ATTENTION: PassLeader now is offering the latest and 100 percent pass ensure 70-649 exam braindumps, we guarantee our 70-649 exam questions are the newest, and you can pass 70-649 exam easily and quickly. Visit the our site passleader.com and get the free exam vce and pdf dumps and FREE VCE PLAYER!
Exam Code: 70-649
Exam Name: TS: Upgrading Your MCSE on Windows Server 2003 to Windows Server 2008, Technology Specialist
Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 has the following Remote Desktop Services (RDS) role services installed: Remote Desktop Session Host (RD Session Host)Remote Desktop Web Access (RD Web Access) You publish 10 RemoteApp programs on Server1 by using RD Web Access. You need to ensure that when users log on to the RD Web Access page, they see only the RemoteApp programs assigned to them. What should you modify from RemoteApp Manager?
A. the properties of each RemoteApp program
B. the RD Gateway Settings
C. the RDP Settings
D. the RD Session Host Server Settings
Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 has the Remote Desktop Gateway (RD Gateway) role service installed. You add the Domain Users group to a connection authorization policy named TS_CAP_01. You need to ensure that only client computers that have Windows Firewall enabled can connect to Remote Desktop resources through the RD Gateway. What should you do?
A. From Remote Desktop Gateway Manager, modify the properties of the TS_RAP_01 resource authorization policy.
B. From Remote Desktop Gateway Manager, modify the properties of the TS_CAP_01 connection authorization policy.
C. From the Network Policy Server console, modify the properties of the TS_CAP_01 network policy.
D. From the Network Policy Server console, modify the properties of the TS GATEWAY AUTHORIZATION POLICY connection request policy.
Your network contains two standalone servers named Server1 and Server2. Server1 has Microsoft SQL Server 2008 Reporting Services installed. Server2 has the SMTP Server feature installed. You configure the Reporting Services on Server1 to send reports by using Server2. You need to ensure that Server2 sends the reports. What should you do on Server2?
A. Configure a smart host.
B. Configure TLS encryption.
C. Modify the Relay restrictions settings.
D. Modify the Connection control settings.
You manage a member server that runs Windows Server 2008 R2. The server has the Web Server (IIS) server role installed. The Web server hosts a Web site named Intranet1. Only internal Active Directory user accounts have access to the Web site. The authentication settings for Intranet1 are configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that users authenticate to the Web site by using only the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2) encrypted Active Directory credentials. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Add the Digest Authentication role service and the URL Authorization role service to the server.
B. Add the Windows Authentication role service to IIS. Configure the Windows Authentication setting to Enabled in the Intranet1 properties.
C. Configure the Basic Authentication setting to Disabled in the Intranet1 properties.
D. Configure the Default domain field for the Basic Authentication settings on Intranet1 by adding the name of the Active Directory domain.
E. Configure the Basic Authentication setting to Disabled and the Anonymous Authentication setting to Enabled in the Intranet1 properties.
Your network contains a Web server that runs Windows Server 2008 R2. Remote management is configured for Internet Information Services (IIS). From IIS Manager Permissions, you add a user to a Web site. You need to prevent the user from using Internet Information Services (IIS) Manager to modify the authorization rules of the Web site. Which settings should you configure?
A. Authorization Rules
B. Feature Delegation
C. IIS Manager Permissions
D. IIS Manager Users
Your network contains a Web server named Server1 that runs Windows Server 2008 R2. You modify the configuration of Server1. You need to restore the previous Web server configuration. What should you run?
Your network contains a Web server named Web1 that runs Windows Server 2008 R2. Web1 has a wildcard certificate installed. Web1 has two Web sites as shown.
You discover that when you go to the URL https://site1.contoso.com in Internet Explorer, you connect to Site2. You need to ensure that when users go to https://site1.contso.com in Internet Explorer, they connect to Site1. The solution must ensure that all connections to Site1 are secure. Which two settings should you modify? (Each correct answer presents part of the solution. Choose two.)
A. the bindings for Site1
B. the bindings for Site2
C. the HTTP Redirect settings for Site1
D. the HTTP Redirect settings for Site2
Your network contains a server that runs Windows Server 2008 R2. The server has the Web Server (IIS) role installed. The server has a Web application that uses HTTP. All authentication methods are enabled for the Web application. You need to prevent passwords from being sent over the network in clear text. Which two authentication methods should you disable? (Each correct answer presents part of the solution. Choose two.)
E. Windows Integrated
Your company hosts a Web site on a server that runs Windows Server 2008 R2. The server has the Web Server (IIS) server role installed. SSL is configured on the Web site for virtual directories that require encryption. You are implementing a new Web application on the Web site. The new application has its own logon page named userlogin.aspx. You enable Forms Authentication in the Web site properties. You need to configure the Web site to use userlogin.aspx to authenticate user accounts. What should you do?
A. Configure the Forms Authentication Settings to Require SSL.
B. Configure the Name property of the Cookie Settings to the userlogin.aspx filename.
C. Configure the Login URL property for the Forms Authentication Settings to the userlogin.aspx filename.
D. Configure the Default Document setting to add the userlogin.aspx filename in the Web site properties.
Your network contains an FTP server named Server1. Server1 has an FTP site named FTP1. You need to hide all of the files in FTP1 that have an .exe file extension. The solution must ensure that users can list other files in FTP1. What should you modify?
A. the FTP authorization rules
B. the FTP directory browsing
C. the FTP request filtering
D. the NTFS permissions
Your network contains an Active Directory domain. The domain contains two sites named Site1 and Site2. Site1 contains four domain controllers. Site2 contains a read-only domain controller (RODC). You add a user named User1 to the Allowed RODC Password Replication Group. The WAN link between Site1 and Site2 fails. User1 restarts his computer and reports that he is unable to log on to the domain. The WAN link is restored and User1 reports that he is able to log on to the domain. You need to prevent the problem from reoccurring if the WAN link fails. What should you do?
A. Create a Password Settings object (PSO) and link the PSO to User1’s user account.
B. Create a Password Settings object (PSO) and link the PSO to the Domain Users group.
C. Add the computer account of the RODC to the Allowed RODC Password Replication Group.
D. Add the computer account of User1’s computer to the Allowed RODC Password Replication Group.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. The Active Directory Federation Services (AD FS) role is installed on Server1. Contoso.com is defined as an account store. A partner company has a Web-based application that uses AD FS authentication. The partner company plans to provide users from contoso.com access to the Web application. You need to configure AD FS on contoso.com to allow contoso.com users to be authenticated by the partner company. What should you create on Server1?
A. a new application
B. a resource partner
C. an account partner
D. an organization claim
The old answer was: a resource partner.
Since the account store has already been configured, what needs to be done is to use the account store tomap an AD DS global security group to an organization claim (called group claim extraction). So that’s what weneed to create for authentication: an organization claim. Creating a resource/account partner is part of setting up the Federation Trust.
Configuring the Federation Servers.
[All the steps for setting up an AD FS environment are listed in an extensive step-by-step guide, too long to post here.]
Add an AD DS Account Store.
If user and computer accounts that require access to a resource that is protected by Active DirectoryFederation Services (AD FS) are stored in Active Directory Domain Services (AD DS), you must add AD DS asan account store on a federation server in the Federation Service that authenticates the accounts.
Map an Organization Group Claim to an AD DS Group (Group Claim Extraction) When you use Active Directory Domain Services (AD DS) as the Active Directory Federation Services (AD FS)account store for an account Federation Service, you map an organization group claim to a security groupin AD DS. This mapping is called a group claim extraction.
Your network contains two Active Directory forests named contoso.com and adatum.com. Active Directory Rights Management Services (AD RMS) is deployed in contoso.com. An AD RMS trusted user domain (TUD) exists between contoso.com and adatum.com. From the AD RMS logs, you discover that some clients that have IP addresses in the adatum.com forest are authenticating as users from contoso.com. You need to prevent users from impersonating contoso.com users. What should you do?
A. Configure trusted e-mail domains.
B. Enable lockbox exclusion in AD RMS.
C. Create a forest trust between adatum.com and contoso.com.
D. Add a certificate from a third-party trusted certification authority (CA).
Your company has a main office and a branch office. The network contains an Active Directory domain. The main office contains a writable domain controller named DC1. The branch office contains a read-only domain controller (RODC) named DC2. You discover that the password of an administrator named Admin1 is cached on DC2. You need to prevent Admin1s password from being cached on DC2. What should you do?
A. Modify the NTDS Site Settings.
B. Modify the properties of the domain.
C. Create a Password Setting object (PSO).
D. Modify the properties of DC2s computer account.
Your network contains a server named Server1 that runs Windows Server 2008 R2. On Server1, you create an Active Directory Lightweight Directory Services (AD LDS) instance named Instance1. You connect to Instance1 by using ADSI Edit. You run the Create Object wizard and you discover that there is no User object class. You need to ensure that you can create user objects in Instance1. What should you do?
A. Run the AD LDS Setup Wizard.
B. Modify the schema of Instance1.
C. Modify the properties of the Instance1 service.
D. Install the Remote Server Administration Tools (RSAT).