Pass Any Exam. Any Time." - www.actualtests.com                          99
                                 Microsoft 70-643: Practice Exam
be used to provide access to .NET libraries.
C: You should not consider making use of a managed handler for the entire Intranet Web site
because you would be making it available to all applications decreasing the security. Section 2,
Manage Web sites (15 Questions)



QUESTION NO: 133

CertKiller.com has Windows Server 2008 installed on a server that runs the IIS server role. Users
complain that when the try to connect to the IIS server, they receive an error message. You check
the server and receive the following message:


"The maximum number of worker processes is reached or out of resources."


Which command should you execute to identify the website that is causing this problem?




                                                           m
A. Execute appcmd list wp
B. Execute appcmd list site                         .co
C. Execute cmd command and list the IIS server running on the computer
D. Execute apppool.exe to identify the website causing problem
                                              sts
E. None of the above

Answer: A
                                      lTe


Explanation:
To identify the website that is causing this problem, you need to Execute appcmd list wp
                               tua




AppCmd.exe is the single command line tool for managing IIS 7.0 without using a graphical
administration tool
The LIST command is used to display the objects on the machine. An optional <ID> can specify a
unique object to list, or one or more parameters can be specified to match against object
                         Ac




properties.
You can use the WP (worker process) object to list running worker processes and thereby
identifying the website that is causing this problem.


Reference : Overview of Command Line Administration - AppCmd.exe
http://www.iis.net/954/SinglePageArticle.ashx



QUESTION NO: 134

Exhibit:




                      "Pass Any Exam. Any Time." - www.actualtests.com                         100
                                  Microsoft 70-643: Practice Exam




CertKiller.com has a server that runs Windows Server 2008. You install an IIS server role on this
server. CertKiller.com has decided to add a new website to the IIS server. The settings of the new
site are shown in the exhibit. What would you do to setup the new website according to the
settings shown in the exhibit?

A. Open the command prompt on the server and execute appcmd set app /app.name: CertKiller




                                                              m
/[path='/'].physicalPath:d:\ CertKiller_content_ID2 command
B. Open the command prompt on the server and execute the appcmd add site /name: CertKiller
                                                       .co
/id:45 /physicalPath: f:\CertKiller_content /binding:http/:80: www.CertKiller.com command
C. Open the command prompt on the server and execute the appcmd add app /app.name:
CertKiller /[path='/']
                                                sts

D. Execute the command set-location/CertKiller-new website port: 80 by utilizing the MS Windows
command prompt utility
                                        lTe


E. None of the other alternatives apply

Answer: E
                                tua




Explanation:
To setup the new website according to the settings shown in the exhibit, you need to r un the
following command on the server:
                          Ac




appcmd add site /name: CertKiller /id:2 / physicalPath : d:\CertKiller_content / binding:http /*:80:
www.CertKiller.com.


To add a site, you need to use the following syntax:
appcmd add site / name: string / id: uint / physicalPath: string / bindings: string


Reference : IIS 7.0: Create a Web Site / Command Line
http://technet2.microsoft.com/windowsserver2008/en/library/f6c26eb7-ad7e-4fe2-9239-
9f5aa4ff44ce1033.mspx?mfr=true



QUESTION NO: 135



                       "Pass Any Exam. Any Time." - www.actualtests.com                           101
                                 Microsoft 70-643: Practice Exam
CertKiller.com has a member server that runs Windows Server 2008. An IIS Server role is
installed on the member server. This member server hosts an intranet website. Windows
Authentication is setup on the website and it is the only authentication method that is active on the
server. You decide to create a virtual directory named /tm/. This directory has content that can be
accessed only by the Technical management global group. What should you do to configure
options on the website to allow only the Technical management group to access the /tm/ virtual
directory?

A. Reconfigure the default Authorization rule on /tm/ directory
B. Configure a deny authorization rule on /hr/ virtual directory that denys all anonymous users and
allow only users in Technical management global group
C. Configure the Allow Authorization rule on /tm/ directory. Set the roles and user groups setting
and allow Technical management users group to access the directory
D. Add a Deny Authorization rule on the user groups for all other groups and set the allow option
for technical management group in the user roles




                                                             m
E. None of the above

Answer: C                                            .co
Explanation:
                                               sts
To configure options on the website to allow only the Technical management group to access the
/tm/ virtual directory, you need to configure the Allow Authorization rule on /tm/ directory. Select
the Specified users setting and add Technical management group name. The Authorization rule
                                       lTe


allows you to add additional authentication and authorization settings for the specific user
accounts for a website.
                                tua




Reference : Creating a New FTP Site / Step 2: Adding Additional FTP Security Settings
http://learn.iis.net/page.aspx/301/creating-a-new-ftp-site/
                          Ac




QUESTION NO: 136

CertKiller.com provides Web hosting services. As an administrator, you manage a server that has
Windows Server 2008 installed on it as its operating system. An IIS server role is installed on this
server. The server has multiple websites running. You need to configure a new website for a new
client on the IIS server. While deploying the website on the server, you discover that the website
looks like an FTP download page instead of the normal HTTP page that presents the content
without letting anyone to download it. You need to setup the website to present the content
through HTTP and make sure the files are not downloaded by the users. Which two actions should
you perform to complete this task? (Choose two answers. Each answer is a part of the complete
solution. )

A. Match the webpage file to the website by configuring the default document setting


                       "Pass Any Exam. Any Time." - www.actualtests.com                          102
                                  Microsoft 70-643: Practice Exam
B. Configure the website to use the application pool
C. Execute the appcmd set config/section:directoryBrowse/enabled: false command
D. Configure the directory that hosts website to grant Allow, read and execute permission to the
users of the website content
E. Configure a DNS zone for the domain that hosts website and create a CNAME record

Answer: A,C

Explanation:
To setup the website to present the content through HTTP and make sure the files are not
downloaded by the users, you need to first match the web page file to the website by configuring
the Default document setting and then executing the appcmd set config /section: directoryBrowse
/enabled: false command.


Configuring the default document setting will allow you to hide the document name while showing




                                                             m
its content. The default document specifies what file to serve. The appcmd set config /section:
directoryBrowse /enabled: false command will allow you to turn off the directory browsing on the
website.                                              .co
Reference : Default Documents
                                               sts
http://learn.iis.net/page.aspx/203/default-documents/


Reference : Getting Started with AppCmd.exe / Controlling Location of Configuration
                                       lTe


http://learn.iis.net/page.aspx/114/getting-started-with-appcmdexe/
                                tua




QUESTION NO: 137

CertKiller.com has a server that runs Windows Server 2008. A Web Server (IIS) role is installed on
                          Ac




the server which is used to host multiple websites.


You are assigned to release memory for a single website. You have to configure the server to
automatically release memory. What should you do to achieve this objective without affecting
other websites hosted on the same Web server?

A. Change the Recycling options from the application pool defaults
B. Edit the bindings for the website by creating a new website
C. Create and configure a virtual directory. Link the physical path credentials to the website
D. Associate the website to an application pool by creating a new application pool
E. None of the above

Answer: D



                       "Pass Any Exam. Any Time." - www.actualtests.com                          103
                                  Microsoft 70-643: Practice Exam
Explanation:
To configure the server to automatically release memory without affecting other websites hosted
on the same web server, you should associate the website to an application pool by creating a
new application pool. Application pools helps isolate the applications running on a web server.
Each application pool has its own worker process in the system. By adding an application to a
specific pool, the application never affects other applications in other pools. Even if the application
process crashes, only the pool which is hosting it will be affected. The web server and other pools
will continue to run normally.



QUESTION NO: 138

CertKiller.com has a server running Windows Server 2008. The Web Server (IIS) server role is
installed on the server. The IIS server hosts a Website. You are instructed to ensure that the
cookies sent from the Website are encrypted on users' computer. Which website feature should




                                                              m
you configure to achieve this task?

A. Controls and Pages
B. Authorization Rules
                                                       .co
C. Machine Key
                                                sts
D. IIS Secure Socket Layer configuration
E. None of the above
                                        lTe


Answer: C

Explanation:
                                tua




To encrypt the cookies sent from the website on the users' computer, you need to use machine
key. Encrypting cookies is important to prevent tampering. A hacker can easily view a cookie and
alter it. So to protect the cookie, machine key is used in ASP .NET 2.0. Encryption is based on a
hash plus the actual data encrypted, so that if you try to change the data, it's pretty difficult.
                          Ac




ASP.NET's ViewState uses the Machinekey config file section to configure the keys and such...
this is important when the application is going to be run on a web farm, where load balancing
webservers may be in no affinity mode.


Reference : http://www.codeproject.com/KB/web-security/HttpCookieEncryption.aspx



QUESTION NO: 139

CertKiller.com has a server that runs Windows Server 2008. You install the Web Server (IIS) role
on this server. The server hosts the company's default website with an IP address of 23.52.10.1.
CertKiller.com has instructed you to add a Website on the server named Customer Service. After
doing necessary configurations, you find out that the Customer Service Website cannot be started.
What should you do to configure and start the Customer Service website?
                       "Pass Any Exam. Any Time." - www.actualtests.com                       104
                                 Microsoft 70-643: Practice Exam
A. Configure the Customer Service Website to use a host header
B. Execute iisreset/enable command on the server
C. Execute iisconfig/renew command and add /name: Customer Service/id:1/physicalPath:
c:\Customer Service/binding: port 50
D. Execute the iisreset/start Customer Service:8080 command on the server

Answer: A

Explanation:
To get the customer website started, you need to configure the website to use a host header. A
host header is a third piece of information that you can use in addition to the IP address and port
number to uniquely identify a Web domain or, as Microsoft calls it, an application server. For
example, the host header name for the URL http://www.CertKiller.com is www.CertKiller.com.


Reference: http://www.visualwin.com/host-header/




                                                            m
QUESTION NO: 140                                     .co
CertKiller.com has a server that runs Windows Server 2008. You have installed the Web Server
                                              sts
(IIS) role on it. CertKiller plans to host multiple websites on the server. To achieve this you
configure a single IP address on the server. You also configure all websites to be registered in
DNS to point to the single IP address configured on the server. You have to make sure that each
                                       lTe


and every website responds only to the name requests from all client machines. What should you
do to achieve this task?
                                tua




A. Configure the primary and secondary DNS to point to the server's IP address
B. Configure a network address for each website
C. Assign a unique port for each website
D. Configure and assign a unique Host Header to each website
                         Ac




Answer: D

Explanation:
To ensure that each and every website responds only to the name requests from all client
machines, you should configure and assign a unique Host Header to each website. A host header
is a third piece of information that you can use in addition to the IP address and port number to
uniquely identify a Web domain or, as Microsoft calls it, an application server. For example, the
host header name for the URL http://www.CertKiller.com is www.CertKiller.com.


Reference: http://www.visualwin.com/host-header/




                       "Pass Any Exam. Any Time." - www.actualtests.com                          105
                                 Microsoft 70-643: Practice Exam
QUESTION NO: 141

You are an administrator at CertKiller.com. You are instructed to implement a member server that
runs Windows Server 2008. The Web Server (IIS) role is also installed on the member server. The
primary purpose of the member server is to host intranet websites. The company policy dictates
that the server should:



use encryption for all authentication traffic to the intranet websiteAvoid SSL on the web server for
performance reasonsAuthenticate users through Active Directory credentials


What should you do to configure all websites on the server according to the company policy?
(Choose three answers. Each answers is a part of the complete solution)

A. Enable the Active Directory Client Certificate Authentication on the server




                                                             m
B. Disable the Basic Authentication setting on the server
C. Enable Digest Authentication setting on the server
                                                     .co
D. Enable Windows Authentication setting on the server
E. Disable Anonymous Authentication setting on the server
                                               sts
Answer: C,D,E

Explanation:
To configure all websites on the server according to the company policies, you should first disable
                                       lTe


Anonymous Authentication setting on the server and then enable Digest Authentication and
Windows Authentication settings on the server.
                                tua




Reference: http://support.microsoft.com/kb/810572
                           Ac




QUESTION NO: 142

CertKiller.com has a server that runs Windows Server 2008. A Web Server (IIS) server role is
installed on the server. The server hosts a website that is configured to use only Windows
Authentication. The company has a security group named EG1 which contains 50 user accounts.
You need to prevent this group from accessing the website while allowing all other to access the
website. Which website feature should you configure to achieve this task?

A. Group Access Policy
B. Authorization Rules
C. IIS group permissions
D. SSL certificates
E. None of the above


                       "Pass Any Exam. Any Time." - www.actualtests.com                          106
                                   Microsoft 70-643: Practice Exam
Answer: B

Explanation:
To prevent a group from accessing the website while allowing all others to access it, you should
configure Authorization rules for the website. Authorization rules are scripts, written in VBScript or
JScript that you can include in role definitions and task definitions. An authorization rule
determines whether the role or task is allowed. For information about role definitions and task
definitions


Reference: http://technet2.microsoft.com/windowsserver/en/library/8f2db3a0-feb4-4b7f-91fe-
dcb29899a10d1033.mspx?mfr=true



QUESTION NO: 143




                                                                m
You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. One of the servers, CertKillerServer1 has the Web Server (IIS)
role installed on it.                                   .co
Which of the following commands would you choose to create a virtual directory on the company
                                                 sts
website www.CertKiller.com/sl for the Sales department?

A. appcmd add site /name:sl /physicalPath:c:\websites\sl
                                         lTe


B. appcmd set vdir /vdir.name:sl /path:/sl /physicalPath:c:\websites\sl
C. appcmd add app /app.name:CertKiller /path:/sl /physicalPath:c:\websites\sl
D. appcmd add vdir /app.name:CertKiller /path:/sl /physicalPath:c:\websites\sl
                                 tua




E. None of the above

Answer: D
                           Ac




Explanation:
The syntax to add a virtual directory to the root application in a site is:


appcmd add vdir / app.name:string / / path:string / physicalPath:string


The variable app.namestring is the site name and the / following the name specifies that the virtual
directory should be added to the root application of the site. The variable pathstring is the virtual
path of the virtual directory, such as / sl , and physicalPathstring is the physical path of the virtual
directory's content in the file system.


For example, to add a virtual directory named sl with a physical location of c:\websites to the root
application in a site named CertKiller , you need to type the following command prompt
appcmd add vdir /app.name: CertKiller / path:/ sl / physicalPath:c :\websites\ sl


                        "Pass Any Exam. Any Time." - www.actualtests.com                           107
                                 Microsoft 70-643: Practice Exam
Reference: IIS 7.0: Create a Virtual Directory
http://technet2.microsoft.com/windowsserver2008/en/library/87d8a3d7-8d90-4626-8f85-
3c782ec9a5331033.mspx?mfr=true



QUESTION NO: 144

Exhibit:




You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. One of the servers, CertKillerServer1 has the Web Server (IIS)
role installed on it. A web developer configured a Web site named CertKiller.com and a Web
application named CertKillerApp on the Web server.




                                                           m
However, after this configuration, the Web server runs out of disk space. To resolve the problem,
                                                    .co
you move CertKillerApp to another drive on the Web server.
The exhibit shows the current application configuration.
                                             sts
After moving CertKillerApp to another drive on the Web server, the users report that they cannot
access CertKillerApp. Which of the following options would you choose to enable users to access
CertKillerApp?
                                      lTe



A. Run appcmd add app /site.name: CertKiller /path:/CertKillerApp /physicalPath:d:\CertKillerApp
command on the server
                               tua




B. Run appcmd set app /site.name: CertKiller /path:/CertKillerApp /physicalPath:d:\CertKillerApp
command on the server
C. Run appcmd set app /site.name: CertKiller /path:/CertKillerApp /physicalPath:f:\CertKillerApp
                         Ac




command on the server
D. appcmd add app /site.name: CertKiller /path:/CertKillerApp /physicalPath:f:\CertKillerApp
command on the server

Answer: C

Explanation:
To enable users to access CertKillerApp on another drive on the Web server, you need to run
appcmd set app /site.name: CertKiller /path :/ CertKillerApp / physicalPath:f :\ CertKillerApp
command on the server.


Reference: IIS 7.0: Appcmd.exe
http://technet2.microsoft.com/windowsserver2008/en/library/ec52c53b-6aff-4d76-995e-
3d222588bf321033.mspx?mfr=true

                      "Pass Any Exam. Any Time." - www.actualtests.com                           108
                                 Microsoft 70-643: Practice Exam



QUESTION NO: 145

You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. One of the servers, CertKillerServer1 has the Web Server (IIS)
role installed on it.


CertKillerServer1 hosts multiple websites. Which of the following options would you choose to
configure the server to automatically release memory for a single website without affecting the
other Web sites?

A. Modify the Physical Path Credentials on the virtual directory.
B. Modify the bindings for the Web site.
C. Modify the Recycling options from the Application Pool Defaults.




                                                           m
D. Create a new application pool and associate the Web site to the application pool.

Answer: D                                           .co
Explanation:
To configure the server to automatically release memory for a single website without affecting the
                                              sts

other Web sites, you need to create a new application pool and associate the Web site to the
application pool
                                      lTe


An application pool is a group of one or more URLs that are served by a worker process or a set of
worker processes. Application pools set boundaries for the applications they contain, which means
that any applications that are running outside a given application pool cannot affect the
                               tua




applications in the application pool. You can configure the server to automatically release memory
or to release memory after reaching maximum used memory.


Reference: IIS 7.0: Managing Application Pools in IIS 7.0
                         Ac




http://technet2.microsoft.com/windowsserver2008/en/library/1dbaa793-0a05-4914-a065-
4d109db3b9101033.mspx?mfr=true


Reference: IIS 7.0: Configuring Recycling Settings for an Application Pool
http://technet2.microsoft.com/windowsserver2008/en/library/0d5770e3-2f6f-4e11-a47c-
9bab6a69ebc71033.mspx?mfr=true



QUESTION NO: 146

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Website http://it.CertKiller.com. The CertKiller.com
network users accessed the website normally but recently received errors stating "Internet
Explorer Cannot Display the Web page when accessing the website using http://it.CertKiller.com.
                      "Pass Any Exam. Any Time." - www.actualtests.com                       109
                                 Microsoft 70-643: Practice Exam
CertKiller.com wants you to resolve the problem.


What should you do?

A. The Server Manager must be used to add the HTTP Logging server role.
B. The configuration must be verified using the users Web browsers.
C. The Server Manager must be used to add the HTTP Errors server role.
D. The Server Manager must be used to verify the World Wide Web Publishing Service has
started.

Answer: D

Explanation:
You should consider making use of the Server Manager because the problem could be caused by
the World Wide Web Publishing services having stopped.
Incorrect Answers:




                                                           m
A: You should not consider making use of the HTTP logging role server because the HTTP
logging role server collects information requests to the Web site and the server is not responding.
                                                    .co
B: You should not consider checking for problems at the user's side because the problem exists at
the server.
                                              sts
C: You should not consider making use of the HTTP Errors role service because the HTTP Errors
role service is used for sending custom error pages to network users when the server is not
responding.
                                      lTe



QUESTION NO: 147
                               tua




You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Web Services role. CertKiller.com has not made use of
manual backups for saving the IIS configuration. A CertKiller.com developer has recently deleted
                         Ac




two websites from the IIS configuration which contained several Web applications. The sites do
not appear in IIS Manager but the files are still on the disk drive location C:\KingSite folder.
CertKiller.com has requested that you restore the web sites since no other members made
changes to them.


What should you do?

A. An earlier version of the ApplicationHost.config file must be copied from
%SystemDrive%\Inetpub\wwwroot\History folder to overwrite the current ApplicationHost.config
file.
B. The IIS configuration must be restored using the AppCmd utility.
C. The two web-sites must be manually re-created and then re-create the associated applications.
D. The ApplicationHost.config file must be modified on CKSERVER1 and add the Website and
Web application settings.
                      "Pass Any Exam. Any Time." - www.actualtests.com                         110
                                 Microsoft 70-643: Practice Exam
Answer: A

Explanation:
You should consider having the IIS configuration restored because the websites have many
additional settings and no changes have been made to the server so restoring this way is the
quickest.
Incorrect Answers:
B: You should not consider making use of the AppCmd utility because it is not stated that a
manual backup of the IIS configuration has been made.
C: You should not consider re-creating the two websites because this would be time consuming
and you will not be able to ensure all the settings are restored to the correct options.
D: You should not consider having these modifications done manually because of the time you
would consume, the mistakes you would be making. Section 3, Configure a File Transfer Protocol
(FTP) server (7 Questions)




                                                           m
QUESTION NO: 148
                                                    .co
You are an administrator of a Server that runs Windows Server 2008. It is named as CKFSVE.
This server is dedicated to a FTP service.
                                             sts

According to the CertKiller.com policy, the FTP server should only be available for selected
authorized projects. What should you do to make sure that FTP service unavailable after restarting
                                      lTe


the server?

A. Execute the iisftp/stop command on CKFSVE
                               tua




B. Execute the netsrvr32/stop ftp: CKFSVE command on CKFSVE
C. Run the WMIC /NODE: CKFSVE SERVICE WHERE the caption="FTP Publishing Service"
CALL ChangeStartMode "Disabled" command on this particular CertKiller FTP server
                         Ac




D. Execute iisreset ftp.CertKiller.com command on the CKFSVE server
E. Execute WMIC/node: CKFSVE command on publishing service command on the server
F. None of the above

Answer: C

Explanation:
To make sure that FTP service unavailable after restarting the server, you need to Run the WMIC
/NODE: CKFSVE SERVICE WHERE the caption="FTP Publishing Service" CALL
ChangeStartMode "Disabled" command on this particular CertKiller FTP server.


The WMI command-line (WMIC) utility provides a command-line interface for WMI. The /Node
command allows you to specify computer names and synchronously execute all commands
against all computers listed in this value. To disable FTP service on the computer, you need to use
ChangeStartMode "Disabled" command.
                      "Pass Any Exam. Any Time." - www.actualtests.com                        111
                                  Microsoft 70-643: Practice Exam


Reference : http://msdn2.microsoft.com/en-us/library/aa394531(VS.85).aspx


Reference : Gathering WMI Data without Writing a Single Line of Code / System Configuration
Changes
http://technet.microsoft.com/en-us/magazine/cc160919.aspx



QUESTION NO: 149

The Windows server 2008 FTP service no longer uses metadata and the new configuration store
in IIS 7.0 uses files to store configuration details. What is the format of new configuration files?

A. .TXT files
B. HTTP files




                                                             m
C. CGI script files
D. .NET XML based files
E. None of the above                                  .co
Answer: D
                                               sts

Explanation:
The format of new configuration files is .NET XML based files. The IIS 7.0 has a brand-new
                                       lTe


administration interface which uses a new FTP instead of the old IIS 6 metabase . The new
configuration store is based on the .NET XML-based *. config format.
                                tua




Reference: Microsoft FTP Service for IIS 7.0 (x86) / Integration with IIS 7.0
http://www.microsoft.com/downloads/details.aspx?familyid=2ECCF14A-5C4F-4CFB-9153-
CFE1204B346A&displaylang=en
                          Ac




QUESTION NO: 150

CertKiller.com has a server that runs Windows Server 2008. You install the FTP service on the
server. After installing the FTP service, you allow users to use it. Users complain that they receive
an error message when they attempt to use the FTP site to upload files. What should you do to
allow authenticated users to access the FTP sites to upload files?

A. Execute the ftp -a <IP address> command on the Windows Server 2008
B. Set write permission on the FTP site. On the FTP destination folder, set the NTFS permissions
for Authenticated Users group to allow Read/write attributes
C. Configure the FTP settings to allow Authenticated users to connect to the FTP server using the
port 26.


                       "Pass Any Exam. Any Time." - www.actualtests.com                          112
                                 Microsoft 70-643: Practice Exam
D. Configure the FTP settings to allow Authenticated users to connect to the FTP server by using
their account logins and passwords
E. None of the above

Answer: B

Explanation:
To allow authenticated users to access FTP sites to upload files, you have to set write permission
on the FTP site and set the NTFS permissions for the Authenticated Users group on the FTP
designation folder to allow Read/write attributes. By setting the write permission on FTP site, users
will be able to upload files on FTP and adding Authenticated Users group in NTFS permissions will
enable the users to upload files without getting any warning messages.



QUESTION NO: 151




                                                            m
CertKiller.com has a server that runs Windows Server 2008. You install the FTP role service on
                                                     .co
the server. Users complain that they receive an error message while uploading files to the FTP
site. You have to allow authenticated users to upload files to the FTP site. What should you do to
achieve this task?
                                              sts

A. Execute the FTP -authenticate 192.168.10.23 command on the Windows Server 2008 server
B. Set write permission on the FTP site. Configure the NTFS permission on the FTP destination
                                       lTe


folder for the Authenticated users group
C. Set the Write permissions on the FTP site. Set NTFS permission on the FTP destination folder
for the Authenticated Users group to Allow-Modify
                                tua




D. Execute appcmd -ftp command on the server to unlock Config.txt file

Answer: C
                         Ac




Explanation:
To allow authenticated users to upload files to the FTP site, you should set the Write Permission
on the FTP site folder and set NTFS permission on the FTP destination folder for the
Authenticated Users group to Allow-Modify. By setting the write permission on the FTP site folder,
you will enable the authenticated users to access the FTP site. By setting NTFS permission on the
FTP destination folder, you allow the Authenticated Users group to modify the files and add or
delete them.



QUESTION NO: 152

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 which has the FTP service installed. CertKiller.com recently received
reports that network users are not able to access most files through the FTP site but uers are able

                       "Pass Any Exam. Any Time." - www.actualtests.com                         113
                                 Microsoft 70-643: Practice Exam
to access the contents of the Graphics folder. CertKiller.com also noted that the users Windows
accounts have appropriate permissions for the folder. CertKiller.com wants you to minimize the
permissions granted to all users.


What should you do?

A. The users must be added to the Local Administrators group on CKSERVER1.
B. The Allow Only Anonymous Connections option must be disabled.
C. The permission for the IUSR_CKSERVER1 account must be changed on the Graphics folder.
D. New TCP/IP address Restriction entries must be created for the users who are unable to
access the Graphics folder.

Answer: B

Explanation:
You should consider having allow anonymous connection option disabled as the problem can be




                                                           m
caused by the connections being treated as anonymous.
Incorrect Answers:
                                                    .co
A: You should not consider having the users added ti the local Administrators group because you
would be granting them unnecessary privilledges.
                                             sts
C: You should not consider making use of the account be cause the account is used to validate
permissions for anonymous connections to the FTP server and we user Windows accounts and
permissions which do not affect the Graphics folder.
                                      lTe


D: You should not consider creating new TCP/IP Address Restrictions because the restrictions are
used to configure access to the FTP server based on the users IP address or DNS name and will
not prevent access.
                               tua




QUESTION NO: 153
                         Ac




You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the FTP server role service 7.0. CertKiller.com recently
decided to start using FTP Over SSL (FTPS) for CKSERVER1 by obtaining a certificate from a
trusted third-party issuer. CertKiller.com has discovered the FTP site performance has
deteriorated. CertKiller.com wants you to configure SSL settings to encrypt only credentials and
commands but not file related information while optimizing encryption performance.


What should you do?

A. The Custom SSL policy option must be selected.
B. The Require SSL Connections SSL Policy option must be selected.
C. The Allow SSL Connections SSL Policy option must be selected.
D. The Use 128-bit Encryption For SSL Connections Option must be disabled.


                      "Pass Any Exam. Any Time." - www.actualtests.com                         114
                                 Microsoft 70-643: Practice Exam
Answer: A,D

Explanation:
You should make use of the Custom SSL policy as this would enable you to set independent
Control Channel and Data Channel settings. You should additionally disable 128-bit encryption
forcing the ftp server to use 40-bit encryption for transfers increasing the performance.
Incorrect Answers:
B: You should not consider making use of the Require SSL Connections SSL Policy option
because this policy encrypts all communications between the server and client.
C: You should not consider making use of the Allow SSL Connections SSL Policy because all the
users will not be required to use encryption which will not meet the requirements.



QUESTION NO: 154




                                                           m
You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the FTP role service. CertKiller.com recently discovered a
                                                    .co
need to have network users upload files to CKSERVER1.


What should you do?
                                             sts

A. You must ensure the Compress attribute is off for the FTP destination folder.
B. Write permissions must be configured on the FTP destination server.
                                      lTe


C. The appcmd unlock config command must be used on CKSERVER1.
D. The NTFS permissions on the FTP destination folder must be configured to have Modify
permissions.
                               tua




Answer: B,D

Explanation:
                         Ac




You should ensure that the FTP site is configured to allow writing to the FTP site whilst ensuring
that the users accessing the FTP site have NTFS permissions to the folder.
Incorrect Answers:
A: You should not consider having the attribute configured because this would not ensure that the
users will be able to write to the FTP site folder.
C: You should not consider having the appcmd unlock config command used on CKSREVER1 as
this will not unlock the FTP site. Section 4, Configure Simple Mail Transfer Protocol (SMTP) (7
Questions)



QUESTION NO: 155

CertKiller.com has a web hosting service. It hosts websites for 40 customers. An SMTP server is
dedicated for each website.

                      "Pass Any Exam. Any Time." - www.actualtests.com                         115
                                 Microsoft 70-643: Practice Exam


You changed the server and installed the IIS server role and SMTP server on the new server that
is running Windows Server 2008. CertKiller.com has acquired a new client. You create their
website and install the SMTP server for the new client. However, the SMTP server fails to start.


What should you do to configure the new SMTP server to start on the IIS server? (Select all that
apply)

A. Configure the SMTP server to integrate the IIS server role
B. Use a different IP address for the new SMTP server
C. Configure the SMTP server by using the iiscnfgr/enable command on the IIS server
D. Add the SMTP server IP address in the IIS Server SMTP settings
E. Use a different port for the new SMTP server

Answer: B,E




                                                           m
Explanation:
To configure the new SMTP server to start on the IIS server, you need to either use a different IP
                                                    .co
address for the new SMTP server or use a different port for the new SMTP server. This is because
more than one virtual server can use the same TCP port if all servers are configured by using
                                             sts
different IP addresses.


Reference : IIS 7.0: Configure SMTP E-mail
                                      lTe


http://technet2.microsoft.com/windowsserver2008/en/library/e56b93b1-8521-48ab-a902-
e47b0ee4408b1033.mspx?mfr=true
                               tua




QUESTION NO: 156

You are running an SMTP server on Windows server 2008. Some of the developers want to create
                         Ac




a set of web pages that let a user type a message in a form and mail it to
techsupport@mail.CertKiller.com. The form creates a text file with the proper SMTP headers. In
which folder should the file be copied?

A. Mailroot\Delivery
B. Mail\Queue
C. Mailroot\Pickup
D. Mailroot\Queue
E. None of the above

Answer: C

Explanation:



                       "Pass Any Exam. Any Time." - www.actualtests.com                       116
                                  Microsoft 70-643: Practice Exam
The file should be copied to the Mailroot \Pickup folder because a ll of the files copied to the
Mailroot \Pickup folder are processed and delivered as regular mail.


Reference : SMTP and IIS / OVERVIEW OF THE MESSAGE DELIVERY PROCESS
http://www.windowsitlibrary.com/Content/141/09/1.html



QUESTION NO: 157

CertKiller.com has a server named CK1 which runs Windows Server 2008. An IIS role and an
SMTP server feature are also installed on CK1. You are assigned a task to configure the new
SMTP server to forward all mail to the mail server of the ISP (Internet Service Provider). What
should you do to achieve this objective?

A. Execute the adprep/dm: getfromiis command




                                                              m
B. Configure the local host to use smart host setting
C. Configure the SMTP delivery setting to open ports assigned by ISP for SMTP service
                                                      .co
D. Set smart host setting to employ the mail server of ISP
E. None of the above
                                               sts
Answer: D

Explanation:
                                        lTe


To configure the new SMTP server to forward all mail to the mail server of the ISP, you should set
smart host setting to use the ISP mail server. A smart host server helps you in delivering all your
mail. IT processes bounce-backs, retries and general mail delivery. Due to the processor-intensive
                                tua




nature of the mail delivery system with millions of spam messages, a server can get overwhelmed
processing mails. It doesn't have enough time to do normal web serving. To address this issue,
you should use smart host on your ISP mail server to manage the mail delivery and the related
tasks.
                          Ac




QUESTION NO: 158

CertKiller.com has a Windows Server 2008 server named S1. You have installed the Web Server
(IIS) role on S1. The server has an SMTP gateway that connects to the internet. You have an
internal firewall installed on the network which prevents all client machines from establishing a
connection to the internet except the SMTP gateway over TCP port 25. You configure the SMTP
gateway to relay e-mail for S1. What should you do to configure a website on S1 to send email to
internet users?

A. Install and configure SMTP server feature on S1
B. Configure the SMTP email feature for the website on S1


                       "Pass Any Exam. Any Time." - www.actualtests.com                            117
                                 Microsoft 70-643: Practice Exam
C. Create a DNS server on S1 and configure the SMTP mail service
D. Create an MX record for the SMTP gateway on an internal DNS server
E. None of the above

Answer: B

Explanation:
To configure a website on a server to send email to internet users, you should configure the SMTP
email feature for the website on that server. The Simple Message Transfer Protocol allows the
emails to be sent to a specific address.


Reference: http://technet2.microsoft.com/windowsserver2008/en/library/4ade618d-ff7a-4359-
b6ba-4982f0bdf4a51033.mspx?mfr=true




                                                           m
QUESTION NO: 159

                                                    .co
You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the SMTP server role. CertKiller.com currently uses
CKSERVER1's default SMTP virtual server for sending order notifications from a single Web
                                              sts
Application called KingOrders. CertKiller.com later discovered that large amounts of e-mail are
sent to CKSERVER1 from other users and computers. CertKiller.com wants you to prevent
unauthorized access to CKSERVER1.
                                      lTe



What should you do? (Choose two)
                               tua




A. On the Security tab of the properties of the SMTP virtual server you must modify the settings.
B. Connection Control entries must be added to limit which IP addresses can use CKSERVER1.
C. Basic authentication must be enabled.
D. A smart host must be configured for usage by the SMTP virtual server.
                         Ac




Answer: B,C

Explanation:
You should make use of these configurations as the network users will be required to provide
credentials by require Basic Authentication. In addition you can strengthen security further making
use of Connection Control rules limiting which computers and IP addresses which can use the
SMTP virtual server.
Incorrect Answers:
A: You should not consider making use of the Security tab because the Security tab is used to
determine which users are operators of the SMTP server.
D: You should not consider making use of this option because you are required to control
unauthorized access and you would be forcing the SMTP virtual server to route all new mail
through a specified server.

                      "Pass Any Exam. Any Time." - www.actualtests.com                            118
                                Microsoft 70-643: Practice Exam



QUESTION NO: 160

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the SMTP server role. CertKiller.com recently discovered that
the Web application used on CKSERVER1 is experiencing performance problems at specific times
of the day. CertKiller.com speculates the problem to be load placed on CKSERVER1's SMTP
Server service. CertKiller.com has requested that you monitor the performance of the SMTP
virtual server over time.


What should you do?

A. You should view the Windows Event Viewer System Log.
B. You should view the Windows Event Viewer Application Log.




                                                         m
C. You should view SMTP Server counters collected by Performance Monitor.
D. You should view the Current Sessions section of IIS 6.0 Manager.

Answer: C
                                                   .co
Explanation:
                                            sts

You should make use of the SMTP server counters as this will provide you with detailed
information about the way messages are sent and received by the server and you additionally can
                                     lTe


correlate statistics further with information about memory usage.
Incorrect Answers:
A: You should not consider making use of the Windows Event logs because the event logs will not
                              tua




contain performance related information about the SMTP Server service.
B: You should not consider making use of the Windows Event logs because the event logs will not
contain performance related information about the SMTP Server service.
D: You should not consider viewing the Current Sessions section because the section shows only
                        Ac




which users and applications are accessing the server at which specific point and time.



QUESTION NO: 161

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the IIS 7.0 role and the SMTP Server feature. CertKiller.com
recently requested that you configure CKSERVER1 to forward mail to the ISP.


What should you do?

A. An SMTP record in DNS must be added which points to the ISP SMTP server.
B. The SMTP delivery settings must be configured to Attempt Direct Delivery Before Sending to
Smart Host.

                      "Pass Any Exam. Any Time." - www.actualtests.com                      119
                                 Microsoft 70-643: Practice Exam
C. The Smart Host setting must be configured to use the local host.
D. The Smart Host setting must be configured to use the ISP's mail server.

Answer: D

Explanation:
You should have the Smart Host setting configured to direct e-mail to the ISP mail server.
Incorrect Answers:
A: You should not make use of an SMTP record in DNS instead an MX records should be used to
direct e-mail to the Internet not redirect the e-mail sent from the web server.
B: You should not consider having direct delivery attempted because this method would attempt to
bypass the ISP's mail server.
C: You should not consider having the Smart Host setting configured to deliver to the local host
because you are required to direct e-mail to the ISP's mail server. Section 5, Manage Internet
Information Services (IIS) (14 Questions)




                                                            m
QUESTION NO: 162                                     .co
As an administrator at CertKiller.com, you installed and configured an IIS server on CKS1 and
                                              sts
added the file server role on a server named CKS2.


The hard disk installed in CKS1 hosts the CertKiller/apps virtual directory. You discovered that the
                                       lTe


hard disk is running out of space so you moved the data on the hard disk at CKS1 to a new
volume, which has a new-shared directory on CKS2. You named the directory as CKWCKAPP.
What should you do to ensure that applications use CKWCKAPP?
                                tua




A. Execute the Appcmd set vdir/vdir.name:
CKWCKAPP/APPS/TTO/physicalpath:\\CKS2\CKWCKAPP command on CKS1
B. Execute Appcmd set vdir/vdir.name: CertKiller/apps/ physicalPath:\\CKS2\CKWCKAPP
                         Ac




command on CKS1
C. Execute Appcmd set vdir /vdir.name: CertKiller/Apps /physicalPath:C:\WebApp command on
Server2.
D. Execute Appcmd set vdir /vdir.name: CKS2/Apps /physicalPath:C:\WebApp command on
CKS2.
E. None of the above

Answer: B

Explanation:
To ensure that applications use CKWCKAPP, you need to execute Appcmd set vdir /vdir.name:
CertKiller /apps/ physicalPath :\ \CKS2\ CKWCKAPP command on CKS1.


To change the path of a virtual directory's content, you need to use the following syntax:

                       "Pass Any Exam. Any Time." - www.actualtests.com                         120
                                   Microsoft 70-643: Practice Exam
appcmd set vdir / vdir.name: string / physicalPath: string
The variable vdir.name string is the virtual path of the virtual directory, and physicalPath string is
the physical path of the application's content.


Reference : IIS 7.0: Change the Physical Path of Virtual Directory Content
http://technet2.microsoft.com/windowsserver2008/en/library/836c7fa3-e7fe-4134-a970-
b9ae1034f2311033.mspx?mfr=true



QUESTION NO: 163

You are an administrator at CertKiller.com managing a member server that has Windows Server
2008 installed. An IIS Server role is installed on this member server.


The IIS server hosts a restricted website that only CertKiller.com executives can access.




                                                                m
According to the company's policy, it is necessary for the executives to use user certificates to
access the restricted website.
                                                        .co
While monitoring the Server, you found out that the executives are accessing the secured website
by using their usernames and passwords. What should you do to ensure that the executives can
                                                 sts

access the secured website only though user certificates?

A. Open the secure website properties dialog box and modify the SSL settings to accept 128-bit of
                                         lTe


SSL certificate for authentication
B. Install and configure a Group Policy Object to define a Certificate Trust list. Link the GPO to the
IIS server to accept user certificates as login type.
                                  tua




C. Modify the Client Certificate settings to Require SSL Settings for the secured website
D. Modify the Client Certificate setting to Accept in SSL settings for the secured website.
E. All of the above
                           Ac




Answer: C

Explanation:
:
By default, client certificates are ignored. If you want the clients to verify their identity before they
access the content of a website, you need to configure client certificates.


Therefore to ensure that the executives can access the secured website only though user
certificates you need to modify the Client Certificate settings to Require on SSL Settings for the
secured website


Reference : IIS 7.0: Specify Whether to Use Client Certificates
http://technet2.microsoft.com/windowsserver2008/en/library/5adc0029-8875-4390-a717-

                        "Pass Any Exam. Any Time." - www.actualtests.com                              121
                                  Microsoft 70-643: Practice Exam
e5eb2eba97781033.mspx?mfr=true



QUESTION NO: 164

CertKiller.com has a server that runs on Windows Server 2008. The server also has an instance of
Active Directory Lightweight Directory Services (AD LDS) running. In order to test AD LDS, you
need to replicate the AD LDS instance on a test computer located on the network. What should
you do to achieve this objective?

A. Execute AD LDS Setup wizard on the test computer to create and install a replica of AD LDS.
B. Execute repadmin/bs <servername> command on the test computer
C. Install and configure a new AD LDS instance on the test computer by copy and pasting the
entire partition on the test computer
D. Execute the Dsmgmt command on the test computer and create a naming context




                                                              m
Answer: A

Explanation:
                                                       .co
To replicate the AD LDS instance on a test computer located on the network, you should execute
the AD LDS setup wizard on the test computer to create and install a replica of AD LDS. This is
                                                sts

the only way to replicate the AD LDS instance on another computer on the network. The setup
wizard has the option to replicate the AD LDS instance on another computer.
                                        lTe



QUESTION NO: 165
                                 tua




CertKiller.com has a server named CK1. CK1 runs Windows Server 2008. A web server (IIS) role
is also installed on CK1.
A public website is hosted on CK1. While monitoring the traffic on the public site, you notice an
                          Ac




unusually high volume of traffic on the website. You need to find the source of the traffic. What
should you do to achieve this objective?

A. Open the IIS server manager and enable website logging to filter the logs for the source IP
address
B. Install a third-party traffic analysis software to view the source IP address of the traffic
C. Execute net session - at command on the server
D. Execute net stat/all command to view the traffic statistics
E. None of the above

Answer: A

Explanation:
To find the source of unexpected traffic, you should open the IIS server manager and enable
website logging which will filter the logs for the source IP address. It will list the IP addresses of
                       "Pass Any Exam. Any Time." - www.actualtests.com                              122
                                 Microsoft 70-643: Practice Exam
the people visiting the website and a lot more information.



QUESTION NO: 166

You are an administrator at CertKiller.com. You have been instructed to install Web Server (IIS) on
a new Windows Server 2008 server. After installing IIS, you install a Microsoft .NET framework 1.0
application on a website hosted on the server. You also have to make sure that all applications run
on a minimum level of permission according to the company security policy. You should configure
the website application to have permissions to execute without creating other content or accessing
Windows Server 2008 system components. What should you do to achieve this task?

A. Configure the .NET Framework website trust level to low
B. Configure the .NET Framework website trust level to High
C. Configure the .NET Framework website trust level to Full




                                                              m
D. Configure the .NET Framework website trust level to Medium
E. Configure the .NET Framework website trust level to Optimal

Answer: C
                                                     .co
Explanation:
                                              sts

To configure the website application to have permission to execute without creating other content
or accessing Windows Server 2008 system components, you should configure the .NET
                                       lTe


Framework website trust level to full. In the .NET Framework, code access security controls
access to resources by controlling how code runs. When a user runs an application, the common
language runtime assigns the application to any one of the following five zones: My Computer -
                               tua




The application code is hosted directly on the user's computer. Local Intranet - The application
code runs from a file share on the user's intranet. Internet - The application code runs from the
Internet. Trusted Sites - The application code runs from a Web site that is defined as "Trusted" in
Internet Explorer. Untrusted Sites - The application code runs from a Web site that is defined as
                         Ac




"Restricted" in Internet Explorer.


You can set the security level for each zone to High, Medium, Medium-low, or Low.


Reference: http://support.microsoft.com/kb/832742



QUESTION NO: 167

CertKiller.com has 20 servers that run Windows Server 2008. All servers have the Web server
(IIS) server role installed. Being members of a server farm, all servers host the same website.
CertKiller.com has instructed you to configure the servers to meet the minimized administrative
effort policy. You need to configure the servers to allow web server configuration changes that
have been made on one server to be made on all the servers in the farm. You have to make sure
                         "Pass Any Exam. Any Time." - www.actualtests.com                       123
                                  Microsoft 70-643: Practice Exam
that the administrative effort to perform the configuration changes is minimized. What should you
do to achieve this task?

A. Create a scheduled task on a single server and copy the Inetpub folder and put it on all the
servers
B. Configure the shared configuration group policy and apply it on all the servers
C. Create a script that enables a single server to impose its configuration settings on all other
servers
D. Configure the Shared Configurations setting on all servers
E. None of the above

Answer: D

Explanation:
To ensure that the administrative effort to perform the configuration changes is minimized, you
should configure the shared configurations setting on all servers. This will allow a Config file to be




                                                              m
shared among other servers and they can use that file to update their configuration settings.
Reference: http://technet2.microsoft.com/windowsserver2008/en/library/8941cb68-2833-4788-
9ef3-8714fe9113001033.mspx?mfr=true
                                                      .co
                                               sts

QUESTION NO: 168
                                        lTe


You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. One of the servers, CertKillerServer1 has the Web Server (IIS)
role installed on it.
                                tua




A public website has recently been hosted on CertKillerServer1. After a few days, you noticed an
unusually high traffic volume on the website. Which of the following options would you choose to
identify the source of the traffic?
                          Ac




A. Run the netstat -an command on CertKillerServer1.
B. Using IIS Server Manager, first enable the website logging and then filter the logs for the source
IP address.
C. Enable Web scripting on CertKillerServer1.
D. Using Event Viewer, filter information from the security log by creating a custom view in it.

Answer: B

Explanation:
To identify the source of the traffic, you need to first enable website logging using IIS Server
Manager and then filter the logs for the source IP address so that the source of the high traffic can
be found.



                       "Pass Any Exam. Any Time." - www.actualtests.com                             124
                                 Microsoft 70-643: Practice Exam
The Internet Services Manager, available within the Administrative Tools folder on your Start
menu, is the primary tool you'll use to administer your Web server. It allows you to enable logging
on your web site. The IIS log files can then be used to identify performance issues in performance
testing.


The Client IP address filtering allows you to filter the IP address of the machine that accessed your
web site. Although IP addresses aren't necessarily unique to any one visitor (as most visitors surf
the web via a dynamic IP address provided by their ISP and not their own dedicated static IP and
pipe), the IP address can still be useful in partitioning the log file into visitor sessions.


The netstat - an command cannot be used because it is used to check various TCP/IP
connections. The web scripting is used to enhance your browsing experience. Event logs are
special files that record significant events on your computer, such as when a user logs on to the
computer or when a program encounters an error. Therefore all these options cannot be used to
detect the source of high traffic.




                                                            m
Reference : How To Use IIS Log Files In Performance Testing
                                                     .co
http://www.codeplex.com/PerfTesting/Wiki/Print.aspx?title=How%20To%3A%20Use%20IIS%20Lo
g%20Files%20In%20Performance%20Testing&version=3&action=Print
                                              sts

Reference : Web Wizardry: Putting the Internet to Work on Windows 2000
http://mcpmag.com/features/print.asp?EditorialsID=94
                                       lTe



Reference : Dissecting Log Files
http://www.clicktracks.com/insidetrack/articles/dissecting_log_files.php
                                tua




QUESTION NO: 169
                         Ac




You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. One of the servers, CertKillerServer1 has the Web Server (IIS)
role installed.


An application called App1 runs on CertKillerServer1. Due to a company requirement, you need to
make some configuration changes to App1. However, after those changes, the users report that
the application fails.


To diagnose the problem, you checked the event log and discovered an error message saying
"503 Service Unavailable" appearing. Which of the following options would you choose to ensure
that users are able to connect to App1?

A. Run appcmd stop apppool on CertKillerServer1


                       "Pass Any Exam. Any Time." - www.actualtests.com                         125
                                   Microsoft 70-643: Practice Exam
B. Run appcmd set config on CertKillerServer1
C. Run appcmd start apppool on CertKillerServer1
D. Run appcmd set apppool on CertKillerServer1

Answer: C

Explanation:
To ensure that users are able to connect to App1, you need to run appcmd start apppool on
CertKillerServer1.


The "503 Service Unavailable" error mostly occurs whenever HTTP.SYS, the kernel HTTP driver
that manages http connections for IIS, fails to create an IIS worker process to process the request.
This failure is typically caused by a critical error during worker process initialization, or more likely
an unhandled exception / access violation occurring during worker process startup.




                                                               m
After a certain number of failures, the application pool will trigger Rapid Fail Protection, a WAS
feature designed to stop application pools with a persistent failure condition to avoid an endless
                                                       .co
loop of failing to start worker processes. At this point, all requests to applications within the
stopped application pool will result in the 503 error, and the application pool will need to be re-
started manually
                                                sts

Reference: Troubleshooting IIS7 503 "Service unavailable" errors with startup debugging
http://mvolo.com/blogs/serverside/archive/2007/05/19/Troubleshooting-IIS7-503-_2200_Service-
                                         lTe


unavailable_2200_-errors-with-startup-debugging.aspx
                                 tua




QUESTION NO: 170

You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
                          Ac




on all the servers on the network. One of the servers, CertKillerServer1 has the Web Server (IIS)
role installed and all the Web Server role services on it.


Which of the following features would you configure on the server to provide a user the ability to
administer a website?

A. Configure .Net Users feature on CertKillerServer1
B. Configure.Net Roles feature on CertKillerServer1
C. Configure the IIS Manager Permissions feature on CertKillerServer1
D. Configure Authentication feature on CertKillerServer1

Answer: C

Explanation:


                        "Pass Any Exam. Any Time." - www.actualtests.com                            126
                                 Microsoft 70-643: Practice Exam
To provide a user the ability to administer a website, you need to configure the IIS Manager
Permissions feature on CertKillerServer1.


The IIS Manager Permissions feature is used to allow users to connect to sites and applications in
IIS Manager. Permitted users can configure delegated features in any sites or applications for
which they have permission. Users can be either IIS Manager users , which are credentials
created in IIS Manager by using the IIS Manager Users feature, or Windows users and groups on
the local computer or on the domain to which the computer belongs.


Reference: IIS 7.0: Configuring Permissions for IIS Manager Users and Windows Users
http://technet2.microsoft.com/windowsserver2008/en/library/33aaec94-c0cb-4402-b91e-
a5e3b9c3e0e01033.mspx?mfr=true



QUESTION NO: 171




                                                           m
You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
                                                    .co
on all the servers on the network. One of the servers, CertKillerServer1 has the Web Server (IIS)
role installed.
                                              sts

The server hosts a Web application called App1 that uses a custom application pool, which is set
to recycle every 1,440 minutes. App1 does not support multiple worker processes. Which of the
                                      lTe


following options would you choose to configure the application pool to ensure that users can
access App1 after the application pool is recycled?

A. Set the Disable Overlapped Recycling option to True.
                               tua




B. Set the Shutdown Executable option to True.
C. Set the Disable Recycling for Configuration Changes option to True.
D. Set the Process Orphaning Enabled option to True.
                         Ac




Answer: A

Explanation:
To configure the application pool to ensure that users can access App1 after the application pool
is recycled, you need to set the Disable Overlapped Recycling option to True.
If your application cannot run in a multi-instance environment, you must configure only one worker
process for an application pool (which is the default value), and disable the overlapped recycling
feature if application pool recycling is being used.


Reference : IIS Process Recycling / Considerations When Recycling Applications
http://msdn.microsoft.com/en-us/library/ms525803.aspx




                      "Pass Any Exam. Any Time." - www.actualtests.com                         127
                                 Microsoft 70-643: Practice Exam


QUESTION NO: 172

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 for hosting IIS 7.0 web sites accessed by users outside the
organization. CertKiller.com wants you to ensure that the consultants are able to access the web
site using the IIS Manager. The CertKiller.com written security policy prevents you from creating
any domain accounts or local user accounts for users accessing the website. You later attempt
connecting using IIS Manager and click Allow User and are only able to select Windows users.


What should you do?

A. The Authentication settings must be verified for the website.
B. Management Services must be reconfigured to enable Windows And IIS Manager Credentials.
C. The Management Service must be verified to ensure it has started.




                                                           m
D. The file system permissions must be reconfigured for the root folder of the website.

Answer: B                                           .co
Explanation:
You should have the Management Service configured to accept IIS Manager credentials in order
                                             sts

to have the IIS Manager users added to the Web site.
Incorrect Answers:
                                      lTe


A: You should not consider making use of the Authentication settings because this only applies to
users attempting to access the Web content and will not affect remote IIS Manager user settings
to connections.
                               tua




C: You should not consider reconfiguring the Management Service because the IIS Manager
enables the configuration of user permissions for Web sites even when the Management Service
stopped.
D: You should not consider having file system permission reconfigured as this would not affect
                         Ac




whether you would be able to add the users to a Web site.



QUESTION NO: 173

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the IIS 7.0 role. CKSERVER1 currently hosts the
CertKiller.com website. CertKiller.com recently requested that you configure CKSERVER1 to
automatically release memory for the website whilst not affecting other websites.


What should you do?

A. Modify the Recycling options from the Application Pool Defaults.


                      "Pass Any Exam. Any Time." - www.actualtests.com                         128
                                  Microsoft 70-643: Practice Exam
B. A new virtual directory must be created and modify the physical path credentials on the virtual
directory.
C. The bindings must be edited for the website.
D. A new application pool must be created and associated with the website to the application pool.

Answer: D

Explanation:
You should consider having a new application pool created to ensure that the application pool has
its own memory resources and assign the website to the application pool. Ensuring that memory
would be released.
Incorrect Answers:
A: You should not consider making use of the Recycling options because the Recycling options
are used to recycle memory after the completion of a job.
B: You should not consider making use of this solution because you would still be consuming the




                                                              m
same memory space configured before.
C: You should not consider tampering with the bindings because the bindings specify the address
and port to which the web-site would respond.         .co
                                                sts
QUESTION NO: 174

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
                                        lTe


server named CKSERVER1 hosting the IIS 7.0 role. CertKiller.com recently requested that you
create a virtual directory which will point to the c:\Kingappdata folder in the CertKiller.com website.
                                tua




What should you do?

A. The command appcmd add vdir /app.name:testapp /path: /testapp
/physicalPath:c:\Kingappdata must be used.
                          Ac




B. The command appcmd set vdir /vdir.name:CertKiller /poath: /testapp
/physicalPath:c:\Kingappdata must be used.
C. The command appcmd add site /name:testapp /physicalPath:c:\Kingappdata must be used.
D. The command appcmd add app /app.name:testapp /path:/hr /physicalPath:c:\Kingappdata must
be used.

Answer: A

Explanation:
You should make use of the appcmd add vdir / app.name :testapp /path: / testapp / physicalPath:c
:\ Kingappdata command because the command would create the required virtual directory.
Incorrect Answers:
B: You should not consider makinf use of the appcmd set vdir /vdir.name:CertKiller /poath:
/testapp /physicalPath:c:\Kingappdata as this command would not create a virtual directory.

                       "Pass Any Exam. Any Time." - www.actualtests.com                            129
                                 Microsoft 70-643: Practice Exam
C: You should not consider making use of the appcmd add site /name:testapp
/physicalPath:c:\Kingappdata or appcmd add app /app.name:testapp /path:/hr
/physicalPath:c:\Kingappdata as this would not create a virtual directory.
D: You should not consider making use of the appcmd add site /name:testapp
/physicalPath:c:\Kingappdata or appcmd add app /app.name:testapp /path:/hr
/physicalPath:c:\Kingappdata as this would not create a virtual directory.



QUESTION NO: 175

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the IIS 7.0 role. CertKiller.com recently started planning
hosting multiple websites with a single IP address using port 80. CertKiller.com wants to know
what should be done to configure IIS to accommodate multiple websites.




                                                           m
What should you do?

                                                    .co
A. The Hosts file on CKSERVER1 must be edited to add all the website names associated with
the network address.
B. A unique host header must be configured for each website.
                                             sts
C. A unique port must be configured for each website.
D. A unique IP address must be configured for each website.
                                      lTe


Answer: B

Explanation:
                               tua




You should have a unique host header created because this would enable you to specify which
name each Web-site would respond to.
Incorrect Answers:
A: You should not consider editing the Hosts file because the file is used for name resolution
                         Ac




which only works for CKSERVER1 and will not specify how requests are responded to by name to
the wev-site.
C: You should not consider having a unique port configured because it was stated that only port
80 be used.
D: You should not consider having a unique IP address configured because it is stated that a
single IP address be used. Section 6, Configure SSL security (6 Question)



QUESTION NO: 176

You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. One of the servers, CertKillerServer1 has the Web Server (IIS)
role installed on it.


                      "Pass Any Exam. Any Time." - www.actualtests.com                           130
                                  Microsoft 70-643: Practice Exam
Which of the following options would you choose to activate SSL for the default Web site on the
server? (Choose two. Each correct answer presents part of the solution.)

A. Select the Generate Key option in the Machine Key dialog box for the default Web site.
B. Create an HTTPS binding on the default Web site.
C. Install the Digest Authentication component for the Web server
D. Obtain an appropriate server certificate.

Answer: B,D

Explanation:
To activate SSL for the default Web site on the server, you need to get an appropriate certificate
and create an HTTPS binding on a site. On Windows Vista and Windows Server 2008, HTTP.sys
handles SSL encryption/decryption in kernel mode, resulting in up to 20% better performance for
secure connections.




                                                                m
Moving SSL to kernel mode requiresstoring SSL binding information in two places. First, the
binding is stored in % windir %\system32\ inetsrv \ applicationHost.config for your site. When the
                                                      .co
site starts, IIS 7.0sends the binding to HTTP.sys and HTTP.sys starts listening for requests on the
specified IP :Port (this works for all bindings).
                                               sts

Second, SSL configuration associated with the binding is stored in HTTP.sys configuration.When
a client connects and initiates an SSL negotiation, HTTP.sys looks in its SSL configuration for the
                                       lTe


IP :Port pair that the client connected to. The HTTP.sys SSL configuration must include a
certificate hash and the name of the certificate's store for the SSL negotiation to succeed.
                                tua




Reference: How to Setup SSL on IIS 7.0
http://learn.iis.net/page.aspx/144/how-to-setup-ssl-on-iis-7/
                          Ac




QUESTION NO: 177

You are an enterprise administrator for CertKiller.com. CertKiller.com has recently decided to host
a website for Weyland Industries. CertKiller.com has additionally configured SSL for the
http://owa.weyland.com/exchange website. CertKiller.com then informs you that the server is
namedCKSERVER1. CertKiller.com wants to know which name should be used when ordering the
digital certificate to ensure the users will not get security warnings when connecting to the URL.


What should you do?

A. The name Weyland Industries must be used.
B. The name Exchange.CKSERVER1 must be used.
C. The name CKSERVER1 must be used.


                       "Pass Any Exam. Any Time." - www.actualtests.com                         131
                                  Microsoft 70-643: Practice Exam
D. The name owa.weyland.com must be used.

Answer: D

Explanation:
You should make use of the name owa.weyland.com because the digital certificate must be made
for owa.weyland.com.
Incorrect Answers:
A: You should not consider making use of the name Weyland Industries because Weyland
Industries is the name of the company.
B: You should not consider making use of these options because you would be referring to the
internal names for the server.
C: You should not consider making use of these options because you would be referring to the
internal names for the server.




                                                             m
QUESTION NO: 178
                                                      .co
You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the IIS 7.0 role. CertKiller.com recently requested that you
                                               sts
configure the website to make use of SSL only while encrypting all authentication traffic.


What should you do? (Choose all that apply)
                                        lTe


A. The Basic Authentication setting must be configured to Enabled and the Anonymous
Authentication setting changed to Disabled for the website.
                                tua




B. The Digest Authentication setting must be configured to Enabled for the website.
C. The website must be configured to require SSL.
D. A digital certificate must be installed on the website.
                          Ac




Answer: A,C,D

Explanation:
You should firstly install a digital certificate then ensure that the users can access the web-site
using SSL and configure the Web site to require SSL for the encryption of the authentication
traffic.
Incorrect Answers:
B: You should not consider making use of Digest authentication because all the traffic including
authentication are encrypted.



QUESTION NO: 179




                       "Pass Any Exam. Any Time." - www.actualtests.com                           132
                                Microsoft 70-643: Practice Exam
You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Streaming Media Services role. CertKiller.com recently
requested that you ensure that network users using Windows Vista with Windows Media Player 11
are capable of pausing and rewinding the media player.


What should you do?

A. Fast Cache must be enabled.
B. CKSERVER1 must be configured to use only Hypertext Transfer Protocol (HTTP).
C. CKSERVER1 must be configured to use only Real-Time Streaming Protocol (RTSP).
D. The publishing point must be configured as an on-demand publishing point.
E. The publishing point must be configured as a live-streaming publishing point.

Answer: D

Explanation:




                                                          m
In order for you to have the users able to pause and rewind the media player you should make use
of on-demand publishing.
Incorrect Answers:
                                                   .co
A: You should not consider making use of the fast cache option because the fast cache option is
                                             sts
used with on-demand publishing points preventing playback quality problems.
B: You should not consider making use of Hypertext Transfer Protocol (HTTP) or Real-Time
Streaming Protocol (RTSP) because the protocols are used to deliver the media streams and
                                      lTe


would have nothing to do with pausing and rewinding the media player.
C: You should not consider making use of Hypertext Transfer Protocol (HTTP) or Real-Time
Streaming Protocol (RTSP) because the protocols are used to deliver the media streams and
                               tua




would have nothing to do with pausing and rewinding the media player.
                         Ac




QUESTION NO: 180

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Windows Media Services server role installed with the
license clearance house. CertKiller.com recently decided to have an audio file published to the
Internet using CKSERVER1. CertKiller.com later decided that the audio file should only be used
for two days.


What should you do?

A. The license must be modified.
B. A new package must be created.
C. The license key seed must be modified.
D. The key ID must be modified.


                      "Pass Any Exam. Any Time." - www.actualtests.com                       133
                                 Microsoft 70-643: Practice Exam
Answer: A

Explanation:
You should have the license modified within the license clearance house which would limit how
long the file can be played.
Incorrect Answers:
B: You should not consider having a new package created because this would consume time
where you were simply able to modify the license key.
C: You should not consider making use of the keys are used to make an answer key and would
not meet the requirements.
D: You should not consider making use of the keys are used to make an answer key and would
not meet the requirements.



QUESTION NO: 181




                                                           m
You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
                                                    .co
server named CKSERVER1 hosting the Windows Media Services server role. CertKiller.com has
recently decided to have an audio file published to the Internet using CKSERVER1. CertKiller.com
wants to know what should be done for creating a license for the audio file.
                                             sts

What should you do?
                                      lTe


A. The audio file must be packaged as a Windows Installer application.
B. The audio file must be packaged using Windows Media Rights Manager.
C. The audio file must be published to a new website.
                               tua




D. The audio file must be published to the Windows Media Services server.

Answer: B
                         Ac




Explanation:
You should have the file packaged using the Windows Media Rights Manager ensuring that the
license key would be bound with the audio file.
Incorrect Answers:
A: You should not consider making use of these options because publishing to a website, Media
Services server or a Windows Installer package would not be protected or limited with the license.
Section 7, Configure Web site authentication and permissions (11 Questions)
C: You should not consider making use of these options because publishing to a website, Media
Services server or a Windows Installer package would not be protected or limited with the license.
Section 7, Configure Web site authentication and permissions (11 Questions)
D: You should not consider making use of these options because publishing to a website, Media
Services server or a Windows Installer package would not be protected or limited with the license.
Section 7, Configure Web site authentication and permissions (11 Questions)


                      "Pass Any Exam. Any Time." - www.actualtests.com                        134
                                  Microsoft 70-643: Practice Exam



QUESTION NO: 182

Exhibit:




                                                             m
                                                      .co
                                               sts
                                       lTe
                                tua
                          Ac




CertKiller.com has a member server that is under your control. The member server has Windows
Server 2008 installed as its primary operating system. An IIS server role is installed on the server,
which also hosts an intranet website of CertKiller.com's.


The website authentication settings are shown in the exhibit. CertKiller.com has a branch office
that accesses the intranet through a proxy server. All client machines in the branch office and the
main office use Microsoft Internet explorer.


Users on the corporate network in the main office have no problems getting authenticated to the
intranet website while the users in the branch office are unable to authenticate and access the
website. The authentication process is encrypted on the IIS server to enhance the performance.


What should you do to configure the website to support authentication for the users in the main
office and the users in the branch office?
                       "Pass Any Exam. Any Time." - www.actualtests.com                          135
                                  Microsoft 70-643: Practice Exam
A. Enable the Basic authentication settings and Disable the Windows Authentication setting for the
users. After that select Require SSL through website properties
B. Configure each client machine in the branch office and deselect Integrated Windows
authentication option in the Internet Options Advanced settings dialog box.
C. Add the Digest Authentication role service to the IIS server. Configure the Digest Authentication
setting to Enabled.
D. Add and enable the Host Credential Authorization Protocol role service on the IIS server
E. None of the above

Answer: C

Explanation:
:
The users in the branch office are unable to authenticate and access the website because they
were accessing the intranet through a proxy server and the authentication method configured




                                                             m
(Windows Authentication) was not supporting proxy server.


                                                      .co
To configure the website to support authentication for the users in the main office and the users in
the branch office, you need to add the Digest Authentication role service to the IIS server and then
configure the Digest Authentication setting to Enabled.
                                               sts

Digest Authentication works by sending a password hash to a Windows domain controller to
authenticate users. When you need improved security over Basic authentication, consider using
                                        lTe


Digest authentication, especially if users who must be authenticated to access your Web site from
behind firewalls and proxy servers.
                                tua




Reference : Available Role Services in IIS 7.0 / Security Features


http://technet2.microsoft.com/windowsserver2008/en/library/1ec80c97-4455-4829-a319-
                          Ac




30e1e1c081691033.mspx?mfr=true



QUESTION NO: 183

You are running a Windows server 2008 with the IIS server role installed. The web server is
hosting the Intranet site and using Windows Authentication as the only authentication method that
is set to Enabled. You need to create a new virtual directory /Sales/ which holds contents that can
be accessed only by the members of SalesUsers global group. What should you do?

A. Remove the Default Allow Authorization rule the /Sales/ virtual directory
B. Modify the Default Allow Authorization rule on the /Sales/ virtual directory. Select the specified
roles or user groups setting and add the SalesUsers group name



                       "Pass Any Exam. Any Time." - www.actualtests.com                           136
                                  Microsoft 70-643: Practice Exam
C. Add a new Deny Allow Authorization rule on the /Sales/ virtual directory that applies to all
anonymous users. Remove the Default Allow Authorization rule on the /Sales/ virtual directory
D. Modify the Default Allow Authorization rule on the /Sales/ virtual directory. Select the specified
roles or user groups setting and add the SalesUsers group name. Add a new Deny Authorization
rule that applies to all users on the /Sales/ virtual directory.
E. None of the above

Answer: B

Explanation:
To create a new virtual directory /sales/ which holds contents that can be accessed only by the
members of SalesUsers global group, you should modify the Default Allow Authorization rule on
the /Sales/ virtual directory. Then, select the specified roles or user groups setting and add the
SalesUsers group name




                                                             m
QUESTION NO: 184
                                                      .co
As the network administrator of CertKiller, it is your responsibility to ensure that all computers on
the corporate network are always updated with Microsoft updates. To ensure that all computers
                                               sts
get latest updates, you installed WSUS on a server called CertKiller10 that runs Windows Server
2008.
                                        lTe


To ensure the secure communication between the WSUS administrative Web site and the server
administrator's computer, you decided to encrypt the traffic between them. Which of the following
options would you choose to accomplish this task?
                                tua




A. On the CertKiller10 execute the netdom trust /SecurePasswordPrompt command from the
command prompt.
B. Configure the CertKiller10 to require Integrated Windows Authentication (IWA) when user
                          Ac




connects to it.
C. Configure SSL encryption on the WSUS server web site on CertKiller10.
D. Configure the NTFS permissions on the content directory of CertKiller10 to Deny Full Control
permission to the Everyone group.
E. None of the above

Answer: B

Explanation:
To ensure that the traffic between the WSUS administrative Web site and the server
administrator's computer is encrypted , you need to first configure IIS to disable anonymous
access to the ServerSyncWebService virtual directory and then enable Integrated Windows
authentication.


                       "Pass Any Exam. Any Time." - www.actualtests.com                           137
                                 Microsoft 70-643: Practice Exam
You cannot set up the entire WSUS Web site to require SSL. This would mean that all traffic to the
WSUS site would have to be encrypted, whereas WSUS only encrypts metadata traffic.


Reference : Plan and Assess: Using Windows Server Update Services (WSUS)
http://technet.microsoft.com/en-us/updatemanagement/bb245871.aspx



QUESTION NO: 185

CertKiller.com offers Web hosting services. As an administrator you manage a member server that
has Windows Server 2008 as its operating system.


The server named Exbla1 has an IIS server role actively running. Exbla1 hosts 5 client company
websites. You are setting up a website for a new client company called WXYZ inc. on the IIS
server.




                                                            m
You put content for the WXYZ website on the IIS server and store the HTML content documents
                                                     .co
on a virtual directory of the website, which points to a remote Windows Server 2008 server named
CK3.
                                              sts

The content directory is named WXYZ_VDIR. On CK3, you grant share and NTFS permission to a
user account called WXYZ_ADMIN for that virtual directory. A user complains that he is unable to
                                       lTe


access the content in the directory although he has access to the main website. What should you
do to enable the user to access the content in the virtual directory?

A. Configure the WXYZ_ADMIN user account by accessing the account settings and enabling
                               tua




Connect on demand to the virtual directory
B. Open the virtual directory options and select Edit permissions. On the customize tab, set Use
this folder type as a template setting to documents
                         Ac




C. Create a Group Policy Object and link it to the virtual directory. Configure the GPO to enable
the WXYZ_ADMIN to access the virtual directory on CK3.
D. Open the properties of Virtual directory and click Connect As button and then configure the
specific user setting to WXYZ_ADMIN
E. All of the above

Answer: D

Explanation:
To enable the user to access the content in the virtual directory, you need to open the properties
of Virtual directory and click Connect As button and then configure the specific user setting to
WXYZ_ADMIN


The Connect As dialog box can be used to specify credentials that have permission to access the

                      "Pass Any Exam. Any Time." - www.actualtests.com                         138
                                  Microsoft 70-643: Practice Exam
physical path. If you do not use specific credentials, select the Application user (pass-thru
authentication) option in the Connect As dialog box


Reference : IIS 7.0: Create a Virtual Directory
http://technet2.microsoft.com/WindowsServer2008/f/?en/Library/32c434c0-5c5f-43eb-bd92-
7302b95e43dd1033.mspx



QUESTION NO: 186

CertKiller provides web-hosting services. You are running a Windows server 2008 with the IIS
server role installed.


The server hosts websites of 10 partner companies. You are configuring a website for a new
partner named Flexinet on IIS server. Contents of the Flexinet web site will be stored on IIS




                                                              m
server.

                                                      .co
The HTML content documents for a virtual directory for the website will be stored on a remote
Windows server 2008 named FI_Serv1. The contents folder is a shared folder named
Flexinet_VDIR.
                                               sts

You granted the share and NTFS permission to a user account named Flexinet_admin in the
                                        lTe


virtual directory content on FI_Serv1. Users are unable to access the contents of virtual directory
although they can access main website. What should you do to enable the users to access to the
contents of virtual directory?
                                tua




A. Add the Flexinet_admin user account to the Domain Administrator global security group
B. Add the Flexinet_admin user account to the Windows Authorization Access Domain local
security group
                          Ac




C. Configure the Specific user setting to Flexinet_admin in the Connect As dialog box in the
properties of the virtual directory
D. Select the Edit Permissions option for the virtual directory. Set the use this folder type as
Template setting to Documents on the Customize tab
E. None of the above

Answer: C

Explanation:
To enable the users to access to the contents of virtual directory, you need to configure the
specific user settings to Flexinet_admin in the Connect As dialog box in the properties of the
virtual directory


The Connect As dialog box can be used to specify credentials that have permission to access the

                       "Pass Any Exam. Any Time." - www.actualtests.com                            139
                                  Microsoft 70-643: Practice Exam
physical path. If you do not use specific credentials, select the Application user (pass-thru
authentication) option in the Connect As dialog box


Reference : IIS 7.0: Create a Virtual Directory
http://technet2.microsoft.com/WindowsServer2008/f/?en/Library/32c434c0-5c5f-43eb-bd92-
7302b95e43dd1033.mspx



QUESTION NO: 187

Exhibit:




                                                             m
                                                      .co
                                               sts
                                        lTe
                                tua
                          Ac




As an administrator at CertKiller.com, you manage a member server that runs Windows Server
2008. The Web Server (IIS) role is also installed on the member server. The web server hosts an
intranet website called intranet-e. The intranet-e website is only accessed by internal active
directory users. As shown in the exhibit, the authentication settings for intranet-e are set to basic.
You need to ensure that the users accessing the website are authenticated through Microsoft
Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2) encrypted Active Directory
credentials. What should you do to achieve this task? (Choose two answers. each answer is the
part of a complete solution)

A. Add the Windows Authentication role service to the IIS server. Enable the Windows
Authentication settings in the intranet-e properties
B. Configure Digest Authentication role service on IIS server and add URL authentication role
service to the server.


                       "Pass Any Exam. Any Time." - www.actualtests.com                           140
                                  Microsoft 70-643: Practice Exam
C. Disable the basic authentication and set the Anonymous Authentication to enabled in the
intranet-e properties
D. Add the internal Active Directory users to the IIS Access Permissions and use Basic
Authentication in Intranet-e properties
E. Disable the basic authentication setting in the intranet-e properties

Answer: A,E

Explanation:
To ensure that the users accessing the website are authenticated through MS-CHAPv2 encrypted
Active Directory credentials, you should Add Windows Authentication role service to the IIS server.
Enable the Windows Authentication settings in the intranet-e properties and disable the basic
authentication setting in the intranet-e properties. Basic authentication is a set of basic rules that
authenticate users. To implement MS-CHAPv2, you have to disable the basic authentication and
then, add windows authentication role services to the IIS server. After adding it, you should enable




                                                             m
it. The Windows Authentication role service will allow the website to be authenticated through MS-
CHAPv2.
                                                      .co
QUESTION NO: 188
                                               sts

You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. One of the servers, CertKillerServer1 has the Web Server (IIS)
                                        lTe


role installed on it.


CertKillerServer1 hosts an Internet-accessible Web site called CertKiller.com that has a virtual
                                tua




directory named /Salesorders/. A Web server certificate is installed and an SSL listener has been
configured for the Web site.
                          Ac




Which of the following options would you choose to configure the /salesorders/ virtual directory to
meet the company policy requirements that state that the /salesorders/ virtual directory must be
accessible to authenticated users only and it should allow authentication types to support all
browsers?


Furthermore, it should encrypt all authentication traffic by using HTTPS and all other directories of
the Website must be accessible to anonymous users and be available without SSL. (Select all that
apply. Each correct answer presents part of the solution.)

A. Configure the Basic Authentication setting to Enabled for the Web site
B. Configure the Anonymous Authentication setting to Disabled for the Web site.
C. Configure the Web site to the Require SSL setting.
D. Configure the Basic Authentication setting to Enabled for the / salesorders / virtual directory.



                       "Pass Any Exam. Any Time." - www.actualtests.com                           141
                                  Microsoft 70-643: Practice Exam
E. Configure the Anonymous Authentication setting to Disabled for the / salesorders / virtual
directory.
F. Configure the Digest Authentication setting to Enabled for the / salesorders/ virtual directory.
G. Configure the /salesorders / virtual directory to the Require SSL setting.

Answer: D,E,G

Explanation:
To configure the / salesorders / virtual directory so that it is accessible to authenticated users only
and it should allow authentication types to support all browsers, you need to configure the Basic
Authentication setting to Enabled for the / salesorders / virtual directory, because the Basic
authentication is supported by mostly all the browsers.


Next you need to Disable the Anonymous Authentication setting to for the / salesorders / virtual
directory, so that only authenticated users can access the virtual directory. Finally, you need to




                                                              m
configure only the / salesorders / virtual directory to the Require SSL setting so that only the
authentication traffic to this directory is encrypted and all other directories of the Website must be
                                                       .co
accessible to anonymous users and be available without SSL.


To configure authentication for a virtual directory or a physical directory in a Web site, you need to
                                                sts
configure the virtual directory for the Web site and not the website.


Reference: How to configure IIS Web site authentication
                                        lTe


http://support.microsoft.com/kb/308160
                                 tua




QUESTION NO: 189

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
                          Ac




server named CKSERVER1 hosting the IIS 7.0 role. CertKiller.com has recently asked you to
implement authentication settings for a new website. CertKiller.com wants to have the network
users prompted for authentication information when attempting to access the website.
CertKiller.com users with accounts in the Active Directory organization will access the site.
CertKiller.com requires you to maximize the security of the site.


What should you do? (Choose two)

A. Anonymous authentication must be enabled.
B. Anonymous authentication must be disabled.
C. Basic authentication must be enabled.
D. Windows authentication must be enabled.

Answer: B,D


                       "Pass Any Exam. Any Time." - www.actualtests.com                            142
                                Microsoft 70-643: Practice Exam
Explanation:
You should have anonymous authentication disabled as this will ensure that users are prompted to
provide credentials when accessing the site. In addition making use of Windows Authentication
would enable users with Windows domain or local accounts to authenticate to the server.
Incorrect Answers:
A: You should not consider having anonymous authentication enabled as this move would not
require users accessing to provide credentials.
C: You should not consider making use of the Basic authentication option because the Windows
Authentication options is more secure and requires all users to have Windows accounts.



QUESTION NO: 190

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the IIS 7.0 role. CertKiller.com has recently requested that




                                                          m
you redirect the network users from Kingsite1 to Kingsite2.


What should you do?
                                                   .co
A. The command appcmd set config /section:http:Redirect/+[Wildcard='Kingsite1'
                                             sts
,destination='Kingsite2] must be used.
B. The command appcmd set config /section:httpRedirect/+[Wildcard='Kingsite2'
,destination='Kingsite1'] must be used.
                                      lTe


C. The command appcmd set config /section: Redirect/+[Wildcard=' ' Kingsite1'
,destination=Kingsite2'] must be used.
D. The command appcmd set config /section: Redirecthttp/+[Wildcard=' Kingsite1 '
                               tua




,destination=Kingsite2 '] must be used.

Answer: A
                         Ac




Explanation:
You should make use of the solution provided here because the command line used would
redirect Kingsite1 to Kingsite2.
Incorrect Answers:
B: You should not consider making use of this solution because Kingsite1 and Kingsite2 are not in
place they are out of place.
C: You should not consider making use of these command line statements because the proper
section should be called httpRedirect.
D: You should not consider making use of these command line statements because the proper
section should be called httpRedirect.




                      "Pass Any Exam. Any Time." - www.actualtests.com                       143
                                Microsoft 70-643: Practice Exam
QUESTION NO: 191

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 for hosting a Web site which has static HTML pages, images and
other content. CertKiller.com wants to decide which handler permissions must be used on the
website to prevent CKSERVER1 from running unauthorized scripts on the website.


What should you do?

A. The handler permissions Read and disable scripts must be used.
B. The handler permissions Read and Configure Custom must be used.
C. The handler permissions Read and Execute must be used.
D. The handler permissions Read and Scripts must be used.

Answer: A




                                                          m
Explanation:
In order to have unauthorized scripts from running you should make use of the Read permissions
                                                   .co
as this would stop unauthorized scripts from running.
Incorrect Answers:
B: You should not consider making use of this handler permission because there is no custom
                                            sts
permission.
C: You should not consider making use of this handler permission because you are not required to
execute the scripts as you are required to prevent unauthorized scripts from running.
                                     lTe


D: You should not consider making use of Read and Scripts handler permission because you
should prevent unauthorized scripts from running.
                              tua




QUESTION NO: 192
                        Ac




You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the IIS 7.0 role. CertKiller.com has recently requested that
you configure URL authorization rules which prohibit users in the Temps role from accessing a
website hosted on the CertKiller.com server.


What should you do?

A. The command appcmd set config /section:authorization / +"[accessType= 'Deny' ,users=*']"
must be used.
B. The command appcmd set config /section:authorization / +"[accessType 'Deny' ,users='?']"
must be used.
C. The command appcmd set config /section:authorization / +"[accessType= 'Deny"
,users="Temp']"must be used.


                      "Pass Any Exam. Any Time." - www.actualtests.com                         144
                                 Microsoft 70-643: Practice Exam
D. The command appcmd set config /section:authorization / +"[accessType= 'Deny'
,roles='Temp']" must be used.

Answer: D

Explanation:
You should make use of the command line appcmd set config / section :authorization / +"[
accessType = 'Deny' ,roles='Temp']" as this command would disable access to the Temp role.
Incorrect Answers:
A: You should not consider making use of this command line because you would be denying all
users not just the Temp role.
B: You should not consider making use of this command line because you would be denying
anonymous users.
C: You should not consider making use of this command line because you are required to deny
the Temp role not the user Temp.




                                                           m
QUESTION NO: 193                                    .co
As an administrator at CertKiller.com, you have installed a new server named MS12 that runs
                                             sts
Windows Server 2008. This server should be used for streaming media purposes. You install the
Streaming Media Services role on the server. Since all client machines have Windows Vista as
their operating system and they only use the Windows Media Player 11 application, you configure
                                      lTe


a Publishing Point and assign a source of content that has video media. Users report that they are
unable to pause and rewind the video using Windows Media Player 11. What should you do to
ensure that users have full playback control of the streaming media?
                               tua




A. Set and configure Real Time Streaming Protocol (RTSP) on MS12
B. Reconfigure the Publishing Point as an on-demand publishing point
C. Uninstall and then reinstall the Publishing Point
                         Ac




D. Configure the MS12 server to use Simple Object Access Protocol (SOAP) instead of Publishing
Point
E. None of the above

Answer: B

Explanation:
To ensure that the users have full playback control of the streaming media, you should reconfigure
the Publishing Point as an on-demand publishing point. An On-demand publishing point distributes
the content only when it is requested by a client. Users that receive this content might be able to
modify its playback by pausing, rewinding, or fast-forwarding the stream. This type of publishing
point is commonly used when the content originates from a file, such as a playlist or other
Windows Media file, and can be used for personalized radio stations, online video stores, and self-
paced training applications. On-demand publishing points always deliver their content as a unicast

                      "Pass Any Exam. Any Time." - www.actualtests.com                        145
                                 Microsoft 70-643: Practice Exam
stream.


Reference: http://technet2.microsoft.com/windowsserver2008/en/library/0e1137b9-d97a-4eae-
a6f1-8c0f7227a3b11033.mspx?mfr=true



QUESTION NO: 194

CertKiller.com has instructed you to install Windows Server 2008 on a new server. You are
instructed to install the Streaming Media Services role on the server. Users have both Windows
Vista and MAC machines. They use Windows Media Player on both Windows and MAC
computers. What should you do install the Streaming Media Services role on the server with the
support for both media players?

A. Install and configure Simple Object Access Protocol (SOAP) on the server




                                                            m
B. Install HTTPS on the server and use RPC
C. Install and configure Windows Media Streaming Protocol (WMSP)
                                                     .co
D. Install and configure Real Time Streaming Protocol (RTSP)
E. None of the above
                                               sts
Answer: A

Explanation:
                                       lTe


To install Streaming Media Services role on the server with the support for both media players,
you should install and configure Simple Object Access Protocol (SOAP) on the server. SOAP is a
lightweight protocol for the exchange of information in a decentralized, distributed environment. It
                                tua




is an XML based protocol that consists of three parts: an envelope that defines a framework for
describing what is in a message and how to process it, a set of encoding rules for expressing
instances of application-defined datatypes , and a convention for representing remote procedure
calls and responses. SOAP can potentially be used in combination with a variety of other
                         Ac




protocols; however, the only bindings defined in this document describe how to use SOAP in
combination with HTTP and HTTP Extension Framework.


Reference: http://whitepapers.techrepublic.com.com/abstract.aspx?docid=17638



QUESTION NO: 195

You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. One of the servers, CertKillerServer1 has the Windows Media
Services server role installed on it.


You have been assigned the task to distribute a video file on DVD media. The video file should be
viewed by the users on computers even when the users are not connected to the Internet.
                      "Pass Any Exam. Any Time." - www.actualtests.com                        146
                                  Microsoft 70-643: Practice Exam


Which of the following options would you choose to accomplish the desired task while making sure
that the video file is protected from unauthorized use and illegal distribution?

A. Advertise the video using Windows Media Services and then create a DVD that contains the
HTML and ASPX files for the advertised video.
B. Package and advertise the video on the corporate Web site using Windows Media Digital
Rights Manager.
C. Publish the video as streaming content, and then burn the video to a DVD using Windows
Media Services.
D. Create a package and a license for the video file and then burn the packaged video to a DVD
using Windows Media Digital Rights Manager.

Answer: D

Explanation:




                                                             m
To distribute a video file on DVD media while making sure that the video file is protected from
unauthorized use and illegal distribution, you need to create a package and a license for the video
                                                      .co
file and then burn the packaged video to a DVD using Windows Media Digital Rights Manager
                                               sts
Windows Media Rights Manager is the technology that allows you to package Windows Media
DRM files and issue licenses. You can use Windows Media Rights Manager to encrypt a given
digital media file, lock it with a key, and bundle additional information from the content provider.
                                       lTe


This results in a packaged file that can only be played by the person who has obtained a license.
Windows Media Rights Manager can also act as the license clearing house, authenticating the
consumer's request for a license and issuing the license to the user.
                                tua




Reference: Windows Media DRM FAQ
http://www.microsoft.com/windows/windowsmedia/forpros/drm/faq.aspx#drmfaq_1_1
                          Ac




QUESTION NO: 196

You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008
on all the servers on the network. Two servers on the network are configured as follows:


CertKillerServer1: Windows Media Services server role installed
CertKillerserver2: Windows Media Services server role installed and it's also configured as a
License Clearing House.


You published an audio file, which is licensed by CertKillerServer2 on CertKillerServer1. Which of
the following options would you choose to ensure that users are allowed to use the audio file for
only two days?

                       "Pass Any Exam. Any Time." - www.actualtests.com                          147
                                 Microsoft 70-643: Practice Exam
A. Modify the license on CertKillerserver2.
B. Modify the key ID on CertKillerServer1.
C. Create a new package on CertKillerserver2.
D. Modify the license key seed on CertKillerServer1.

Answer: A

Explanation:
To ensure that users are allowed to use the audio file for only two days, you need to modify the
license on CertKillerserver2. Windows Media Rights Manager lets content providers deliver songs,
videos, and other digital media content over the Internet in a protected, encrypted file format. The
licenses in Windows Media Rights Manager can support a wide range of different business rules,
including the number of times a file can be played.


Reference : Architecture of Windows Media Rights Manager




                                                            m
http://www.microsoft.com/windows/windowsmedia/howto/articles/drmarchitecture.aspx



QUESTION NO: 197
                                                       .co
                                              sts
You are an enterprise administrator for CertKiller.com. CertKiller.com has recently acquired a new
network trainee. The network trainee was educated using Windows Server 2003 as a platform.
The new network trainee wants to know on which of the Windows Server 2008 operating systems
                                       lTe


would you be able to make use of Windows Media Server.


What should your reply be? (Choose two)
                               tua




A. Windows Media Server can be run on Windows Server 2008 Datacenter.
B. Windows Media Server can be run on Windows Server 2008 Enterprise Edition.
C. Windows Media Server can be run on Windows Server 2008 Web edition.
                         Ac




D. Windows Media Server can be run on Windows Server 2008 Standard Edition.

Answer: B,D

Explanation:
You should be aware that you would be able to install Windows Media Server only on Windows
Server 2008 Standard and Windows Server 2008 Enterprise edition only.
Incorrect Answers:
A: You should be aware that the Windows Media Server will not be able to install on Windows
Server 2008 Web Edition and Windows Server 2008 Datacenter edition.
C: You should be aware that the Windows Media Server will not be able to install on Windows
Server 2008 Web Edition and Windows Server 2008 Datacenter edition.




                      "Pass Any Exam. Any Time." - www.actualtests.com                          148
                                Microsoft 70-643: Practice Exam
QUESTION NO: 198

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Windows Media Services server role. CertKiller.com has
noticed that the network users are constantly disconnected from CKSERVER1 and have to
reconnect. CertKiller.com also noted that the videos also take long to open on CKSERVER1.
CertKiller.com wants you to solve the problem.


What should you do?

A. The option Fast Forwars/Rewind must be used.
B. The option Enable Fast Reconnect must be used.
C. The option Enabled Advanced Fast Start must be used.
D. A proxy server must be installed between CKSERVER1 and the network clients.

Answer: B,C




                                                         m
Explanation:
                                                  .co
In order for you to solve the performance problems and woes you should have enabled Advanced
Start and enable Fast Reconnect because Advanced Fast Start would enable users to view the
content sooner and Fast Reconnect minimizes the impact to each client during network outages.
                                            sts
Incorrect Answers:
A: You should not consider making use of the option Fast Forward/Rewind because this would not
solve the network woes.
                                     lTe


D: You should not consider making use of a proxy server because the proxy server would cache
the web pages but will not overcome network outages.
                              tua




QUESTION NO: 199
                        Ac




You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 running Windows Server 2008 Standard Edition. CertKiller.com
recently planned the addition of the Windows Media Services server role on CKSERVER1.
CertKiller.com later discovered when opening the Server Manager that there is no Media Services
server role to install and no Streaming Media Services role either.


What should you do?

A. Windows Server 2008 Enterprise edition must be installed.
B. Windows Media Player 11 must be installed.
C. The Windows Update must be run to retrieve the latest updates.
D. The Microsoft Update Standalone Package (MSU) must be installed for the Streaming Media
Services role.


                      "Pass Any Exam. Any Time." - www.actualtests.com                     149
                                 Microsoft 70-643: Practice Exam
Answer: D

Explanation:
In order to have the Media Services role available for installation you are required to install the
MSU package for the Streaming Media Services role before it shows in the role list available for
installation.
Incorrect Answers:
A: You should not consider having the operating system upgraded to Windows Server 2008
Enterprise edition because MSU packages can be installed on Windows Server 2008 Standard
edition.
B: You should not consider having Windows Media Player 11 installed as this would not ensure
that the Streaming Media Services role is available.
C: You should not consider retrieving updates from Microsoft Update as this would not ensure that
the Streaming Media Services role can be added.




                                                           m
QUESTION NO: 200
                                                    .co
You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Streaming Media Services role. CertKiller.com recently
                                              sts
requested that you ensure that network users using Windows Vista with Windows Media Player 11
are capable of pausing and rewinding the media player.
                                      lTe


What should you do?

A. Fast Cache must be enabled.
                               tua




B. CKSERVER1 must be configured to use only Hypertext Transfer Protocol (HTTP).
C. CKSERVER1 must be configured to use only Real-Time Streaming Protocol (RTSP).
D. The publishing point must be configured as an on-demand publishing point.
                         Ac




E. The publishing point must be configured as a live-streaming publishing point.

Answer: D

Explanation:
In order for you to have the users able to pause and rewind the media player you should make use
of on-demand publishing.
Incorrect Answers:
A: You should not consider making use of the fast cache option because the fast cache option is
used with on-demand publishing points preventing playback quality problems.
B: You should not consider making use of Hypertext Transfer Protocol (HTTP) or Real-Time
Streaming Protocol (RTSP) because the protocols are used to deliver the media streams and
would have nothing to do with pausing and rewinding the media player.
C: You should not consider making use of Hypertext Transfer Protocol (HTTP) or Real-Time
Streaming Protocol (RTSP) because the protocols are used to deliver the media streams and
                      "Pass Any Exam. Any Time." - www.actualtests.com                         150
                                Microsoft 70-643: Practice Exam
would have nothing to do with pausing and rewinding the media player.
E: You should not consider making use of a live-streaming publishing point because this
publishing point does not have the ability to pause and rewind the media player.



QUESTION NO: 201

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Windows Media Services server role installed with the
license clearance house. CertKiller.com recently decided to have an audio file published to the
Internet using CKSERVER1. CertKiller.com later decided that the audio file should be used only
two days.


What should you do?




                                                          m
A. The license must be modified.
B. A new package must be created.
C. The license key seed must be modified.
D. The key ID must be modified.
                                                   .co
                                             sts
Answer: A

Explanation:
                                      lTe


You should have the license modified within the license clearance house which would limit how
long the file can be played.
Incorrect Answers:
                               tua




B: You should not consider having a new package created because this would consume time
where you were simply able to modify the license key.
C: You should not consider making use of the keys are used to make an answer key and would
not meet the requirements.
                         Ac




D: You should not consider making use of the keys are used to make an answer key and would
not meet the requirements.



QUESTION NO: 202

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Windows Media Services server role. CertKiller.com has
planned publishing an audio file to the Internet making use of CKSERVER1. CertKiller.com knows
that a license is required and wants to know what should be done to create the license.


What should you do?



                      "Pass Any Exam. Any Time." - www.actualtests.com                       151
                                 Microsoft 70-643: Practice Exam
A. The audio file must be packed using Windows Media Rights Manager.
B. The audio file must be packed as a Windows Installer application.
C. The audio file must be published to a new website.
D. The audio file must be published to CKSERVER1.

Answer: A

Explanation:
You should have the file packaged using the Windows Media Rights Manager ensuring that the
license key would be bound with the audio file.



QUESTION NO: 203

CertKiller.com has a server that runs Windows Server 2008. You plan to publish an audio file on
the internet. You install the Windows Media Services server role on the server to publish the audio




                                                           m
file using Media Server. To protect the file, you need to create a license for the audio file. What
should you do first to achieve this task?           .co
A. Create a new site and publish the audio file
B. Use Media Rights Manager to package the audio file
                                              sts

C. Publish the audio file on Windows Media Services server
D. Create a MPEG server on Windows Media services server and package the file with Windows
                                      lTe


Installer application
E. None of the above

Answer: B
                               tua




Explanation:
To create a license for the audio file, you need to use Media Rights Manager to package the audio
                         Ac




file. When a consumer acquires an encrypted digital media file from a Web site, he or she must
also acquire a license that contains a key to unlock the file before the content can be played.
Content owners can easily set these licenses and keys in motion by protecting their content files
with Microsoft® Windows Media® Rights Manager and then distributing the content to consumers.



Reference: http://www.microsoft.com/windows/windowsmedia/howto/articles/drmarchitecture.aspx



Section 3, Configure Microsoft Windows SharePoint Services server options (9 Question)



QUESTION NO: 204


                      "Pass Any Exam. Any Time." - www.actualtests.com                         152
                                Microsoft 70-643: Practice Exam
As a senior administrator at CertKiller.com, you manage a server named ERA1 that runs Windows
Server 2008. It has the Windows SharePoint Services (WSS) role installed in a standalone mode.
You also manage another server called ERA2. For a big project, you install the WSS role on
ERA2. You indicate during the installation that the ERA2 must be the member of a WSS server
farm, but you are unable to connect to ERA1 in the WSS server farm. What should you do to
configure both ERA1 and ERA2 in the WSS server farm?

A. reduce the Microsoft .NET Framework Trust Level to Low on both ERA1 and ERA2
B. Reconfigure the Web Management Service on ERA1
C. Set the Microsoft .NET Framework Trust Level to High on both ERA1 and ERA2
D. Uninstall the WSS on ERA1 and select the server farm mode while reinstalling it.
E. None of the above

Answer: D

Explanation:




                                                          m
To configure both ERA1 and ERA2 in the WSS server farm, you should uninstall the WSS on
ERA1 and select the server farm mode while reinstalling it. The server farm mode will enable you
                                                   .co
to configure both the servers in the WSS server farm. Microsoft Windows SharePoint Services
was designed to be useful in large server farms, supporting hundreds or thousands of SharePoint
                                            sts
sites and millions of users. When you manage a server farm environment for Windows SharePoint
Services, you need to make certain choices about configuring your environment, and you need to
be aware of how Windows SharePoint Services works in that environment. This topic explains
                                     lTe


those choices, and describes how to work with Windows SharePoint Services in a large-scale,
server farm environment.
                              tua




Reference: http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-
us/stsf15.mspx?mfr=true
                        Ac




QUESTION NO: 205

Exhibit:




                      "Pass Any Exam. Any Time." - www.actualtests.com                      153
                                 Microsoft 70-643: Practice Exam




You are an enterprise administrator for CertKiller.com. All the servers on the corporate network




                                                            m
run Windows Server 2008. A new server farm has recently been created on the network. The
company uses Public folders and Web Distributed Authoring and Versioning.
                                                     .co
You have been assigned the task to install Microsoft Windows SharePoint Services (WSS) as a
                                              sts
server in a new server farm. However, when you start the installation by starting the SharePoint
Products and Technologies Configuration Wizard, you receive an error message that states
"Failed to connect to the database server or the database name does not exist", as shown in the
                                       lTe


exhibit.


Which of the following server/services would install to configure WSS to start SharePoint Services
                               tua




3.0 Central Administration?

A. Microsoft SQL Server 2005 server
B. Active Directory Rights Management Services role
                         Ac




C. Active Directory Lightweight Directory Services role
D. Windows Internal Database

Answer: A

Explanation:
To resolve this problem, you need to install Microsoft SQL Server 2005 server on the farm. This
error message occurs when either the SQL Server does not exist or the SQL Server services are
stopped.


The server farm account is used to access your configuration database. It also acts as the
application pool identity for the SharePoint Central Administration application pool, and it is the
account under which the Windows SharePoint Services Timer service runs. The SharePoint
Products and Technologies Configuration Wizard adds this account to the SQL Server Logins, the

                      "Pass Any Exam. Any Time." - www.actualtests.com                         154
                                 Microsoft 70-643: Practice Exam
SQL Server Database Creator server role, and the SQL Server Security Administrators server
role. If SQL Server is not available then the above mentioned error message will appear.


Reference: Configuration Wizard - Failed to Connect
http://blogs.msdn.com/neilth/archive/2008/04/25/failed-to-connect-or-database-name-does-not-
exist.aspx



QUESTION NO: 206

You are an enterprise administrator for CertKiller.com. The corporate network of the company
consists of a single Active Directory domain. All the servers on the network either run Windows
Server 2008 or Windows Server 2003.


The network contains a Windows Server 2003 server called CertKillerServer2 that runs Microsoft




                                                            m
SQL Server 2005 SP2 and Microsoft Windows SharePoint Services (WSS) 2.0. The network
contains another server called CertKillerServer3 that runs Windows Server 2008.
                                                     .co
You have been assigned the task to migrate to SharePoint Services (WSS)
3.0. from CertKillerServer2 to CertKillerServer3 with all the configuration and content. Which of the
                                              sts

following options would you choose to accomplish this task?

A. Install WSS 2.0 on CertKillerServer3. Back up the WSS 2.0 configuration and content from
                                       lTe


CertKillerServer2 and restore the backup from CertKillerServer2 to CertKillerServer3. Perform an
in-place upgrade of WSS 2.0 to WSS 3.0 on CertKillerServer3.
B. Upgrade CertKillerServer2 to Windows Server 2008. Back up the SharePoint configuration and
                                tua




content from CertKillerServer2. Install WSS 3.0 on CertKillerServer3 and then restore the backup
from CertKillerServer2 to CertKillerServer3.
C. Back up the SQL Server 2005 configuration and the WSS 2.0 databases from
                         Ac




CertKillerServer2. Install SQL Server 2005 on CertKillerServer3 and then restore the SQL Server
2005 backup from CertKillerServer2 to CertKillerServer3.
D. Back up the SharePoint configuration and content from CertKillerServer2. Install WSS 3.0 on
CertKillerServer3 and then restore the backup from CertKillerServer2 to CertKillerServer3.

Answer: A

Explanation:
To migrate to SharePoint Services (WSS) 3.0. from CertKillerServer2 to CertKillerServer3 with all
the configuration and content, you need to install WSS 2.0 on CertKillerServer3. Back up the WSS
2.0 configuration and content from CertKillerServer2 and restore the backup from
CertKillerServer2 to CertKillerServer3. Perform an in-place upgrade of WSS 2.0 to WSS 3.0 on
CertKillerServer3.



                       "Pass Any Exam. Any Time." - www.actualtests.com                          155
                                 Microsoft 70-643: Practice Exam
When you run an in-place upgrade, all content and configuration data is upgraded in-place, at one
time. When you start the in-place upgrade process, the Web server and Web sites remain offline
until the upgrade has been installed. In-place upgrades are best for a stand-alone server and
small installations as in this case


Reference : Install and configure Office SharePoint Server for an in-place upgrade
http://technet.microsoft.com/en-us/library/cc263212(TechNet.10).aspx


Reference : Determine upgrade approach (Office SharePoint Server)
http://technet.microsoft.com/en-us/library/cc263447(TechNet.10).aspx



QUESTION NO: 207

You are an enterprise administrator for CertKiller.com. All the servers on the network run Windows




                                                           m
Server 2008. The network includes a server named CertKillerServer1 on which the Windows
SharePoint Services (WSS) role is installed.
                                                    .co
A group of users need to access the WSS server. However, you want to restrict the users to view
items, open items, and view versions on the WSS server. To accomplish this task, you create a
                                             sts

group named SPUsers that will access content on the WSS server.
                                      lTe


Which of the following permissions would you configure for the SPUsers group to restrict the
permissions of the group to viewing items, opening items, and viewing versions?

A. Limited Access
                               tua




B. Design
C. Read
D. Contribute
                         Ac




Answer: C

Explanation:
To restrict the permissions of the group to viewing items, opening items, and viewing versions, you
need to assign Read permission. The Read permission level includes the View Items, Open Items,
View Pages, and View Versions permissions (among others), all of which are needed to read
documents, items, and pages on a SharePoint site.


Reference: About security features of Windows SharePoint Services 3.0
http://office.microsoft.com/en-us/sharepointtechnology/HA100215781033.aspx




                      "Pass Any Exam. Any Time." - www.actualtests.com                         156
                                 Microsoft 70-643: Practice Exam
QUESTION NO: 208

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Windows SharePoint Services (WSS) server role.
CertKiller.com has recently finished the initial installation process of CKSERVER1 but has not
added roles or features to the installation. CertKiller.com later asked you to install Windows
SharePoint Services (WSS) in a server farm configuration. CertKiller.com wants to know which of
the options are not a dependency of the Windows SharePoint Services (WSS) role.


What would your reply be? (Choose two)

A. The Windows SharePoint Services (WSS) role is not dependant on the Web Server (IIS) role.
B. The Windows SharePoint Services (WSS) role is not dependant on Microsoft .NET Framework
3.0.
C. The Windows SharePoint Services (WSS) role is not dependant on the File Server role.




                                                            m
D. The Windows SharePoint Services (WSS) role is not dependant on the Windows Process
Activation role service.
                                                     .co
E. The Windows SharePoint Services (WSS) role is not dependant on the Windows Internal
Database role service.
                                              sts
Answer: C,E

Explanation:
You should be aware that the installation of the Windows Internal Database role services is not
                                       lTe


required because all the content and configuration information will be stored in a dedicated SQL
Server database. You should additionally note that the File Server role is not a requirement for
running WSS.
                               tua




Incorrect Answers:
A: You should be aware that the IIS Web server role is required to host the SharePoint user and
administration Web sites.
                         Ac




B: You should be aware that the WWS role service requires .NET framework 3.0 to run.
D: You should be aware that the Windows Process Activation role is a requirements to host the
SharePoint Web sites.



QUESTION NO: 209

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Windows SharePoint Services (WSS) role. The
CertKiller.com has a business partner which accesses CKSERVER1 externally. CertKiller.com
installed the required roles and ensured the SharePoint Web site loads on the local server with all
options using their default installation values. The external users later complained to
CertKiller.com about not being able to logon to the site.


                      "Pass Any Exam. Any Time." - www.actualtests.com                         157
                                  Microsoft 70-643: Practice Exam
What should you do?

A. The User Permissions For Web Application settings must be modified.
B. The authentication mode must be changed for the Web application to Forms authentication.
C. A new site must be created within an existing site collection for the external users.
D. A new site collection must be created for the external users.

Answer: B

Explanation:
You should be aware that the default SharePoint site uses Windows authentication so the external
users would not be able to access the web-site unless Forms authentication is used.
Incorrect Answers:
A: You should not consider having the User Permissions For Web Application settings modified
because the settings apply only to operations which may be performed after the user is connected.
C: You should not consider taking this action as it is not required to create a new site for providing




                                                             m
access to the default SharePoint site.
D: You should not consider taking this action as it is not required to create a new site collection for
providing access to the default SharePoint site.
                                                      .co
                                               sts

QUESTION NO: 210
                                        lTe


bYou are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Windows SharePoint Services (WSS) role. CertKiller.com
has recently decided to have CKSERVER1 configured in a new server farm. CertKiller.com later
                                tua




discovered an error when running the Configuration wizard stating that Windows SharePoint
Services (WWS) failed to connect to the database server or no database server exists.


What should you do?
                          Ac




A. The Active Directory Lightweight Directory Services role must be installed.
B. You must ensure that CKSERVER1 has a host record for the SQL server.
C. The Windows Internal Database must be installed.
D. A Microsoft SQL Server 2005 server must be installed.

Answer: D

Explanation:
You should have Microsoft SQL Server 2005 installed because you are in the process of creating
a farm.
Incorrect Answers:
A: You should not consider making use of the Active Directory Lightweight Directory Services role
because this will not ensure finding a SQL Server 2005 server.

                       "Pass Any Exam. Any Time." - www.actualtests.com                           158
                                 Microsoft 70-643: Practice Exam
B: You should not consider this course of action as you would require using DNS to get name
resolution for the SQL Server.
C: You should not consider making use of the Windows Internal Database because the server
farm requires Microsoft SQL Server 2005.



QUESTION NO: 211

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 running Windows Server 2003 and has Microsoft SQL Server 2005
with SP2 and Windows SharePoint Services (WSS) 2.0. CertKiller.com has recently planned the
migration of CKSERVER1 by migrating the configuration content from Windows SharePoint
Services (WSS) 2.0 to Windows SharePoint Services (WSS) 3.0 to a new Windows Server 2008
server.




                                                            m
What should you do?

                                                     .co
A. The Windows SharePoint Services 2.0 configuration and content from CKSERVER1 must be
backed up. You must then install Windows SharePoint Services 2.0 on the Windows Server 2008
computer and restore the backup.
                                              sts
You must then perform an in-place upgrade from Windows SharePoint Services 2.0 to Windows
SharePoint Services 3.0.
B. The SQL Server 2005 configuration and Windows SharePoint Services 2.0 databases must be
                                       lTe


backed up from CKSERVER1. You must then install Microsoft SQL Server 2005 on the Windows
Server 2008 computer.
You must then restore the backup of Microsoft SSQL Server 2005 to the Windows Server 2008
                               tua




computer.
C. The SharePoint configuration from CKSREVER1 must be backed up. You must then install
Windows SharePoint Services 3.0 on the Windows Server 2008 computer and restore
                         Ac




CKSERVER1's content to the Windows Server 2008 computer.
D. CKSERVER1 must be upgraded to Windows Server 2008. You must then have the SharePoint
configuration and content of CKSERVER1 backed up.
You must then install Windows SharePoint Services 3.0 on the new Windows Server 2008
computer and restore the backup of CKSERVER1 on the computer.

Answer: A

Explanation:
In order to successfully migrate the content you should install onto the new server with the
configuration and content installed.




                       "Pass Any Exam. Any Time." - www.actualtests.com                        159
                                Microsoft 70-643: Practice Exam
QUESTION NO: 212

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the Windows SharePoint Services (WSS) role. CertKiller.com
has recently created a users group which requires the ability to view items, view versions and
open items whilst not changing the content.


What should you do?

A. You must assign Contribute permissions.
B. You must assign Full Control permissions.
C. You must assign Design permissions.
D. You must assign Read permissions.

Answer: D




                                                         m
Explanation:
In order to have the users group given the ability to view items, view versions and open items
                                                  .co
whilst not changing the content you should assign the read permission which limits the user to
viewing the content.
Incorrect Answers:
                                               sts
A: You should not consider assigning the permission suggested in these options because you
would be granting the users group too many privileges. Section 4, Configure Windows SharePoint
Services e-mail integration (8 Questions)
                                     lTe


B: You should not consider assigning the permission suggested in these options because you
would be granting the users group too many privileges. Section 4, Configure Windows SharePoint
Services e-mail integration (8 Questions)
                              tua




C: You should not consider assigning the permission suggested in these options because you
would be granting the users group too many privileges. Section 4, Configure Windows SharePoint
Services e-mail integration (8 Questions)
                        Ac




QUESTION NO: 213

CertKiller.com has a server that runs Windows Server 2008. You have installed Windows
SharePoint Services (WSS) on the Windows Server 2008 server. You want to configure WSS to
support SMTP. What should you do to achieve this task?

A. Reinstall the WSS role
B. Open the Server Manager console and install Application Server
C. Configure port 25 for WSS role
D. Open the Server Manager console and install the SMTP Server feature
E. None of the above


                      "Pass Any Exam. Any Time." - www.actualtests.com                    160
                                Microsoft 70-643: Practice Exam
Answer: D

Explanation:
To configure WSS to support SMTP, you should install the SMTP server feature through Server
Manager Console. Based on SMTP, WSS works with any mail server or SMTP gateway. It acts as
an SMTP relay (it does not store mail, it only forwards it) and handles all incoming and outgoing
SMTP traffic. For most installations, you'll simply have to modify your domain MX record and make
a few configuration changes on your e-mail server. When installing WSS on the same host as your
mail server, you must make additional configuration changes, such as SMTP port numbers.


Reference: http://www.networkcomputing.com/913/913sp3.html



QUESTION NO: 214




                                                          m
You manage a server that runs Windows Server 2008. You have installed the Windows
SharePoint Services (WSS) server role on the server. The server is configured to accept incoming
                                                    .co
mail. To streamline the process, you create a new document library. You have to make sure that
any user can send email to the document library. What should you do to achieve this task?
                                             sts
A. Change the incoming email settings for the document library
B. Enable basic user authentication for the document library
C. Modify the document library settings to accept emails from SMTP servers
                                      lTe


D. Change the permissions for the document library

Answer: A
                               tua




Explanation:
To ensure that any user can send email to the document library, you should change the incoming
mail settings for the document library.
                         Ac




Reference: http://technet.microsoft.com/en-us/library/ cc262947( TechNet.10).aspx



QUESTION NO: 215

You are an enterprise administrator for CertKiller.com. All the servers on the network run Windows
Server 2008. The network includes two servers configured as follows:
CertKillerServer1: The Windows SharePoint Services (WSS) 3.0 is installed.CertKillerServer2: The
SMTP feature is installed.


Which of the following options would you choose to configure the outgoing e-mail settings on
CertKillerServer1 to use the SMTP service on CertKillerServer2 and ensure that e-mail messages
from CertKillerServer1 are forwarded to users?

                      "Pass Any Exam. Any Time." - www.actualtests.com                       161
                                 Microsoft 70-643: Practice Exam
A. Create a new application pool on CertKillerServer2 and then associate the application pool with
a new website.
B. Create a new application pool on CertKillerServer1 and on an internal DNS server, create a
new MX record for CertKillerServer2.
C. Create a new application pool on CertKillerServer1 and on an internal DNS server, create a
new MX record for CertKillerServer1.
D. On CertKillerServer2, configure the SMTP service to accept anonymous connections and to
relay e-mail messages.

Answer: D

Explanation:
You can configure the SMTP service to accept relayed e-mail from servers in your farm. You can
decide to accept relayed e-mail from all servers except those you specifically exclude.
Alternatively, you can block e-mail from all servers except those you specifically include. You can




                                                            m
include servers individually, or in groups by subnet or domain.
You can enable both anonymous access and e-mail relaying but by doing this, you increase the
                                                     .co
possibility that the SMTP server will be used to relay unsolicited commercial e-mail (spam).


Reference: Configure outgoing e-mail settings (Windows SharePoint Services)
                                               sts
http://technet.microsoft.com/en-us/library/cc288949(TechNet.10).aspx
                                       lTe


QUESTION NO: 216

You are an enterprise administrator for CertKiller.com. The corporate network consists of a single
                                tua




Active Directory domain. The company runs Windows Server 2008 on all the servers on the
network. One of the servers, CertKillerServer1 has the Windows SharePoint Services (WSS)
server role installed on it.
                         Ac




Which of the following options would you choose to configure the WSS server in such a way that it
allows users to create distribution lists from a SharePoint site?

A. Modify the outgoing mail character set.
B. Configure the SharePoint site to accept messages from authenticated users only.
C. Enable the SharePoint Directory Management Service on CertKillerServer 1.
D. Use the default Rights Management server in Active Directory Domain Services to configure
the SharePoint site.

Answer: C

Explanation:
To configure WSS server in such a way that it allows users to create distribution lists from a
SharePoint site, you need to enable the SharePoint Directory Management Service on

                       "Pass Any Exam. Any Time." - www.actualtests.com                          162
                                  Microsoft 70-643: Practice Exam
CertKillerServer 1. A distribution list contains the e-mail addresses of existing address lists as well
as the e-mail addresses of other site members. Distribution lists are available only if the
SharePoint Directory Management Service is enabled in Central Administration.


All new subsites that are created in an e-mail-enabled site collection are automatically e-mail-
enabled also. If you choose to use an existing group during site creation, the distribution list for the
parent site (if available) will be associated with the new site


Reference : Introduction to incoming e-mail/ New site creation walkthrough
http://office.microsoft.com/en-us/help/HA100823061033.aspx



QUESTION NO: 217

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member




                                                              m
server named CKSERVER1 hosting SharePoint Services 3.0 role. CertKiller.com has recently
decided to have CKSERVER1 configured to enable outgoing e-mail and notifying users when
workflows and subscriptions are used.
                                                       .co
What should you do?
                                                sts

A. The Application server role must be installed.
B. A SMTP server must be installed and configured.
                                        lTe


C. A DNS server must be installed and configured.
D. Message queuing must be installed.
                                 tua




Answer: B

Explanation:
In order to have the users notified when workflows and subscriptions are used you should install
                          Ac




SMTP so that it can deliver emails.
Incorrect Answers:
A: You should not consider making use of the Application server role because the Application
server role provides is used for hosting and managing high-performance distributed applications.
C: You should not consider making use of a DNS server because the DNS server is intended for
usage for name resolution.
D: You should not consider making use of this solution because message queuing provides
guaranteed message delivery, security, efficient routing and priority-based messaging between
applications.



QUESTION NO: 218



                       "Pass Any Exam. Any Time." - www.actualtests.com                            163
                                 Microsoft 70-643: Practice Exam
You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the SharePoint Services 3.0 role. CertKiller.com has recently
planned uninstalling the SharePoint Services 3.0 role from CKSERVER1. CertKiller.com later tried
to reinstall SharePoint Services 3.0 and the installation fails. CertKiller.com wants you to complete
the installation process.


What should you do?

A. The command psconfig.exe cmd installfeatures <parameter> must be used.
B. The command psconfig.exe cmd applicationcontent <parameter> must be used.
C. The command psconfig.exe cmd services <parameter> must be used.
D. The command psconfig.exe cmd configdb <parameter> must be used.

Answer: D

Explanation:




                                                             m
In order to successfully reinstall SharePoint Services 3.0 you should re-create a new configuration
database, which is done with the psconfig.exe cmd configdb command.
Incorrect Answers:
                                                     .co
A: You should not consider making use of this solution because the installfeatures option is used
                                               sts
to register the SharePoint Products and Technologies features placed on the file system of the
server farm server.
B: You should not consider making use of this solution because the applicationcontent option is
                                       lTe


used to manage the shared application content.
C: You should not consider making use of this solution because the services option is used to
manage the SharePoint Products and Technologies services.
                                tua




QUESTION NO: 219
                         Ac




You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the SharePoint Services 2.0 role. CertKiller.com has recently
decided to have CKSERVER1 upgraded to Windows Server 2008 using the Windows Office
SharePoint Server 2007. CertKiller.com wants you to select the possible upgrade paths.


What should you do? (Choose all that apply)

A. You can choose to use a Scanning upgrade.
B. You can choose to use a Gradual upgrade.
C. You can choose to use an in-place upgrade.
D. You can choose to deploy a new farm and migrate the content.

Answer: B,C,D


                       "Pass Any Exam. Any Time." - www.actualtests.com                          164
                                Microsoft 70-643: Practice Exam
Explanation:
You should be aware that you are able to make use of four upgrade methods which includes the
inplace upgrade, gradual upgrade, gradual upgrade with shared services, and deploy new.
Incorrect Answers:
A: You should not consider making use of this solution because there is no such upgrade method
as a scanning upgrade.



QUESTION NO: 220

You are an enterprise administrator for CertKiller.com. CertKiller.com makes use of a member
server named CKSERVER1 hosting the SharePoint Services 3.0 role. CertKiller.com has recently
decided that CKSERVER1 should also be used for sending outgoing e-mail. CertKiller.com has
requested that you configure CKSERVER1 to enable outgoing e-mail.




                                                          m
What should you do? (Choose two)

                                                   .co
A. The SharePoint Central Administration website must be opened and click Application
Management. You must then select Outgoing E-mail Settings.
B. The SharePoint Central Administration website must be opened and click Operations. You must
                                             sts
then select Outgoing E-mail Settings.
C. The Internet information Services (IIS) 6.0 Manager must be opened and enable SMTP
services on CKSERVER1.
                                     lTe


D. The SharePoint Central Administration website must be opened and click SMTP Role
Administration.
                              tua




Answer: B,C

Explanation:
In order to have outgoing e-mail enabled you must firstly enable SMTP on the computer and
                        Ac




configure SharePoint to make use of SMTP which can be achieved making use of the SharePoint
Central Administration website.
Incorrect Answers:
A: You should not consider making use of this solution because e-mail is not configure under the
Application Management page.
D: You should not consider taking this course of action because the SharePoint Administration
website does not contain an SMTP role link.



QUESTION NO: 221

Your company has a single Active Directory domain. You have a server named WDS1 that runs
Windows Server 2008. You install the Windows Deployment Services (WDS) role on WDS1.
You capture an image of a reference computer. You deploy the image to 30 client computers. The
                     "Pass Any Exam. Any Time." - www.actualtests.com                      165
                                 Microsoft 70-643: Practice Exam
client computers have the same name. You need to ensure that each client computer receives a
unique security identifier.


What should you do?

A. Create an image group by using the WDS snap-in. Redeploy the image to the client computers.
B. Run the imagex /append "computername" command at the command prompt on the WDS1
server. Redeploy the image to the client computers.
C. Run the wdsutil /answerclients:all command at the command prompt on the WDS1 server.
Redeploy the image to the client computers.
D. Run the wdsutil /set-server /prestageusingMAC:yes command at the command prompt on the
WDS1 server. Redeploy the image to the client computers.

Answer: D




                                                            m
QUESTION NO: 222
                                                     .co
You have a server that runs Windows Server 2008. You install the Windows Media Services
server role on the server. You plan to publish an audio file to the Internet by using Media Server.
                                               sts
You need to create a license for the audio file.


What should you do first?
                                       lTe


A. Publish the audio file to a new Web site.
B. Publish the audio file to the Windows Media Services server.
                                tua




C. Package the audio file as a Windows Installer application.
D. Package the audio file by using Windows Media Rights Manager.

Answer: D
                         Ac




QUESTION NO: 223

Your company has a server named VS1 that runs Windows Server 2008 and Microsoft Hyper-V.
VS1 hosts 10 virtual machines. You need to configure VS1 to shut down each virtual machine
before the server shuts down.


What should you do?

A. Create a shutdown script on each virtual machine.
B. Install Integration Services on each virtual machine.
C. Enable the Turn off the virtual machine option in the Automatic stop action properties on each
virtual machine.

                       "Pass Any Exam. Any Time." - www.actualtests.com                          166
                                 Microsoft 70-643: Practice Exam
D. Enable the Shut down the guest operating system option in the Automatic stop action
properties on each virtual machine.

Answer: D



QUESTION NO: 224

You have a server that runs Windows Server 2008. The server has the Windows Server
virtualization role service installed and has one virtual machine. The virtual machine runs Windows
Server 2008.
You plan to install a new application on the virtual machine. You need to ensure that you can
restore the virtual machine to its original state in the event the application installation fails.


What should you do?




                                                           m
A. Log on to the virtual host and enable the Remote Differential Compression Features.
                                                    .co
B. Log on to the virtual host and enable the Windows Recovery Disk feature.
C. From Virtualization Management Console, create a snapshot.
D. From Virtualization Management Console, save the state of the virtual machine.
                                              sts

Answer: C
                                      lTe


QUESTION NO: 225

You have a server that runs Windows Server 2008 and has the Windows Server Virtualization
                               tua




(WSv) server role installed. You create a new virtual machine. You need to configure the virtual
machine to meet the following requirements:
Allow network communications between the virtual machine and the host system.Prevent
                         Ac




communications with other network servers.


What should you do first?

A. Install the Microsoft Loopback Adapter.
B. Create a new Virtual Network Switch.
C. Enable Internet Connection Sharing (ICS).
D. Set the Connection to None for the network interface card.

Answer: B



QUESTION NO: 226


                      "Pass Any Exam. Any Time." - www.actualtests.com                         167
                                 Microsoft 70-643: Practice Exam
You have a server that runs Windows Server 2008 Enterprise Edition. The server has the Failover
Clustering feature installed. The server has three nodes named NODE1, NODE2, and NODE3.


The Microsoft Distributed Transaction Coordinator (MSDTC) resource is installed on the cluster.
The cluster has a dedicated cluster group named Group1 that includes the MSDTC resource. You
discover that Group1 is unable to failover to NODE3 from NODE1 or NODE2. The failover from
NODE1 to NODE2 functions without errors. You need to configure Group1 to support the failover
between all cluster nodes.


What should you do?

A. Remove the MSDTC resource from Group1.
B. Select NODE3 as a preferred owner for Group1.
C. Remove NODE3 as a possible owner from all cluster resources in Group1.
D. Configure NODE3 as a possible owner for all cluster resources in Group1.




                                                            m
Answer: D
                                                     .co
QUESTION NO: 227
                                              sts

Your company named CertKiller has a two-node Network Load Balancing cluster. The cluster is
intended to provide high availability and load balancing for only the intranet Web site. The name of
                                       lTe


the cluster is web.CertKiller.com.


You discover that CertKiller users can see the Network Load Balancing cluster in the network
                               tua




neighborhood and can connect to various services by using the web.CertKiller.com name. The
web.CertKiller.com Network Load Balancing cluster is configured with only one port rule.
You need to configure the web.CertKiller.com Network Load Balancing cluster to accept only
                         Ac




HTTP traffic.


Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A. Log on to one of the cluster nodes and run the wlbs disable all command.
B. Open the Network Load Balancing Clusters console and delete the default port rules.
C. Open the Network Load Balancing Clusters console and create a new Allow rule for TCP port
80.
D. Open the Network Load Balancing Clusters console and change the default port rule to a
disabled port range rule.

Answer: B,C



                      "Pass Any Exam. Any Time." - www.actualtests.com                          168
                                 Microsoft 70-643: Practice Exam
QUESTION NO: 228

You have two servers named FC1 and FC2 that run Windows Server 2008 Enterprise Edition.
Both servers have the Failover Clustering feature installed. You configure the servers as a two-
node cluster. The cluster runs an application named APP1. Business hours for your company are
09:00 to 17:00. APP1 must be available during these hours. You configure FC1 as the preferred
owner for APP1. You need to prevent failback of the cluster during business hours.


What should you do?

A. Set the Period option to 8 hours in the Failover properties.
B. Set the Allow failback option to allow failback between 17 and 9 hours in the Failover
properties.
C. Enable the Prevent failback option in the Failover properties.
D. Enable the If resource fails, attempt restart on current node policy for all APP1 resources. Set




                                                            m
the Maximum restarts for specified period to 0.

Answer: B
                                                     .co
                                               sts
QUESTION NO: 229

You have a Terminal Server that runs Windows Server 2008. You create a Windows Installer
                                       lTe


package for Microsoft Office Word 2007 by using Terminal Services RemoteApp (TS RemoteApp).
You install the package on a client computer.
                                tua




You double-click on a Word document and receive the following error. Windows cannot open this
file.
You need to ensure that you can open the Word document by double-clicking on the file.
                         Ac




What should you do?

A. Recreate the Windows Installer package.
B. Modify the file association on the client computer.
C. Modify the file association on the TS RemoteApp server.
D. Install the Windows Installer package by using msiexec.exe.

Answer: C



QUESTION NO: 230

Your company has an Active Directory domain. The company runs Terminal Services. All Terminal
Services accounts are configured to allow session takeover without permission. A user has logged

                       "Pass Any Exam. Any Time." - www.actualtests.com                          169
                                Microsoft 70-643: Practice Exam
on to a server named Server2 by using an account named User1. The session ID for User1 is
1337. You need to perform a session takeover for session ID 1337.


Which commands should you run?

A. Chgusr 1337 /disable, and then Tscon 1337
B. Takeown /U User1 1337, and then Tscon 1337
C. Tsdiscon 1337, and then Chgport /U User1 1337
D. Tsdiscon 1337, and then Tscon 1337

Answer: D



QUESTION NO: 231

You have the Web Server (IIS) role installed on a server that runs Windows Server 2008. You




                                                          m
create a Web site named CertKiller.com. You copy an application named WebContent to the
                                                   .co
server. You need to enable the WebContent application on the Web site.


What should you do?
                                             sts

A. At the command prompt on the server, run the appcmd add site command.
B. At the command prompt on the server, run the appcmd add vdir command.
                                      lTe


C. Select the Web site from the Internet Information Services (IIS) Manager console. Select Add
Application.
D. Select the Web site from the Internet Information Services (IIS) Manager console. Select Add
                              tua




Virtual Directory.

Answer: C
                         Ac




QUESTION NO: 232

You have a Windows Server 2008 server that has the Web Server (IIS) server role installed. The
server contains a Web site. You need to ensure that the cookies sent from the Web site are
encrypted on users computers.


Which Web site feature should you configure?

A. Authorization Rules
B. Machine Key
C. Pages And Controls
D. SSL Settings



                      "Pass Any Exam. Any Time." - www.actualtests.com                        170
                                Microsoft 70-643: Practice Exam
Answer: B



QUESTION NO: 233

You manage a computer named FTPSrv1 that runs Windows Server 2008. Your company policy
requires that the FTP service be available only when required by authorized projects. You need to
ensure that the FTP service is unavailable after restarting the server.


What should you do?

A. Run the iisreset command on the FTPSrv1 server.
B. Run the net stop msftpsvc command on the FTP server.
C. Run the suspend-service msftpsvc cmdlet in Microsoft Windows PowerShell tool.
D. Run the WMIC /NODE:FTPSrv1 SERVICE WHERE caption="FTP Publishing Service" CALL




                                                          m
ChangeStartMode "Disabled" command on the FTP server.

Answer: D                                          .co
                                             sts
QUESTION NO: 234

You install the FTP role service on a server that runs Windows Server 2008. Users receive an
                                      lTe


error message when they attempt to upload files to the FTP site. You need to allow authenticated
users to upload files to the FTP site.
                               tua




What should you do?

A. Run the ftp Ca 192.168.1.200 command on the server that runs Windows Server 2008.
B. Run the appcmd unlock config command on the server that runs Windows Server 2008.
                         Ac




C. Configure Write permissions on the FTP site. Configure the NTFS permissions on the FTP
destination folder for the Authenticated Users group to Allow - Modify.
D. Configure Write permissions on the FTP site. Configure the NTFS permissions on the FTP
destination folder for the Authenticated Users group to Allow C Write attributes.

Answer: C



QUESTION NO: 235

You install the Web Server (IIS) role on and the SMTP Server feature on a server that runs
Windows Server 2008. You need to configure the new SMTP server to forward mail to the mail
server of the Internet Service Provider (ISP).


                      "Pass Any Exam. Any Time." - www.actualtests.com                       171
                                 Microsoft 70-643: Practice Exam
What should you do?

A. Configure the smart host setting to use the local host.
B. Configure the smart host setting to use the mail server of the ISP.
C. Run the appcmd /delivery method:PickupDirectoryFromIis command.
D. Configure the SMTP delivery setting to Attempt direct delivery before sending to smart host.

Answer: B



QUESTION NO: 236

You install the Web Server (IIS) role on a server that runs Windows Server 2008. Your companys
default Web site has an IP address of 10.10.0.1. You add a Web site named HelpDesk. The
HelpDesk Web site cannot be started. You need to configure the Helpdesk Web site so that it can
be started.




                                                           m
What should you do?                                 .co
A. Run the iisreset /enable command on the server.
B. Configure the Helpdesk Web site to use a host header.
                                             sts

C. Run the appcmd add site /name: HelpDesk /id:2 /physicalPath: c:\HelpDesk
/binding:http/*:80:helpdesk command on the server.
                                      lTe


D. Run the set-location Cliteralpath "d:\HelpDesk_content" HelpDesk ID:2 location port:80
domain:helpdesk command in the Microsoft Windows PowerShell tool on the server.

Answer: B
                               tua




QUESTION NO: 237
                         Ac




You have 10 servers that run Windows Server 2008. The servers have the Web Server (IIS)
server role installed. The servers are members of a Web server farm. The servers host the same
Web site. You need to configure the servers to meet the following requirements:
Allow changes to the Web server configurations that are made on one server to be made on all
servers in the farm.Minimize administrative effort to perform the configuration changes.


What should you do?

A. On all servers, configure the Shared Configuration settings.
B. On one server, configure the Shared Configuration setting.
C. On one server, create a scheduled task that copies the Intepub folder to the other servers.
D. Create a DFS Namespace. On each server configure the Inetpub folder as the target of the
DFS Namespace.

                      "Pass Any Exam. Any Time." - www.actualtests.com                           172
                                 Microsoft 70-643: Practice Exam
Answer: A



QUESTION NO: 238

Your company named CertKiller has a Web server named WEB1. The Web server runs Windows
Server 2008. The fully qualified domain name of WEB1 is web1.CertKiller.com. The public DNS
server has an alias record named owa.CertKiller.com that maps to web1.CertKiller.com. Users
access WEB1 from the Internet by using http://owa.CertKiller.com. The new company security
policy states that the owa.CertKiller.com site must be available for Internet users only through
secure HTTP (HTTPS) protocol. The security policy also states that users must not get security
warnings when they connect to the site. You need to request a certificate from a public certification
authority (CA).


Which Common Name should you use?




                                                            m
A. CertKiller
B. owa.CertKiller.com
C. WEB1
                                                     .co
D. web1.CertKiller.com
                                               sts

Answer: B
                                       lTe



QUESTION NO: 239
                                tua




You implement a member server that runs Windows Server 2008. The member server has the
Web Server (IIS) role installed. The member server also hosts intranet Web sites. Your company
policy has the following requirements:
                         Ac




Use encryption for all authentication traffic to the intranet Web site.Authenticate users by using
their Active Directory credentials.Avoid the use of SSL on the Web server for performance
reasons.


You need to configure all the Web sites on the server to meet the company policy. Which three
actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A. Configure the Basic Authentication setting on the server to Enabled.
B. Configure the Digest Authentication setting on the server to Enabled.
C. Configure the Windows Authentication setting on the server to Enabled.
D. Configure the Anonymous Authentication setting on the server to Disabled.
E. Configure the Active Directory Client Certificate Authentication setting on the server to Enabled.

Answer: B,C,D


                       "Pass Any Exam. Any Time." - www.actualtests.com                          173
                                Microsoft 70-643: Practice Exam



QUESTION NO: 240

You manage a new server that runs Windows Server 2008. You plan to install the Streaming
Media Services role on the server. Users will access content on the new server by using Windows
Media Player for Windows Vista and Windows Media Player for Mac. You need to install the
Streaming Media Services role on the server to support both media players.


What should you do?

A. Install Session Initiation Protocol (SIP).
B. Install Simple Object Access Protocol (SOAP).
C. Install Stream Control Transmission Protocol (SCTP).
D. Install RPC over HTTPS.




                                                          m
Answer: B
                                                  .co
                                            sts
                                     lTe
                              tua
                        Ac




                      "Pass Any Exam. Any Time." - www.actualtests.com                     174

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:1/1/2013
language:English
pages:174