QUESTION 21
Your network contains a server named Server1 that runs Windows Server 2008 R2. You create an Active Directory Lightweight Directory Services (AD LDS) instance on Server1. You need to create an additional AD LDS application directory partition in the existing instance. Which tool should you use?
A. Adaminstall
B. Dsadd
C. Dsmod
D. Ldp
Answer: D
QUESTION 22
You deploy a new Active Directory Federation Services (AD FS) federation server. You request new certificates for the AD FS federation server. You need to ensure that the AD FS federation server can use the new certificates. To which certificate store should you import the certificates?
A. Computer
B. IIS Admin Service service account
C. Local Administrator
D. World Wide Web Publishing Service service account
Answer: A
QUESTION 23
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has the Active Directory Federation Services (AD FS) Federation Service role service installed. You plan to deploy AD FS 2.0 on Server2. You need to export the token-signing certificate from Server1, and then import the certificate to Server2. Which format should you use to export the certificate?
A. Base-64 encoded X.509 (.cer)
B. Cryptographic Message Syntax Standard PKCS #7 (.p7b)
C. DER encoded binary X.509 (.cer)
D. Personal Information Exchange PKCS #12 (.pfx)
Answer: D
QUESTION 24
Your network contains a single Active Directory domain. The domain contains five read-only domain controllers (RODCs) and five writable domain controllers. All servers run Windows Server 2008. You plan to install a new RODC that runs Windows Server 2008 R2. You need to ensure that you can add the new RODC to the domain. You want to achieve this goal by using the minimum amount of administrative effort. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. At the command prompt, run adprep.exe /rodcprep.
B. At the command prompt, run adprep.exe /forestprep.
C. At the command prompt, run adprep.exe /domainprep.
D. From Active Directory Domains and Trusts, raise the functional level of the domain.
E. From Active Directory Users and Computers, pre-stage the RODC computer account.
Answer: BC
Learn The New Update 70-649 Exam Study Materials With Latest Exam Dumps To 100% Pass — http://www.passleader.com/70-649.html
QUESTION 25
Your company has an Active Directory forest that contains a single domain. The domain member server has an Active Directory Federation Services (AD FS) server role installed. You need to configure AD FS to ensure that AD FS tokens contain information from the Active Directory domain. What should you do?
A. Add and configure a new account store.
B. Add and configure a new account partner.
C. Add and configure a new resource partner.
D. Add and configure a Claims-aware application.
Answer: A
QUESTION 26
Your network contains a Network Policy Server (NPS) named Server1. Server1 is configured to use SQL logging. You add a second NPS server named Server2. You need to ensure that Server2 has the same RADIUS authentication and logging settings as Server1. You export the NPS settings from Server1, and then import the settings to Server2. What should you do next on Server2?
A. Create a new ODBC data source.
B. Run netsh.exe nps reset config.
C. Manually configure the SQL logging settings.
D. Restart the Network Policy Server (NPS) role service.
Answer: C
QUESTION 27
Your company has 10 servers that run Windows Server 2008 R2. The servers have Remote Desktop Protocol (RDP) enabled for server administration. RDP is configured to use default security settings. All administrators’ computers run Windows 7. You need to ensure the RDP connections are as secure as possible. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Set the security layer for each server to the RDP Security Layer.
B. Configure the firewall on each server to block port 3389.
C. Acquire user certificates from the internal certification authority.
D. Configure each server to allow connections only to Remote Desktop client computers that use Network Level Authentication.
Answer: CD
QUESTION 28
Your network contains a server named Server1 that runs Windows Server 2008 R2. You plan to deploy DirectAccess on Server1. You need to configure Windows Firewall on Server1 to support DirectAccess connections. What should you allow from Windows Firewall on Server1?
A. ICMPv6 Echo Requests
B. ICMPv6 Redirect
C. IGMP
D. IPv6-Route
Answer: A
QUESTION 29
Your network contains a Network Policy Server (NPS) named Server1. NPS1 provides authentication for all of the VPN servers on the network. You need to track the usage information of all VPN connections. Which RADIUS attribute should you log?
A. Acct-Session-Id
B. Acct-Status-Type
C. Class
D. NAS-Identifier
Answer: C
QUESTION 30
Your network contains a server named Server1.contoso.com. Server1 is located on the internal network. You have a client computer named Computer1 that runs Windows 7. Computer1 is located on a public network that is connected to the Internet. Computer1 is enabled for DirectAccess. You need to verify whether Computer1 can resolve Server1 by using DirectAccess. Which command should you run on Computer1?
A. nbtstat.exe Ca server1.contoso.com
B. netsh.exe dnsclient show state
C. nslookup.exe server1.contoso.com
D. ping.exe server1.contoso.com
Answer: D
QUESTION 31
Your company has deployed Network Access Protection (NAP) enforcement for VPNs. You need to ensure that the health of all clients can be monitored and reported. What should you do?
A. Create a Group Policy object (GPO) that enables Security Center and link the policy to the domain.
B. Create a Group Policy object (GPO) that enables Security Center and link the policy to the Domain Controllers organizational unit (OU).
C. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the domain.
D. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the Domain Controllers organizational unit (OU).
Answer: A
QUESTION 32
Your company has a network that has 100 servers. A server named Server1 is configured as a file server. Server1 is connected to a SAN and has 15 logical drives. You want to automatically run a data archiving script if the free space on any of the logical drives is below 30 percent. You need to automate the script execution. You create a new Data Collector Set. What should you do next?
A. Add the Event trace data collector.
B. Add the Performance counter alert.
C. Add the Performance counter data collector.
D. Add the System configuration information data collector.
Answer: B
QUESTION 33
Your network contains a server named Server1 that runs Windows Server 2008 R2. You have a user named User1. You need to ensure that User1 can schedule Data Collector Sets (DCSs) on Server1. The solution must minimize the number of rights assigned to User1. What should you do?
A. Add User1 to the Performance Log Users group.
B. Add User1 to the Performance Monitor Users group.
C. Assign the Profile single process user right to User1.
D. Assign the Bypass traverse checking user right to User1.
Answer: A
QUESTION 34
Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 has the Routing and Remote Access service (RRAS) role service installed. You need to view all inbound VPN packets. The solution must minimize the amount of data collected. What should you do?
A. From RRAS, create an inbound packet filter.
B. From Network Monitor, create a capture filter.
C. From the Registry Editor, configure file tracing for RRAS.
D. At the command prompt, run netsh.exe ras set tracing rasauth enabled.
Answer: B
Learn The New Update 70-649 Exam Study Materials With Latest Exam Dumps To 100% Pass — http://www.passleader.com/70-649.html
QUESTION 35
You perform a security audit of a server named CRM1. You want to build a list of all DNS requests that are initiated by the server. You install the Microsoft Network Monitor 3.0 application on CRM1. You capture all local traffic on CRM1 for 24 hours. You save the capture file as data.cap. You find that the size of the file is more than 1 GB. You need to create a file named DNSdata.cap from the existing capture file that contains only DNS-related data. What should you do?
A. Apply the display filter !DNS and save the displayed frames as a DNSdata.cap file.
B. Apply the capture filter DNS and save the displayed frames as a DNSdata.cap file.
C. Add a new alias named DNS to the aliases table and save the file as DNSdata.cap.
D. Run the nmcap.exe /inputcapture data.cap /capture DNS /file DNSdata.cap command.
Answer: D
QUESTION 36
You need to capture the HTTP traffic to and from a server every day between 09:00 and 10:00. What should you do?
A. Create a scheduled task that runs the Netsh tool.
B. Create a scheduled task that runs the Nmcap tool.
C. From Network Monitor, configure the General options.
D. From Network Monitor, configure the Capture options.
Answer: B
QUESTION 37
Your company has deployed Network Access Protection (NAP). You configure secure wireless access to the network by using 802.1X authentication from any access point. You need to ensure that all client computers that access the network are evaluated by NAP. What should you do?
A. Configure all access points as RADIUS clients to the Remediation Servers.
B. Configure all access points as RADIUS clients to the Network Policy Server (NPS).
C. Create a Network Policy that defines Remote Access Server as a network connection method.
D. Create a Network Policy that specifies EAP-TLS as the only available authentication method.
Answer: B
QUESTION 38
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and eu.contoso.com. You install a Network Policy Server (NPS) named Server1 in the contoso.com domain. You need to ensure that Server1 can read the dial-in properties of the user accounts in the eu.contoso.com domain. What should you do?
A. In the contoso.com domain, add Server1 to the RAS and IAS Servers group.
B. In the contoso.com domain, add Server1 to the Windows Authorization Access group.
C. In the eu.contoso.com domain, add Server1 to the RAS and IAS Servers group.
D. In the eu.contoso.com domain, add Server1 to the Windows Authorization Access group.
Answer: C
QUESTION 39
Your network contains a Network Policy Server (NPS) named NPS1. You deploy a new NPS named NPS2. You need to ensure that NPS2 sends all authentication requests to NPS1. What should you modify on NPS2?
A. health policies
B. network policies
C. RADIUS clients
D. remote RADIUS server groups
Answer: D
QUESTION 40
You deploy a Windows Server 2008 R2 VPN server behind a firewall. Remote users connect to the VPN by using portable computers that run Windows 7. The firewall is configured to allow only secured Web communications. You need to enable remote users to connect as securely as possible. You must achieve this goal without opening any additional ports on the firewall. What should you do?
A. Create an IPsec tunnel.
B. Create an SSTP VPN connection.
C. Create a PPTP VPN connection.
D. Create an L2TP VPN connection.
Answer: B
Guarantee Your Success In 70-649 Exam With Passleader 70-649 New Dumps