Microsoft _CertifyMe_ 70-643_v2010-05-27_148q_by_Amit Number: 70-643 Passing Score: 800 Time Limit: 120 min File Version: 2010-02-20 CertyfyMe 70-643 Microsoft 70-643 TS: Windows Server 2008 Applications, Configuring This is the file from Maxy which I only modified a little bit. To make it easier to learn. Good Luck!

Exam A QUESTION 1 Your company has a single Active Directory domain. You have a server named WDS1 that runs Windows Server 2008. You install the Windows Deployment Services (WDS) role on WDS1. You capture an image ofa reference computer. You deploy the image to 30 client computers. The client computers have the same name. You need to ensure that each client computer receives a unique security identifier. What should you do? A. Create an image group by using the WDS snap-in. Redeploy the image to the client computers. B. Run the imagex /append "computername" command at the command prompt on the WDS1 server. Redeploy the image to the client computers. C. Run the wdsutil /answerclients:all command at the command prompt on the WDS1 server. Redeploy the image to the client computers. D. Run the wdsutil /set-server /prestageusingMAC:yes command at the command prompt on the WDS1 server. Redeploy the image to the client computers. Answer: D Section: (none) Explanation/Reference:

QUESTION 2 Your company has four regional offices. You install the Windows Deployment Services (WDS) role on the network. Your company creates three images for each office. There are a total of 12 images for the company. The images will be used as standard images for workstations. You deploy the images by using WDS. You need to ensure that each administrator can view only the images for his or her regional office. What should you do? A. Create a global group for each regional office and place the computers in the appropriate global group. B. Create an organizational unit (OU) for each regional office and place the computers in the appropriate OU. C. Place all images into a single image group on the WDS server. Grant each administrator permissions to the image group. D. Place each regional office into a separate image group on the WDS server. Grant each administrator permissions to his or her regional offices image group. Answer: D Section: (none) Explanation/Reference:

QUESTION 3 You install the Windows Deployment Services (WDS) role on a server that runs Windows Server 2008. You plan to install Windows Vista on a computer that does not support Preboot Execution Environment (PXE). You have a Windows Vista image that is stored on the WDS server. You need to start the computer and install the image that is stored on the WDS server. What should you create? A. B. C. D.

a capture image a CD-ROM that contains PXE drivers a discover image an install image

Answer: C Section: (none)

Explanation/Reference:

QUESTION 4 Your company has an Active Directory domain. You have a server named KMS1 that runs Windows Server 2008. You install and configure Key Management Service (KMS) on KMS1. You plan to deploy Windows Server 2008 on 10 new servers. You install the first two servers. The servers fail to activate by using KMS1. You need to activate the new servers by using the KMS server. What should you do? A. Complete the installation of the remaining eight servers. B. Configure Windows Management Instrumentation (WMI) exceptions in Windows Firewall on the new servers. C. Install Volume Activation Management Tool (VAMT) on the KMS server and configure Multiple Activation Key (MAK) Proxy Activation. D. Install Volume Activation Management Tool (VAMT) on the KMS server and configure Multiple Activation Key (MAK) Independent Activation. Answer: A Section: (none) Explanation/Reference:

QUESTION 5 Your company has a single Active Directory domain named contoso.com. All servers in the domain run Windows Server 2008. The DNS service is installed on two domain controllers named DC1 and DC2. Both DNS servers host Active DirectoryCintegrated zones that are configured to allow the most secure updates only. DC1 has Key Management Service (KMS) installed and activated. You discover that the service locator records from the contoso.com zone hosted on DC1 and DC2 are missing. You need to force registration of the KMS service locator records in the contoso.com zone. What should you do? A. Configure the contoso.com zone to accept non-secure updates. B. On DC1 at the command prompt, run the slmgr.vbs Crearm script. C. On DC1 at the command prompt, run the net stop sppsvc command, and then run the net start sppsvc command. D. On DC2 at the command prompt, run the net stop netlogon command, and then run the net start netlogon command. Answer: C Section: (none) Explanation/Reference:

QUESTION 6 Your company has a server named VS1 that runs Windows Server 2008 and Microsoft Hyper-V. You want to create eight virtual servers that run Windows Server 2008 and configure the virtual servers as an Active Directory forest for testing purposes. You discover that VS1 has only 30 GB of free hard disk space. You need to install the eight new virtual servers on VS1. What should you do? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.) Actions: Select from the left pane and with the arrow move it to the right pane in the order mentioned below in the Answer area.

Answer:

Section: (none) Explanation/Reference:

QUESTION 7 Your company has a server named VS1 that runs Windows Server 2008 and Microsoft Hyper-V. The VS1 server hosts 10 virtual servers. A virtual server named VS-DB has one 64-GB fixed-size virtual hard disk (VHD). The VHD file name is disk1.vhd. You discover that VS-DB utilizes only 5 GB of the VHD. You turn off the VS-DB virtual server and want to regain the unused disk space on the VS1 physical server. You need to configure VS-DB to make the disk1.vhd file as small as possible. What should you do? (To answer, move the appropriate tasks from the list of tasks to the answer area and arrange them in the correct order.) Actions: Select from the left pane and with the arrow move it to the right pane in the order mentioned below in the Answer area.

Answer:

Section: (none) Explanation/Reference:

QUESTION 8 Your company has a server named VS1 that runs Windows Server 2008 and Microsoft Hyper-V. VS1 hosts 10 virtual machines. You need to configure VS1 to shut down each virtual machine before the server shuts down. What should you do? A. Create a shutdown script on each virtual machine. B. Install Integration Services on each virtual machine. C. Enable the Turn off the virtual machine option in the Automatic stop action properties on each virtual machine. D. Enable the Shut down the guest operating system option in the Automatic stop action properties on each virtual machine. Answer: D Section: (none) Explanation/Reference:

QUESTION 9 Your company has a server named Server1 that runs Windows Server 2008 and Microsoft Hyper-V. Server1 hosts three virtual machines. Company policy states that the virtual machines must not connect to the company network. You need to configure all of the virtual machines to connect to each other. You must meet the company policy. Which two actions should you perform? (Each answer presents part of the solution. Choose two.) A. B. C. D.

Select the Not connected option for each virtual machine. Enable the Enable virtual LAN identification option for each virtual machine. Set the Connection to Host for the network interface card. Set the Connection to None for the network interface card.

Answer: BC Section: (none) Explanation/Reference:

QUESTION 10 You have two servers that run Windows Server 2008 named Server1 and Server2. Both servers have the Windows Server virtualization role service installed. You need to remotely manage the virtualization settingsof Server2 from Server1. What should you do? A. From the command prompt, run vmconnect.exe server2. B. From the command prompt, run vmconnect.exe server1 server2.

C. Open the Virtualization Management Console. From the left-hand pane, right-click Server1, point to New and then click Virtual machine. D. Open the Virtualization Management Console. From the left-hand pane, right-click Virtualization Services and then click Connect to Server. Answer: D Section: (none) Explanation/Reference:

QUESTION 11 You have a server that runs Windows Server 2008. The server has the Windows Server virtualization role service installed. You create a new virtual machine and perform an installation of Windows Server 2008 on the virtual machine. You configure the virtual machine to use the physical network card of the host server. You notice that you are unable to access network resources from the virtual machine. You need to ensure that the virtual host can connect to the physical network. What should you do? A. B. C. D.

On the host server, install the MS Loopback adapter. On the virtual machine, install the MS Loopback adapter. On the virtual machine, install Windows Server virtualization Guest Integration Components. On the host server, enable the Multipath I/O feature.

Answer: C Section: (none) Explanation/Reference:

QUESTION 12 You have a server that runs Windows Server 2008. The server has the Windows Server virtualization role service installed and has one virtual machine. The virtual machine runs Windows Server 2008. You plan to install a new application on the virtual machine. You need to ensure that you can restore the virtual machine to its original state in the event the application installation fails. What should you do? A. B. C. D.

Log on to the virtual host and enable the Remote Differential Compression Features. Log on to the virtual host and enable the Windows Recovery Disk feature. From Virtualization Management Console, create a snapshot. From Virtualization Management Console, save the state of the virtual machine.

Answer: C Section: (none) Explanation/Reference:

QUESTION 13 You have a server that runs Windows Server 2008. The server has the Windows Server virtualization role service installed. You need to merge a differencing disk and a parent disk. What should you do? A. B. C. D.

Edit the parent disk. Inspect the parent disk. Edit the differencing disk. Inspect the differencing disk.

Answer: C Section: (none) Explanation/Reference:

QUESTION 14 You have a server that runs Windows Server 2008 and has the Windows Server Virtualization (WSv) server role installed.? You create a new virtual machine. You need to configure the virtual machine to meet the following requirements: Allow network communications between the virtual machine and the host system. Prevent communications with other network servers. What should you do first? A. B. C. D.

Install the Microsoft Loopback Adapter. Enable Internet Connection Sharing (ICS). Set the Connection to None for the network interface card. Create a new Virtual Network Switch.

Answer: D Section: (none) Explanation/Reference:

QUESTION 15 You have a server that runs Windows Server 2008 Enterprise Edition. The server has the Failover Clustering feature installed. The server has three nodes named NODE1, NODE2, and NODE3. The Microsoft Distributed Transaction Coordinator (MSDTC) resource is installed on the cluster. The cluster has a dedicated cluster group named Group1 that includes the MSDTC resource. You discover that Group1 is unable to failover to NODE3 from NODE1 or NODE2. The failover from NODE1 to NODE2 functions without errors. You need to configure Group1 to support the failover between all cluster nodes. What should you do? A. B. C. D.

Remove the MSDTC resource from Group1. Select NODE3 as a preferred owner for Group1. Remove NODE3 as a possible owner from all cluster resources in Group1. Configure NODE3 as a possible owner for all cluster resources in Group1.

Answer: D Section: (none) Explanation/Reference:

QUESTION 16 Your company named Contoso, Ltd. has a two-node Network Load Balancing cluster. The cluster is intended to provide high availability and load balancing for only the intranet Web site. The name of the cluster is web.contoso.com. You discover that Contoso users can see the Network Load Balancing cluster in the network neighborhood and can connect to various services by using the web.contoso.com name. The web.contoso.com Network Load Balancing cluster is configured with only one port rule. You need to configure the web.contoso.com Network Load Balancing cluster to accept only HTTP traffic. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. Log on to one of the cluster nodes and run the wlbs disable all command.

B. Open the Network Load Balancing Clusters console and delete the default port rules. C. Open the Network Load Balancing Clusters console and create a new Allow rule for TCP port 80. D. Open the Network Load Balancing Clusters console and change the default port rule to a disabled port range rule. Answer: BC Section: (none) Explanation/Reference:

QUESTION 17 Your company named Contoso, Ltd. has a Network Load Balancing cluster named nlb.contoso.com. The cluster hosts are named WEB1 and WEB2. The cluster is configured with a single port rule that evenly distributes HTTP traffic between both hosts. You need to configure WEB2 to handle all HTTPS traffic for nlb.contoso.com. You must retain the even distribution of HTTP traffic between WEB1 and WEB2. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. In the properties for WEB2, change the Handling priority option for the TCP 443 port rule to the value of 1. B. In the properties for WEB1, change the Handling priority option for the TCP 443 port rule to the value of 0. C. In the properties for the cluster, create a new port rule for port TCP 443 that has the Filtering mode option set to Single host. D. In the properties for the cluster, create a new port rule for port TCP 443 that has the Filtering mode option set to Multiple host and the Affinity option set to the value of Single. Answer: AC Section: (none) Explanation/Reference:

QUESTION 18 Your company has a single Active Directory domain. All the servers run Windows Server 2008. You have a server named FS1 that has the File Services role installed. The company requires that the data disk drives provide redundancy. The disks are configured as shown in the following exhibit. You need to configure the hard disk drives to support RAID 1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. B. C. D.

Convert Disk 1 and Disk 2 to Dynamic. Create a Striped Volume across Disk 1 and Disk 2. Create a New Mirrored Volume by using Disk 1 and Disk 2. Create a New Spanned Volume by using Disk 1 and Disk 2.

Answer: AC Section: (none) Explanation/Reference:

QUESTION 19 You have two servers named FC1 and FC2 that run Windows Server 2008 Enterprise Edition. Both servers have the Failover Clustering feature installed. You configure the servers as a two-node cluster. The cluster runs an application named APP1. Business hours for your company are 09:00 to 17:00. APP1 must be available during these hours. You configure FC1 as the preferred owner for APP1. You need to prevent failback of the cluster during business hours. What should you do? A. B. C. D.

Set the Period option to 8 hours in the Failover properties. Set the Allow failback option to allow failback between 17 and 9 hours in the Failover properties. Enable the Prevent failback option in the Failover properties. Enable the If resource fails, attempt restart on current node policy for all APP1 resources. Set the Maximum restarts for specified period to 0.

Answer: B Section: (none)

Explanation/Reference:

QUESTION 20 Your company has a single Active Directory domain. All the servers run Windows Server 2008. You have a server named FS1 that has the File Services role installed. The disks are configured as shown in the following exhibit. You need to create a new drive volume to support data striping with parity. What should you do?

A. B. C. D.

Add another disk. Create a New RAID-5 Volume. Create a new Striped Volume by using Disk 1 and Disk 2. Create a New Mirrored Volume by using Disk 1 and Disk 2. Create a New Spanned Volume by using Disk 1 and Disk 2.

Answer: A Section: (none) Explanation/Reference:

QUESTION 21 Your company has a single Active Directory domain. All servers run Windows Server 2008. You install an iSCSI storage area network (SAN) for a group of file servers. Corporate security policy requires that all data communication to and from the iSCSI SAN must be as secure as possible. You need to implement the highest security available for communications to and from the iSCSI SAN. What should you do?

A. Create a Group Policy object (GPO) to enable the System objects: Strengthen default permission of internal systems objects setting. B. Create a Group Policy object (GPO) to enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting. C. Implement IPsec security in the iSCSI Initiator Properties. Set up inbound and outbound rules by using Windows Firewall. D. Implement mutual Microsoft Challenge Handshake Authentication Protocol (MS-CHAPv2) authentication in the iSCSI Initiator Properties. Set up inbound and outbound rules by using Windows Firewall. Answer: C Section: (none) Explanation/Reference:

QUESTION 22 A server named Server2 runs Windows Server 2008. The Terminal Services server role is installed on Server2. You plan to deploy a new Terminal Services application on Server2. The application vendor confirms that the application can be deployed in a Terminal Services environment. The application does not use Microsoft Windows Installer packages for installation. The application makes changes to the current user registry during installation. You need to install the application to support multiple user sessions. What should you do? A. Run the mstsc /v:Server2 /console command from the client computer to log on to Server2. Install the application. B. Run the change user /execute command on Server2. Install the application and run the change user / install command on Server2. C. Run the change user /install command on Server2. Install the application and run the change user / execute command on Server2. D. Run the change logon /disable command on Server2. Install the application and run the change logon / enable command on Server2. Answer: C Section: (none) Explanation/Reference:

QUESTION 23 A server runs Windows Server 2008. The Terminal Services role is installed on the server. You deploy a new application on the server. The application creates files that have an extension of .xyz. You need to ensure that users can launch the remote application from their computers by double-clicking a file that has the .xyz extension. What should you do? A. B. C. D.

Configure the Remote Desktop Connection Client on the users' computers to point to the server. Configure the application as a published application by using a Remote Desktop Program file. Configure the application as a published application by using a Windows Installer package file. Configure the application as a published application by using a Terminal Server Web Access Web site.

Answer: C Section: (none) Explanation/Reference:

QUESTION 24 Your company has an Active Directory domain. You have a server that runs Windows Server 2008. The Terminal Services role is installed on the server. The company security policy does not allow users to copy and paste information to a local computer during a Terminal Services session. You deploy the remote application named APP1. You need to configure Terminal Services to meet the security requirement. What should you do? A. B. C. D.

Enable the Use temporary folders per session option. Change the Security Encryption Level to FIPS Compliant. Deselect the Clipboard option in the RDP Settings for the published application. Disable the Drive option in the RDP-Tcp Client Setting properties for the server.

Answer: C Section: (none) Explanation/Reference:

QUESTION 25 Your company has an Active Directory domain. The company has a server named Server1 that has the Terminal Services role and the Terminal Services Web Access role installed. All client computers run Windows XP Service Pack 2 (SP2). You deploy and publish an application named TimeReport on Server1. The Terminal Services Web Access role uses Active Directory Domain Services (AD DS) and Network Level Authentication is enabled. You need to ensure that the users can launch TimeReport on Server1 from the Terminal Services Web Access Web page. What should you do? A. Disable publishing to AD DS for the TimeReport remote application. B. Install the Remote Desktop Client 6.1 application on the client computers that run Windows XP SP2. C. Publish TimeReport on Server1 as a Microsoft Windows Installer package. Distribute the Windows Installer package to the users. D. Install the Terminal Services Gateway (TS Gateway) role on Server1. Reconfigure the TimeReport remote application publishing to reflect the change in the infrastructure. Answer: B Section: (none) Explanation/Reference:

QUESTION 26 You have a Terminal Server that runs Windows Server 2008. You create a Windows Installer package for Microsoft Office Word 2007 by using Terminal Services RemoteApp (TS RemoteApp). You install the package on a client computer. You double-click on a Word document and receive the following error. Windows cannot open this file. You need to ensure that you can open the Word document by double- clicking on the file. What should you do? A. B. C. D.

Recreate the Windows Installer package. Modify the file association on the client computer. Modify the file association on the TS RemoteApp server. Install the Windows Installer package by using msiexec.exe.

Answer: C Section: (none) Explanation/Reference:

QUESTION 27 You have a server that runs the Terminal Services Gateway (TS Gateway) role service. Users need to connect remotely through the gateway to desktop computers located in their offices. You create a security group named Remote1 for the users who need to connect to computers in their offices. You need to enable the users to connect to the TS Gateway. What should you do? A. Add the Remote1 security group to the local remote desktop users group on the TS Gateway server. B. Create a client authorization policy. Add the Remote1 security group and enable Device redirection. C. Create a resource authorization policy. Add the Remote1 security group and enable Users to connect to any resource. D. Create a Group Policy object and enable the Set TS Gateway authentication method properties to Ask for credentials, use Basic protocol. Apply the policy to the TS Gateway server. Answer: B Section: (none) Explanation/Reference:

QUESTION 28 Your company has an Active Directory domain. The company has a server named Server1 that has the Terminal Services role and the Terminal Services Web Access role installed. The company has a server named Server2 that runs ISA Server 2006. The company deploys the Terminal Services Gateway (TS Gateway) role on a new server named Server3. The company wants to use ISA as the SSL endpoint for Terminal Server connections. You need to configure the TS Gateway role on Server3 to use ISA 2006 on Server2. What should you do? A. Configure the TS Gateway to use SSL HTTPS-HTTP bridging. B. Configure the Terminal Services Connection Authorization Policy Store on Server3 to use Server2 as the Central Network Policy Server. C. Export the SSL certificate from Server2 and install the SSL certificate on Server3. Configure the TS Gateway to use the SSL certificate from Server2. D. Export a self-signed SSL certificate from Server3 and install the SSL certificate on Server2. Configure the ISA service on Server2 to use the SSL certificate from Server3. Answer: A Section: (none) Explanation/Reference:

QUESTION 29 Your company has an Active Directory domain. A server named Server1 runs Windows Server 2008. The Terminal Services role and the Terminal Services Web Access role service are installed on Server1. You install the Terminal Services Gateway role service on Server1. You create the Terminal Services connection authorization policy. Users report that they cannot connect to Server1. You need to ensure that users can connect to Server1. What should you do? A. Configure Network Access Protection (NAP) on Server1. B. Configure the Terminal Services Resource Authorization Policy (RAP) on Server1. C. Create a Terminal Services Group Policy object (GPO). Enable the Allow users to connect remotely using Terminal Services setting on the GPO. Link the GPO to the domain.

D. Create a Terminal Services Group Policy object (GPO). Enable the Set path for TS Roaming Profiles setting on the GPO. Create an organization unit (OU) named TSUsers. Link the GPO to the TSUsers OU. Answer: B Section: (none) Explanation/Reference:

QUESTION 30 Your company has an Active Directory domain. A server named Server2 runs Windows Server 2008. All client computers run Windows Vista. You install the Terminal Services role, Terminal Services Web Access role service, and Terminal Services Gateway role service on Server2. You need to ensure that all client computers have compliant firewall, antivirus software, and antispyware. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. Configure Network Access Protection (NAP) on a server in the domain. B. Add the Terminal Services servers to the Windows Authorization Access domain local security group. C. Add the Terminal Services client computers to the Windows Authorization Access domain local security group. D. Enable the Request clients to send a statement of health option in the Terminal Services client access policy. Answer: AD Section: (none) Explanation/Reference:

QUESTION 31 You manage a server named Server2 that runs Windows Server 2008. You install and test the Terminal Services role on Server2. You publish an application by using Terminal Services. All users must connect to the Terminal Services application by using the Remote Desktop Protocol. You install and configure the Terminal Services Gateway (TS Gateway) role service on Server2. You configure a default domain policy to enable the Enable Connection through TS Gateway setting. Users report that they cannot connect to the Terminal Services application. You need to ensure that users can access the Terminal Services application on the intranet and from the Internet. What should you do? A. Configure the Enable Connection through TS Gateway Group Policy setting to Disabled. B. Configure the Set TS Gateway server address Group Policy and configure the IP address of the TS Gateway server. Link the GPO to the domain. C. Configure Server Authentication on the Remote Desktop Connection client to Always connect, even if server authentication fails for all users. D. Enable the Set TS Gateway server authentication method Group Policy to the Ask for credential, use NTLM protocol setting. Link the GPO to the domain. Answer: B Section: (none) Explanation/Reference:

QUESTION 32 You have a server that runs Windows Server 2008. The server has the Terminal Services Gateway (TS Gateway) role service installed.

You need to provide a security group access to the TS Gateway server. What should you do? A. B. C. D.

Add the security group to the Remote Desktop Users group. Add the security group to the TS Web Access Computers group. Create and configure a Resource Authorization Policy. Create and configure a Connection Authorization Policy.

Answer: D Section: (none) Explanation/Reference:

QUESTION 33 Your company has an Active Directory domain. All servers in the domain run Windows Server 2008. The Terminal Services Gateway (TS Gateway) role service is installed on a server named Server1. The Terminal Services role is installed on servers named Server2 and Server3. Server2 and Server3 are configured in a load balancing Terminal Server farm named TSLoad. You install and configure the Terminal Services (TS) Session Broker service on a new server named Server4. You need to configure Server2 and Server3 to join the TS Session Broker. What should you do next? A. Configure Server2 and Server3 to use the TS Gateway role service to access TS Session Broker. B. Create a new Group Policy object (GPO) that assigns Server4 to Server2 and Server3 as their session broker server. Apply the GPO to Server2 and Server3. C. Configure a Group Policy object (GPO) to set the Set TS Gateway server address option in the Terminal Services Security section to Server1. Apply the GPO to all client computers. D. Configure a Group Policy object (GPO) to set the Require secure RPC communications option in the Terminal Services Security section to False. Apply the GPO to Server2 and Server3. Answer: B Section: (none) Explanation/Reference:

QUESTION 34 Your company has an Active Directory domain. All servers in the domain run Windows Server 2008. The Terminal Services Gateway role service is installed on a server named Server1. The Terminal Services role is installed on two servers named Server2 and Server3. Server2 and Server3 are configured in a load balancing Terminal Server farm named TSLoad. You deploy the Terminal Services (TS) Session Broker service on a new server named Server4. You confirm that the TS Session Broker works correctly. You deploy a hardware load balancing device to handle the load distribution to the Terminal Server farm. The device has specialized support for terminal servers and routing tokens. You discover that the TS Session Broker no longer works correctly. You need to ensure that the TS Session Broker works correctly. Which Group Policy object (GPO) should you create and apply to the Terminal Server farm? A. A GPO that enables the Use IP Address Redirection policy setting in the Session Directory section of the Terminal Server Group Policy template. B. A GPO that disables the Use IP Address Redirection policy setting in the TS Session Broker section of the Terminal Server Group Policy template. C. A GPO that enables the Use TS Session Broker Load Balancing policy setting in the Session Directory section of the Terminal Server Group Policy template. D. A GPO that disables the Use TS Session Broker Load Balancing policy setting in the Session Directory section of the Terminal Server Group Policy template.

Answer: B Section: (none) Explanation/Reference:

QUESTION 35 You have four Terminal Servers that run Windows Server 2008. The Terminal Servers are named Server1, Server2, Server3, and Server4. You install the Terminal Server Session Broker role service on Server1. You need to configure load balancing for the four Terminal Servers. You must ensure that Server2 is the preferred server for Terminal Services sessions. Which tool should you use? A. B. C. D.

Group Policy Manager Terminal Services Configuration Terminal Services Manager TS Gateway Manager

Answer: B Section: (none) Explanation/Reference:

QUESTION 36 You manage a member server that runs Windows Server 2008. The server runs the Terminal Server Gateway (TS Gateway) role service. You need to find out whether a user named User1 has ever connected to his office workstation through the TS Gateway server. What should you do? A. B. C. D.

View the events in the Monitoring folder from the TS Gateway Manager console. View the Event Viewer Security log. View the Event Viewer Application log. View the Event Viewer Terminal Services-Gateway log.

Answer: D Section: (none) Explanation/Reference:

QUESTION 37 You manage a member server that runs Windows Server 2008. The server has the Terminal Services role installed. Microsoft Windows System Resource Manager (WSRM) is installed on the server. Users report performance degradation on the Terminal Server. You monitor the server and notice that one user is consuming 100 percent of the processor time. You create a resource-allocation policy named Policy1 that limits each user to 30 percent of the total processor time. You observe no performance improvement. You need to configure WSRM to enforce Policy1. What should you do? A. B. C. D.

Set Policy1 as the Profiling Policy. Set Policy1 as the Managing Policy. Restart the Terminal Services Configuration service. Launch the WSRM application by using the user context of the Terminal Server System account.

Answer: B

Section: (none) Explanation/Reference:

QUESTION 38 You manage a server that runs Windows Server 2008. The Terminal Services role is installed on the server. A Terminal Services application runs on the server. Users report that the application stops responding. You monitor the memory usage on the server for a week. You discover that the application has a memory leak. A patch is not currently available. You create a new resource-allocation policy in Microsoft Windows Server Resource Manager. You configure a Process Matching Criteria named TrackShip and select the application. You need to terminate the application when the application consumes more than half of the available memory on the server. What should you do? A. Configure the resource-allocation policy and set the maximum working set limit option to half the available memory on the server. Set the new policy as a Profiling Policy. B. Configure the resource-allocation policy and set the maximum working set limit option to half the available memory on the server. Set the new policy as a Managing Policy. C. Configure the resource-allocation policy and set the maximum committed memory option to half the available memory on the server. Set the new policy as a Profiling Policy. D. Configure the resource-allocation policy and set the maximum committed memory option to half the available memory on the server. Set the new policy as a Managing Policy. Answer: D Section: (none) Explanation/Reference:

QUESTION 39 You manage 20 servers that run Windows Server 2008. The Terminal Services role and the Microsoft Windows System Resource Manager (WSRM) feature are installed on all the servers. You create and configure a resource-allocation policy that has the required custom settings on a server named TS01. You need to configure the WSRM settings on all the servers to match the WSRM settings on TS01. What should you do? A. Use the Windows Backup tool to back up only the System State data on TS01. Use the Windows Backup tool to restore the System State data on each server. B. Use the WSRM console on each server to enable the Accounting function. Configure the Remote WSRM accounting option to TS01 on each server. C. Use the WSRM console on TS01 to export the WSRM information to a shared folder. Use the WSRM console to import the WSRM information from the shared folder. D. Use the regedit tool to export the HKLM\SYSTEM\CurrentControlSet\Services\WSRM registry key on TS01 to a shared folder. On each server, delete this registry key and use the regedit tool to import the registry key from the shared folder. Answer: C Section: (none) Explanation/Reference:

QUESTION 40 Your company has an Active Directory domain. The Terminal Services role is installed on a member server named TS01. The Terminal Services Licensing role service is installed on a new test server named TS10 in a workgroup. You cannot enable the Terminal Services Per User Client Access License (TS Per User CAL)

mode in the Terminal Services Licensing role service on TS10. You need to ensure that you can use TS Per User CAL mode on TS10. What should you do? A. B. C. D.

Join TS10 to the domain. Disjoin TS01 from the domain. Extend the schema to add attributes for Terminal Services Licensing. Create a Group Policy object (GPO) that configures TS01 to use TS10 for licensing.

Answer: A Section: (none) Explanation/Reference:

QUESTION 41 Your company has an Active Directory domain. The company runs Terminal Services. Standard users who connect to the Terminal Server are in the TSUsers organizational unit (OU). Administrative users are in the TSAdmins OU. No other users connect to the Terminal Server. You need to ensure that only members of the TSAdmins OU can run the Remote Desktop Protocol files. What should you do? A. Create a Group Policy object (GPO) that configures the Allow .rdp files from unknown publishers policy setting in the Remote Desktop Client Connection template to Disabled. Apply the GPO to the TSUsers OU. B. Create a Group Policy object (GPO) that configures the Allow .rdp files from valid publishers and users default .rdp settings policy setting in the Remote Desktop Client Connection template to Disabled. Apply the GPO to the TSUsers OU. C. Create a Group Policy object (GPO) that configures the Allow .rdp files from valid publishers and users default .rdp settings policy setting in the Remote Desktop Client Connection template to Enabled. Apply the GPO to the TSAdmins OU. D. Create a Group Policy object (GPO) that configures the Specify SHA1 thumbprints of certificates representing trusted .rdp publishers policy setting in the Remote Desktop Client Connection template to Enabled. Apply the GPO to the TSAdmins OU. Answer: B Section: (none) Explanation/Reference:

QUESTION 42 Your company has an Active Directory domain. The company runs Terminal Services. You configure the main office printer as the default printer on the Terminal Server. The company policy states that all remote client computers must meet the following requirements: The main office printer must be the default printer of the client computers. Users must be able to access their local printers during a terminal session. You need to create a Group Policy Object by using the Terminal Services Printer Redirection template to meet the company policy. What should you do? A. Set the Easy Print driver first option to Disabled. Apply the GPO to the Terminal Server. B. Set the Use Terminal Services Easy Print driver first option to Disabled. Apply the GPO to all the client computers. C. Set the Do not set default client printer to be default printer in a session option to Enabled. Apply the GPO to the Terminal Server.

D. Set the Do not set default client printer to be default printer in a session option to Enabled. Apply the GPO to all the client computers. Answer: C Section: (none) Explanation/Reference:

QUESTION 43 Your network consists of a single Active Directory domain. The network contains a Terminal Server that runs Windows Server 2008, and client computers that run Windows Vista. All computers are members of the domain. You deploy an application by using the TS RemoteApp Manager. The Terminal Servers security layer is set to Negotiate. You need to ensure that domain users are not prompted for credentials when they access the application. What should you do? A. B. C. D.

On the server, modify the Password Policy settings in the local Group Policy. On the server, modify the Credential Delegation settings in the local Group Policy. On all client computers, modify the Password Policy settings in the local Group Policy. On all client computers, modify the Credential Delegation settings in the local Group Policy.

Answer: D Section: (none) Explanation/Reference:

QUESTION 44 Your company has an Active Directory domain. The company runs Terminal Services. All client computers run Windows Vista Service Pack 1. You need to ensure that users are able to run Windows Media Player 11 during a Terminal Services session. What should you do? A. Install the Desktop Experience feature on the Terminal Server. B. Install the Quality Windows Audio Video Experience feature on the Terminal Server. C. Create a new Group Policy object (GPO) by using the Desktop Window Manager template. Configure the Do not allow desktop composition option to True. Apply the GPO to all client computers in the domain. D. Create a new Group Policy object (GPO) that configures the Policy-based QoS option and set the Differential Services Code Point value to 10 for the Windows Media Player 11 executable. Apply the GPO to the Terminal Server. Answer: A Section: (none) Explanation/Reference:

QUESTION 45 Your company has an Active Directory domain. The company runs Terminal Services. A user has remotely logged on to the Terminal Server. The user requires help to use an application. When you connect to the Terminal Server session, you cannot operate any applications. You need to ensure that you can assist any user on the Terminal Server. What should you do? A. From the Terminal Server run the Tscon /v command. Then reconnect to the session.

B. Run the Chgusr /execute command on the Terminal Server. Then reconnect to the session. C. Enable Use remote control with default user settings in the RDP-Tcp Properties. D. Enable Use remote control with the following settings in the RDP-Tcp Properties. Configure the Level of control policy setting to Interact with the session. Instruct the user to log off and log back on. Answer: D Section: (none) Explanation/Reference:

QUESTION 46 Your network contains a Windows Server 2008 server that has the Web Server (IIS) server role installed. You have a Web application that uses a custom application pool. The application pool is set to recycle every 1,440 minutes. The Web application does not support multiple worker processes. You need to configure the application pool to ensure that users can access the Web application after the application pool is recycled. What should you do? A. B. C. D.

Set the Shutdown Executable option to True. Set the Process Orphaning Enabled option to True. Set the Disable Overlapped Recycling option to True. Set the Disable Recycling for Configuration Changes option to True.

Answer: C Section: (none) Explanation/Reference:

QUESTION 47 You manage a server that runs Windows Server 2008. The server has the Web Server (IIS) role installed. The Web developer at your company creates a new Web site that runs an ASP.NET 3.0 Web application. The ASP.NET Web application must run under a security context that is separate from any other ASP.NET application on the Web server. You create a local user account and grant account rights and permissions to run the ASP.NET Web application. You need to configure authentication for the new Web site to support the Web application. What should you do? A. Configure the Windows Authentication setting to Enabled. B. Configure the Forms Authentication setting to Enabled by using all the default settings. C. Configure the ASP.NET State service to log on to the new local user account by using the Services console. D. Configure the ASP.NET Impersonation setting to Enabled. Edit the ASP.NET Impersonation setting by specifying the new local user account. Answer: D Section: (none) Explanation/Reference:

QUESTION 48 You have a server that runs Windows Server 2008. The server has the Windows SharePoint Services (WSS) server role installed. The server is configured to accept incoming e-mail. You create a new document library. You need to ensure that any user can send e-mail to the document library. What should you do?

A. B. C. D.

Modify the RSS setting for the document library. Modify the incoming e-mail settings for the document library. Modify the permissions for the document library. Enable anonymous authentication for the Web application.

Answer: B Section: (none) Explanation/Reference:

QUESTION 49 Your company runs Terminal Services on a server named Server2. You need to prevent new sessions on the Terminal Server without affecting current user sessions. Which command should you run? A. B. C. D.

Change logon /disable Change user /execute disable Tskill /server:Server2 /A Taskkill /S Server2 /fi "MODULES eq TermSrv"

Answer: A Section: (none) Explanation/Reference:

QUESTION 50 Your company has an Active Directory domain. The company runs Terminal Services. All Terminal Services accounts are configured to allow session takeover without permission. A user has logged on to a server named Server2 by using an account named User1. The session ID for User1 is 1337. You need to perform a session takeover for session ID 1337. Which commands should you run? A. B. C. D.

Chgusr 1337 /disable, and then Tscon 1337 Takeown /U User1 1337, and then Tscon 1337 Tsdiscon 1337, and then Chgport /U User1 1337 Tsdiscon 1337, and then Tscon 1337

Answer: D Section: (none) Explanation/Reference:

Exam B QUESTION 1 You manage a server that runs Windows Server 2008. The server has the Web Server (IIS) role installed. The Web developer at your company creates a new Web site that runs an ASP.NET 3.0 Web application. The ASP.NET Web application must run under a security context that is separate from any other ASP.NET application on the Web server. You create a local user account and grant account rights and permissions to run the ASP.NET Web application. You need to configure authentication for the new Web site to support the Web application. What should you do? A. Configure the Windows Authentication setting to Enabled. B. Configure the Forms Authentication setting to Enabled by using all the default settings. C. Configure the ASP.NET State service to log on to the new local user account by using the Services console. D. Configure the ASP.NET Impersonation setting to Enabled. Edit the ASP.NET Impersonation setting by specifying the new local user account. Answer: D Section: (none) Explanation/Reference:

QUESTION 2 You manage a server that runs Windows Server 2008. The server has the Web Server (IIS) role installed. The server hosts an Internet-accessible Web site that has a virtual directory named /orders/. A Web server certificate is installed and an SSL listener has been configured for the Web site. The /orders/ virtual directory must meet the following company policy requirements: Be accessible to authenticated users only. Allow authentication types to support all browsers. Encrypt all authentication traffic by using HTTPS. All other directories of the Web site must be accessible to anonymous users and be available without SSL. You need to configure the /orders/ virtual directory to meet the company policy requirements. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. B. C. D.

Configure the Web site to the Require SSL setting. Configure the /orders/ virtual directory to the Require SSL setting. Configure the Digest Authentication setting to Enabled for the /orders/ virtual directory. Configure the Basic Authentication setting to Enabled and the Anonymous Authentication setting to Disabled for the Web site. E. Configure the Basic Authentication setting to Enabled and the Anonymous Authentication setting to Disabled for the /orders/ virtual directory. Answer: BE Section: (none) Explanation/Reference:

QUESTION 3 You manage a new server that runs Windows Server 2008. You plan to install the Streaming Media Services role on the server. Users will access content on the new server by using Windows Media Player for Windows Vista and Windows Media Player for Mac. You need to install the Streaming Media Services role on the server to support both media players. What should you do? A. Install Session Initiation Protocol (SIP).

B. Install Simple Object Access Protocol (SOAP). C. Install Stream Control Transmission Protocol (SCTP). D. Install RPC over HTTPS. Answer: B Section: (none) Explanation/Reference:

QUESTION 4 You install a new server named MediaSrv2 that runs Windows Server 2008. The server has the Streaming Media Services role installed. All client computers run Windows Vista and use the Windows Media Player 11 application. You configure a Publishing Point and assign a content source that has video media. Users are unable to pause and rewind the media player. You need to ensure that the users are able to control the playback of the streaming media. What should you do? A. B. C. D.

Reconfigure the Publishing Point as an on-demand publishing point. Configure MediaSrv2 to only use the Real Time Streaming Protocol (RTSP). Enable Publishing Points ACL Authorization on the Publishing Point. Configure MediaSrv2 to only use the Hypertext Transfer Protocol (HTTP).

Answer: A Section: (none) Explanation/Reference:

QUESTION 5 You have a server that runs Windows Server 2008. The server has the Windows Media Services server role installed. You plan to distribute a video file on DVD media. Users will view the video while working on computers that are not connected to the Internet. You need to distribute the video to users. You also need to protect the video from unauthorized use and illegal distribution. What should you do? A. From Windows Media Services, publish the video as streaming content, and then burn the video to a DVD. B. From Windows Media Services, advertise the video. Create a DVD that contains the HTML and ASPX files for the advertised video. C. From Windows Media Digital Rights Manager, package the video and then advertise the video on the corporate Web site. D. From Windows Media Digital Rights Manager, create a package and a license for the video file. Burn the packaged video to a DVD. Answer: D Section: (none) Explanation/Reference:

QUESTION 6 You have two servers that run Windows Server 2008 named Server1 and Server2. Both servers have the Windows Media Services server role installed. Server2 is a License Clearing House. You publish an audio file on Server1. The audio file is licensed by Server2. You need to ensure that users are allowed to use the audio file for only two days. What should you do?

A. B. C. D.

On Server1, modify the key ID. On Server1, modify the license key seed. On Server2, modify the license. On Server2, create a new package.

Answer: C Section: (none) Explanation/Reference:

QUESTION 7 You have a server that runs Windows Server 2008. You install the Windows Media Services server role on the server. You plan to publish an audio file to the Internet by using Media Server. You need to create a license for the audio file. What should you do first? A. B. C. D.

Publish the audio file to a new Web site. Publish the audio file to the Windows Media Services server. Package the audio file as a Windows Installer application. Package the audio file by using Windows Media Rights Manager.

Answer: D Section: (none) Explanation/Reference:

QUESTION 8 Your company uses Public folders and Web Distributed Authoring and Versioning. The company asks you to install Microsoft Windows SharePoint Services (WSS) as a server in a new server farm. You plan to install WSS on a server that runs Windows Server 2008. You start the Configuration Wizard to begin the installation. You receive an error message as shown in the exhibit. (Click the Exhibit button.).

You need to configure WSS to start SharePoint Services 3.0 Central Administration. What should you do? A. B. C. D.

Install the Windows Internal Database. Install a Microsoft SQL Server 2005 server. Install the Active Directory Rights Management Services role. Install the Active Directory Lightweight Directory Services role.

Answer: B Section: (none) Explanation/Reference:

QUESTION 9 Your company has an Active Directory domain. All the servers in the company run either Windows Server 2008 or Windows Server 2003. A Windows Server 2003 server named WSS2 runs Microsoft SQL Server 2005 SP2 and Microsoft Windows SharePoint Services (WSS) 2.0. The company plans to migrate to WSS 3.0 on a Windows Server 2008 server named WSS3. You need to migrate the configuration and content from WSS2 to WSS3. What should you do? A. Back up the SharePoint configuration and content from WSS2. Install WSS 3.0 on WSS3. Restore the backup from WSS2 to WSS3. B. Upgrade WSS2 to Windows Server 2008. Back up the SharePoint configuration and content from WSS2. Install WSS 3.0 on WSS3. Restore the backup from WSS2 to WSS3. C. Back up the SQL Server 2005 configuration and the WSS 2.0 databases from WSS2. Install SQL Server 2005 on WSS3. Restore the SQL Server 2005 backup from WSS2 to WSS3. D. Back up the WSS 2.0 configuration and content from WSS2. Install WSS 2.0 on WSS3. Restore the backup from WSS2 to WSS3. Perform an in-place upgrade of WSS 2.0 to WSS 3.0 on WSS3.

Answer: D Section: (none) Explanation/Reference:

QUESTION 10 You manage a server named SSP1 that runs Windows Server 2008. SSP1 has the Windows SharePoint Services (WSS) role in standalone mode. You manage another Windows Server 2008 server named SSP2. You install the WSS role on SSP2. During the installation, you indicate that SSP2 must be a member of a WSS server farm. You are unable to connect to SSP1 in the server farm. You need to configure SSP1 and SSP2 in a WSS server farm. What should you do? A. B. C. D.

Restart the Web Management service on SSP1. Set the Microsoft .NET Framework Trust Level to Low on both SSP1 and SSP2. Set the Microsoft .NET Framework Trust Level to Medium on both SSP1 and SSP2. Uninstall and reinstall WSS on SSP1 and select the server farm mode during the installation.

Answer: D Section: (none) Explanation/Reference:

QUESTION 11 You install the Windows SharePoint Services (WSS) role on a server that runs Windows Server 2008. You create a group named SPReviewers that will access content on the WSS server. You need to restrict the permissions for the SPReviewers group to viewing items, opening items, and viewing versions. Which permissions should you configure for the SPReviewers group? A. B. C. D.

Read Design Contribute Limited Access

Answer: A Section: (none) Explanation/Reference:

QUESTION 12 Your company has a server that runs Windows Server 2008. The Windows SharePoint Services (WSS) role is installed on the Windows Server 2008 server. You need to configure WSS to support SMTP. What should you do? A. B. C. D.

Bind the SharePoint Web site to port 25. Uninstall and reinstall the WSS role. Install the SMTP Server feature by using the Server Manager console. Install the Application Server role by using the Server Manager console.

Answer: C Section: (none) Explanation/Reference:

QUESTION 13 Your network consists of a single Active Directory domain. The domain contains a server that runs Windows Server 2008. The server has the Windows SharePoint Services (WSS) server role installed. You need to allow users to create distribution lists from a SharePoint site. What should you do on the WSS server? A. B. C. D.

Set the outgoing mail character set to 1200(Unicode). Enable the SharePoint Directory Management Service. Configure the site to accept messages from authenticated users only. Configure the site to use the default Rights Management server in Active Directory Domain Services.

Answer: B Section: (none) Explanation/Reference:

QUESTION 14 You have two servers that run Windows Server 2008 named Server1 and Server2. You install Windows SharePoint Services (WSS) 3.0 on Server1. You install the SMTP feature on Server2. You configure the outgoing e-mail settings on Server1 to use the SMTP service on Server2. You need to ensure that e-mail messages from Server1 are forwarded to users. What should you do? A. On Server2, create a new application pool, and then associate the application pool with a new Web site. B. On Server2, configure the SMTP service to accept anonymous connections and to relay e-mail messages. C. On Server1, create a new application pool. On an internal DNS server, create a new MX record for Server1. D. On Server1, create a new application pool. On an internal DNS server, create a new MX record for Server2. Answer: B Section: (none) Explanation/Reference:

QUESTION 15 You install the Web Server (IIS) role on a server with Windows Server 2008. Company uses SMTP for email. You need prevent unauthorized transmissions without disrupting valid email traffic. A. B. C. D.

Create firewall role to block all outbound SMTP traffic. Configure High alert items to be removed in Windows Defender. Enable the TLS encryption option in the outbound security settings. Add an SMTP relay restriction that limits access to authorized server on the network.

Answer: D Section: (none) Explanation/Reference:

QUESTION 16 You are an enterprise administrator for Cer-tech .com. The company runs Windows Server 2008 on all the servers on the network. One of the servers, Server01 has the Web Server (IIS) role installed on it.

The Server01 hosts an Internet-accessible Web site called Cer-tech .com that has a virtual directory named /Salesorders/. A Web server certificate is installed and an SSL listener has been configured for the Web site. Which of the following options would you choose to configure the /salesorders/ virtual directory to meet the company policy requirements that states that the /salesorders/ virtual directory must be accessible to authenticated users only and it should allow authentication types to support all browsers? Besides it should encrypt all authentication traffic by using HTTPS and all other directories of the Website must be accessible to anonymous users and be available without SSL. (Select all that apply. Each correct answer presents part of the solution.) A. B. C. D. E. F. G.

Configure the Basic Authentication setting to Enabled for the Web site Configure the Anonymous Authentication setting to Disabled for the Web site. Configure the Web site to the Require SSL setting. Configure the Basic Authentication setting to Enabled for the / salesorders / virtual directory. Configure the Anonymous Authentication setting to Disabled for the / salesorders / virtual directory. Configure the Digest Authentication setting to Enabled for the / salesorders/ virtual directory. Configure the /salesorders / virtual directory to the Require SSL setting.

Answer: DEG Section: (none) Explanation/Reference:

QUESTION 17 You want to use WDS to deploy Windows Vista RTM to 50 PXE-enabled client computers. You have, therefore, installed the WDS role and performed the following configuration tasks: A. Create a Path\RemoteInstall folder on a disk volume formatted using FAT32. B. Configure the PXE Server Initial Settings to allow both known and unknown client computers. C. Add the Boot.wim file from the Path\Sources folder of your Windows Vista RTM media to your image store. D. Add the Install.wim file from the Path\Sources folder of your Windows Vista RTM media to your image store. Answer: AC Section: (none) Explanation/Reference:

QUESTION 18 You are a systems administrator who has recently installed and configured FTP 7 on a computer running Windows Server 2008. You have enabled the FTP Over SSL (FTPS) option for the server by obtaining an SSL certificate from a trusted third-party issuer. Recently, the usage of the FTP site has increased, and users are complaining about slow download performance. You want to configure SSL settings to encrypt only credentials and commands but not file-related information. You also want to optimize encryption performance. Which of the following settings changes should you make? (Choose two. Each correct answer presents part of a complete solution.) A. B. C. D.

Select the Allow SSL Connections SSL Policy option. Disable the Use 128-bit Encryption For SSL Connections Option. Select the Require SSL Connections SSL Policy option. Select the Custom SSL Policy option.

Answer: BD Section: (none) Explanation/Reference:

QUESTION 19 You are an enterprise administrator for Cer-tech .com. The company runs Windows Server 2008 on all the servers on the network. The company has many remote users One of the servers on the network called Server01 has the Terminal Services Gateway (TS Gateway) role installed on it. The remote users of the company need to connect remotely to desktop computers located in their offices through the gateway. To ensure secure connection to the gateway, you created a security group named RemoteUsersGrp1 for the remote users who need to connect to computers in their offices. Which of the following options would you choose to enable the remote users to connect to the TS Gateway? (Select two. Both the selected options will form a part of the answer.) A. Create a resource authorization policy. B. Create a client authorization policy. C. Create a Group Policy object enable the Set TS Gateway authentication method properties to Ask for credentials, use Basic protocol. D. Add the RemoteUsersGrp1 security group and enable Device redirection. E. Add the RemoteUsersGrp1 security group to the local remote desktop users group on the TS Gateway server. F. Add the RemoteUsersGrp1 security group and enable Users to connect to any resource. G. Apply the policy to the TS Gateway server. Answer: BD Section: (none) Explanation/Reference:

QUESTION 20 You are a systems administrator responsible for managing a Windows Server 2008 Web Server Currently, there are no Web sites configured on the server. You need to configure the server to host two Web applications: Engineering App and Sales App. Both Web applications must be accessible by using HTTP port 80 without the use of host headers. Also, you must protect against problems in one Web application affecting the performance or reliability of the other Web application. Which two steps should you take to meet these requirements? A. B. C. D.

Create a single Web site that contains both Web applications. Create two Web sites, one for each Web application. Assign both Web applications to the same application pool. Assign each Web application to its own application pool.

Answer: AD Section: (none) Explanation/Reference:

QUESTION 21 You are a systems administrator in charge of adding the Windows SharePoint Services (WSS) server role on a computer running Windows Server 2008. You have completed the initial installation process for the server but have not yet added any roles or features to the installation. Based on your technical requirements, you have decided to install WSS in a server farm configuration.

Which of the following is not a dependency of the WSS server role? (Choose all that apply.) A. B. C. D. E.

Windows Internal Database role service Windows Process Activation role service Microsoft .NET Framework 3.0 Web Server (IIS) role File Server role

Answer: AE Section: (none) Explanation/Reference:

QUESTION 22 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. Your company has a server named VS1 that runs Windows Server 2008 and Hyper-V. You want to create eight virtual servers that run Windows Server 2008 and configure the virtual servers as an Active Directory forest for testing purposes. You find that VS1 has only 30 GB of free hard disk space. You need to have the eight new virtual servers installed on VS1. What action should you perform? 1. Perform the installation of Windows Server 2008. 2. Activate undo disks on all virtual servers. 3. Create a virtual server that has a 10-GB fixed-size virtual hard disk. 4. Create eight virtual servers that have a differencing virtual hard disk attached. 5. Create eight virtual servers that have a dynamically expanded virtual hared disk attatched. A. B. C. D. E.

3->1-> 4 1 -> 5->2 2->4->3 5->3->1 4->3->5

Answer: A Section: (none) Explanation/Reference:

QUESTION 23 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. You work in a company named Wiikigo, Ltd. and there is a two-node Network Load Balancing cluster. Only the intranet Web site will be provided with the high availability and load balancing by the cluster. The company names the cluster as web.wiikigo.com. You find a problem that the Network Load Balancing cluster can be seen in the network neighborhood by the Wiikigo users. And the users can utilize the web. wiikigo.com name to get access to various services. The web.wiikigo.com Network Load Balancing cluster is set with only one port rule. Since you are the technical support, you are required have the web.wiikigo. com Network Load Balancing cluster configured to receive only HTTP traffic. Which two actions should be performed to achieve the goal? (Choose more than one.)

A. To achieve the goal, the Network Load Balancing Clusters console should be opened and a new Allow rule should be created for TCP port 80. B. To achieve the goal, the Network Load Balancing Clusters console should be opened and the default port rule should be modified to a disabled port range rule. C. To achieve the goal, one of the cluster nodes should be logged on to and the wlbs disable all command should be run. D. To achieve the goal, the Network Load Balancing Clusters console should be opened and the default port rules should be deleted. Answer: AD Section: (none) Explanation/Reference:

QUESTION 24 Exhibit:

ActualTests.com Certkiller.com has a member server that is under your control. The member server has Windows Server

2008 installe`d as its prime operating system. An IIS server role is installed on the server, which also hosts an intranet website of Certkiller.com's. The website authentication settings are shown in the exhibit. Certkiller.com has a BRanch office that accesses the intranet through a proxy server. All client machines in the BRanch office and the main office use Microsoft Internet explorer. Users on the corporate network in the main office have no problems to get authenticated to the intranet website while the users in the BRanch office are unable to authenticate and access the website. The authentication process is encrypted on the IIS server to enhance the performance. What should you do to configure the website to support authentication for the users in the main office and the users in the BRanch office? A. Enable the Basic authentication settings and Disable the Windows Authentication setting for the users. After that select Require SSL through website properties B. Configure each client machine in the BRanch office and deselect Integrated Windows authentication option in the Internet Options Advanced settings dialog box. C. Add the Digest Authentication role service to the IIS server. Configure the Digest Authentication setting to Enabled. D. Add and enable the Host Credential Authorization Protocol role service on the IIS server E. None of the above Answer: C Section: (none) Explanation/Reference: Explanation: The users in the BRanch office are unable to authenticate and access the website because they were accessing the intranet through a proxy server and the authentication method configured (Windows Authentication) was not supporting proxy server. To configure the website to support authentication for the users in the main office and the users in the BRanch office, you need to add the Digest Authentication role service to the IIS server and then configure the Digest Authentication setting to Enabled. Digest Authentication works by sending a password hash to a Windows domain controller to authenticate users. When you need improved security over Basic authentication, consider using Digest authentication, especially if users who must be authenticated access your Web site from behind firewalls and proxy servers. ActualTests.com Reference: Available Role Services in IIS 7.0 / Security Features http://technet2.microsoft.com/ windowsserver2008/en/liBRary/1ec80c97-4455-4829-a319- 30e1e1c081691033.msp

QUESTION 25 Certkiller.com has a web hosting service. It hosts websites for 40 customers. An SMTP server is dedicated for each website. You changed the server and installed the IIS server role and SMTP server on the new server that is running Windows Server 2008. Certkiller.com has acquired a new client. You create their website and install the SMTP server for the new client. However, the SMTP server fails to start. What should you do to configure the new SMTP server to start on the IIS server? (Select all that apply) A. B. C. D. E.

Configure the SMTP server to integrate the IIS server role Use a different IP address for the new SMTP server Configure the SMTP server by using the iiscnfgr /enable command on the IIS server Add the SMTP server IP address in the IIS Server SMTP settings Use a different port for the new SMTP server

Answer: BE Section: (none) Explanation/Reference: Explanation: To configure the new SMTP server to start on the IIS server, you need to either use a different IP address for the new SMTP server or use a different port for the new SMTP server. This is because more than one virtual server can use the same TCP port if all servers are configured by using different IP addresses.

Reference: IIS 7.0: Configure SMTP E-mail http://technet2.microsoft.com/windowsserver2008/en/liBRary/e56b93b1-8521-48ab-a902e47b0ee4408b1033.ms

QUESTION 26 You implement a member server that runs Windows Server 2008. The member server has the Web Server (IIS) role installed. The member server also hosts intranet Web sites. Your company policy has the following requirements: Use encryption for all authentication traffic to the intranet Web site. Authenticate users by using their Active Directory credentials. Avoid the use of SSL on the Web server for performance reasons. You need to configure all the Web sites on the server to meet the company policy. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.) A. Configure the Basic Authentication setting on the server to Enabled. B. Configure the Digest Authentication setting on the server to Enabled. B. Configure the Windows Authentication setting on the server to Enabled. C. Configure the Anonymous Authentication setting on the server to Disabled. D. Configure the Active Directory Client Certificate Authentication setting on the server to Enabled. Answer: BCD Section: (none) Explanation/Reference:

QUESTION 27 You manage a member server that runs Windows Server 2008. The server has the Web Server (IIS) role installed. The Web server hosts a Web site named Intranet1. Only internal Active Directory user accounts have access to the Web site. The authentication settings for Intranet1 are configured as shown in the exhibit. (Click the Exhibit button.).

You need to ensure that users authenticate to the Web site by using only the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2) encrypted Active Directory credentials. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. Add the Digest Authentication role service and the URL Authorization role service to the server. B. Add the Windows Authentication role service to IIS. Configure the Windows Authentication setting to Enabled in the Intranet1 properties. C. Configure the Basic Authentication setting to Disabled in the Intranet1 properties. D. Configure the Default domain field for the Basic Authentication settings on Intranet1 by adding the name of the Active Directory domain. E. Configure the Basic Authentication setting to Disabled and the Anonymous Authentication setting to Enabled in the Intranet1 properties. Answer: BC Section: (none)

Explanation/Reference:

QUESTION 28 Your company named Contoso, Ltd. runs Windows Server 2008. You manage a Web server named Server1. Internet users access Server1 by using http://www.contoso.com and https://www.contoso.com. The Server1 server uses an SSL certificate from a public certification authority (CA). You install an additional Web server named Server2. You configure a Network Load Balancing cluster to distribute the incoming HTTP and HTTPS traffic between both Web servers. You need to configure an SSL certificate on Server2 to support HTTPS connections. You must ensure that all users can connect to https://www. contoso.com without receiving security warnings. What should you do? A. Open the IIS Manager console on Server2. Create a self-signed certificate. B. Open the IIS Manager console on Server1. Export the SSL certificate to a .pfx file. Import the .pfx file to Server2. C. Open the Certificates console on Server1. Export the SSL certificate to a .cer file. Import the .cer file to Server2. D. Request a new SSL certificate from the public CA. Use Server2 as the Common Name in the request. Install the new certificate on Server2. Answer: B Section: (none) Explanation/Reference:

QUESTION 29 Your company runs Windows Server 2008. The company network is configured as an Active Directory domain named contoso.com. The network has a Web server named WEB1. The domain users access WEB1 by using http://web1. You generate a self-signed certificate for WEB1 and configure WEB1 to use SSL. Users report that they get a warning message when they connect to WEB1 by using https://web1. You need to ensure that users can connect to WEB1 without receiving a warning message. What should you do? A. Add the https: //web1 name to the list of Trusted Sites zone on all the computers in the domain. B. Open the Certificates console on WEB1. Export the self-signed certificate to a web1.cer file. Install the web1.cer file on all the computers in the domain. C. Join WEB1 to the contoso.com domain. Reissue the self-signed certificate. Request all the users to use https: //web1.contoso.com to connect to WEB1. D. Create a DNS Host (A) Record for WEB1 in the contoso.com zone. Reissue the self-signed certificate. Request all the users to use https: //web1.contoso.com to connect to WEB1. Answer: B Section: (none) Explanation/Reference:

QUESTION 30 Your company named Contoso, Ltd. has a Web server named WEB1. The Web server runs Windows Server 2008. The fully qualified domain name of WEB1 is web1.contoso.com. The public DNS server has an alias record named owa.contoso.com that maps to web1.contoso.com. Users access WEB1 from the Internet by using http://owa.contoso.com. The new company security policy states that the owa.contoso. com site must be available for Internet users only through secure HTTP (HTTPS) protocol. The security policy also states that users must not get security warnings when they connect to the site. You need to request a certificate from a public certification authority (CA). Which Common Name should

you use? A. B. C. D.

Contoso, Ltd. owa.contoso.com WEB1 web1.contoso.com

Answer: B Section: (none) Explanation/Reference:

QUESTION 31 Your company has a server that runs Windows Server 2008. The server has the Web Server (IIS) role installed. You need to activate SSL for the default Web site. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. B. C. D.

Obtain and import a server certificate by using the IIS Manager console. Select the Generate Key option in the Machine Key dialog box for the default Web site. Add bindings for the HTTPS protocol to the default Web site by using the IIS Manager console. Install the Digest Authentication component for the Web server role by using the Server Manager console.

Answer: AC Section: (none) Explanation/Reference:

QUESTION 32 You have a server that runs Windows Server 2008. The server has the Web Server (IIS) server role installed and all the Web Server role services installed. You need to provide a user the ability to administer a Web site. Which feature should you configure? A. B. C. D.

.Net Roles .Net Users Authentication IIS Manager Permissions

Answer: D Section: (none) Explanation/Reference:

QUESTION 33 You have 10 servers that run Windows Server 2008. The servers have the Web Server (IIS) server role installed. The servers are members of a Web server farm. The servers host the same Web site. You need to configure the servers to meet the following requirements: Allow changes to the Web server configurations that are made on one server to be made on all servers in the farm. Minimize administrative effort to perform the configuration changes. What should you do? A. On all servers, configure the Shared Configuration settings.

B. On one server, create a scheduled task that copies the Intepub folder to the other servers. C. Create a DFS Namespace. On each server configure the Inetpub folder as the target of the DFS Namespace. D. On one server, configure the Shared Configuration setting. Answer: A Section: (none) Explanation/Reference:

QUESTION 34 Your company has a new server that runs Windows Server 2008. The Web Server (IIS) role is installed. Your company hosts a public Web site. You notice unusually high traffic volume on the Web site. You need to identify the source of the traffic. What should you do? A. B. C. D.

Enable the Web scripting option. Run the netstat Can command on the server. Create a custom view in Event Viewer to filter information from the security log. Enable Web site logging in the IIS Server Manager and filter the logs for the source IP address.

Answer: D Section: (none) Explanation/Reference:

QUESTION 35 You install the Web Server (IIS) role on a server that runs Windows Server 2008. Your companys defaultWeb site has an IP address of 10.10.0.1. You add a Web site named HelpDesk. The HelpDesk Web site cannot be started. You need to configure the Helpdesk Web site so that it can be started. What should you do? A. Run the iisreset /enable command on the server. B. Configure the Helpdesk Web site to use a host header. C. Run the appcmd add site /name: HelpDesk /id:2 /physicalPath: c:\HelpDesk /binding:http/*: 80:helpdesk command on the server. D. Run the set-location Cliteralpath "d:\HelpDesk_content" HelpDesk ID:2 location port:80 domain: helpdesk command in the Microsoft Windows PowerShell tool on the server. Answer: B Section: (none) Explanation/Reference:

QUESTION 36 You have a server named Server1 that runs Windows Server 2008. The server has the Web Server (IIS) server role installed. You have an SMTP gateway that connects to the Internet. The internal firewall prevents all computers, except the SMTP gateway, from establishing connections over TCP port 25. You configure the SMTP gateware to relay e-mail for Server1. You need to configure a website on Server1 to send email to Internet Users. What should you do? A. On Server1, install the SMTP Server feature B. On Server1, configure the SMTP E-Mail feature for the website.

C. On an internal DNS server, create an MX record for Server1. D. On an internal DNS server, create an MX record for the SMTP Gateway. Answer: B Section: (none) Explanation/Reference:

QUESTION 37 You install the Web Server (IIS) role on and the SMTP Server feature on a server that runs Windows Server 2008. You need to configure the new SMTP server to forward mail to the mail server of the Internet Service Provider (ISP). What should you do? A. B. C. D.

Configure the smart host setting to use the local host. Configure the smart host setting to use the mail server of the ISP. Run the appcmd /delivery method:PickupDirectoryFromIis command. Configure the SMTP delivery setting to Attempt direct delivery before sending to smart host.

Answer: B Section: (none) Explanation/Reference:

QUESTION 38 You install the FTP role service on a server that runs Windows Server 2008. Users receive an error message when they attempt to upload files to the FTP site. You need to allow authenticated users to upload files to the FTP site. What should you do? A. Run the ftp Ca 192.168.1.200 command on the server that runs Windows Server 2008. B. Run the appcmd unlock config command on the server that runs Windows Server 2008. C. Configure Write permissions on the FTP site. Configure the NTFS permissions on the FTP destination folder for the Authenticated Users group to Allow - Modify. D. Configure Write permissions on the FTP site. Configure the NTFS permissions on the FTP destination folder for the Authenticated Users group to Allow C Write attributes. Answer: C Section: (none) Explanation/Reference:

QUESTION 39 You manage a computer named FTPSrv1 that runs Windows Server 2008. Your company policy requires that the FTP service be available only when required by authorized projects. You need to ensure that the FTP service is unavailable after restarting the server. What should you do? A. B. C. D.

Run the iisreset command on the FTPSrv1 server. Run the net stop msftpsvc command on the FTP server. Run the suspend-service msftpsvc cmdlet in Microsoft Windows PowerShell tool. Run the WMIC /NODE:FTPSrv1 SERVICE WHERE caption="FTP Publishing Service" CALL ChangeStartMode "Disabled" command on the FTP server.

Answer: D

Section: (none) Explanation/Reference:

QUESTION 40 You have a server that runs Windows Server 2008. The server has the Web Server (IIS) server role installed. The server contains a Web site that is configured to use only Windows Authentication. You have a security group named Group1 that contains several user accounts. You need to prevent the members of Group1 from accessing a Web site. You must not prevent other users from accessing the Web site. Which Web site feature should you configure? A. B. C. D.

Authentication Authorization Rules IIS Manager Permissions SSL Settings

Answer: B Section: (none) Explanation/Reference:

QUESTION 41 You have a Windows Server 2008 server that has the Web Server (IIS) server role installed. The server contains a Web site. You need to ensure that the cookies sent from the Web site are encrypted on users computers. Which Web site feature should you configure? A. B. C. D.

Authorization Rules Machine Key Pages And Controls SSL Settings

Answer: B Section: (none) Explanation/Reference:

QUESTION 42 You install the Web Server (IIS) role on a new server that runs Windows Server 2008. You install a Microsoft .NET Framework 1.0 application on a Web site on the Web server. The company security policy states that all applications must run by using the minimum level of permission. You need to configure the Web site application so that it has the permissions to execute without creating any other content and without accessing any operating system components. What should you do? A. B. C. D.

Set the .NET Framework trust level to Full for the Web site. Set the .NET Framework trust level to Low for the Web site. Set the .NET Framework trust level to High for the Web site. Set the .NET Framework trust level to Medium for the Web site.

Answer: A Section: (none) Explanation/Reference:

QUESTION 43 You have a server that runs Windows Server 2008. The Web Server (IIS) role is installed. You plan to host multiple Web sites on the server. You configure a single IP address for the server. All Web sites are registered in DNS to point to the single IP address. You need to ensure that each Web site only responds to requests by name from all client computers. What should you do? A. B. C. D.

Configue a unique port for each Web site. Configue a unique IP address for each Web site. Configue a unique Host Header for each Web site. Edit the Hosts file on the server to add all the Web site names associated to the network address.

Answer: C Section: (none) Explanation/Reference:

QUESTION 44 You install the Web Server (IIS) role on a server that runs Windows Server 2008. Your companys human resources department has a Web site named www.contoso.com/hr. You need to create a virtual directory on the company Web site for the HR department. Which command should you run on the Web server? A. B. C. D.

appcmd add app /app.name:contoso /path:/hr /physicalPath:c:\websites\hr appcmd add site /name:hr /physicalPath:c:\websites\hr appcmd add vdir /app.name:contoso /path:/hr /physicalPath:c:\websites\hr appcmd set vdir /vdir.name:hr /path:/hr /physicalPath:c:\websites\hr

Answer: C Section: (none) Explanation/Reference:

QUESTION 45 You have a Windows Server 2008 server that has the Web Server (IIS) server role installed. The server hosts multiple Web sites. You need to configure the server to automatically release memory for a single Web site. You must achieve this goal without affecting the other Web sites. What should you do? A. B. C. D.

Create a new Web site and edit the bindings for the Web site. Create a new application pool and associate the Web site to the application pool. Create a new virtual directory and modify the Physical Path Credentials on the virtual directory. From the Application Pool Defaults, modify the Recycling options.

Answer: B Section: (none) Explanation/Reference:

QUESTION 46 You have the Web Server (IIS) role installed on a server that runs Windows Server 2008. You make changes to the configuration of an application named APP1. Users report that the application fails. You

examine the event log and discover the following error message: 503 Service Unavailable. You need to ensure that users are able to connect to APP1. Which command should you run at the command prompt on the server? A. B. C. D.

appcmd set config appcmd stop apppool appcmd start apppool appcmd set apppool

Answer: C Section: (none) Explanation/Reference:

QUESTION 47 You install the Web Server (IIS) role on a server that runs Windows Server 2008. You configure a Web site named contoso.com and a Web application named Acctg on the Web server. The Web server runs out of disk space. You move Acctg to another drive on the Web server. The following table shows the current application configuration. Application Web location Original location New location Acctg contoso/Acctg d:\Acctg f:\Acctg. Users report that they cannot access Acctg. You need to enable users to access Acctg. Which command should you run on the server? A. B. C. D.

appcmd add app /site.name: contoso /path:/Acctg /physicalPath:d:\Acctg appcmd set app /site.name: contoso /path:/Acctg /physicalPath:f:\Acctg appcmd add app /site.name: contoso /path:/Acctg /physicalPath:f:\Acctg appcmd set app /site.name: contoso /path:/Acctg /physicalPath:d:\Acctg

Answer: B Section: (none) Explanation/Reference:

QUESTION 48 You have the Web Server (IIS) role installed on a server that runs Windows Server 2008. You create a Web site named contoso.com. You copy an application named WebContent to the server. You need to enable the WebContent application on the Web site. What should you do? A. At the command prompt on the server, run the appcmd add site command. B. Select the Web site from the Internet Information Services (IIS) Manager console. Select Add Application. C. Select the Web site from the Internet Information Services (IIS) Manager console. Select Add Virtual Directory. D. At the command prompt on the server, run the appcmd add vdir command. Answer: B Section: (none) Explanation/Reference:

QUESTION 49 You have a Terminal Server that runs Windows Server 2008. You need to configure the server to end any sessions that are inactive for more than one hour. What should you do? A. B. C. D.

From Terminal Services Manager, create a new group. From Terminal Services Manager, delete the inactive sessions. From Terminal Services Configuration, modify the RDP-Tcp settings. From Terminal Services Configuration, modify the User logon mode setting.

Answer: C Section: (none) Explanation/Reference:

QUESTION 50 Your company has an Active Directory domain. The company runs Terminal Services. A user has remotely logged on to the Terminal Server. The user requires help to use an application. When you connect to the Terminal Server session, you cannot operate any applications. You need to ensure that you can assist any user on the Terminal Server. What should you do? A. B. C. D.

From the Terminal Server run the Tscon /v command. Then reconnect to the session. Run the Chgusr /execute command on the Terminal Server. Then reconnect to the session. Enable Use remote control with default user settings in the RDP-Tcp Properties. Enable Use remote control with the following settings in the RDP-Tcp Properties. Configure the Level of control policy setting to Interact with the session. Instruct the user to log off and log back on.

Answer: D Section: (none) Explanation/Reference:

Exam C QUESTION 1 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. There is a server named VS01 in your company, and Windows Server 2008 and Hyper-V are run by the server. 10 virtual servers are hosted by the VS01 server. One 64-GB fixed-size virtual hard disk (VHD) is contained by a virtual server named VS-DB. And the VHD file is called disk01.vhd. You find a problem that only 5 GB of the VHD is utilized by VS-DB. The VS-DB virtual server is turned off by you, and you plan to have the unused disk space regained on the VS01 physical server. Since you are the technical support, you are required to have VS-DB configured to make disk01.vhd file as small as possible. Which action should be performed? (Choose the correct answer, and put them in correct answer.) 1. The disk02.vhd file should be compacted. 2. The disk01.vhd file should be deleted. And disk02.vhd should be renamed. 3. The disk02.vhd file should be converted to a new fixed-size VHD file named diask01.vhd. 4. The disk01.vhd should be converted to a new dynamically expanding VHD file named disk02.vhd. 5. A new differencing VHD file named Disk02.vhd that has disk01.vhd as a parent disk.

Answer:

Section: (none) Explanation/Reference:

QUESTION 2 You want to enable Remote Desktop on a Server Core installation of Windows Server 2008 and then enable the server to accept connections from clients configured with RDP versions prior to 6.0. Which commands should you use? (Choose two.)

A. B. C. D.

cscript scregedit.wsf /AR 0 cscript scregedit.wsf /AR 1 cscript scregedit.wsf /CS 0 cscript scregedit.wsf /CS 1

Answer: AC Section: (none) Explanation/Reference:

QUESTION 3 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. You are in charge of a server that runs Windows Server 2008. The Web Server (IIS) server role and the FTP Publishing Service role service are installed on the server. You have a new FTP site added to the server. You have to make sure that the new FTP site is available. In order to make sure of this, what action should you perform? A. In order to make sure of this, the iisreset command should be run on the server. B. In order to make sure of this, a host header file should be configured in the default Web site properties. C. In order to make sure of this, an alternate IP address should be configured in the default Web site properties. D. In order to make sure of this, an alternate TCP port should be configured in the FTP site properties. E. In order to make sure of this, an alternate IP address should be configured in the FTP site properties. Answer: DE Section: (none) Explanation/Reference:

QUESTION 4 You are a Windows Server 2008 systems administrator responsible for configuring the Streaming Media Services server role. Your organization would like to make numerous human resources training videos available for access by its employees. Employees should be able to pause and fast-forward content as needed. You also want to ensure that users can access the content only while they are connected to your companys LAN. Which actions should you take? (Choose two. Each correct answer presents part of the complete solution.) A. B. C. D. E.

Create a new broadcast publishing point. Create a new on-demand publishing point. Enable WMS IP Address Authorization for the publishing point. Enable WMS Negotiate Authentication for the publishing point. Enable WMS NTFS ACL Authorization for the publishing point.

Answer: BC Section: (none) Explanation/Reference:

QUESTION 5 You are an enterprise administrator for Cer-tech .com. The corporate network of the company consists of an

Active Directory domain. All the servers on the network run Windows Server 2008. The network runs a Terminal server named Server02 to enable remote users to run commonly required applications from their terminal. You have recently been asked to deploy a Terminal Services application called App1 on Server02. To deploy the application, you first confirmed from the application vendor that the application can be deployed in a Terminal Services environment. The features of App1 are that it does not use Microsoft Windows Installer packages for installation and makes changes to the current user registry during installation. Which of the following options would you choose to install the application to support multiple user sessions? (Select all that apply) A. B. C. D. E. F.

Run the change user /install command on Server02 Install the application. Run the change user /execute command on Server02. Run the change logon /disable command on Server02. Run the change logon /enable command on Server02. Run the mstsc /v: Server02/console command from the client computer to log on to Server02.

Answer: ABC Section: (none) Explanation/Reference:

QUESTION 6 You are a systems administrator responsible for configuring a Windows Server 2008 SMTP server. Your organization is currently using the default SMTP virtual server for sending order notifications from a single Web application called ContosoOrderManagement. Recently, you have noticed that a large number of messages have been sent to the SMTP virtual server from other computers and users. Which two methods can you use to prevent unauthorized access to the SMTP server? (Choose two. Each correct answer presents a complete solution.) A. B. C. D.

Enable Basic Authentication. Configure a smart host for use by the SMTP virtual server. Add Connection Control entries to limit which IP addresses can use the SMTP server. Modify settings on the Security tab of the properties of the SMTP virtual server.

Answer: AC Section: (none) Explanation/Reference:

QUESTION 7 The corporate network of Certkiller consists of 10 servers that run Windows Server 2008. You have recently enabled RDP on the servers to provide remote administration to the servers. All the computers that will be used to provide remote administration run Windows Vista. You configured RDP on server with default security settings. However, you are not satisfied with the default security setting and need to ensure that the RDP connections are as secure as possible. Which of the following two actions would you perform to configure secure RDP connections? (Each correct answer presents a part of the solution. Select two). A. B. C. D.

Acquire user certificates. Block port 3389 of the firewall on each server. Set the security layer for each server to the RDP Security Layer. Configure each server to allow connections only to RDP client computers that use Network Level Authentication.

Answer: AD Section: (none) Explanation/Reference:

Explanation: To configure secure RDP connections, you need to first Acquire user certificates and then configure each server to allow connections only to Remote Desktop client computers that use Network Level Authentication. The Network Level Authentication is selected on each server to allow connections to Remote Desktop client computers because only Vista clients are used to connect to the Terminal Server Reference: Configuring the Windows Server 2008 Terminal Services Gateway (Part 1) http://www.windowsecurity.com/articles/ Configuring-Windows-Server-2008-Terminal-Services- Gateway-Part1

QUESTION 8 Certkiller.com provides Web hosting services. AS an administrator, you manage the server that has Windows Server 2008 installed on it as its operating system. An IIS server role is installed on ActualTests. com this server. The server has multiple websites running. You have to configure a new website for a new client on the IIS server. While deploying the website on the server, you find out that the website looks like an FTP download page instead of the normal HTTP page that presents the content without letting anyone to download it. You have to setup the website to present the content through HTTP and make sure the files are not downloaded by the users. Which two actions should you perform to complete this task? (Choose two answers. Each answer is a part of the complete solution. ) A. B. C. D.

Match the webpage file to the website by configure the default document setting Configure the website to use the application pool Execute the appcmd set config /section:directory Browse /enabled: false command Configure the directory that hosts website to grant Allow, read and execute permission to the users of the website content E. Configure a DNS zone for the domain that hosts website and create a CNAME record Answer: AC Section: (none) Explanation/Reference: Explanation: To setup the website to present the content through HTTP and make sure the files are not downloaded by the users, you need to first match the web page file to the website by configuring the Default document setting and then executing the appcmd set config /section : directoryBrowse /enabled: false command. Configuring default document setting will allow you to hide the document name while showing its content. The default document specifies what file to serve. The appcmd set config /section: directoryBrowse /enabled: false command will allow you to turn off the directory BRowsing on the website. Reference: Default Documents http://learn.iis.net/page.aspx/203/default-documents/ Reference: Getting Started with AppCmd.exe / Controlling Location of Configuration http://learn.iis.net/page.aspx/114/getting-started-with-appcmdexe/

QUESTION 9 You are an enterprise administrator for Cer-tech .com. The company runs Windows Server 2008 on all the servers on the network. On the corporate network a Network Load Balancing cluster named nlb. Cer-tech . com is configured. The two hosts of the cluster are named as Cer-tech Web1 and Cer-tech Web2. A single port rule has been configured for the cluster according to which all HTTP traffic is evenly distributes between both the hosts. Which of the following options would you choose to configure the cluster in such a way that Cer-tech Web2 handles all HTTPS traffic for nlb.Cer-tech .com while ensuring the even distribution of HTTP traffic between Cer-tech Web1 and Cer-tech Web2? (Choose two. Each correct answer presents part of the solution.) A. Change the Handling priority option for the TCP 443 port rule to the value of 0 in the properties for Certech Web1

B. Create a new port rule for port TCP 443 that has the Filtering mode option set to Single host in the properties for the cluster. C. Change the Handling priority option for the TCP 443 port rule to the value of 1 in the properties for Certech Web2. D. In the properties for the cluster, create a new port rule for port TCP 443 that has the Filtering mode option set to Multiple host and the Affinity option set to the value of Single. Answer: BC Section: (none) Explanation/Reference:

QUESTION 10 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. Your company runs Terminal Services. You intend to install an application update for the lobapp.exe application on the Terminal Server. You find instances of the lobapp.exe processes left behind by users who have disconnected. In order to make sure that you can perform an application update, you have to terminate all instances of the lobapp.exe processes. In order to achieve this, what action should you perform? A. In order to achieve this, the Tskill lobapp /a command should be run on the Terminal Server. B. In order to achieve this, the Get-Process cmdlet should be run on the Terminal Server. C. In order to achieve this, the Tasklist /fi "IMAGENAME eq lobapp.exe" command should be run on the Terminal Server. D. In order to achieve this, you should end all instances of lobapp.exe in the Terminal Services Manager console. Answer: AD Section: (none) Explanation/Reference:

QUESTION 11 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. There is has a single Active Directory domain named wiikigo.com in your company. Two domain controllers and 60 member servers are contained by the domain. Windows Server 2008 is run by all servers. Key Management Service (KMS) is installed and activated on one of the domain controllers. KMS auto-discovery is utilized by all servers to find the KMS server. Since you are the technical support, you are required to modify the port utilized by KMS from its default port to port 12200. Which actions should be performed to achieve the goal? (Choose more than one.) A. To achieve the goal, the slmgr.vbs skms KMSServer: 12200 command should be run on the client computers at the command prompt. B. To achieve the goal, the slsvc service should be restarted on the KMS server. C. To achieve the goal, the DNS Server service should be restarted on the KMS server. D. To achieve the goal, the slmgr.vbs skms KMSServer: 12200 command should be run on the KMS server at the command prompt. Answer: BD Section: (none)

Explanation/Reference:

QUESTION 12 You are an IIS Web server administrator implementing authentication settings for a new Web site. According to the requirements for the Human Resources Web site, users should be prompted for authentication information when they attempt to access the site. The site will be accessed only by users who have accounts in your organization's Active Directory domain. You have already configured the file system permissions for the content based on the appropriate settings. You also want to maximize security of the site. Which two actions should you take to meet these requirements? A. B. C. D.

Enable Windows authentication. Enable basic authentication. Disable anonymous authentication. Enable anonymous authentication.

Answer: AC Section: (none) Explanation/Reference:

QUESTION 13 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. Your company has a Network Load Balancing cluster named nlb.wiikigo.com. The cluster hosts are named WEB1 and WEB2. The cluster is configured with a single port rule that evenly distributes HTTP traffic between both hosts. WEB2 needs to be configured to handle all HTTPS traffic for nlb.wiikigo.com. You must retain the even distribution of HTTP traffic between WEB1 and WEB2. What should you do to achieve this? (Choose more than one) A. In the properties for the cluster, create a new port rule for port TCP 443 that has the Filtering mode option set to Single host. B. In the properties for WEB2, the Handling priority option for the TCP 443 port rule should be changed to the value of 1. C. In the properties for WEB1, the Handling priority option for the TCP 443 port rule should be changed to the value of 0. D. In the properties for the cluster, create a new port rule for port TCP 443 that has the Filtering mode option set to Multiple host and the Affinity option set to the value of Single. Answer: AB Section: (none) Explanation/Reference:

QUESTION 14 You are an administrator at Certkiller.com. You are instructed to implement a member server that runs Windows Server 2008. Web Server (IIS) role is also installed on the member server. The primary purpose of the member server is to host intranet websites. The company policy dictates that a server should: 1. use encryption for all authentication traffic to the intranet website 2. Avoid SSL on the web server for performance reasons 3. Authenticate users through Active Directory credentials What should you do to configure all websites on the server according to the company policy? (Choose three answers. Each answers is a part of the complete solution)

A. B. C. D. E.

Enable the Active Directory Client Certificate Authentication on the server Disable the Basic Authentication setting on the server Enable Digest Authentication setting on the server Enable Windows Authentication setting on the server Disable Anonymous Authentication setting on the server ActualTests.com

Answer: CDE Section: (none) Explanation/Reference: Explanation: To configure all website on the server according to the company policies, you should first disable Anonymous Authentication setting on the server and then enable Digest Authentication and Windows Authentication settings on the server. Reference: http://support.microsoft.com/kb/810572

QUESTION 15 You have recently created and distributed RDP files for a certain RemoteApp program. However, you find that the application performs poorly and needs to be migrated to a more powerful server. What should you do to ensure that users can connect to the RemoteApp program after it is migrated? (Choose two. Each answer presents a complete solution.) A. Create a new TS Web Access site for the new terminal server and publish the application to the new site. B. Re-create an RDP file for the RemoteApp program after the migration and distribute the file to users. C. Modify the properties of the existing RDP file and re-distribute the file to users. D. In TS RemoteApp Manager on the old terminal server, change the Terminal Server settings so that the server name listed is the new terminal server. Answer: AB Section: (none) Explanation/Reference:

QUESTION 16 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. You have two servers that run Windows Server 2008 Enterprise. Both servers have the Failover Clustering feature installed. You have the servers configured as a two-node cluster. The cluster nodes are named NODE1 and NODE2. You have an application named PrintService that includes a print spooler resource. You need to configure the cluster to automatically return the PrintService application to NODE1 after a failover. Which two actions should you perform? A. The Allow Failback and Immediate options should be enabled for the PrintService application. B. The If restart is unsuccessful, failover all resources in this server or application option should be disabled in the properties of the print spooler resource. C. The Period (hours) option should be set to 0 in the properties of the print spooler resource. D. NODE1 should be moved to the top of the list of preferred owners for the PrintService application. Answer: AD Section: (none)

Explanation/Reference:

QUESTION 17 Exhibit:

Certkiller.com has a server that runs Windows Server 2008. You install an IIS server role on this server. Certkiller.com has decided to add a new website to the IIS server. The settings of the new site are shown in the exhibit. What would you do to setup the new website according to the settings shown in the exhibit? A. Open the command prompt on the server and execute appcmd set app /app.name: Certkiller /[path='/']. physicalPath:d:\ Certkiller _content_ID2 command B. Open the command prompt on the server and execute the appcmd add site /name: Certkiller /id:45 / physicalPath: f:\ Certkiller _content /binding:http/:80:www. Certkiller.com command C. Open the command prompt on the server and execute the appcmd add app /app.name: Certkiller / [path='/'] D. Execute the command set-location /Certkiller -new website port: 80 by utilizing the MS Windows command prompt utility E. None of the other alternatives apply Answer: E Section: (none) Explanation/Reference: Explanation: To setup the new website according to the settings shown in the exhibit, you need to run the following command on the server: ActualTests.com appcmd add site /name: Certkiller /id:2 / physicalPath : d:\ Certkiller _content / binding :http /*:80: www. Certkiller.com. To add a site, you need to use the following syntax: appcmd add site / name:string / id:uint / physicalPath:string / bindings:string Reference: IIS 7.0: Create a Web Site / Command Line http://technet2.microsoft.com/windowsserver2008/en/liBRary/f6c26eb7-ad7e-4fe2-9239- 9f5aa4ff44ce1033. mspx

QUESTION 18 Certkiller.com has a server that runs Terminal Services. As an administrator at Certkiller.com, you plan to install an application update for an application named tsap.exe on the Terminal Server (TS). While checking the application, you find out that instances of tsap.exe process are running even after the users have disconnected. In order to perform an application update, you have to terminate all instances of tsap.exe process. Which two actions would you perform to achieve this objective? (Choose two answers. Each answer is a part of a complete solution) A. Open Terminal Services Manager Console and end all instances of tsap.exe B. Execute the TSapp - getprocess command on Terminal server

C. End all instances of the tsap.exe and restart the server. Execute a appkill command to stop the application immediately D. On the Terminal Server, execute Tskill tsap /a command E. None of the above Answer: AD Section: (none) Explanation/Reference: Explanation: To terminate all instances of tsap.exe process, you have to end all instances of tsap.exe process by accessing the Terminal Services Manager Console. The processes are displayed there. You kill the unwanted process by terminating a process. Use Microsoft Management Console to access the Terminal Services Manager console snap-in. After doing this, you have to execute a Tskill tsap /a command to end active processes. You can end the process by right-clicking on the process in the processes tab in Terminal Services Manager and clicking End process or you can use tskill command to do this. If you end a process through this command, no notification will be sent to the user. The process is ended immediately.

QUESTION 19 How can you ensure that an application installed on a computer running Terminal Services can support multiple users? A. B. C. D.

Use the Chglogon command. Use the Chguser command. Use the Qappsrv command. Use the Mstsc command.

Answer: B Section: (none) Explanation/Reference:

QUESTION 20 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. You are in charge of a member server that runs Windows Server 2008. The member server has the Web Server (IIS) server role installed. The server hosts a Web site that is only accessible to the executives of your company. According to the requirement of the company policy, the executives must use user certificates to access the confidential Web content. You have to make sure that the executives can only access the secure Web site by using their installed certificates. What action should you perform to make sure of this? A. A Certificate Trust list should be configured to include the executives certification authority (CA) certificate. B. The SSL settings should be configured to Require 128-bit SSL on the confidential Web site. C. The Client Certificates settings should be configured to Accept on the SSL settings for the confidential Web site. D. The Client Certificates settings should be configured to Require on the SSL settings for the confidential Web site. Answer: D Section: (none) Explanation/Reference:

QUESTION 21 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. There is an Active Directory domain in your company. Windows Server 2008 is run by two servers named S01 and S02. The Terminal Services server role is installed on S01. The Terminal Services Licensing role service is installed on S02. Only 10 Terminal Services Client Access Licenses are available. Now you receive an order from the company management. According to the company requirement, you have to limit the number of concurrent users connected to the Terminal Server to 10. So what action should you perform? A. A Group Policy object (GPO) should be created. Enable the Set the Terminal Services licensing mode policy setting should be enabled and the Per Device option chosen. The GPO should be applied to S01. B. A Group Policy object (GPO) should be created. Enable the Set the Terminal Services licensing mode policy setting should be enabled and the Per Device option chosen. The GPO should be applied to S02. C. A Group Policy object (GPO) should be created. The Set the Terminal Services licensing mode policy setting should be enabled and the Per User option should be chosen. The GPO should be applied to S01. D. A Group Policy object (GPO) should be created. The Set the Terminal Services licensing mode policy setting should be enabled and the Per User option should be chosen. The GPO should be applied to S02. Answer: D Section: (none) Explanation/Reference:

QUESTION 22 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. You perform the installation of a new server named S01 that runs Windows Server 2008. The server has the Streaming Media Services server role installed. You install and activate all Windows Media Services control protocols. Users connect to S01 locally and remotely through a firewall. Now you receive an order from the company management. According to the company requirement, you should make sure that the protocol rollover will occur only if the users are accessing S01 from the Internet. What action should you perform? A. In order to make sure of this, the Reliable Multicast Protocol should be installed on S01. B. In order to make sure of this, users should be enabled to access the streaming media by using announcements. C. In order to make sure of this, the Quality of Service (QoS) service should be installed on the network adapter. D. In order to make sure of this, the firewall should be configured to forward incoming port 1755 traffic to S01. Answer: B Section: (none) Explanation/Reference:

QUESTION 23

You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. There is an Active Directory domain in your company. The company runs Terminal Services. A user has remotely logged on to the Terminal Server. The user requires help to use an application. When you connect to the Terminal Server session, you are not able to operate any applications. You have to make sure that you can assist any user on the Terminal Server. So what action should you perform to achieve this? A. Use remote control should be enabled with the following settings in the RDP-Tcp Properties. The Level of control policy setting should be configured to Interact with the session. The user should be instructed to log off and log back on. B. After the Tscon /v command is run from the Terminal Server, reconnect to the session. C. After the Chgusr /execute command is run on the Terminal Server, reconnect to the session. D. Use remote control should be enabled with default user settings in the RDP-Tcp Properties. Answer: A Section: (none) Explanation/Reference:

QUESTION 24 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. There is a server that runs Windows Server 2008 in your company. The server has the Web Server (IIS) server role installed. Now you receive an order from the company management. You are asked to activate SSL for the default Web site. What should you do? (Choose more than one) A. Use the IIS Manager console to add bindings for the HTTPS protocol to the default Web site. B. You should use the IIS Manager console to obtain and import a server certificate. C. Use the Server Manager console to perform the installation of the Digest Authentication component for the Web server role. D. You should choose the Generate Key option in the Machine Key dialog box for the default Web site. Answer: AB Section: (none) Explanation/Reference:

QUESTION 25 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. You manage a server that runs Windows Server 2008. The TS Gateway role service is installed on this server. You have to provide a security group access to the TS Gateway server. So what action should you perform? A. B. C. D.

A Terminal Services Resource Authorization Policy should be created and configured. A Terminal Services Connection Authorization Policy should be created and configured. The security group should be added to the Remote Desktop Users group. The security group should be added to the TS Web Access Computers group.

Answer: B

Section: (none) Explanation/Reference:

QUESTION 26 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. You are in charge of a server that runs Windows Server 2008. The server has the Hyper-V server role installed. You create a new virtual machine and perform an installation of Windows Server 2003 on the virtual machine. You have the virtual machine configured to use the physical network card of the host server. You find that you are unable to access network resources from the virtual machine. You have to make sure that the virtual host can connect to the physical network. What action should you perfrom? A. In order to make sure that the virtual host can connect to the physical network, the Multipath I/O feature should be enabled on the host server. B. In order to make sure that the virtual host can connect to the physical network, you should perform the installation of the Microsoft Loopback adapter on the virtual machine. C. In order to make sure that the virtual host can connect to the physical network, you should perform the installation of Microsoft Hyper-V Integration Components on the virtual machine. D. In order to make sure that the virtual host can connect to the physical network, you should perform the installation of the Microsoft Loopback adapter on the host server. Answer: C Section: (none) Explanation/Reference:

QUESTION 27 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. You work in a company named Wiikigo, Ltd. and Windows Server 2008 is run in the company. A Web server named web.wiikigo.com is administered by you. Two Web sites are hosted by the Web server. And they are respectively named www.wiikigo.com and webmail.wiikigo.com. Users utilize HTTP to get access to both the sites from the Internet. According to the company security policy, the following requirements should be satisfied. You need to make sure Internet users can get access to the webmail.wiikigo.com site only through Secure HTTP (HTTPS). And then, two folders named Order and History on www.wiikigo.com can only get accessed through HTTPS. At last, no security warnings should be accepted by any user when they connect to both sites. You are required to have SSL certificates added on web.wiikigo.com. And the company security policy requirements listed above should be met. Which action should be performed to meet the requirements? A. To meet the requirements, one certificate from the public trusted certification authority should be requested for web.wiikigo.com. B. To meet the requirements, separate certificates from the public trusted certification authority should be requested for www.wiikigo.com and webmail.wiikigo.com. C. To meet the requirements, a self-signed certificate should be generated for web.wiikigo.com. D. To meet the requirements, separate domain certificates should be generated for www.wiikigo.com and webmail.wiikigo.com. Answer: B Section: (none)

Explanation/Reference:

QUESTION 28 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. The Web Server (IIS) server role and the SMTP Server feature are installed on a server that Windows Server 2008 is run. Since you are the technical support, you are required to configure the new SMTP server so as to forward mail to the mail server of the Internet Service Provider (ISP). Which action should be performed to achieve the goal? A. To achieve the goal, the SMTP delivery setting should be configured to Attempt direct delivery before sending to smart host. B. To achieve the goal, the smart host setting should be set to use the local host. C. To achieve the goal, the smart host setting should be set to use the mail server of the ISP. D. To achieve the goal, the appcmd /delivery method:PickupDirectoryFromIis command should be run. Answer: C Section: (none) Explanation/Reference:

QUESTION 29 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. You have a Terminal Services farm that contains several Terminal Servers. One of the Terminal Servers should be configured as a dedicated redirector. After you configure the appropriate DNS records, what action should you perform next? A. B. C. D.

The server should be configured to deny new user logons from Terminal Services Configuration. The licensing mode should be set to per user from Terminal Services Configuration. The licensing mode should be set to per device from Terminal Services Configuration. The relative weight of the server should be changed to 50 from Terminal Services Configuration.

Answer: A Section: (none) Explanation/Reference:

QUESTION 30 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. There are 10 servers, and Windows Server 2008 is run by the servers. The Web Server (IIS) server role is installed on the servers. The servers are configured as members of a Web server farm. The same Web site is hosted by the servers. The servers should be configured and the requirements listed below should be met. First, you should permit the Web server configurations changes that are made on one server to be made on all servers in the farm. Second, administrative effort should be cut to the least to perform the configuration changes. Which action should be performed to meet the requirements?

A. A DFS Namespace should be created. And then, the Inetpub folder should be configured as the target of the DFS Namespace on each server. B. On all servers, the Shared Configuration settings should be configured. C. On one server, the Shared Configuration setting should be configured. D. On one server, a scheduled task that copies the Intepub folder to the other servers should be created. Answer: B Section: (none) Explanation/Reference:

QUESTION 31 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. Windows Server 2008 is run by your company. The company network is configured as an Active Directory domain named wiikigo.com. The network has a Web server named WEB1. The domain users use http://web1 to access WEB1. You have a self-signed certificate generated for WEB1 and have WEB1 configured to use SSL. Now you receive report from users saying that they get a warning message when they use https://web1 to connect to WEB1. You have to make sure that users can connect to WEB1 without receiving a warning message. So what action should you perform? A. Join WEB1 to the wiikigo.com domain. Reissue the self-signed certificate. Request all the users to connect to WEB1 by using https: //web1.wiikigo.com. B. Create a DNS Host (A) Record for WEB1 in the wiikigo.com zone. Reissue the self-signed certificate. Request all the users to connect to WEB1 by using https: //web1.wiikigo.com. C. The https: //web1 name should be added to the list of Trusted Sites zone on all the computers in the domain. D. Open the Certificates snap-in on WEB1. The self-signed certificate should be exported to a web1.cer file. Have the web1.cer file installed on all the computers in the domain. Answer: D Section: (none) Explanation/Reference:

QUESTION 32 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. You have the Web Server (IIS) server role installed on two servers. The two servers are respectively named S01 and S02. Windows Server 2008 is run by the servers. Your company has a Web site named www.wiikigo.com hosted on S01. The Web site is due for maintenance. The Web content must be available during maintenance. You create a mirror Web site located on S02. The www. wiikigo.com site needs to be configured to redirect requests to S02. What action should you perform first? A. The appcmd set config /section:httpRedirect /enabled:false command should be run. B. The appcmd set config /section:httpRedirect /enabled:true command should be run. C. The appcmd set site /site.name:wiikigo /+bindings.[protocol='http',www1.wiikigo.com] command should be run. D. The appcmd set site /site.name:wiikigo /-bindings.[protocol='http',www.wiikigo.com] command should be run.

Answer: B Section: (none) Explanation/Reference:

QUESTION 33 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. There is a Windows Server 2003 Active Directory domain in your company. Windows Server 2008 is run by a server which is named S01. The Terminal Services server role is installed on S01. Windows Server 2003 is run by a server which is named S02. The TS Licensing role service is installed on S02. You have to configure the Terminal Services Per User Client Access License (TS Per User CAL) tracking and reporting to work on both S01 and S02. What action should you perform? A. B. C. D.

The TS Licensing Server should be activated on S02. S01 should be renamed to have the same computer name as the domain and join it to a workgroup. S01 should be added to the servers managed by the Windows Server 2003 TS Licensing service. After uninstall the TS Licensing role service on S02, you should install that role service on S01. TS Per User CAL tracking and reporting should be configured on S01.

Answer: D Section: (none) Explanation/Reference:

QUESTION 34 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. Your company has an Active Directory domain. All servers in the domain run Windows Server 2008. The TS Gateway role service is installed on a server named S01. The Terminal Services server role is installed on two servers named S02 and S03. S02 and S03 are configured in a load balancing Terminal Server farm named TSLoad. You perform the installation of the TS Session Broker role service on a new server named S04. You have the TSLoad farm added to the TS Session Broker configuration on S04. You have to make sure that the TS Session Broker can accept connections from S02 and S03. In order to make sure of this, what action should you perform? A. S02 and S03 should be added to the Windows Authorization Access domain local security group in the Active Directory domain. B. S02 and S03 should be added to the Session Broker Computers local group on S04. C. A Group Policy object (GPO) should be configured to set the Allow reconnection from original client only option in the Terminal Services section to True. The GPO should be applied to all client computers. D. A Group Policy object (GPO) should be configured to set the Require secure RPC communications option in the Terminal Services Security section to True. The GPO should be applied to S2 and S3. Answer: B Section: (none) Explanation/Reference:

QUESTION 35 You work as the IT professional in an international company which is named Wiikigo. You are experienced

in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. You are in charge of a server that runs Windows Server 2008. The Terminal Services server role is installed on the server. A Terminal Services application runs on the server. Now you receive report from users saying that that the application stops responding. You monitor the memory usage on the server for a week and find that the application has a memory leak. A patch is not currently available. You create a new resource-allocation policy in Microsoft Windows System Resource Manager (WSRM). You configure a Process Matching Criteria named TrackShip and choose the application. You have to terminate the application when the application consumes more than half of the available memory on the server. What action should you perform? A. The resource-allocation policy and the maximum working set limit option should be set to half the available memory on the server. The new policy should be set as a Managing Policy. B. The resource-allocation policy and the maximum committed memory option should be set to half the available memory on the server. The new policy should be set as a Profiling Policy. C. The resource-allocation policy and the maximum committed memory option should be set to half the available memory on the server. The new policy should be set as a Managing Policy. D. The resource-allocation policy should be configured and the maximum working set limit option should be set to half the available memory on the server. The new policy should be set as a Profiling Policy. Answer: C Section: (none) Explanation/Reference:

QUESTION 36 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. A Web site is hosted by your company, and the web site is on a server that runs Windows Server 2008. The Web Server (IIS) server role is installed on the server. The company configures SSL on the Web site for virtual directories which encryption is needed. A new Web application is implemented on the Web site. Its own logon page named userlogin.aspx is contained by the new application. Forms Authentication is enabled in the Web site properties. Since you are the technical support, you are required to configure the Web site so as to authenticate user accounts by utilizing userlogin.aspx. Which action should be performed to achieve the goal? A. To achieve the goal, the Login URL property for the Forms Authentication Settings should be configured to the userlogin.aspx filename. B. To achieve the goal, the Default Document setting should be configured to add the userlogin.aspx filename in the Web site properties. C. To achieve the goal, the Forms Authentication Settings should be configured to Require SSL. D. To achieve the goal, the Name property of the Cookie Settings should be configured to the userlogin. aspx filename. Answer: A Section: (none) Explanation/Reference:

QUESTION 37 Which of the following is not a component of Windows Deployment Services? A. Image store B. Trivial File Transfer Protocol (TFTP) server

C. Windows System Image Manager (Windows SIM) D. Pre-boot execution Environment (PXE) server Answer: C Section: (none) Explanation/Reference:

QUESTION 38 Which of the following is the most efficient way to activate 15 volume-license computers running Windows Vista on a research subnet that has no Internet access? A. B. C. D.

MAK-independent activation MAK proxy activation KMS host activation Retail key activation

Answer: B Section: (none) Explanation/Reference:

QUESTION 39 You work as the IT professional in an international company which is named Wiikigo. You are experienced in implementing and administering a network operating system. You are specialized in deploying servers, configuring Windows Server 2008 Terminal services and network application services, and configuring a web services infrastructure. You have the Web Server (IIS) server role installed on a new server that runs Windows Server 2008. You perform the installation of a Microsoft .NET Framework application on a Web site on the Web server. The application launches a process that presents a real-time graphical report to the Web browser and creates a text report file on the hard disk drive. According to the requirement of the company security policy, the application must not write to the event log, access Open Database Connectivity (ODBC) data sources or make network or Web service calls. The Web site needs to be configured so that the application can be executed. You must make sure that the application meets the outlined security requirements. So what action should you perform to make sure of this? A. B. C. D.

In order to make sure of this, the .NET Framework trust level should be set to Medium for the Web site. In order to make sure of this, the .NET Framework trust level should be set to Full for the Web site. In order to make sure of this, the .NET Framework trust level should be set to Low for the Web site. In order to make sure of this, the .NET Framework trust level should be set to High for the Web site.

Answer: A Section: (none) Explanation/Reference:

QUESTION 40 TS3 is a server running Windows Server 2008 and Terminal Services. You have the responsibility of supporting users who connect to TS3 to run various applications. Users complain that the application is responding slowly. You use the quser command on TS3 and discover that many users have multiple disconnected sessions on the server with idle times of two days or more. You want to reduce the strain on the TS3 by eliminating disconnected sessions that have been idle for more than two days. What should you do?

A. B. C. D.

Use the Rwinsta command. Use the Tsdicon command. Use the Tskill command. Use the Tscon command.

Answer: A Section: (none) Explanation/Reference:

QUESTION 41 You are a systems administrator who is attempting to troubleshoot a problem with accessing a Web site on a computer running Windows Server 2008. In the past, users have been able to access the Web site by using http://hr.contoso.com. However, when they attempt to access the site now, they receive the error message "Internet Explorer Cannot Display The Web page." Which of the following steps should you take to resolve the error? A. B. C. D. E.

Using Server Manager, add the HTTP Errors server role. Using Server Manager, verify that the World Wide Web Publishing Service has been started. Verify the configuration of the users?? Web browsers. Using Server Manager, add the HTTP Logging server role. Using Server Manager, click Web Server (IIS) in the list of roles, and verify that the IIS Admin Service has been started.

Answer: B Section: (none) Explanation/Reference:

QUESTION 42 Your network includes a TS Gateway server named TSG1. TSG1 has installed a self- signed server certificate that it uses for SSL communications. You want to use a computer running ISA Server as an SSL endpoint for TS Gateway connections. Which of the following steps must you take to ensure that ISA Server can communicate with TS Gateway? A. B. C. D.

Enable HTTPS-HTTP bridging between ISA Server and TS Gateway. Open TCP port 443 on the computer running ISA Server. Export the SSL certificate of ISA Server to TS Gateway. Export the SSL certificate of TS Gateway to ISA Server.

Answer: D Section: (none) Explanation/Reference:

QUESTION 43 As an administrator at Cer-tech .com, you have installed a new server named MS12 that runs Windows Server 2008. This server should be used for steaming media purposes. So you install Streaming Media Services role on the server. Since all client machines have Windows Vista as their operating system and they only use Windows Media Player 11 application, you configure a Publishing Point and assign source of content that has video media. Users report that they are unable to pause and rewind the video using Windows Media Player 11.

What should you do to ensure that users have full playback control of the streaming media? A. B. C. D. E.

Set and configure Real Time Streaming Protocol (RTSP) on MS12 Reconfigure the Publishing Point as an on-demand publishing point Uninstall and then reinstall the Publishing Point Configure the MS12 server to use Simple Object Access Protocol (SOAP) instead of Publishing Point None of the above

Answer: B Section: (none) Explanation/Reference:

QUESTION 44 Cer-tech .com runs Terminal services on an Active Directory domain. As an administrator of Cer-tech .com, you configure the main office printer as the default printer on Terminal server. Cer-tech .com has a stringent security policy which states that all the remote client computers must meet the following requirements: * The default printer on client computers must be the main office printer * Users must also be able to access their local printers during a terminal session To meet the company policy, you have to set a Group Policy Object by using the Terminal Services Printer Redirection template. What should you do to achieve this objective? A. In a session options, set the 'Do not set default client printer' to default printer Enabled. Apply GPO to the Terminal Server B. Set the Terminal services option on print to default printer and disable Easy printer driver. Apply the GPO to the Terminal Server C. Apply the GPO to all the client computers and configure their printer options to Set default printer for office printer and local printers as user printers D. Configure Easy Printer driver and disable the first option. Apply the GPO to the Terminal Server E. None of the above Answer: A Section: (none) Explanation/Reference:

QUESTION 45 You are a systems administrator responsible for securing a Windows Server 2008 Web server. You have created a new Web site called Contoso Intranet that will contain seven Web applications. One of the application developers has told you that her Web application requires a new request handler that is processed using a .NET library her team created. How can you meet these requirements while also maximizing security for the server? A. B. C. D.

Add a new managed handler to the Contoso Intranet Web site. Add a new managed handler for the specific Web application that requires it. Add a new module mapping to the Contoso Intranet Web site. Add a new module mapping for the specific Web application that requires it.

Answer: B Section: (none) Explanation/Reference:

QUESTION 46 Your company network has implemented a terminal server farm named TSFARM1. The farm consists of five computers running Windows Server 2008, including a server named TSLB1 on which the TS Session Broker role service is installed. You want to add a sixth computer running Windows Server 2008, named TSLB6, to the farm. After configuring the server with the same hardware and software options as those of the other farm members, you join TSLB6 to the farm by specifying TSLB1 as the TS Session Broker Server and TSFARM1 as the farm name in the TS Session Broker properties on TSLB6. You verify that some users who attempt to connect to the virtual server name TSFARM1 are able to establish Terminal Services sessions on TSLB6, but these users are not able to reconnect to disconnected sessions. You want users connecting to TSLB6 through TSFARM1 to be able to reconnect to disconnected RDP sessions. What should you do? A. B. C. D.

Add TSLB6 to the Session Directory Computers local group on TSLB6. Add TSLB6 to the Session Directory Computers local group on TSLB1. In the DNS server, add a Host (A) record named TSFARM1 that maps to the IP address of TSLB6. In the DNS server, add a Host (A) record named TSLB6 that maps to the IP address of TSLB6.

Answer: B Section: (none) Explanation/Reference:

QUESTION 47 Which TCP port must you leave open in your company's firewall if you want clients to be able to initiate RDP connections to terminal servers through TS Gateway? A. B. C. D.

25 3389 443 80

Answer: C Section: (none) Explanation/Reference:

QUESTION 48 You work as an IT support specialist. Your job responsibilities include managing server storage. You are designing storage for a new application server. The application makes heavy use of temporary storage, and you want to allocate three 20-GB disk drives to that storage. If excellent read and write performance is a high priority, and you also want to use as much available space as possible, which of the following volume types should you create? A. B. C. D. E.

Simple volume Spanned volume Mirrored volume Striped volume RAID-5 volume

Answer: D Section: (none) Explanation/Reference: