70-643 Measure Up

TS: Windows Server 2008 Applications Infrastructure, Configuring

Question Number (ID) : 1 (jcm643P_2.1_03)

______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for a company named Adventure Works. The company network is composed of a single Active Directory domain. Your job responsibilities include supporting user applications.

You have deployed a RemoteApp program named App4 on a server named TS4. Users connect to App4 through an RDP file that you have distributed through a network share. TS4 is reserved for hosting App4, and you have no plans to deploy any other application on this server.

Group Policy has been configured so that Terminal Services clients connecting from outside the network are directed to a Terminal Services gateway. However, users report that they are unable to launch App4 from outside the corporate network. Users currently connecting from both inside and outside the corporate network are able to launch RemoteApp programs hosted on other servers. Also, users connecting from within the corporate network are able to launch App4 without any difficulty.

You want users who connect either from inside or outside the corporate network to be able to run App4 on their computers. You want to achieve this with the least amount of administrative difficulty.

Which of the following procedures will accomplish this goal?

1. Using TS RemoteApp Manager on TS4, create a new RDP file that is configured with the option to bypass the TS Gateway server for local addresses. Distribute this new file to all users through a network share.

2. Using TS RemoteApp Manager on TS4, create a new RDP file that is configured with the option to detect TS Gateway server settings automatically. Distribute this new file to all users through a network share. <Correct>

3. Configure Group Policy so that all Terminal Services clients use the company's TS Gateway.

4. Using TS RemoteApp Manager on TS4, configure the TS Gateway settings to bypass the TS Gateway server for local addresses.

Explanation:The problem reported is restricted to external users: External users cannot connect specifically to App4, although they can connect to other internal programs. Therefore, the TS Gateway settings for App4 are most likely configured incorrectly. With this in mind, configure the RDP file for App4 so that only external users are directed through TS Gateway. You know that Group Policy settings already direct external clients to TS Gateway; you just need to apply these Group Policy settings to each user. When you configure an RDP file to detect TS Gateway server settings automatically, the RDP file will adopt the TS Gateway settings defined in Group Policy. This step achieves the desired result.

Configuring an RDP file with the option to bypass the TS Gateway server for local addresses will have no effect on remote users. This only ensures that internal users do not use the gateway.

You also do not want to configure Group Policy so that all Terminal Services clients use the company's TS Gateway; you want only external users to use TS Gateway.

Objective:Configuring Terminal Services

Sub Objective(s):Configure Windows Server 2008 Terminal Services RemoteApp (TS RemoteApp).

References:

MCTS Self-Paced Training Kit (Exam 70-643): Configuring Windows Server 2008 Applications InfrastructureChapter 4 - Lessons 2 and 3

Terminal Services RemoteApp (TS RemoteApp)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/57995ee7-e204-45a4-bcee-5d1f4a51a09f1033.mspx?mfr=true


Question Number (ID) : 2 (ad643P_3.7_01)

______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator attempting to troubleshoot a permissions problem for an IIS Web site. Users should be able to use the URL http://Server1.contoso.com/Intranet/ to access content located within the C:\Intranet\Downloads folder. Currently, users are reporting that they are prompted to provide authentication information when they attempt to connect to this URL. Users should be able to access the content without providing any authentication information. The rest of the site is accessible without requiring authentication. The virtual directory settings are shown in the exhibit. You want to restrict access to this content as much as possible while still meeting these requirements.

Which of the following options will resolve this issue?

1. Use the Connect as option, choose the Specific User option, and provide credentials of a group to which all the intended users of the content belong.

2. Use the Connect as option and choose the Application User (Pass-Through Authentication) option.

3. Convert the virtual directory to a Web application.

4. Use the Connect as option, choose the Specific User option, and provide credentials of an account that has access to the site. <Correct>

Explanation:The most likely cause of this problem is that users do not have permissions to access the contents of the virtual directory. By providing a specific username, IIS will be able to access the content without requiring additional credentials.

Assigning permissions to a group can be difficult and can reduce overall security for access to the virtual directory. Converting the virtual directory to a Web application will not change permissions settings.

Objective:Configuring a Web Services Infrastructure

Sub Objective(s):Configure Web site authentication and permissions.

References:


Understanding the Built-In User and Group Accounts in IIS7IIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Configuring-Security/Understanding-the-Built-In-User-and-Group-Accounts



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for installing and configuring Windows Media Services (WMS). The server has a single network interface card that is configured with one IP address. The server is also configured with the Web Server (IIS) server role with default options. During the WMS installation process, you received an error stating that there was a conflict with HTTP server settings and that the HTTP protocol could not be enabled. You want to provide access to both Windows Media Services and the Default Web Site by using HTTP. Both sites will be accessed by using a variety of different DNS addresses, and you are unable to change the DNS settings. Users should be able to access both services by using HTTP port 80.

Which of the following methods will meet these requirements? (Each answer presents part of the solution. Choose all that apply.)

1. Using IIS Manager, modify the site bindings for the Default Web Site to change the HTTP port number for the Default Web Site.

2. Using IIS Manager, modify the site bindings for Default Web Site to change the IP address binding. <Correct>

3. Using IIS Manager, modify the site bindings for the Default Web Site to change the host header setting.

4. Using the Windows Media Services application, modify the Port Selection option in WMS HTTP Server Control Protocol properties.

5. Add a new IP address binding to the existing network interface. <Correct>

Explanation:Because HTTP services must run by using a unique combination of IP address and port number, you should include an additional IP address on the server's network card. This will enable you to bind the Default Web Site to one IP address and the WMS HTTP Server Control Protocol to another address.

Because of the DNS requirements, you cannot use host header settings to provide different bindings for each site. The Windows Media Services application allows you to change the port configuration, but the requirements state that users must be able to access the service by using HTTP port 80.

Objective:Configuring Network Application Services

Sub Objective(s):Configure Windows Media server.

References:

MCTS Self-Paced Training Kit (Exam 70-643): Configuring Windows Server 2008 Applications InfrastructureChapter 8 - Lesson 1

Windows Media Services Deployment GuideMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/8c460651-cec6-4b93-bcab-b4d2038009be1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for a company named Fabrikam.com. Your job responsibilities include deploying and configuring terminal servers.

You are testing the deployment of a new TS Gateway server named TSGate4. Your goal is to enable authorized users to connect to a terminal server named TS4 through the new TS Gateway.

On a client computer named Client1 within the Fabrikam.com network, you configure Remote Desktop Connection to use TSGate4. You are then able to establish a Terminal Services session successfully on TS4 from Client1.

You need to verify that the connection from Client1 is connecting successfully through TS Gateway.

What step should you take to achieve this goal?

1. On TS4, use Terminal Services Manager to verify that Client1 has established a Terminal Services session.

2. On Client1, verify that the option to bypass the TS Gateway server for local addresses is disabled.

3. On Client1, verify that the option to bypass the TS Gateway server for local addresses is selected.

4. On TSGate4, use TS Gateway Manager to verify that Client1 has established a connection. <Correct>

Explanation:The only way to verify that a client is using TS Gateway is to use TS Gateway Manager to check for active connections. If Client1 has established a connection through TSGate4, you will see the connection in the console when you select the Monitoring folder.

You don't want to select the option to bypass the TS Gateway server. This option might prevent Client1 from connecting to TSGate4 if both computers are located on the same subnet.

Clearing the option to bypass the TS Gateway server for local addresses in fact might be necessary, but only if Client1 and TSGate4 are located on the same subnet. However, even if you must select this option, doing so does not enable you to verify that a client has connected successfully to TS Gateway.

Using Terminal Services Manager on TS4 will not enable you to determine whether Client1 has successfully connected through the TS Gateway server. It will only enable you to determine the status of Client1's connection to TS4.


Sub Objective(s):Configure Terminal Services Gateway.

References:


Terminal Services Gateway (TS Gateway)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/9da3742f-699d-4476-b050-c50aa14aaf081033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 administrator. You have enabled remote management for the Web Server (IIS) server role and have created an IIS Manager User account for test purposes. You have successfully verified the configuration by opening IIS Manager on the local computer and connecting to the appropriate Web site by providing the username and password you created. However, another user who is not a part of your organization has reported that she is unable to connect to the site by using IIS Manager.

Which of the following is the most likely cause of this problem?

1. A firewall is preventing HTTP or HTTPS access on port 8172. <Correct>

2. The SSL certificate that is assigned to the Management Service has expired.

3. The Management Service is currently stopped on the server.

4. The Management Service is configured to use Windows Credentials Only.

Explanation:For a remote user to connect to the server by using IIS Manager, firewalls must enable access using HTTP or HTTPS on port 8172.

Because the configuration works correctly while testing it locally, the Management Service is running and is configured to accept IIS Manager credentials. An invalid SSL certificate will not prevent standard HTTP-based connections.


Sub Objective(s):Manage Internet Information Services (IIS).

References:


Remote Administration for IIS ManagerIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Use-IIS7-Administration-Tools/IIS-Manager-Administration-Tool/Remote-Administration-for-IIS-Manager



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator configuring Windows Media Services. The name of the server is Server1.WingTipToys.com. You have configured the default on-demand publishing point to provide access to a single video file named CompanyIntro.wmv. You want users to access the video by using the most efficient protocol. Users will be connecting to the video by using your internal LAN and over the Internet. They will also be using various media players and versions.

Which of the following URLs should you use to provide access to the content?

1. rtsp://Server1.WingTipToys.com/CompanyIntro.wmv

2. http://Server1.WingTipToys.com/CompanyIntro.wmv

3. rtsp://Server1.WingTipToys.com/CompanyIntro.wsx

4. mms://Server1.WingTipToys.com/CompanyIntro.wmv <Correct>

Explanation:By default, a Windows Media Services server allows clients to choose the best protocol automatically, based on their connection type. To use this feature, use the MMS prefix for the URL.

The HTTP option provides support for traversing firewalls, but it is not the best connection option for LAN users. The Real Time Streaming Protocol (RTSP) provides improved performance but is often blocked by firewalls for Internet users. Files with the .wsx file extension are wrapper files and must be created to provide access to the video file.



References:


Client URL referenceMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/2be973ba-7e9b-4cc1-ab44-4f355946aaae1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for a company named Blue Yonder Airlines. The company network is composed of a single Active Directory domain. Your job responsibilities include supporting user applications.

You are hosting a RemoteApp program named App3 on a server named TS3. Users connect to App3 through an RDP file that you have distributed through a network share. TS3 is reserved for hosting App3, and you have no plans to deploy any other application on this server.

Users complain that they are not able to copy and paste items from App3 to other programs running on their computers. You want to enable users to copy and paste items from App3 to other programs running on their computers, and you want to achieve this with the least amount of administrative effort.

What should you do?

1. Configure the RDP Settings in TS RemoteApp Manager so that the Clipboard setting is disabled. Create a new RDP file for App3 and then distribute the file to users through a network share.

2. Configure the RDP Settings in TS RemoteApp Manager so that the Clipboard setting is enabled. Create a new RDP file for App3 and then distribute the file to users through a network share. <Correct>

3. Configure the RDP Settings in TS RemoteApp Manager so that the Clipboard setting is disabled. Inform users of the change and tell them to access App3 by using the same RDP file as they used before.

4. Configure the RDP Settings in TS RemoteApp Manager so that the Clipboard setting is enabled. Inform users of the change and tell them to access App3 by using the same RDP file as they used before.

Explanation:To enable users to copy and paste between a Terminal Services session and a client computer, you need to enable (not disable) the Clipboard option. In addition, if you change any RDP settings in TS RemoteApp Manager, you will need to re-create the RDP file. The old RDP file will preserve the old server settings.



References:





______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Wide World Importers. Your responsibilities include supporting terminal servers and clients.

Users in your company connect to several terminal servers to run applications. Some of these applications require audio to be streamed through the client session, but some users are complaining that they are not able to receive audio through Terminal Services sessions.

You want to allow users to enable audio redirection through Terminal Services sessions.

What should you do?

1. In Group Policy, configure the policy setting to allow audio redirection as Not Configured.

2. Enable audio redirection on the terminal servers in your organization.

3. In Group Policy, configure the policy setting to allow audio redirection as Enabled. <Correct>

4. In Group Policy, configure the policy setting to allow audio redirection as Disabled.

Explanation:To allow users to determine their own audio redirection settings, you need to enable audio redirection in Group Policy.

If you disable audio redirection in Group Policy, you will prevent users from enabling audio redirection. If you leave the policy setting as Not Configured, administrators will be able to prevent audio redirection on each individual server.

If you enable audio redirection individually on each terminal server, these settings are not enforced and can be changed at any time. In addition, this method is inefficient from an administrative point of view.


Sub Objective(s):Configure Terminal Services client connections.

References:


Terminal ServicesMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/servermanager/terminalservices.mspx



______________________________________________________________________________________________________________________________________________

You are a systems administrator setting up Web content for your organization's Windows Server 2008 IIS intranet site. You have created five separate Web applications within the Default Web Site. Each of the sites is designed for use by a specific department in your organization. Users of all the sites require access to a large library of human resources training videos. The files are contained in the path C:\WebContent\HRTraining\Videos, and you want to minimize the total amount of disk space consumed by this content. Members of the HR department frequently update these files. You want users of all the Web applications to be able to add /HRTraining to the end of their URL to access the videos.

Which of the following methods should you use to provide access to the video files while also minimizing the amount of consumed disk space?

1. Create a single virtual directory within the Default Web Site and assign the physical path to C:\WebContent\HRTraining\Videos.

2. Copy the HR Training video content from C:\WebContent\HRTraining\Videos to each of the Web applications' default folders.

3. Move the content from C:\WebContent\HRTraining\Videos to C:\Inetpub\wwwroot\HRTraining.

4. Create a separate virtual directory called HRTraining within each Web application and assign the physical path to C:\WebContent\HRTraining\Videos. <Correct>

Explanation:To make the same content available to users of each Web application, you should create multiple virtual directories that point to the same content.

Users will not be able to add /HRTraining to the end of a URL if you choose to create a single virtual directory. Copying the HR Training content is a possible solution, but it does not meet the requirement of minimizing disk space usage. Moving the content to the Inetpub folder will not make it available automatically for users of each Web application.


Sub Objective(s):Configure Web applications.

References:


Understanding Sites, Apps, and Vdirs in IIS7: SitesIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Getting-Started/Understanding-Sites,-Apps,-and-Vdirs-in-IIS7?Page=2



______________________________________________________________________________________________________________________________________________

You are a systems administrator attempting to troubleshoot a reliability problem for a Web application. Currently, six separate Web applications are running on the server. Approximately every four hours, a Web application named OnlineOrders stops responding. When this occurs, other Web sites also stop processing requests. You have notified the application developers, who are currently working on a fix for a memory leak in the OnlineOrders Web application.

Which of the following options will enable you to increase the stability of the server until the Web application can be updated? (Each correct answer presents part of the solution. Choose two.)

1. Change the .NET Framework Version to No Managed Code for the application pool to which the OnlineOrders application is assigned.

2. Change the Managed Pipeline Mode to Integrated for the application pool to which the OnlineOrders application is assigned.

3. Create a new application pool for use by only the OnlineOrders Web application. <Correct>

4. Configure the Recycling Conditions options for the OnlineOrders application pool to include automatic recycling and memory limitations. <Correct>

Explanation:By placing the OnlineOrders Web application in a separate application pool, you can limit the effects of memory leaks and other application errors. You can use the Recycling Conditions settings to automatically restart the Web application based on time and memory use limits. These measures can help increase stability of the server until an updated version of the application is available.

Changing the Managed Pipeline Mode and .NET Framework versions will not help increase stability and are likely to prevent the application from running properly.



References:


Managing Applications and Application Pools on IIS7 with WMIIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Use-IIS7-Administration-Tools/Scripting-IIS7/Managing-Applications-and-Application-Pools-on-IIS



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for supporting your organization's Web application development team. Currently, the developers are creating an ASP.NET application that requires the ability to send outbound messages through SMTP. For testing purposes, copies of the application have been deployed to four computers running Windows Server 2008 and the Web Server (IIS) server role. Each of these Web servers also hosts other Web applications.

You want to configure SMTP settings for each of the four Web servers to access an SMTP virtual server that you have created. You want to minimize the amount of administrative effort. You also want to be able to change SMTP server settings easily as part of the testing process.

How should you configure the Web applications to meet these requirements?

1. Using IIS Manager, configure the SMTP setting in the SMTP E-Mail feature for each Web application. <Correct>

2. Modify the Web.config file for each of the Web applications to include the necessary SMTP server settings.

3. Create a separate SMTP virtual server for use by each of the Web applications.

4. Using IIS Manager, configure all of the Web servers to use the Shared Configuration option.

Explanation:The SMTP E-Mail feature in IIS Manager provides you with an easy way to define and modify SMTP server settings for specific Web applications.

Adding SMTP server settings directly to Web.config files requires additional administrative effort because each of the files must be manually modified when changes are required. The Shared Configuration option will specify that all Web servers should use the same settings. Because the servers also host additional applications, this method will not meet the requirements.

It is not necessary to create separate SMTP virtual servers for each Web application, and this approach would require significant administrative effort.


Sub Objective(s):Configure Simple Mail Transfer Protocol (SMTP).

References:


SMTP Administration (IIS 6.0)Microsoft TechNetLink: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/4b115fcd-3f3b-4d3d-8d12-f51d2e996a12.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a network support specialist for Wingtip Toys. The Wingtiptoys.com network includes 20 servers running Windows Server 2008 and 200 client computers running Windows Vista.

The Worldwide Importers Web site is hosted on a single server named Web1. Recently, traffic to Web1 has been increasing, and performance has deteriorated. You want to improve the performance and availability of the Web site by distributing Web requests between two servers. You want both servers to respond to a single IP address, and if one partner server goes down, you want requests to be automatically redirected to the live partner.

Which of the following solutions will best enable you to meet your goals?

1. Add an identical server and configure the servers as a failover cluster.

2. Add an identical server and configure the servers as a Network Load Balancing (NLB) cluster. <Correct>

3. Configure both machines as a virtual cluster on a single server.

4. Add an identical server and configure the servers with round-robin distribution.

Explanation:NLB is the only option that meets all the stated goals. With round-robin distribution, each server shares the same name in DNS but not the same IP address. In addition, round-robin distribution does not check to see whether the owner of a DNS record is running, so Web requests could be directed to a server that is not operational. Failover clustering is used to prevent server downtime after a failure, not to distribute requests among servers. Configuring both machines as a virtual cluster will not improve performance beyond what would result from hosting the Web server on the base physical server.

Objective:Deploying Servers

Sub Objective(s):Configure high availability.

References:




______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator assisting a Web developer with troubleshooting an IIS configuration issue. The developer has stated that the configuration of IIS has been changed numerous times during the past two weeks. To resolve an authentication-related problem she is experiencing, she would like to see which changes were recently made to the server configuration. You have not made any manual backups of the IIS configuration on the server.

How can you obtain this information?

1. Use the AppCmd utility to restore a backup of the IIS server configuration.

2. View previous versions of the ApplicationHost.config file stored within the %SystemDrive%\Inetpub\History folder.<Correct>

3. Create a .NET application that accesses the Microsoft.Web.Management namespace to obtain information about the previous configuration of IIS.

4. Create a Windows Management Instrumentation (WMI) script to obtain information about the previous configuration of IIS.

Explanation:IIS automatically creates periodic backups of the configuration of the server. This information is stored within the %SystemDrive%\Inetpub\History folder. Each folder in that location contains a point-in-time copy of the ApplicationHost.config file. Developers and administrators can read and compare the files to get some details about which configuration changes have been made.

The AppCmd utility cannot be used because no manual backups of the server configuration were made. Creating a .NET application or a WMI script can be useful for administration, but these methods do not provide a way to access the prior configuration of the server.



References:


Introduction to ApplicationHost.configIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Use-IIS7-Administration-Tools/Using-XML-Configuration/Introduction-to-ApplicationHost-config

IIS7 Configuration ReferenceIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Use-IIS7-Administration-Tools/Using-XML-Configuration/IIS7-Configuration-Reference



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for Fabrikam.com. The Fabrikam.com network is composed of 30 computers running Windows Server 2008 and 300 computers running Windows XP Professional.

Two of the company's computers running Windows Server 2008 and 20 running Windows XP are located in a high-security research lab. Although these computers are connected to each other, they are physically disconnected from the rest of the Fabrikam.com network and from the Internet.

You and the rest of the IT staff are planning to upgrade the research lab's 20 client computers to Windows Vista Enterprise.

Which of the following activation options should you choose for these 20 client computers?

1. Activate by using Key Management Service (KMS).

2. Activate by using proxy activation with a Multiple Activation Key (MAK). <Correct>

3. Activate by using independent activation with retail keys.

4. Activate by using independent activation with a Multiple Activation Key (MAK).

Explanation:MAK proxy activation should be used to activate many (but fewer than 25) computers unable to communicate with the Internet or with a KMS server. In MAK proxy activation, the Volume Management Activation Tool (VAMT) is used to gather the Installation IDs from the computers to be activated and save this data to an XML file. The XML file is then transported to another computer with Internet access and imported into the VAMT. After communicating with the Microsoft activation servers, the second VAMT computer saves the Confirmation IDs for each of the computers to be activated to the same XML file. The XML file is finally transported back to the first VAMT computer in the isolated environment, and from there, the isolated machines can be activated centrally by using VAMT.

You cannot activate by using KMS. KMS requires at least 25 computers be activated, and the 20 isolated computers cannot communicate with any external KMS server.

You should not activate each computer independently. Because none of the computers in the isolated research lab can access the Internet, the only way to activate a retail key or a MAK independently would be to use the telephone. Although using the telephone to activate a computer is feasible when you have fewer than five computers, for 20 computers, this would be a very time-consuming process and is, therefore, not the best solution.


Sub Objective(s):Configure Microsoft Windows activation.

References:


Volume Activation 2.0 for Windows Vista and Windows ServerMicrosoft TechNetLink: http://technet.microsoft.com/en-us/windowsvista/bb335280.aspx

Biztech: Volume Activation 2.0Biztech.comLink: http://www.biztechmagazine.com/article.asp?item_id=286

Microsoft Product ActivationMicrosoft.com

Link: http://www.microsoft.com/licensing/resources/vol/default.mspx#EPEAC



______________________________________________________________________________________________________________________________________________

You are a systems administrator configuring a computer running Windows Server 2008 and the FTP Publishing Service (FTP 6). Your organization's security requirements state that all users who log on to the FTP server should be provided with a warning related to unauthorized site usage. The warning should appear only after users have successfully authenticated to the server.

How should you configure the server to meet these requirements?

1. Place a text file named Banner.txt in the root folder of the FTP site.

2. Add the warning text to the Welcome setting in the Messages tab of the properties of the FTP site. <Correct>

3. Add the warning text to the Banner setting in the Messages tab of the properties of the FTP site.

4. Place a text file named Welcome.txt in the root folder of the FTP site.

Explanation:The text that is configured in the Welcome setting for the FTP site will be displayed automatically after a user successfully authenticates with the FTP server.

The Banner text is displayed when the user first connects to the site but before he or she provides authentication information.

Placing text files in the root folder of the FTP site will not automatically display the message to FTP clients.


Sub Objective(s):Configure a File Transfer Protocol (FTP) server.

References:


Configuring FTP Site Properties (IIS 6.0)Microsoft TechNetLink: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/0d2a9b2e-b697-4bb3-8a61-0fad73a1fa08.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are the systems administrator of a Windows Server 2008 Web server named Web01.adventure-works.com. The server currently has a single physical network adapter with a single IP address assigned to it. Due to network design and security requirements, you are unable to add multiple IP addresses to the network adapter.

Currently, the site hosts a single Web application called SalesDatabase. Users in the Sales department access this server by using the URL http://SalesDatabase.adventure-works.com. Your manager has asked you to add a second Web application to the server. The application is called CustomerDB and is required to respond to the URL http://CustomerDB.adventure-works.com. You have created a new Domain Name System (DNS) record for CustomerDB within the adventure-works.com domain.

What should you do to enable the Web server to host the CustomerDB application based on these requirements?

1. Add a new application called CustomerDB to the Web site that contains the SalesDatabase application.

2. Create a new Web site that responds to HTTP port 80 and add separate host header names for the SalesDatabase and CustomerDB Web sites. <Correct>

3. Create a new Web site that responds to HTTP port 80 and use the same host header name for the SalesDatabase and CustomerDB Web sites.

4. Add a new virtual directory called CustomerDB to the Web site that contains the SalesDatabase application.

Explanation:Because both Web sites must respond to the default HTTP port (port 80), they must use the same protocol and port binding settings. To allow two different Web sites to use the same port and protocol, you can use different host header names. This option will meet the requirements because the appropriate DNS addresses have been created.

Using the same host header name for two sites will prevent both sites from being started at the same time. Adding a new application or virtual directory will require users to enter an additional name as part of the URL.


Sub Objective(s):Manage Web sites.

References:


IIS 7.0: Add a Web SiteMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/f6c26eb7-ad7e-4fe2-9239-9f5aa4ff44ce1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a network administrator for a company named Contoso.com. Your job responsibilities include managing terminal servers and clients.

You have deployed a terminal server named TS6 to host network monitoring applications. You and several other administrators connect to TS6 throughout the day to monitor various aspects of network performance. Some of these network monitoring applications can perform processor-intensive operations that slow the performance of other important applications.

You want to configure TS6 to ensure that no application process exhausts more than an equal share of TS6 processing power.

What should you do?

1. Install Windows System Resource Manager and set Equal_Per_Session as the managing policy.

2. Install Windows System Resource Manager and set Equal_Per_User as the managing policy.

3. Install Windows System Resource Manager and set Equal_Per_Process as the managing policy. <Correct>

4. Install Windows System Resource Manager and set Equal_Per_IISAppPool as the managing policy.

Explanation:Because you want to divide processor usage equally among processes, you should set the built-in Resource Allocation Policy named Equal_Per_Process as the managing policy in Windows System Resource Manager. When the Equal_Per_Process resource allocation policy is managing the system, each running process is given equal treatment. For example, if a server that is running ten processes reaches 70 percent processor utilization, Windows System Resource Manager will limit each process to using 10 percent of the processor resources while they are in contention. Note that resources not used by low-utilization processes will be allocated to other processes.

The Equal_Per_User policy sets a cap on processor usage by limiting all users, not processes, to an equal share of the terminal server processor or processors. The Equal_Per_Session policy distributes processor time equally among all user sessions, not among all processes. The Equal_Per_IISAppPool policy distributes the processor usage equally among all IIS application pools, not among all processes running on the terminal server.


Sub Objective(s):Configure and monitor Terminal Services resources.

References:




______________________________________________________________________________________________________________________________________________

You work as a network support specialist for a company named Fabrikam.com whose corporate network consists of a single Active Directory domain. The client network includes 10 servers running Windows Server 2008 Enterprise and 200 clients running Windows Vista Enterprise. All client computers are running Remote Desktop Connection 6.0.

Your network includes a terminal server named TS30 that is used to host a line-of-business application named App30.

A new company policy states that managers and IT personnel may only monitor the work of employees with the employees' permission. In addition, the policy states that managers and IT personnel can interact with user sessions only through Remote Assistance, not through Terminal Services.

The current RDP-Tcp settings for TS30 are shown in the exhibit. You need to ensure that TS30 complies with the new policy.

What should you do? (Each correct answer presents part of the solution. Choose two.)

1. Enable the Use Remote Control With Default User Settings option.

2. Enable the View The Session option. <Correct>

3. Enable the Do Not Allow Remote Control option.

4. Check the Require User's Permission check box. <Correct>

Explanation:You need to configure TS30 so that managers and IT personnel can only monitor, not interact with, user sessions. To meet this requirement, you need to ensure that the Use Remote Control With The Following Settings option is selected and then enable the View The Session option.

You also need to configure TS30 so that managers and IT personnel cannot monitor user sessions without the user's permission. To meet this requirement, select the Require User's Permission check box.


Sub Objective(s):Configure Terminal Services server options.

References:




______________________________________________________________________________________________________________________________________________

You are responsible for configuring a computer running Windows Server 2008 using FTP 7. The server is required to host two FTP sites. Administrators must be able to start and stop the FTP sites independently. The server is configured with a single public IP address. You would like users to be able to access each of the sites by using the default FTP port. However, each site must provide access to different content and must have different authentication settings.

How should you configure the FTP sites to meet these requirements?

1. Configure the FTP User Isolation setting to User Name Directory (Disable Global Virtual Directories).

2. Combine the sites into a single FTP site and add multiple site bindings.

3. Add FTP IPv4 Address And Domain Restrictions for both FTP sites.

4. Assign a different Host Name value for each of the FTP sites. <Correct>

Explanation:To start and stop the sites independently, you must create two separate FTP sites. By using different Host Name settings, you can configure the sites to respond on the same IP address and port number without conflicts.

Combining the sites will not allow them to be started and stopped independently. IPv4 Address And Domain Restrictions and FTP User Isolation settings will not allow two sites to use the same IP address and port number.



References:


Using virtual host namesIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Using-FTP-Server-in-IIS7/Using-virtual-host-names

Configuring FTP user IsolationIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Using-FTP-Server-in-IIS7/Configuring-FTP-user-Isolation



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for configuring SMTP services for use by your organization's Web applications. Currently, the environment consists of three servers that are running the Web Server (IIS) server role. Each server hosts a single Web application that requires an SMTP server. You have created a new SMTP virtual server for use by these applications, and your development team has confirmed that the settings are working properly. However, you have also found that unauthorized users and services are sending messages by using the SMTP virtual server. You want to ensure that only the three Web servers will be able to send messages by using the SMTP virtual server.

Which of the following methods will meet these requirements? (Choose all that apply.)

1. Add the Web server computers to the list of Operators on the Security tab of the properties of the SMTP virtual server.

2. Configure the SMTP virtual server to require Basic Authentication. <Correct>

3. Change the TCP Port setting for the SMTP virtual server.

4. Configure the Connection Control settings to allow only specific IP addresses to connect to the SMTP server.<Correct>

5. Configure Relay Restrictions settings to allow only the three Web servers to send messages.

Explanation:To restrict usage of the SMTP virtual server, you can require authentication credentials. All users would then be required to provide valid credentials to send messages. You can also restrict access to the server by configuring IP address restrictions in the Access tab of the properties of the SMTP virtual server.

TCP port settings define the port(s) on which the SMTP virtual server will respond. This setting will not automatically prevent unauthorized access. Operators settings define which users have access to reconfigure and manage the SMTP virtual server. Relay Restrictions settings will not prevent unauthorized users from sending messages by using the SMTP virtual server, although they might prevent some other forms of unauthorized usage.



References:





______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for a company named Trey Research. The Treyresearch.net network is composed of a single Active Directory domain. Your job responsibilities include deploying and configuring terminal servers.

You install and configure a new TS Gateway server named TSGate6 in the company's perimeter network. During installation, you choose the option to create a self-signed certificate on TSGate6.Your goal is to enable authorized users to connect from outside the corporate network to a terminal server named TS6 through the new TS Gateway.

You want to test TS Gateway from a client named Client3, which is a member of the Treyresearch.net Active Directory domain. Client3 is found in a remote location external to the corporate network.

Which of the following steps must you take to connect to TS6 from Client3 through the new TS Gateway?

1. Install a certificate from TS6 into the Trusted Root Certificate Authorities store on Client3.

2. Install a certificate from Client3 into the Trusted Root Certificate Authorities store on TSGate6.

3. Install a certificate from TSGate6 into the Trusted Root Certificate Authorities store on Client3. <Correct>

4. Install a certificate from the Treyresearch.net Certificate Authority into the Trusted Root Certificate Authorities store on Client3.

Explanation:A TS Gateway server communicates with its clients through the Secure Sockets Layer (SSL) protocol, which requires a server certificate. This SSL certificate can originate from a trusted third-party Certificate Authority (CA) or a trusted local CA such as Certificate Services. In addition, for testing purposes, the TS Gateway server can also generate its own server certificate. During the installation of TSGate6, you chose the option to create a self-signed certificate for SSL communications. Self-signed certificates are not trusted by any clients by default. For clients to be able to communicate with TSGate6, therefore, you need to install that server certificate in the Trusted Root Certificate Authorities store on each client. When the TS client trusts the source of the server certificate, the client can establish an SSL connection with TS Gateway.



References:


Terminal Services Gateway (TS Gateway)Microsoft TechNetLink: http://technet2.microsoft.com/WindowsServer2008/en/library/9da3742f-699d-4476-b050-c50aa14aaf081033.mspx



______________________________________________________________________________________________________________________________________________

You are a systems administrator for a computer running Windows Server 2008 that is running IIS. Currently, the server hosts numerous Web applications, all located within the Default Web Site. Your Web development team has recently requested that you deploy a new Web application in the Default Web Site. The developers inform you that numerous modifications to the default IIS settings are required for the application to function properly. Additionally, developers have determined that the Web application will be moved and copied between many servers during the testing phase of the project. The changes must not affect the configuration of other applications that are running on the server.

How can you meet these requirements?

1. Place the application-specific changes within a Web.config file located in the Web application's root directory.<Correct>

2. Place the application-specific changes within the ApplicationHost.config file for the server.

3. Use the AppCmd utility to make the necessary changes to the new Web application.

4. Use the Shared Configuration option to force IIS to use a different configuration file.

Explanation:Settings stored in individual Web.config files will override settings defined within the ApplicationHost.config file. Developers should place application-specific configuration changes in this file.

You can use the AppCmd utility to script configuration changes, but you must rerun these scripts whenever you move or copy the application to another server. The ApplicationHost.config file contains default settings for all the sites and applications on the server. Application-specific settings should not be defined here because they might affect all Web sites, and they can be difficult to repeat when the application is transferred to another server. The Shared Configuration option enables multiple IIS servers to use a centrally managed configuration file. It does not provide the ability to make application-specific modifications.



References:


Web Site Deployment Made EasyIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Getting-Started/Web-Site-Deployment-Made-Easy

ConfigurationIIS.NET Web siteLink: http://www.iis.net/default.aspx?tabid=7&subtabid=72



______________________________________________________________________________________________________________________________________________

You are attempting to troubleshoot a problem with a computer running Windows Server 2008, on which you have installed the Web Server (IIS) server role. Your users require access to a Web application that has been installed on the server. You have created a new Web application in the Default Web Site. The site uses a default page, Login.aspx, to enable users to access the application. When users attempt to connect to the site using Internet Explorer, they see the information shown in the exhibit. You want users to see the Login.aspx page when they enter the URL http://Server1/.

How can you resolve this problem?

1. Enable Windows Authentication for the Web application.

2. Reconfigure the site bindings for the Web site.

3. Add Login.aspx to the list of default documents for the Web application. <Correct>

4. Disable the Default Document feature for the Web application.

Explanation:The current site is showing a list of files in the Web application's directory because directory browsing is enabled and the default document was not found. Adding Login.aspx to the list of default documents will direct users automatically to Login.aspx.

Enabling Windows Authentication will prompt users for credentials when connecting to the site but will not redirect them automatically to the Login.aspx page. The site bindings affect the protocol, port, and host header for the Web site but will not redirect users to a specific page. Disabling the default document will require users to type the name of a specific page to access content on the Web site.



References:


Getting Started with IIS ManagerIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Use-IIS7-Administration-Tools/IIS-Manager-Administration-Tool/Getting-Started-with-IIS-Manager



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator troubleshooting performance problems related to Windows Media Services. Your network administrators have notified you that, during periods of high activity, your Windows Media Server is using a large amount of bandwidth and is reducing the performance of other network servers. Based on logging and Performance Monitor information from the server's on-demand publishing point, you have determined that bandwidth use is highest when many users connect to the server at the beginning of the day. You decide to use the Limits Properties settings for the publishing point to restrict maximum bandwidth use to 2000 Kbps.

Which of the following Limits Properties settings should you modify to meet these requirements?

1. Limit Bandwidth Per Player Connection

2. Limit Player Connections

3. Limit Aggregate Outgoing Distribution Bandwidth

4. Limit Aggregate Player Bandwidth <Correct>

Explanation:Limiting the Aggregate Player Bandwidth will place an upper limit on the total amount of network traffic that can be transferred by using the publishing point.

Creating Player Connections and Bandwidth Per Player Connection limits will not necessarily prevent excess bandwidth usage because the amount of bandwidth used by each user can vary significantly. Limiting distribution bandwidth affects the performance of connections only between caching and proxy servers.



References:


Windows Media Services FAQMicrosoft TechNetLink: http://www.microsoft.com/windows/windowsmedia/forpros/server/faq.aspx



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist in a company named Blue Yonder Airlines. The Blueyonderairlines.com network is composed of a single Active Directory domain. Your job responsibilities include deploying and supporting user applications.

You want to deploy a RemoteApp program named App12 on a terminal server named TS12. You plan to have users connect to App12 through TS Web Access.

You install App12 on TS12, but users report that when they attempt to connect to the TS Web Access page on TS12, they receive an error.

You want users to be able to run App12 by connecting to the TS Web Access site on TS12.


1. Configure TS Web Access to point to TS12.

2. In TS RemoteApp Manager on TS12, add App12 to the list of RemoteApp programs. <Correct>

3. In TS RemoteApp Manager on TS12, configure App12 with the option to be displayed in TS Web Access.

4. Install the TS Web Access role service on TS12. <Correct>

5. In TS RemoteApp Manager on TS12, configure a Windows Installer package for App12, and then deploy the program through Group Policy.

Explanation:If users are unable to connect to the TS Web Access site at all, it is likely that the TS Web Access role service has not been added on TS12. In addition, if you want a link for App12 to display on the TS Web Access page, you will need to add App12 to the list of RemoteApp programs on TS12.

You do not need to configure TS Web Access to point to TS12. This step is unnecessary whenever TS Web Access and the terminal server hosting the RemoteApp programs are located on the same computer.

You do not need to configure App12 with the option to be displayed in TS Web Access. This option is selected by default and, in the question scenario, you have not yet added App12 to the list of RemoteApp programs on TS12.

You do not need to configure a Windows Installer package for App12. You want users to connect to App12 through TS Web Access. In such a case, a Windows Installer package is not useful.



References:





______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for a company named Contoso Pharmaceuticals. The company network is composed of a single Active Directory domain. Your job responsibilities include deploying and configuring terminal servers.

A new corporate policy requires that users run RemoteApp programs only from trusted publishers. Currently, Contoso is hosting a single RemoteApp program, Microsoft Word, which is hosted on a server named Server5. Users currently connect to Word through an RDP file. You want to enforce the new corporate policy, and you want users to be able to run Word.


1. In TS RemoteApp Manager on Server5, create a new RDP file for Microsoft Word. Choose the option to sign the file with a digital certificate and then distribute the new RDP file to users through a network share. <Correct>

2. In TS RemoteApp Manager on Server5, configure the Digital Signature Settings with the option to sign RDP files with a digital certificate.

3. Configure Group Policy for Remote Desktop Connection to deny RDP files from unknown publishers. <Correct>

4. In TS RemoteApp Manager on Server5, create a new Windows Installer package for Microsoft Word.

5. Configure Group Policy for Remote Desktop Connection to allow RDP files from valid publishers.

Explanation:To meet the requirements of the new corporate policy, you need to prevent users from running RemoteApp programs from unsigned publishers. To meet this requirement, you need to configure Remote Desktop Connection settings in Group Policy to allow RDP files from trusted publishers only.

To meet the requirement that users be able to run Microsoft Word, you have to create a new RDP file for Word that is signed with a digital certificate. You then need to distribute that new RDP file to users.

If you configure the option to allow RDP files from trusted publishers, files from unknown publishers will not be blocked.

If you configure the Digital Signature Settings with the option to sign RDP files with a digital certificate, all subsequent RDP files you create in TS RemoteApp Manager will be signed by default. However, users still need to connect to Word with a new RDP file that is digitally signed by a trusted publisher.

Creating a new Windows Installer package will not solve the problem. If you want to meet the requirements of the new corporate policy by using a Windows Installer package, you will have to specify the option to sign the package with a certificate during the creation of the package. Then, you will have to distribute the file to users and instruct them to run the installer package. You cannot meet all of these requirements with the available answer choices.



References:





______________________________________________________________________________________________________________________________________________

You are a network administrator for a company named Fabrikam.com. Your job responsibilities include managing terminal servers and clients.

You have deployed a terminal server named TS1 to host an application named App1. App1 includes some graphical rendering capabilities that can be processor-intensive. You want to ensure that users who are taking advantage of these graphical rendering features exhaust more than an equal share of TS1's processing power.

How can you configure TS1 to share its processing power equally among users?

1. Install Windows System Resource Manager and set Equal_Per_Session as the managing policy.


3. Install Windows System Resource Manager and set Equal_Per_Process as the managing policy.

4. Install Windows System Resource Manager and set Equal_Per_User as the managing policy. <Correct>

Explanation:The Equal_Per_User policy sets a cap on processor usage by limiting all users to an equal share of the terminal server processor or processors. For example, if four users are running processes on the server, each user will be allocated 25 percent of the system resources to complete those processes. A user running a single application is allocated the same resources as a user running several applications.

The Equal_Per_Process policy distributes processor time equally among all running processes, not among all users. The Equal_Per_Session policy distributes processor time equally among all user sessions, and because each user can have more than one session, this policy does not necessarily distribute resources equally among users. The Equal_Per_IISAppPool policy distributes the processor usage equally among all IIS application pools, not among all users.



References:




______________________________________________________________________________________________________________________________________________

You are a systems administrator troubleshooting a problem on a Windows Server 2008 Web server. The server was recently restarted after performing routine maintenance. Although the majority of sites and Web applications on the server are working properly, three of the Web applications are returning the error shown in the exhibit. The Web server currently contains a single Web site that contains all the applications. You have verified that the routine maintenance operations did not make any changes to Web application content or to the configuration of IIS.

How can you resolve this issue?

1. Restore the IIS configuration to a previous version by using the AppCmd utility.

2. Start or recycle the application pool to which the three Web applications are assigned. <Correct>

3. Edit the site bindings for the Web site.

4. Modify the Authentication settings for the Web applications that are returning errors.

Explanation:The most likely cause of an HTTP 503 error is that the application pool to which the Web applications are assigned is stopped. Commonly, this is an issue when an application pool is not set to start up automatically.

Restoring the IIS configuration is not advisable because it could overwrite deliberate changes that were made to the configuration. Site bindings settings are unlikely to be the cause of the problem because other Web applications are responding properly. Authentication errors generally will not result in an HTTP 503 error.



References:


Diagnostics and Troubleshooting with IIS7IIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Explore-IIS7/Getting-Started/Diagnostics-and-Troubleshooting-with-IIS7?Page=1

Managing Applications and Application Pools on IIS7 with WMIIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Use-IIS7-Administration-Tools/Scripting-IIS7/Managing-Applications-and-Application-Pools-on-IIS



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for a company named Northwind Traders. The IT department at Northwind Traders has just completed a server consolidation project, and the network now runs many servers in a virtual environment. The corporate network includes 20 physical servers running Windows Server 2008 and 200 computers running Windows Vista. Another 10 servers have just been migrated to run as guest virtual machines on the physical servers.

One virtualized server named Web2 is running Windows 2000 Server and contains a single virtual hard disk (VHD). Web2 is running as a guest on a server named VS10. You discover that Web2 is compromised. The original Web page on Web2 has been replaced by one that solicits personal information from visitors. Upon discovering the attack, you immediately shut the server down.

You want to investigate the administrative logs on Web2 offline so that you can determine how the attack against your server was performed.

What should you do?

1. Boot the Web2 virtual machine from a WinPE CD and browse the log files.

2. Mount the Web2 VHD file in the file system on VS10. <Correct>

3. Migrate the Web2 virtual machine to another server not in production.

4. Migrate Web2 back to a physical server on the network.

Explanation:You can investigate the contents of a virtual hard drive offline by mounting it in the file system from the parent (host) operating system. Doing so would enable you to investigate the files safely and easily.

You do not need to migrate Web2 to another server. This step is unnecessary, and it would not enable you to investigate the Web2 hard drive offline.

Although you could use WinPE to investigate the contents of the Web2 hard drive offline, doing so would be unnecessarily difficult. Mounting the virtual hard disk in the host file system is simpler and results in better performance. In addition, WinPE would be relatively cumbersome to use compared to the host operating system's graphical user interface.


Sub Objective(s):Configure Windows Server virtualization and virtual machines.

References:




______________________________________________________________________________________________________________________________________________


You have deployed a terminal server named TS2 to host several applications. You have configured TS2 to allow multiple sessions from each user. You want to ensure that no one session exhausts more than an equal share of TS2's processing power.

How can you configure TS2 to share its processing power equally among user sessions?


2. Install Windows System Resource Manager and set Equal_Per_User as the managing policy.

3. Install Windows System Resource Manager and set Equal_Per_Session as the managing policy. <Correct>

4. Install Windows System Resource Manager and set Equal_Per_Process as the managing policy.

Explanation:The Equal_Per_Session resource allocation policy is used with Terminal Services to ensure that CPU bandwidth is divided equally among user sessions. On terminal servers that limit each user to one session, the Equal_Per_User policy is equivalent to the Equal_Per_Session policy. However, on this particular server, you have configured the settings so that each user can own more than one concurrent session.

The Equal_Per_Process policy distributes processor time equally among all running processes, not among all users. The Equal_Per_IISAppPool policy distributes the processor usage equally among all IIS application pools, not among all users.



References:




______________________________________________________________________________________________________________________________________________

You are an IT support specialist for the Baldwin Museum of Science. The Baldwinmuseumofscience.com network is composed of a single Active Directory domain. All servers on the network are running Windows Server 2008.

A print server named Print1 is used heavily by employees, and your manager has decided that the server should be added to a failover cluster to improve availability. You have been tasked with determining the requirements for the failover cluster.

Which of the following is neither recommended nor required for creating a two-node failover cluster for Print1?

1. Shared storage among node members

2. Isolated storage from other servers and clusters

3. Static DNS entries <Correct>

4. Witness disk or witness file share

5. Active Directory environment

Explanation:In previous versions of Windows Server, you could not rely on dynamic DNS updates to create host records for the cluster nodes. However, in Windows Server 2008, dynamic DNS is supported, so static DNS entries are not required.

A witness disk is used in a node and disk majority quorum configuration, and a witness file share is used in a node and file share majority quorum configuration. These are the quorum configurations that are recommended for clusters such as a two-node configuration that has an even number of nodes.

Failover clusters are required to be in an Active Directory environment. They also require shared storage that is isolated from other computers and other clusters.



References:




______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for configuring SMTP services running on Windows Server 2008. Your organization currently hosts numerous Web applications running on IIS 7. The applications are hosted on four servers, each of which hosts three Web applications. All messages will be sent from the domain mail.contoso.com. All the applications require the ability to send e-mail notifications to users. You want to minimize the administrative effort required to configure and manage SMTP settings on a central computer running Windows Server 2008 that is accessible by all the Web servers.

How should you configure your SMTP environment?

1. Create a single SMTP virtual server for use by all the Web applications. <Correct>

2. Create a separate SMTP virtual server for each of the Web applications.

3. Create a separate SMTP virtual server for each of the Web servers.

4. Create a single SMTP virtual server and assign individual TCP Port settings for use by each Web server.

Explanation:A single SMTP virtual server can meet these requirements and provides the easiest administrative method.

Separate SMTP virtual servers are more difficult to create and manage, and the requirements do not justify creating multiple virtual servers. Assigning different TCP port numbers for each Web server is not necessary to meet the requirements.



References:





______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for managing Windows SharePoint Services (WSS). Your manager has requested a report showing a list of all the SharePoint sites located on your organization's production WSS server. The server is accessed by using the URL http://ProsewareWSS01.proseware.com. You want to provide this information by using the least administrative effort. You have decided to use the Stsadm.exe command to obtain the necessary information.

Which of the following commands should you execute on each server to obtain the required information?

1. stsadmin enumsites -server http://ProsewareWSS01.proseware.com

2. stsadmin -o enumsites -url http://ProsewareWSS01.proseware.com <Correct>

3. stsadmin list sites

4. stsadmin -o listsites

Explanation:The syntax of the Stsadm command includes a -o switch for specifying the operation. The enumsites command enumerates the sites that are part of the server provided by the -url path.

The other options do not follow the standard Stsadm syntax requirements and will not return the required information.


Sub Objective(s):Configure Microsoft Windows SharePoint Services server options.

References:


Stsadm properties (Windows SharePoint Services)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/57720821-d533-4508-9d9e-a5961ce36c3c1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for administering a Windows Server 2008 IIS Web server. Due to new security requirements in your organization, you are no longer allowed to use the Remote Desktop Protocol (RDP) to connect to and manage this server. Security administrators have advised that HTTPS should be used for remote management, whenever possible. You would like to be able to manage IIS remotely from your Windows XP workstation.

Which two steps should you take to achieve this goal? (Each correct answer presents part of the solution. Choose two.)

1. Enable the Management Service to accept remote connections on the computer running Windows Server 2008.<Correct>

2. Install the IIS 6 Management Compatibility role service on the Web server.

3. Download and install the IIS Manager utility on the Windows XP workstation. <Correct>

4. Use the IIS 6 Management console on the Windows XP workstation to connect to the Windows Server 2008 IIS service.

Explanation:To manage IIS remotely, you must enable the Management Service to accept remote connections. Additionally, you must download and install the IIS Manager utility for IIS 7 on the computer running Windows XP. This will enable you to administer the server by using HTTPS.

You cannot manage IIS 7 by using the IIS 6 Management console from a remote computer. The IIS 6 Management Compatibility options are provided for backward compatibility with Web applications that are installed on the computer running Windows Server 2008.



References:


Remote Administration for IIS ManagerIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Delegation-in-IIS7/Enable-Remote-HTTP-Connections/Remote-Administration-for-IIS-Manager

IIS 7.0: Configuring the Management Service in IIS 7.0Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/6946154e-defc-4050-b2ba-165afa2cc6741033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a network support specialist for Fourth Coffee. The Fourthcoffee.com network is composed of a single Active Directory domain with 25 servers running Windows Server 2008 and 250 client computers running Windows Vista.

You want to improve the availability of a file server named File1. Users frequently read and write to File1, and when the server is not operational, productivity is lost. You want to configure a backup server to take over File1's resources automatically if File1 fails. You also want to keep any single server failure from blocking user access to the files stored on File1.


1. Add an identical server and configure the servers as a Network Load Balancing (NLB) cluster.

2. Configure File1 as a node in a failover cluster. <Correct>

3. Add an identical server and configure the servers with round-robin distribution.

4. Configure File1 as a node in a virtual cluster on a server running Windows Server 2008.

Explanation:The only way to meet the stated requirements is to configure a failover cluster with File1 as a node. A failover cluster is a group of independent computers that work together to increase the availability of applications and services. The clustered servers, called nodes, are connected by physical cables as well as by software. If one of the cluster nodes fails, through a process known as failover, another node in the cluster will take over for the failed node and ensure that users experience a minimal disruption in service. A failover cluster has a minimum of two nodes attached to shared storage. If one node fails, the other node still has access to the storage.

You cannot configure the cluster in a virtual environment on one server because that would create a single point of failure (the host computer) for access to the shared files.

Neither NLB nor round-robin would allow a server to take over for another failed server. In addition, these technologies would have the unintended consequence of dispersing file updates between two servers. You want to keep all the file resources on one server.



References:




______________________________________________________________________________________________________________________________________________

You are a technical support specialist for Fabrikam.com. Your job responsibilities include configuring and managing server storage solutions.

You are deploying a new domain controller named DC4 in the Finance department. The domain controller will run Windows Server 2008. You want to choose a fault-tolerant solution for the local storage. You need to provide fault tolerance for only the system volume. Read performance is a high priority.

Which local storage solution should you choose?

1. Striped volume

2. RAID-5 volume

3. Spanned volume

4. Mirrored volume <Correct>

Explanation:A mirrored volume (RAID-1) is the only fault-tolerant solution you may choose for a system drive. You cannot use a RAID-5 volume on a system drive.

Neither a spanned volume nor a striped volume offers fault tolerance. A spanned volume is merely a single logical drive that occupies space on one or more physical disks. A striped volume is a single logical volume consisting of multiple physical disks and to which data is written in a striped manner across these disks.


Sub Objective(s):Configure storage.

References:




______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 system administrator configuring a new FTP 7 site for use by several consultants. The consultants require the ability to upload and download files from a single folder located on the server. Your organization's security policy prevents you from creating Windows user accounts for consultants on the local server or within the Active Directory domain. Users of the FTP site must be required to provide valid credentials to log on. You have enabled IIS Manager authentication and have configured the FTP Authentication settings as shown in the exhibit. You have also created separate IIS Manager accounts for each consultant. The consultants have reported that they are unable to log on to the FTP site.

Which of the following changes should you make to enable the users to log on?

1. Disable IIS Manager Authentication.

2. Enable Basic Authentication.

3. Verify that the Management Service role service is installed and enabled. <Correct>

4. Verify that the FTP Management Console role service is installed and enabled.

5. Enable Anonymous Authentication.

Explanation:You must enable the Management Service for users to be able to authenticate by using their IIS Manager credentials.

The Anonymous Authentication and Basic Authentication options should be disabled to meet the security requirements. The FTP Management Console is designed for use by the FTP Publishing Service (FTP 6) and not FTP 7.



References:


Authentication in IIS 6.0 (IIS 6.0)Microsoft TechNetLink: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/9b619620-4f88-488b-8243-e6bc7caf61ad.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for configuring the Web Server (IIS) server role. Currently, the Web server hosts a single Web site that has a single ASP.NET-based Web application. The Web site and Web application are both configured to use only Windows Authentication. The root folder for the NorthwindHR Web application is C:\WebSites\NorthwindHR and users access the application by using the following URL:

http://www.NorthwindTraders.com/HR

You would also like to enable users who are members of two Windows groups, HRUsers and HRAdmins, to access the contents of the C:\HR\Admin folder by using the following URL:

http://www.NorthwindTraders.com/HR/Admin

The contents of the C:\HR\Admin folder are configured with the appropriate NTFS file system permissions for the intended users of the files.

Which action should you take to meet these requirements?

1. Create a new Web application within the NorthwindHR Web application and assign it to the same application pool used by the NorthwindHR Web application.

2. Create a new virtual directory and use the Application User (Pass-Through Authentication) Connect As option.<Correct>

3. Create a new virtual directory and specify a Windows user account for the Connect As option.

4. Create a new Web application within the NorthwindHR Web application and assign it to a different application pool from the one used by the NorthwindHR Web application.

Explanation:When Pass-Through Authentication is enabled for a virtual directory, the current user's security permissions determine whether he or she has access to specific data. Because the NTFS permissions are already configured properly, this method will prevent other users from accessing the content.

Specifying a Windows user account for the Connect As setting will give all users of the site the same effective permissions to access the files. Application pool settings will not affect security and permissions related to accessing content.



References:


Understanding Sites, Apps, and Vdirs in IIS7: IntroductionIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Getting-Started/Understanding-Sites,-Apps,-and-Vdirs-in-IIS7



______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for managing a Windows SharePoint Services (WSS) infrastructure for your organization. The current environment has eight individual computers running Windows Server 2008 that are hosting WSS sites. Each of the servers is using the WSS single server option. Your company has recently undergone a departmental reorganization, and you need to change the name and URL settings for all the appropriate sites. You would like to make the process repeatable and perform the actions by using the least administrative effort.

Which of the following methods should you use to meet these requirements?

1. Make the change on one server, create a backup of the server, and restore it to the other servers.

2. Create a Visual Basic Script (VBScript) to perform the changes.

3. Create a batch file that calls the Stsadm.exe utility to perform the changes. <Correct>

4. Create a Windows PowerShell script to perform the changes.

Explanation:The Stsadm.exe utility provides an easy-to-use command-line utility for automating operations.

Creating Windows PowerShell or VBScript scripts will take more effort to perform the same actions. The process of restoring from a backup will potentially overwrite important site content and settings.



References:





______________________________________________________________________________________________________________________________________________

You are a network administrator for a company named Contoso.com whose network is composed of a single Active Directory domain. The Contoso.com network includes 10 servers running Windows Server 2008 and 200 clients running Windows XP Professional. Your job responsibilities include installing new servers and clients on the network.

You are implementing Windows Deployment Services (WDS) to facilitate deployment of Windows Vista to clients on the corporate network. You have already installed WDS on a server named WDS3, and you have already performed a test deployment with an image captured from the Windows Vista DVD. You now want to create a master image of a computer running Windows Vista and upload that image to WDS3.

You designate a PXE-boot compatible computer named Client3 as your master computer. You prepare Client3 with the appropriate applications and settings, and you then run the Sysprep utility. You configure the BIOS to boot from the network adapter.

What kind of image must you add to WDS3 to enable you to capture an image of Client3 automatically and upload it to WDS3?

1. An install image

2. A discover image

3. A RIPREP image

4. A capture image <Correct>

Explanation:When you boot a PXE-boot client computer and select a capture image from the boot menu, the capture image will capture an image of the local client computer and then upload that image to the WDS server.

An install image is used to install a new operating system on the local computer. A discover image is used to locate a WDS server. A RIPREP image is an image created in the previous version of WDS, Remote Installation Services.


Sub Objective(s):Deploy images by using Windows Deployment Services.

References:


Windows Deployment Services Role Step-by-Step GuideMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/7d837d88-6d8e-420c-b68f-a5b4baeb52481033.mspx



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator attempting to troubleshoot a problem with an FTP 7 site. The site is used to store drawings created by your organization's engineering department. Several users who access this FTP site use unreliable network connections. Users have reported that they often download files from the server and find that the files cannot be opened using the appropriate software application. You would like to prevent these problems from occurring in the future. Using IIS Manager, you inspect the Advanced Settings for the FTP site. The exhibit shows the current configuration settings.

Which change should you make to resolve the problem?

1. Modify the Control Channel Timeout setting.

2. Change the Reset On Max Connections option to True.

3. Change the Keep Partial Uploads setting to False. <Correct>

4. Modify the Data Channel Timeout setting.

Explanation:The problem of having corrupted files on the FTP server is caused by the server retaining partially uploaded files. This is a common problem when unreliable network connections cause FTP clients to drop their connection before the transfer is complete. Disabling the retention of partial uploads will instruct the FTP server to delete any partially uploaded files.

Timeout settings and resetting the server based on connection limits will not affect the storage of partial uploads.



References:


Creating a New FTP SiteIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Using-FTP-Server-in-IIS7/Creating-a-New-FTP-Site



______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for managing several Web applications and Web sites on a single Windows Server 2008 IIS server. Based on requirements from Web developers, you are planning to make numerous changes to the IIS server and Web application configuration settings. You want to be able to roll back the configuration quickly in case the changes cause any unexpected problems with accessing the Web site.

Which of the following actions should you perform before making configuration changes?

1. Run the command AppCmd list config and store the results in a text file.

2. Use the Export Configuration command in the Shared Configuration settings for the Web server to create a backup of the configuration.

3. Make a backup of the \Inetpub\History folder in a secure location.

4. Run the command AppCmd add backup. <Correct>

Explanation:The simplest method of creating a backup of the server configuration is to run the AppCmd add Backup statement manually. This action should be performed immediately before the changes are made to ensure that the configuration can be rolled back. To restore the configuration, you can use the AppCmd restore Backup statement.

The command AppCmd list Config outputs the server configuration file but does not provide an immediate way to roll back the configuration of the server if a problem occurs. The Export Configuration command is used to create a shared configuration file for use by multiple Web servers and does not provide a simple method of reverting to an earlier configuration. Making a backup of the \Inetpub\History folder can be helpful for tracking older configuration values, but it is better to create a backup manually to ensure that you collect the configuration of the server immediately prior to making the changes.



References:


Getting Started with AppCmd: Managing BackupsIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Use-IIS7-Administration-Tools/Using-the-Command-Line/Getting-Started-with-AppCmd-exe?Page=3

ABC's of AppCmd (command line administration in IIS7)IIS.NET Web siteLink: http://blogs.iis.net/sukesh/archive/2006/6/2/1304022.aspx

Using IIS7 Configuration HistoryIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Configuring-the-IIS7-Runtime/Understanding-AppHost-Service/Using-IIS7-Configuration-History



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for Contoso.com. The Contoso.com network is composed of 20 computers running Windows Server 2008 and 200 computers running Windows XP Professional. All servers and clients are located in one building, and all company computers can communicate with each other on the network.

You and the rest of the IT staff are planning to upgrade all the network's clients to Windows Vista Enterprise. Your organization plans to purchase a volume license edition of the software. You have been tasked with determining the best method to activate the new Windows Vista installations.

Which activation method should you recommend?

1. Activate by using Multiple Activation Key (MAK) independent activation.

2. You do not need to activate anything. Volume licenses do not require activation.

3. Activate by using Key Management Service (KMS). <Correct>

4. Activate by using Multiple Activation Key (MAK) proxy activation.

Explanation:You need to activate volume license versions of Windows Server 2008 and Windows Vista. If you have more than 25 computers running Windows Vista, and all these computers have uninterrupted network connectivity to each other, you should use Key Management Service (KMS) to activate the computers. With KMS, clients are activated automatically by communicating with a KMS server located on your network. The KMS server (or host) contains a KMS key that has been activated by Microsoft Activation servers.

You should not use a Multiple Activation Key (MAK) through either proxy or independent activation. You should purchase a MAK only for disconnected computers. MAK keys can be activated only a certain number of times and are harder to manage centrally.



References:




Microsoft Product ActivationMicrosoft.comLink: http://www.microsoft.com/licensing/resources/vol/default.mspx#EPEAC



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator troubleshooting a problem with running Windows SharePoint Services (WSS) on a computer named CohoWeb01. The server is currently not a member of an Active Directory domain. It hosts a single Web site using the Web Server (IIS) server role. Users access the Web site by using the following URL:

http://CohoWeb01.CohoVineyard.com

You have verified that the site is currently accessible. After installing WSS on the server, you can access the SharePoint Central Administration Web site. However, you are unable to access the default SharePoint Team Site. Using IIS Manager, you notice that you are unable to start the default SharePoint Web site.

Which of the following changes should you make to resolve this problem? (Choose all that apply.)

1. Edit the current public URL setting in the Alternate Access Mappings section of the SharePoint Central Administration Web site.

2. Add a new internal URL in the Alternate Access Mappings section of the SharePoint Central Administration Web site.

3. Using IIS Manager, modify the Site Bindings settings to include a host name for the existing Web site. <Correct>

4. Using IIS Manager, change the HTTP port number that is used for the default SharePoint Team Site and start the Web site. <Correct>

5. Modify the Web Application Pool setting for the SharePoint Team Site by using the Service Accounts option in the SharePoint Central Administration Web site.

Explanation:The SharePoint Team Site is configured to use HTTP port 80 by default. Because every concurrently running Web site on a server must have a unique set of Site Bindings settings, you can include a host name setting for the existing Web site, or you can modify the HTTP port used by the SharePoint Team Site. You will then be able to start the SharePoint Team Site.

Alternate Access Mapping settings are used for managing URLs that are seen by users of the site. These settings will not directly prevent access to the SharePoint Team Site or prevent it from starting. Web Application Pool settings are used for managing performance and reliability and will not prevent the SharePoint Team Site from being started.



References:


Configure alternate access mapping (Windows SharePoint Services)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/8642f748-f169-4799-8fe9-8140fbb23fbf1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for managing security for a Windows Server 2008 server running FTP 7. You have created a new FTP site for use by your organization's human resources department. The FTP site is configured to use Basic Authentication for all users. Your organization's security requires all authentication credentials and commands that are sent over the network to be encrypted. The policy data transmissions should not be encrypted. Several users have reported slow performance when uploading and downloading to the FTP server. The exhibit shows the current FTP SSL settings for the site. In the past, the site did not use any encryption, and users report that they did not experience any performance issues then.

Which change should you make to resolve the performance issue?

1. Change the SSL Policy to Custom and specify Require for the Control Channel and Deny for the Data Channel.<Correct>

2. Change the SSL Policy to Allow SSL connections.

3. Change the SSL Policy to Custom and specify Require for the Control Channel and Allow for the Data Channel.

4. Change the SSL Certificate setting for the FTP site.

Explanation:Using the Custom option for the FTP SSL settings enables you to require encryption of authentication credentials and commands and to disable encryption of data transfers. This will meet the policy requirements and will increase overall performance.

Changing the SSL certificate will not affect performance. Changing the SSL policy to Allow SSL connections will not meet the security requirements because this setting allows unencrypted connections. The Custom SSL Policy settings will not meet the security requirements because it enables unencrypted data transfers.



References:


FTP 7 SSL SettingsIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/FTPDocs/FTP-7-SSL-Settings

Using FTP over SSLIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Using-FTP-Server-in-IIS7/Using-FTP-over-SSL



______________________________________________________________________________________________________________________________________________

You are an IT support specialist for City Power & Light. The Cpandl.com network is composed of a single Active Directory domain and includes 50 servers, 30 of which run Windows Server 2003 and 20 of which run Windows Server 2008.

The IT staff is planning a consolidation project to reduce the number of physical servers in your organization. You have identified a server named SRV-34 to be migrated from physical hardware to a virtual environment on a server named SRV-08Z. SRV-08Z is running Windows Server 2008, and SRV34 is running Windows Server 2003.

Which of the following tools can you use to move SRV-34 into a virtual machine on SRV-08Z? (Each correct answer presents a complete solution. Choose two.)

1. Virtual Machine Remote Client

2. VM Additions

3. System Center Virtual Machine Manager <Correct>

4. Microsoft Virtual Server 2005 R2

5. Virtual Server Migration Toolkit <Correct>

Explanation:The System Center Virtual Machine Manager and the Virtual Server Migration Toolkit both provide tools to facilitate the migration of a physical server to a virtual server. None of the other tools listed contain this technology.



References:




______________________________________________________________________________________________________________________________________________

You are configuring Authorization Rules settings for the Default Web Site on a Windows Server 2008 Web server. The specific security requirements for accessing the Web site include:

* All users who are members of the HumanResources Windows group should have access to the site.* All users who are members of the Administrators Windows group should have access to the site.* Other users should be unable to access the site.

The exhibit shows the current settings for the Authorization Rules. You find that users who are not members of the HumanResources group are able to access the site.

How can you resolve this issue most easily?

1. Add an Allow rule for the Users Windows group.

2. Remove the All Users rule. <Correct>

3. Remove the Administrators rule.

4. Add an Allow rule for All Anonymous Users.

5. Remove the EngineeringUsers rule.

Explanation:The default settings for a Web site allow all users to access the site content (assuming that they have the necessary authentication credentials and permissions). Removing the All Users rule will meet the security requirements.

The EngineeringUsers rule is not necessary, but it is not allowing unauthorized users to access the site. The Adminstrators rule is required. Adding new Allow rules will not prevent unauthorized users from accessing the site.



References:


Understanding IIS7 URL AuthorizationIIS.NET Web siteLink: http://www.iis.net//articles/view.aspx/IIS7/Managing-IIS7/Configuring-Security/URL-Authorization/Understanding-IIS7-URL-Authorization



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for a company named Contoso.com. The Contoso.com network is composed of a single Active Directory domain. Your job responsibilities include deploying and configuring terminal servers.

You install and configure a new TS Gateway server named TSGate7 in the company's perimeter network. During installation, you specify a server certificate obtained from the local certificate authority integrated into the Contoso.com Active Directory domain.

Your goal is to enable authorized users to connect from outside the corporate network to terminal server resources through the new TS Gateway. Remote users will be connecting from only portable computers that are members of the Contoso.com domain.

Which of the following steps should you take to enable external clients that are members of the Contoso.com domain to connect to resources through the new TS Gateway?

1. Install the server certificate for TSGate7 in the Trusted Root Certificate Authorities store on the external clients.

2. Instruct users connecting from computers outside the corporate network to configure Remote Desktop Connection so that TS Gateway server settings are detected automatically.

3. Instruct users connecting from computers outside the corporate network to specify TSGate7.contoso.com as TS Gateway in Remote Desktop Connection. <Correct>

4. Instruct users connecting from computers outside the corporate network to disable the option in Remote Desktop Connection to bypass the TS Gateway server for local addresses.

Explanation:In this case, users who want to connect to terminal server resources from locations outside the corporate network must specify the TS Gateway server in Remote Desktop Connection. You cannot choose the option to detect TS Gateway server settings automatically because this option is useful only when the settings are defined in Group Policy.

You do not need to disable the option to bypass TS Gateway for local addresses. Because you are not connecting to local addresses, changing this option will have no effect for users connecting from outside the network.

The remote client computers are members of the Contoso.com domain and, therefore, already trust the source of the server certificate used by TSGate7, so it is not necessary to install any server certificates on the clients.



References:


What is a Terminal Services Gateway server?Windows HelpLink: http://windowshelp.microsoft.com/Windows/en-US/Help/011fcc70-fdb7-43fc-ae08-b33169b3f6961033.mspx



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for a company named Blue Yonder Airlines. The Blueyonderairlines.com network is composed of a single Active Directory domain. Your job responsibilities include deploying and configuring terminal servers.

Your network includes a group of terminal servers that host applications for all domain users and a second group of terminal servers whose access is restricted to only domain administrators.

Management has determined that users should be able to connect to the Blueyonderairlines.com terminal servers from anywhere on the Internet. In the new policy, remote users should be able to connect only to the same servers that they can connect to when logged on locally inside the corporate network.

You install and configure a new TS Gateway server named TSGate9 in the company's perimeter network. During installation, you specify a server certificate obtained from the local certificate authority integrated into the Blueyonderairlines.com Active Directory domain.

Your goal is to enable remote users to connect only to the authorized terminal server resources through the new TS Gateway.

Which of the following is NOT a possible step toward achieving this result?

1. Create two TS Gateway-managed computer groups on TSGate9 corresponding to the sets of terminal servers.

2. Create two global security groups in Blueyonderairlines.com corresponding to the two sets of terminal servers.

3. Create two organizational units (OUs) in Blueyonderairlines.com corresponding to the two sets of terminal servers.<Correct>

4. Create two local security groups on TSGate9 corresponding to the two sets of terminal servers.

Explanation:When you configure the Terminal Services Resource Authorization Policies (TS RAP) for TS Gateway, you will need to allow all domain users access to one set of terminal servers and allow only domain administrators access to a second set of terminal servers. The only way to achieve this result is by creating two groups corresponding to each group of terminal servers. These groups can be local to TSGate9, global for the Blueyonderairlines.com domain, or created and managed in TS Gateway Manager (a TS Gateway-managed computer group). However, you cannot allow access to terminal resources in a manner based on OU membership.



References:


Terminal Services Gateway (TS Gateway)Microsoft TechNetLink: http://technet2.microsoft.com/WindowsServer2008/en/library/9da3742f-699d-4476-b050-c50aa14aaf081033.mspx



______________________________________________________________________________________________________________________________________________

You are an IT support specialist for a company named Consolidated Messenger, whose network is composed of a single Active Directory domain. The Consolidatedmessenger.com network includes a server named TS2 that runs a finance application named App2. No other applications are hosted on TS2.

Your company has deployed a new Terminal Services gateway named TSG1 in the company's perimeter network.

Some members of the Finance department work at a branch office. You want to allow these Finance users at the branch office to access App2 through TSG1. Finance users working in the branch office are not currently able to use TSG1.


1. Configure a Remote Access Policy that enables members of the Finance group to access the Consolidatedmessenger.com network remotely.

2. Configure TS Gateway to use HTTPS-HTTP bridging.

3. Configure a Terminal Services Connection Authorization Policy (TS CAP) that enables members of the Finance group to connect to TSG1. <Correct>

4. Use Group Policy to enforce Remote Desktop Connection settings for members of the Finance group to use TSG1.

5. Configure a Terminal Services Resource Authorization Policy (TS RAP) that enables members of the Finance group to connect to TS2. <Correct>

Explanation:To enable external users to connect to a terminal server resource on the corporate network, you need both a TS CAP and a TS RAP. A TS CAP authorizes users to connect as far as TS Gateway. A TS RAP authorizes users to connect from TS Gateway to a specific terminal server resource on the internal network.

You do not want to force all members of the Finance group to use TS Gateway because some members might be connecting from inside the corporate network. In addition, this solution does not address the problem that members of the Finance group are not yet authorized to connect to TSG1 or TS2. To authorize users to do that, you need a TS CAP and a TS RAP.

A Remote Access Policy authorizes certain users to connect to a network through a virtual private network or dial-up connection. It does not enable users to connect to terminal server resources on a network from points outside that network.

You do not want to configure TS Gateway to use HTTPS-HTTP bridging. HTTPS-HTTP bridging is used when you have configured a Secure Sockets Layer (SSL) termination device such as Internet Security and Acceleration (ISA) Server, and you do not want to enforce SSL communication between the SSL termination device and TS Gateway. Enabling this option does not allow users to connect to terminal server resources on a network from points outside that network.



References:





______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Contoso Pharmaceuticals. Your responsibilities include supporting terminal servers and clients.

Recently, users have been complaining about the performance of their Terminal Services sessions on a terminal server named TS7. You open Terminal Services Manager and find many disconnected sessions from different users.

You want to prevent users from maintaining disconnected Terminal Services sessions on TS7.

Which step should you take to accomplish this goal?

1. In Terminal Services Configuration, configure TS7 to enable reconnections but prevent new logons.

2. In Terminal Services configuration, configure TS7 to end sessions that are disconnected. <Correct>

3. In Terminal Services Configuration, configure TS7 to restrict each user to a single session.

4. In Terminal Services Configuration, configure TS7 to enable reconnections but prevent new logons until the server is restarted.

Explanation:If you want to prevent users from maintaining disconnected sessions on TS7, you need to select the option to end disconnected sessions on TS7.

Restricting each user to a single session will not prevent users from holding a disconnected session. It will only limit users to one session that might be connected or disconnected.

The options to enable reconnections but prevent new logons will not keep users from maintaining disconnected sessions on TS7. These options will only prevent users from logging on to the server.



References:





______________________________________________________________________________________________________________________________________________

You are a Web server administrator for a computer running Windows Server 2008 that is running IIS. You are attempting to troubleshoot a problem with Secure Sockets Layer (SSL) functionality for the Default Web Site. This Web site is accessed by both internal employees and users who are not members of your organization. You have verified the configuration of the site bindings and have found that a binding for HTTPS on port 443 has been created for the site. However, users report that they receive a certificate message whenever they attempt to access the server using the URL https://Server1.contoso.com. The exhibit shows the current configuration for the server certificate that is being used.

Which of the following actions should you take to resolve the issue?

1. Create a new self-signed certificate with the name Server1.contoso.com.

2. Change the port that is being used for the site binding.

3. Export and then re-import the server certificate.

4. Obtain a new certificate from a trusted third-party Certificate Authority (CA), install it on the server, and then choose this certificate in the site bindings. <Correct>

Explanation:The Issued By information for the certificate shows that this is a self-signed certificate. This type of certificate is used primarily for development and testing. Because it is not issued by a trusted third party, users of the Web site will receive a warning message whenever they attempt to connect. Obtaining and installing a certificate from a third-party CA will resolve this issue.

Because users are able to connect to the Web site, there is no need to change the default port setting of 443. Exporting and re-importing the certificate will not eliminate the message that users see.


Sub Objective(s):Configure SSL security.

References:


How to Setup SSL on IIS7IIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Configuring-Security/Using-SSL/How-to-Setup-SSL-on-IIS7



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for managing performance of a computer running the Web Server (IIS) server role. Users in your organization's accounting department have noted that performance of the AccountingAdmin Web application is unacceptably slow during critical end-of-month operations. The application is configured with its own application pool named Accounting01. The Accounting01 application pool is configured to use the default settings. The server also supports several other workloads, including the Terminal Services server role and other Web applications. You want to ensure that the AccountingAdmin Web site receives higher priority access to CPU and memory resources during critical times.

Which of the following actions should you take to meet these requirements?

1. Using Windows System Resource Manager, create a recurring Calendar event. <Correct>

2. Using Windows System Resource Manager, create a One-Time Calendar event.

3. Set the Processor Affinity Enabled option to True in the properties of the Accounting01 application pool.

4. Decrease the value for the Processor Affinity Mask in the properties of the Accounting01 application pool.

5. Increase the number of Maximum Worker Processes in the properties of the Accounting01 application pool.

Explanation:To give higher priority access to the AccountingAdmin application during specific times, use the recurring Calendar feature in Windows System Resources Manager. This also ensures that resource priorities match business needs.

Modifying application pool settings can affect performance, but these settings will be in effect at all times and could cause performance problems for other applications.



References:


Windows System Resource ManagerMicrosoft.comLink: http://www.microsoft.com/windowsserver2003/technologies/management/wsrm/default.mspx



______________________________________________________________________________________________________________________________________________

You are configuring IIS on a computer running Windows Server 2008 for a Web hosting company. The server will host 25 different Web sites, each of which will have a separate administrator account. Each administrator should have a unique password. The server is not a member of an Active Directory domain. You want to ensure that remote administrators do not have permission to connect to the Web server directly.

How should you configure security for the remote administrators?

1. Create individual IIS Manager Users for each of the remote administrators. <Correct>

2. Create a single Windows group for use by all the remote administrators.

3. Create individual Windows accounts for each of the remote administrators.

4. Enable Windows Authentication for all the Web sites on the server.

Explanation:IIS Manager Users are designed to provide logons for remotely administering the Web server using the IIS Manager utility. This is the easiest and most secure method of providing access.

You should avoid creating Windows user accounts and groups to ensure that these users will not have access to the server itself. Windows Authentication settings pertain to users who will attempt to access Web site content, not to remote administrators.



References:





______________________________________________________________________________________________________________________________________________

You are a network administrator in a company named Fabrikam.com.

You have been asked to configure a server named TS3 to host an application named App3. App3 is a performance monitoring application that will enable you and a fellow administrator to monitor the network for unusual changes in latency and other performance measures. You both plan to use the Admin3 account to access TS3 through the Terminal Services Client (Mstsc.exe) and run App3. You will be accessing the application from any of 50 computers on your network. You do not foresee that any other users will be connecting to TS3.

You need to determine how many Terminal Services client access licenses (CALs) to purchase for TS2 and which type of CALs to purchase.

Which of the following options best suits your needs?

1. Install the Terminal Services server role and purchase at least 50 Terminal Services per-device CALs.

2. Enable Remote Desktop for Administration and purchase at least 2 per-user CALs.

3. Install the Terminal Services server role and purchase at least 2 Terminal Services per-user CALs.

4. Enable Remote Desktop for Administration and do not purchase any CALs. <Correct>

Explanation:Because only two users are going to be connecting to TS3 and because multiuser support for applications is not necessary, you do not need to install Terminal Services. The functionality needed can be provided by the Remote Desktop for Administration (RDA) feature. RDA is a built-in feature of Windows Server 2008 and does not require any client licenses.


Sub Objective(s):Configure Terminal Services licensing.

References:


Overview of TS LicensingMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/ba9e2584-ee3f-49da-a3b3-85ef8854bc6e1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for securing content that is provided by a Windows Media Services (WMS) publishing point. The server is named Video01, and the publishing point is named PublicVideoContent. All users should be able to access only specific media files and playlists located within the publishing point's root folder. The majority of users will connect to the server over the Internet, but some internal users on the corporate network should also have access to the videos.

Which actions should you take to meet these requirements? (Each correct answer presents part of the solution. Choose two.)

1. Enable WMS Anonymous User Authentication for the publishing point. <Correct>

2. Enable WMS Negotiate User Authentication for the publishing point.

3. Configure NTFS file system permissions for the WMUS_PublicVideoContent account.

4. Enable WMS Digest Authentication for the publishing point.

5. Configure NTFS file system permissions for the WMUS_Video01 account. <Correct>

Explanation:To restrict accessible content, configure NTFS file system permissions for the WMUS_Video01 account. When anonymous authentication is enabled, users will only have access to the media that is accessible to this account.

The Negotiate and Digest user authentication options prompt users for credentials. Because the requirements state that the same permissions should apply to all users, these options are not necessary.


Sub Objective(s):Configure Digital Rights Management (DRM).

References:


WMS Anonymous User AuthenticationMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/125b85ef-931d-48ef-9fca-9056d04da91f1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for configuring security for Windows Media Services (WMS). The server currently has a single on-demand publishing point that provides access to several large, high-quality video files. These files should be accessible only to members of your organization and to employees who are members of a business partner that is responsible for reviewing and creating content. Approximately 25 employees of the business partner will access the files from a remote office by using the Internet. The server does not have user accounts for the business partners. You want to prevent other Internet users from accessing the content.

Which configuration option should you enable to meet these requirements?

1. WMS Negotiate Authentication

2. WMS Anonymous User Authentication

3. WMS IP Address Authorization <Correct>

4. WMS Publishing Points ACL Authorization

5. WMS NTFS ACL Authorization

Explanation:Because all intended users of the publishing point are coming from two networks, you can use IP address restrictions to define the computers or groups of computers that should have access to the content.

NTFS Authorization, Negotiate Authentication, and Publishing Points ACL Authorization all require individual user accounts to be set up for the users. Anonymous User Authentication will not prevent unwanted Internet users from accessing the content.



References:


Configuring security optionsMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/0558c3cf-b4df-498d-85d7-f3e518894f031033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist in a company named Tailspin Toys. The Tailspintoys.com network is composed of a single Active Directory domain. You have been assigned to deploy an application named App8 as a RemoteApp program. The program will be hosted on a terminal server named TS8.

You want to deploy App8 so that users see a link to the RemoteApp program in the Start menu and on the user Desktop. You want to achieve this result without requiring user intervention.

What should you do?

1. Create an MSI file for App8 and deploy the MSI file through Group Policy. <Correct>

2. Create an RDP file for App8 and deploy the RDP file through Group Policy.

3. Create an MSI file for App8 and distribute the file through a network share.

4. Create an RDP file for App8 and distribute the file through a network share.

Explanation:You can use MSI files, also called Windows Installer packages, to install shortcuts of RemoteApp programs in the Start Menu and on the Desktop. To install these shortcuts without requiring users to run the Windows Installer manually, you can deploy the program through Group Policy by using the MSI file.

Distributing or deploying an RDP file will not install shortcuts automatically to the RemoteApp program in the Start menu and on the Desktop.

Distributing the MSI file through a network share would enable users to install the RemoteApp program shortcuts but only after user intervention. (Users would have to run the Windows Installer packages manually.)



References:





______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for a company named Tailspin Toys. The Tailspintoys.com network is composed of a single Active Directory domain that is located on a single subnet in the 10.0.10.0/24 address range. Your job responsibilities include deploying and configuring terminal servers on this corporate network.

You are in the process of testing the deployment of a new TS Gateway server named TSGate5. Your goal is to enable authorized users to connect to a terminal server named TS5 through the new TS Gateway server.

On a client computer named Client2 within the Tailspintoys.com network, you configure Remote Desktop Connection to use TSGate5.

Which of the following options must you also select on Client2 to test the new TS Gateway?

1. Disable the option to bypass the TS Gateway server for local addresses. <Correct>

2. Enable the option to bypass the TS Gateway server for local addresses.

3. Disable the option to use your TS Gateway credentials for the remote computer.

4. Enable the option to use your TS Gateway credentials for the remote computer.

Explanation:Your goal is to test TSGate5. Because Client2 and the TS5 are located on the same subnet, you need to ensure that the option to bypass TS Gateway for local addresses is disabled. Otherwise, Client2 will connect to TS5 without using TSGate5.

Changing the option to use your TS Gateway credentials will not help you test the new TS Gateway. It will only save the step of entering credentials at the destination terminal server.



References:


What is a Terminal Services Gateway server?Windows HelpLink: http://windowshelp.microsoft.com/Windows/en-US/Help/011fcc70-fdb7-43fc-ae08-b33169b3f6961033.mspx



______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Northwind Traders. Your responsibilities include supporting terminal servers and clients.

Recently, users have been complaining about the performance of their Terminal Services sessions on a terminal server named TS3. You open Terminal Services Manager and find many disconnected user sessions that have been inactive for days.

You want to delete sessions immediately that have been inactive for more than one day.

Which command should you use?

1. Tskill

2. Quser

3. Rwinsta <Correct>

4. Tsdicson

Explanation:The Rwinsta or Reset session command enables you to delete a session on a terminal server. This is the best way to remove inactive sessions immediately.

The Quser or Query user command displays information about user sessions on a terminal server. It is not used to delete user sessions.

The Tsdiscon command disconnects a session from a terminal server. In this case, the inactive sessions are already disconnected from the terminal server. You want to delete the sessions, not disconnect them.

The Tskill command ends a process running in a session on a terminal server. It is not used to end a user session in general.



References:


Terminal Services Command ReferenceMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/2f371848-5c48-470c-908c-afbc95d3a8051033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for a company named A Datum Corporation. The company network is composed of a single Active Directory domain. Your job responsibilities include supporting user applications.

You are hosting a RemoteApp program on a server named TS1. TS1 is reserved for hosting Microsoft Excel, and you have no plans to deploy any other application on this server. Users connect to Excel only through the TS Web Access site, and individual users often connect from different computers to use Excel. Currently, when users save files in Excel, they can save to their local drives by opening the computer icon in the Save As dialog box.

Recently, users have begun to complain that they are losing the files they save in Excel. You discover that users who move from computer to computer tend to save files locally on their client computers. As a result, their files are spread among various client computers on the Adatum.com network.You want to prevent Excel users from saving files to their local workstation. You want to achieve this goal with the least amount of administrative effort.


1. In TS RemoteApp Manager, configure the RDP Settings so that the Disk Drives option is disabled. Create an RDP file for Excel and distribute the RDP file to users through a network share.

2. In TS RemoteApp Manager, configure the RDP Settings so that the Disk Drives option is disabled. Enable users to continue to access Excel through TS Web Access. <Correct>

3. In TS RemoteApp Manager, configure the RDP Settings so that the Clipboard option is disabled. Enable users to continue to access Excel through TS Web Access.

4. In TS RemoteApp Manager, configure the RDP Settings so that the Clipboard option is disabled. Create an RDP file for Excel and distribute the RDP file to users through a network share.

Explanation:The Disk Drives option enables local client drives to be available to the local workstation in a Terminal Services session. To prevent local drives from being accessible in Excel, disable the Disk Drives option in the RDP Settings in TS RemoteApp Manager.

The RDP settings you configure in TS RemoteApp Manager apply to all RemoteApp programs hosted on the terminal server that appear in TS Web Access. Because you are hosting only one RemoteApp program on TS1 and do not plan to host any others, changing these general options will not affect other RemoteApp programs.

Although you could distribute an RDP file with the new settings, this step is unnecessary and does not achieve the desired result with the least amount of administrative effort.

When you disable the Clipboard option in RDP Settings, you do not prevent users from easily saving to their local drives. You merely prevent users from copying and pasting data from the RemoteApp program onto their local desktop sessions.



References:





______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Contoso.com.

You have been tasked with deploying a terminal server named TS2 to host an application named App2. You expect between 30 and 50 users to connect to TS2 each week from any of 100 terminal stations located throughout your organization. Your network does not include a terminal server currently, and you do not foresee a need to support any other Terminal Services clients in your organization.



1. Purchase 50 Terminal Services per-device CALs.

2. Purchase 30 Terminal Services per-user CALs.

3. Purchase 50 Terminal Services per-user CALs. <Correct>


Explanation:You should purchase per-user CALs when you need to support fewer Terminal Services users than Terminal Services client computers, as is the case here. You should also purchase enough CALs to support the maximum number of users that you anticipate will connect to Terminal Services.



References:


Terminal Services Licensing (TS Licensing)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/04bf6206-1546-4326-a9a0-b32bc50aeb8d1033.mspx?mfr=true

Terminal Services Client Access Licenses (TS CALs)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/aa57d355-5b86-4229-9296-a7fcce77dea71033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for managing eight Windows Server 2008 IIS Web servers. You want to automate the creation of a new Web site that has the following characteristics:

* Site Name: IntranetApps* Site ID: 7* Protocol: HTTP* Port: 8937* Host Name: (any host name)

Which of the following AppCmd commands should you use?

1. AppCmd add site /name: "IntranetApps" /id:7 /protocol:HTTP /Port:8937

2. AppCmd site add /name: "IntranetApps" /id:7 /bindings:http://*:8937

3. AppCmd site add /name: "IntranetApps" /id:7 /protocol:HTTP /Port:8937

4. AppCmd add site /name:"IntranetApps" /id:7 /bindings:http://*:8937 <Correct>

Explanation:AppCmd commands use a verb/object syntax to perform operations such as adding new Web sites. The /bindings argument specifies the details about the port and protocol on which the new server will respond.



References:


Getting Started with Appcmd in IIS 7.0IIS.NET Web siteLink: http://www.iis.net/default.aspx?tabid=2&subtabid=23&i=1222



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for configuring Windows SharePoint Services (WSS). You have deployed WSS in a single server configuration. You have recently created two new SharePoint team sites for use by your organization's Software Development and Quality Assurance groups. Users in both SharePoint sites should have access to content that is located on another Web server. The content is available by using the following URL:

http://www.fabrikam.com/Intranet/ProductDesign

How should you configure the WSS settings to enable users to access this content without manually typing its URL?

1. Edit the public URL settings on the WSS server to include the Web server's URL for the Default zone.

2. Create a new External Resource Mapping on the WSS server and provide the appropriate URL for the intranet server.<Correct>

3. Reconfigure the WSS deployment to use a server farm configuration and include the intranet Web server as part of the configuration.

4. Add a new internal URL on the WSS server and provide the appropriate URL for the intranet server.

Explanation:External Resource Mappings enable you to link to content and Web sites located outside of the WSS server. Creating a new mapping will provide users with an easy way to access the intranet content.

A server farm configuration allows multiple WSS servers to use a single database, not to provide access to content stored on other servers. Public URL settings will affect the URL users see when accessing the server. Internal URLs are used by WSS to identify content uniquely that is located on the WSS server.



References:


Plan alternate access mappings (Windows SharePoint Services)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/c8ccffce-5162-46af-a3ef-1d7914e8efee1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are an IT support specialist for Woodgrove Bank. Woodgrove Bank includes 300 client computers and 30 servers. All servers are running Windows Server 2008. Your job responsibilities include supporting Windows servers.

To comply with its new security policy, the company recently upgraded all its client computers to Windows Vista Enterprise Edition from Windows XP Professional. However, since the upgrade, some users in the Finance department have complained that an application named FinApp does not perform reliably in the new operating system, even when the program runs in Windows XP compatibility mode. Through testing, you have also determined that FinApp does not perform reliably in Windows Server 2008. Although FinApp is used rarely, workers do need it to process a specific type of file.

All user desktop machines have at least 1 GB of RAM.

You want users to be able to run FinApp.

Which of the following options should you choose?

1. Install Windows Server Hyper-V on Windows Server 2008. Install Windows XP Professional in a virtual machine on the server, and have the users connect to FinApp as a RemoteApp program.

2. Intstall Virtual PC 2007 on the users' desktop computers. Run FinApp in Windows XP within a virtual machine.<Correct>

3. Revert the users' computers to Windows XP Professional and reinstall FinApp.

4. Install FinApp on a terminal server running Windows Server 2008 and have the clients run the application as a RemoteApp program.

Explanation:The best option is to run FinApp in a virtual machine on the client desktop. If the application does not run well on Windows Vista or Windows Server 2008, then the program needs to run on Windows XP. However, you should not revert to Windows XP on the client computers because the company has upgraded to Windows Vista to comply with a new security policy. You also should not install the program in a virtual machine on a computer running Windows Server 2008. Inside that virtual machine, you would not be able to publish it as a RemoteApp program.



References:




______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for securing IIS. The Web server contains a single Web site, which contains a single Web application named LitwareExtranet. The application will be used by 12 users who are employees of an external partner organization. All these users will connect directly by using the partner's company network. You have currently configured the Web application to enable access based on Forms Authentication. The Web developers have reviewed the security configuration and agree that it is set up properly based on the functional requirements of the application.

Which of the following methods should you implement to increase security of the Web server? (Each correct answer presents part of the solution. Choose two.)

1. Enable Client Certificate Authentication.

2. Enable ASP.NET Impersonation for the Web application.

3. Enable Windows Authentication.

4. Enable IPv4 Address Restrictions and limit access to IP addresses that originate from the partner's network.<Correct>

5. Require Secure Sockets Layer (SSL) for connections to the Web site. <Correct>

Explanation:Enabling SSL will require users from the partner organization to create an encrypted connection to the Web site. IPv4 Address Restrictions will help ensure that requests are coming from the approved network.

Windows Authentication and Client Certification Authentication will not help increase security because the application relies on its own authentication page. Enabling ASP.NET impersonation specifies a particular user account to use for checking permissions. Because the application currently is configured based on the developers' requirements, you should not change this setting.



References:


IIS 7.0: Configure the Anonymous Authentication IdentityMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/24fe14e4-2268-4be8-9249-6007a13e40b71033.mspx?mfr=true

Changes between IIS6 and IIS7 SecurityIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Configuring-Security/Changes-between-IIS6-and-IIS7-Security



______________________________________________________________________________________________________________________________________________

Your company has deployed a server named TS6 that is running Terminal Services. TS6 hosts several RemoteApp programs. Users connect to the RemoteApp programs through TS Web Access.Users complain that a certain program named App6 is not appearing in TS Web Access. You confirm that App6 is installed properly on TS6.

You want users to be able to access App6 through TS Web Access. What should you do? (Each correct answer presents part of the solution. Choose two.)

1. In TS RemoteApp Manager on TS6, verify that the properties of App6 have been configured so that any command-line arguments can be specified.

2. In TS RemoteApp Manager on TS6, verify that the properties of App6 have been configured with the option to make the RemoteApp program available through TS Web Access. <Correct>

3. In TS RemoteApp Manager on TS6, verify that the Terminal Server Settings have been configured with the option to show a remote desktop connection to this terminal server in TS Web Access.

4. In TS RemoteApp Manager, verify that TS6 has been added to the list of RemoteApp programs. <Correct>

5. In TS RemoteApp Manager on TS6, verify that the properties of App6 have been configured so that no command-line arguments can be specified.

Explanation:To make a RemoteApp program available in TS Web Access, you need to add that program to the list of RemoteApp programs in TS RemoteApp Manager. By default, the program will appear automatically in TS Web Access. However, if the program has already been added to the RemoteApp program list and is not appearing in TS Web Access, you should verify that the option is enabled to make the program available through TS Web Access.

Configuring the option to enable or disable command-line arguments will not affect whether a RemoteApp program appears in TS Web Access.

You do not need to configure the option to show a remote desktop connection to the terminal server. This option does not affect whether a RemoteApp program appears in TS Web Access.



References:





______________________________________________________________________________________________________________________________________________

You are a technical support specialist for Contoso.com. Your job responsibilities include configuring and managing server storage solutions.

You are managing a file server named FILESRV5 that is running Windows Server 2008. You want to add a new disk to FILESRV5 and then divide the new disk into five partitions, volumes that can be used for individual departments.

Which of the following is NOT a way to accomplish your goal?

1. Convert the disk to a dynamic disk and create volumes.

2. Convert the disk to the GUID Partition Table (GPT) partition style and create primary partitions.

3. Use the Master Boot Record (MBR) partition style and create primary partitions and an extended partition.

4. Use the Master Boot Record (MBR) partition style and create primary partitions. <Correct>

Explanation:On disks that use the MBR partition style, you can create only four primary partitions. If you need more than four partitions, you must create no more than three primary partitions and one extended partition. In the extended partition, you can then create as many logical drives as you need.

The other options listed provide a valid means to meet the requirements of creating five partitions, volumes, or drives. There is no built-in limit to the number of volumes you can create on a dynamic disk, though on a GPT disk, you can create only 128 partitions.



References:




______________________________________________________________________________________________________________________________________________

You are configuring a Windows Server 2008 IIS installation to support a new ASP.NET application. The developers of the application have specified that the code must have permissions to perform the following tasks:

* Read several configuration files that are located outside of the Web application's directory* Read initialization settings from the Windows Registry* Write error messages to the Windows Application Event Log

You want to minimize the permissions that are granted to the application while still allowing it to perform these actions.

Which of the following .NET Trust Levels should you assign for the Web application?

1. Full (internal)

2. Low (web_lowtrust.config) <Correct>

3. High (web_hightrust.config)

4. Minimal (web_minimaltrust.config)

5. Medium (web_meduimtrust.config)

Explanation:To read files outside of the application's directory, the application must be run using Low .NET Trust Level. All the other actions can be performed using this trust level also.

Minimal .NET Trust Level will enable the application to perform the required actions, but it will not provide the maximum level of security. The other three trust levels--Medium, High, and Full--do not provide permissions to perform all the required actions.



References:


ASP.NET Trust Levels and Policy FilesMSDN LibraryLink: http://msdn2.microsoft.com/en-us/library/wyts434y(VS.80).aspx



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist in a company named Fabrikam, Inc. The Fabrikam.com network is composed of a single Active Directory domain. Your job responsibilities include deploying and supporting user applications.

You install several applications to be used as RemoteApp programs on a terminal server named TS10, and you add these programs to the list of RemoteApp programs. You do not change any of the default settings for the RemoteApp programs installed on TS10.

On a server named WebApp1, you configure TS Web Access to point to TS10. However, none of the RemoteApp programs on TS10 display on the TS Web Access site on WebApp1. You have ruled out network connectivity problems between the two servers.

You want users to access the RemoteApp programs on TS10 by browsing to the TS Web Access page on WebApp1.

What should you do?

1. Add TS10 to the TS Web Access Computers security group on WebApp1.

2. Add WebApp1 to the TS Web Access Computers security group on TS10. <Correct>

3. Add the TS Web Access role service on TS10.

4. Add the TS Web Access role service on WebApp1.

Explanation:You want TS Web Access on WebApp1 to display RemoteApp programs installed on TS10. To achieve this result, you need to perform two steps. First, you need to configure TS Web Access on WebApp1 to point to TS10. Second, you need to add WebApp1 to the TS Web Access Computers security group on TS10.

You do not need to add TS10 to the TS Web Access Computers security group on WebApp1. The members of the TS Web Access Computers security group are able to read the list of RemoteApp programs on the local computer. You need WebApp1 to read the list on TS10, not vice versa.

You do not need to add the TS Web Access role service on WebApp1. Because the question states that you have configured TS Web Access to point to TS10, the TS Web Access role service must already be added.

You do not need to add the TS Web Access role service on TS10. The functionality of this role service is not needed on this computer. You want users to connect to WebApp1 to select RemoteApp programs, not TS10.



References:





______________________________________________________________________________________________________________________________________________

You are an IT support specialist for Adventure Works. Your job responsibilities include supporting Windows servers.

Your company runs a mission-critical application named App1 on a server named NTSRV1. NTSRV1 is running Windows NT 4.0 and can no longer adequately meet the processing workload required by App1. App1 is not supported on any operating system besides Windows NT 4.0, but a new version that is to be released in one year will be supported only on Windows Server 2008.

You purchase a new server named AppSrv. You want to achieve the following goals:

* Join AppSrv to the Adventure-Works.com Active Directory domain* Use AppSrv to host App1* Prepare for the next release of App1

Which of the following strategies best enables you to meet your goals?

1. Install Windows Server NT 4.0 on AppSrv and then run App1 as a RemoteApp program.

2. Install Windows Server 2008 on AppSrv and then run App1 as a RemoteApp program.

3. Install Windows Server NT 4.0 on AppSrv and then run App1 in a virtual machine running Windows Server 2008.

4. Install Windows Server 2008 on AppSrv and run App1 in a virtual machine running Windows NT 4.0. <Correct>

Explanation:The best option is to install Windows Server 2008 on AppSrv and run App1 on Windows NT 4.0 within a virtual machine. By installing Windows Server 2008 on the new server, you can prepare for the next version of the software.

The current version of App1 must run on Windows NT, not on Windows Server 2008. You also should not run App1 as a RemoteApp program on AppSrv because that would eliminate the need for AppSrv in the first place; RemoteApp programs run on remote servers.



References:




______________________________________________________________________________________________________________________________________________

You work as a network support specialist for a company named Contoso.com whose corporate network consists of a single Active Directory domain. Your job responsibilities include managing terminal servers and clients.

Your network includes a terminal server named TSGame1 that is used to host gaming applications for users during lunch hour and other breaks. As many as 10 users can be connected to TSGame1 simultaneously to run gaming applications.

Your manager reports that some users are abusing the privilege of playing games on TSGame1 and play for longer periods than is acceptable to management. She asks you to configure the server to log off users who stay connected to TSGame1 for longer than 15 minutes.

How can you configure the session settings on TSGame1 to meet these requirements?

To answer, configure the appropriate options in the dialog box. When you are finished, click OK in the dialog box.

Explanation:You want to set a 15-minute limit on active sessions. To achieve this, you need to select the top Override User Settings check box and then choose 15 Minutes from the Active Session Limit drop-down list. You also want users to be logged off automatically when they reach this 15-minute limit. To accomplish this, you need to select the bottom Override User Settings check box and then choose the End Session option.

You do not want to set a limit for disconnected or idle sessions. The question states a requirement to limit active sessions, not disconnected or idle sessions. You also do not want to choose the option to disconnect from the session when the session limit is reached. The question states a requirement to log off the sessions that reach the 15-minute mark, not merely disconnect them.



References:




______________________________________________________________________________________________________________________________________________

You are responsible for configuring IIS remote administration for a group of consultants who are not part of your organization. You have enabled the Management Service, using IIS Manager, and have verified that it works properly using both Windows Credentials and IIS Manager User credentials. In addition to requiring appropriate authentication credentials, you want to ensure that only users coming from specific IP addresses are allowed to connect using IIS Manager. The current Management Service is configured as shown in the exhibit.

Which changes should you make the Management Service configuration to enable the remote administrators to connect to the service? (Each correct answer presents part of the solution. Choose two.)

1. Add a new Deny entry using 255.255.255.255 as the subnet mask.

2. Change the Access For Unspecified Clients option to Deny. <Correct>

3. Change the SSL Certificate setting for the Management Service to match the client certificates installed on the remote administrators' computers.

4. Add a new Allow entry for the appropriate IP addresses. <Correct>

Explanation:To restrict access to specific IP addresses, you should change the access rule to Deny and then add an Allow entry for the appropriate computers.

Adding a Deny entry will prevent all users from accessing the site. The SSL Certificate setting refers to the server's SSL certificate and not to client-side certificates.



References:





______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Trey Research. Your responsibilities include supporting user applications.

A user informs you of a certain error she is receiving while she uses an application named App5 that is running on a terminal server named TS5. She wants to re-create the error for you, but she is located in another building. You have administrative privileges on TS5.

How can you monitor the user's session so that you can witness the error that she is describing in App5?

1. Connect to App5 in a Remote Desktop Protocol session and use the Shadow command. <Correct>

2. Connect to App5 in a console session and use the Tscon command.

3. Connect to App5 in a console session and use the Shadow command.

4. Connect to App5 in a Remote Desktop Protocol session and use the Tscon command.

Explanation:You want to monitor the user's active session while she re-creates the error. The Shadow command is used to monitor a Terminal Services session. However, you can use the Shadow command to monitor a user's session to a terminal server only from within an RDP session to the same terminal server. You cannot use the Shadow command from within a console session.

You cannot use the Tscon command to monitor another user's active session. The Tscon command is used to connect a user to a disconnected session.



References:





______________________________________________________________________________________________________________________________________________

You are configuring security for a Windows Server 2008 IIS Web server. Currently, four different Web applications are configured in the Default Web Site object. Based on your organization's security policy, the applications have the following authentication security requirements:

* WebApp01: Windows Authentication* WebApp02: Forms Authentication* WebApp03: Windows Authentication* WebApp04: Windows Authentication

Which steps should you take to meet these requirements with the least administrative effort? (Each correct answer presents part of the solution. Choose two.)

1. Configure the Default Web Site to use Forms Authentication.

2. Configure WebApp02 to use Forms Authentication. <Correct>

3. Configure the Default Web Site to use Windows Authentication. <Correct>

4. Configure WebApp01, WebApp03, and WebApp04 to use Windows Authentication.

5. Move WebApp02 to a new site and configure the site to use Forms Authentication.

Explanation:Because three out of the four Web applications require Windows Authentication, it is easiest to configure this option at the site level. You can override the configuration for WebApp02 by enabling Forms Authentication at the Web application level.

Manually assigning authentication settings to each of the sites is not the most efficient method. It is not necessary to move the Web application to another site, and this could require a change to the URL by which users access the site.



References:


IIS 7.0: Configure a Host Header for a Web SiteMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/0cf70cc4-ae4d-470b-992d-225dbff55e4f1033.mspx?mfr=true




______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for setting up Windows SharePoint Services (WSS). The server is currently configured with only the default SharePoint Team Site. Your organization requires each department to have a separate section for uploading and downloading documents. The list of departments includes:

* Engineering* Human Resources* Marketing* Sales

All the sites should use the same navigation elements to enable users who work in multiple departments to access content easily. Users would prefer to use a single URL to access all the content. You also want to minimize administrative effort related to setting up and managing the Web sites.

How should you configure WSS to meet these requirements?

1. Create a single site collection and create individual sites for each department. <Correct>

2. Extend the default SharePoint Team Site to include one site per department.

3. Enable Self-Service Site Management for the WSS site.

4. Create a separate site collection for each department.

Explanation:To share navigation elements between the sites, all the department sites should belong to the same site collection.

Creating separate site collections will take more time and effort and will not provide shared navigation. Self-Service Site Management is designed to enable users to create their own sites. Extending the default site will not enable a single URL to access all departments.



References:


Create site collections (Windows SharePoint Services)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/f6e695fe-a3c2-4833-a746-5310a6332c531033.mspx



______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Consolidated Messenger. Your responsibilities include supporting terminal servers and clients.

Recently, users have been complaining about the performance of their Terminal Services sessions on a terminal server named TS8. You open Terminal Services Manager on TS8 and discover many sessions that have not shown any activity for days.

You want to configure TS8 to end user sessions that remain inactive for more than one day.


1. On TS8, choose the option to disconnect when the session limit is reached.

2. On TS8, choose the option to end the session when the session limit is reached. <Correct>

3. On TS8, set the Idle Session Limit to one day. <Correct>

4. On TS8, set the Active Session Limit to one day.

5. On TS8, choose the option to end a disconnected session after one day.

Explanation:To end user sessions that have been inactive for more than one day, you need to set the Idle Session Limit and then choose the option to end the session once this limit is reached.

Choosing the option to end a disconnected session after one day will not affect sessions that are inactive yet remain connected. You want to limit the length of all inactive sessions, both connected and disconnected.

Setting the Active Session Limit to one day will not limit inactive sessions. It will only disconnect or end user sessions that are active for one day.

Choosing the option to disconnect when the session limit is reached will not end inactive user sessions.



References:





______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for configuring Windows SharePoint Services (WSS) on four computers running Windows Server 2008. For performance and reliability purposes, you have decided to use a server farm configuration for WSS. You are also testing a network load balancer that will route requests to the various WSS servers. Some users of the WSS servers are located on the same subnet as the WSS servers, but others access the servers by using an Internet connection. Users report that they are able to access information by using this configuration, but the URLs they use to access WSS content differ based on which server they are using. You would like all users to see a consistent URL regardless of which WSS they are using.

How can you configure WSS to meet these requirements?

1. Use different Public URL settings for each of the WSS servers.

2. Add different Internal URL settings for each of the WSS servers.

3. Use the same Public URL settings for each of the WSS servers. <Correct>

4. Add the same Internal URL setting for each of the WSS servers.

Explanation:URL mappings enable you to specify the URLs that will be returned to users, regardless of the internal URL settings for the site. Because all users are on the same subnet as the WSS server, the settings in the intranet zone will apply.

Internal URL settings should be different for each of the servers in the server farm and should not be changed. Using a different public URL for each server will result in different addresses being sent to users.



References:


Plan alternate access mappings (Windows SharePoint Services)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/c8ccffce-5162-46af-a3ef-1d7914e8efee1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for configuring and troubleshooting SMTP services on a computer running Windows Server 2008. Recently, a user complained that several messages he attempted to send have not been received by a member of another organization. All other messages have been sent and received successfully. He has confirmed that anti-spam software is not the cause of the problem. No other users have reported problems with sending messages. You suspect that the issue is caused by an addressing problem with the messages. The exhibit shows the settings of the Advanced Delivery options for the SMTP virtual server.

Which action should you take to identify and resolve the problem?

1. Enable the Perform rReverse DNS lookup on incoming messages option.

2. Examine messages stored in the SMTP virtual server's BadMail folder to identify messages with invalid addresses.<Correct>

3. Configure a Smart host setting for the SMTP server.

4. Increase the Maximum hop count setting for the SMTP virtual server.

Explanation:Copies of messages that cannot be sent are automatically stored in the server's BadMail folder. You can examine the files stored here to identify potential address-related issues.

Increasing the Maximum hop count setting enables messages to traverse additional servers. It is currently set to a reasonable value. The Smart host setting is used to forward all messages to another server. This would not help identify or resolve the problem. Reverse DNS lookups can be used to validate message validity further, but enabling this option will not allow incorrectly addressed messages to be sent.



References:





______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Adventure Works. Your responsibilities include managing terminal servers and clients.

You need to shut down a terminal server named TS1 for maintenance. In Terminal Services Manager, you see that there is one active user session connected to TS1 through RDP-Tcp.

You want to prevent new users from connecting to TS1 before you are able to shut the server down.Then you want to end the active remote user session while still giving the user a chance to save his or her work.

Which of the following commands should you use? (Each correct answer presents part of the solution. Choose two.)

1. Rwinsta

2. Change Logon (Chglogon) <Correct>

3. Change User (Chgusr)

4. Tskill

5. Logoff <Correct>

Explanation:To prevent new users from logging on to TS1 before you have an opportunity to shut down, use the Chglogon /drainuntilrestart command. To end another user's session while giving the user an opportunity to save his or her work, use the Logoff command.

The other commands do not achieve the desired result. The Rwinsta command deletes a user session without giving the user an opportunity to save his or her work. The Tskill command ends a single process running in a session on a terminal server. The Chgusr command changes the install mode for the terminal server.



References:


Terminal Services Command ReferenceMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/2f371848-5c48-470c-908c-afbc95d3a8051033.mspx



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator configuring security for the Web Server (IIS) server role. The server currently hosts a single Web site that includes a single Web application. During development, you used a self-signed SSL certificate for the Web site. You are now planning to move the server to a production environment and want to obtain a certificate for use over the Internet. The Web application is configured as the following:

* Site Name: Blue Yonder Public* Server Name: BlueWeb01* Web Application Name: Reservations* Public DNS name: www.blueyonderairlines.com* Internal DNS name: orders.BYinternal.com

Which of the following should you use for the Common Name (CN) that is included in the certificate request?

1. Orders.BYinternal.com

2. www.blueyonderairlines.com/Reservations

3. BlueWeb01/Reservations

4. www.blueyonderairlines.com <Correct>

5. BlueWeb01

Explanation:For an SSL certificate to be considered valid, the CN setting must match the DNS domain name used to access the site. In this case, Internet users will access the site by using http://www.blueyonderairlines.com.

The CN does not need to include the Web application name. The internal DNS address and the server name are not relevant to the CN setting.



References:


How to Setup SSL on IIS 7IIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Configuring-Security/Using-SSL/How-to-Setup-SSL-on-IIS7



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for a company named A Datum Corporation. The Adatum.com network is composed of a single Active Directory domain. Your job responsibilities include deploying and configuring terminal servers.

You install and configure a new TS Gateway server named TSGate8 inside the corporate network. During installation, you specify a server certificate obtained from the local certificate authority integrated into the Adatum.com Active Directory domain.

You want to use a computer running Internet Security and Acceleration (ISA) Server 2006 installed in the company's perimeter network as an SSL bridging device between external Terminal Services clients and TS Gateway internal to the network. On ISA Server, you have installed a server certificate obtained from a third-party certification authority (CA) that is trusted by all computers running Windows. Neither ISA Server nor the external clients are members of the Adatum.com Active Directory domain.

Which step must you take to enable ISA Server to act as a Secure Sockets Layer (SSL) bridging device?

1. Install the server certificate for TS Gateway in the Trusted Root Certificate Authorities store on the external clients.

2. Install the server certificate for TS Gateway in the Trusted Root Certificate Authorities store on ISA Server.<Correct>

3. Install the server certificate for ISA Server in the Trusted Root Certificate Authorities store on the external clients.

4. Install the server certificate for ISA Server in the Trusted Root Certificate Authorities store on TS Gateway.

Explanation:In SSL communications, the SSL server needs a server certificate, and the SSL client needs to trust the CA that has issued that server certificate. When ISA Server acts as an SSL bridging device, it acts as both an SSL server for the external TS clients and as an SSL client for the internal TS Gateway.

Because ISA Server is an SSL client to TS Gateway, ISA Server needs to trust the certificate authority that has issued the server certificate to TS Gateway. ISA Server is not a member of the Adatum.com domain, so ISA Server does not trust the Adatum.com CA by default. Therefore, you need to import and install the root certificate for the CA in the Trusted Root Certification Authorities store on ISA Server.

The external TS clients act as SSL clients of ISA Server. Therefore, the external clients need to trust the CA that has issued the certificate to ISA Server. In this case, the CA is a trusted third-party certification authority, so installing the ISA Server server certificate is not necessary.

You do not need to install the TS Gateway certificate on the external certificate because in an SSL bridging scenario such as this, no direct communication occurs between the TS clients and TS Gateway.



References:





______________________________________________________________________________________________________________________________________________

You are a systems administrator for a Windows Server 2008 Web server. You are currently assisting a Web developer with isolating the source of a performance problem on a heavily used public Web site. Users have recently reported that they occasionally receive errors when accessing the Web site. The errors seem to be extremely rare, and you have been unable to re-create them manually. You would like to obtain more information about requests that encounter specific HTTP errors during processing without adversely affecting the performance of the server.

Which of the following actions will meet these requirements?

1. Modify the Logging options for the Web site to include all available columns.

2. Modify the logging options for the Web site and increase the log file rollover frequency.

3. Create a new ISAPI filter for tracking the problem and enable it for use on the Web site.

4. Enable Failed Request Tracing Rules for the Web site and create a new rule to capture the necessary information.<Correct>

Explanation:Failed Request Tracing Rules enable you to specify which types of errors will be logged. This option is useful on busy Web servers because it will minimize the performance impact of logging.

Adding columns to the default logging options will reduce performance and will not necessarily capture the results of specific HTTP errors. The log file rollover frequency settings do not affect which information is collected. Creating a new ISAPI filter can be time-consuming and can affect performance of the Web application.



References:


TechNet Webcast: Internet Information Services 7.0 Diagnostics and Troubleshooting (Level 300)Microsoft TechNetLink: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032352139&CountryCode=US

IIS 7.0: Create a Tracing Rule for Failed RequestsMicrosoft TechNetLink: http://technet2.microsoft.com/WindowsServer2008/en/library/3dbee69b-ca3b-4adf-ab9e-81a541fc908c1033.mspx



______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for managing security on seven Windows Server 2008 IIS Web servers. You have decided to create a script to automatically assign minimal permissions based on the requirements of each Web application.

To which user account should you assign permissions?

1. IUSR_MachineName (where MachineName is the name of the appropriate Web server)

2. IUSR <Correct>

3. IIS_WPG

4. Network Service

Explanation:IIS 7 uses a standard security account called IUSR to manage permissions for all servers. You can use this account name in scripts to perform administrative operations, regardless of the server name.

The IUSR_MachineName account and IIS_WPG account were used with Windows Server 2003 and IIS 6 but are no longer intended for use with IIS 7. The Network Service account can be used by many different services, and assigning direct permissions to it can reduce overall security.



References:





______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Contoso.com Your responsibilities include managing terminal servers and clients.

Your company network includes a terminal server farm named TSFARM2. The farm includes three servers, named TS4, TS5, and TS6. The TS Session Broker role service is installed on TS4, and all three servers have been configured to use TS4 as the TS Session Broker server.

Your manager asks you to take TS5 offline for maintenance at some point during the next several days. In advance of shutting down the server, you need to ensure that no new user sessions are initiated on TS5 while the disruption to Terminal Services users is minimized. After maintenance is complete, you want TS5 to resume normal operations as soon as possible.

Which of the following options best enables you to meet your goals?

1. On TS5, disable the option to participate in Session Broker Load-Balancing.Shut down the server for maintenance when all active user sessions have ended.Restart the server after maintenance on TS5 is complete and then re-enable the same option.

2. On TS5, disable the option to join a farm in TS Session Broker.Shut down the server for maintenance when all active user sessions have ended.Restart the server after maintenance on TS5 is complete and then re-enable the same option.

3. On TS5, choose the option to allow reconnections but prevent new logons until the server is restarted.When all active sessions have ended, shut down the server for maintenance. After maintenance on TS5 is complete, restart the server.

<Correct>

4. On TS5, log off the current users, and then shut down the server for maintenance.After maintenance on TS5 is complete, restart the server.

Explanation:Your goals are to prevent new logons while minimizing disruption to users and to resume normal operations as soon as possible after maintenance is complete. By choosing the option on TS5 to allow reconnections but prevent new logons until the server is restarted, you can wait until most or all current users have ended their sessions voluntarily before you take the server offline for maintenance. This setting thus minimizes the need to terminate (and, therefore, cause unnecessary disruption to) active user sessions. This option also minimizes disruptions to all users connecting to TSFARM2: when this option is selected on a member of a TS Session Broker farm, TS Session Broker will prevent new requests to the farm from being directed toward that particular server. Finally, with this setting, the server reverts to its normal functioning state after being restarted naturally.

Disabling the option to participate in Session Broker Load-Balancing will not meet your goals. This step will only prevent TS5 from receiving an equitable portion of requests for user sessions on TSFARM2.

Disabling the option to join a farm in TS Session Broker will not meet your requirements. This option will prevent some but not all user logons. Users who specify TS5 by name or by IP address will still be able to establish a user session.

Logging off the current users does not meet your requirement of minimizing disruption to active user sessions.


Sub Objective(s):Configure Terminal Services load balancing.

References:


Introducing Terminal Services Server Drain ModeTerminal Services Team BlogLink: http://blogs.msdn.com/ts/archive/2007/06/15/introducing-terminal-services-server-drain-mode.aspx



______________________________________________________________________________________________________________________________________________

You are configuring security for a Windows Server 2008 IIS Web server that is running multiple Web sites. A new Web application requires you to create a new application pool and to use a new Windows user account called WebAdmin01 for security permissions. The server is not joined to an Active Directory domain. You have created the new user account by using the default settings.

Which of the following is the easiest method of providing the necessary permissions for the WebAdmin01 user account?

1. Change the properties of the new application pool to use the LocalService account.

2. Add the WebAdmin01 user account to the IIS_IUSRS group. <Correct>

3. Rename the WebAdmin01 user account to IUSR.

4. Change the properties of the new application pool to use the LocalSystem account.

Explanation:To simplify the process of providing the necessary permissions to be used as an application pool security account, IIS 7 includes the IIS_IUSRS built-in group for Web servers.

Renaming the user account is not possible because a default IUSR account will already exist on the computer. This account is likely to be required for other sites and applications to function properly. Changing the application pool service accounts will not meet the security requirements to run under the specific user context.



References:





______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Wide World Importers. Your responsibilities include supporting terminal servers and clients.

You need to deploy a new terminal server in your organization. Users plan to use the server to play Windows Media Player files.

Which of the following features do you need to install on the new server so that users can play Windows Media Player files in their Terminal Services client connections?

1. Remote Differential Compression

2. XPS Viewer

3. Quality Windows Audio Video Experience

4. Desktop Experience <Correct>

Explanation:You need to install the Desktop Experience feature because this is the only feature that includes Windows Media Player. Quality Windows Audio Video Experience (qWave) provides mechanisms to allow quality-of-service (QoS) for streaming media over IP networks. It is not a requirement.Remote Differential Compression computes and transfers the differences between two objects over a network by using minimal bandwidth. It is not used to play Windows Media Player files. XPS Viewer allows viewing, signing, and protecting of XPS documents. It is not used with Windows Media Player files.



References:


Remote Desktop Connection DisplayMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/fc0b405b-07ef-4767-8716-198d7f0949011033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist. As part of your job, you deploy and support applications for users throughout your organization.

You have been asked to deploy an application named App7 as a RemoteApp program on a terminal server named TS7. The setup program for App7 is named App7setup.exe.

You need to install App7 so that the application can support multiple users.

Which of these methods should you use to install App7?

1. Install App7 through Control Panel, using the Install Application On Terminal Server option. <Correct>

2. Install App7 with a custom script.

3. Install App7 through a Group Policy.

4. Install App7 by directly executing App7setup.exe.

Explanation:If you want to deploy an application on a terminal server so that the application can support multiple users, you can install the program by using the Install Application On Terminal Server program in Control Panel.

You should not install the program by using the setup program because it is an executable (.exe) file. You should not use this type of file to install a program for multiple users on a terminal server without using the Control Panel option or the Chguser command.

Deploying the program through Group Policy will not enable it to support multiple users on a terminal server.

It is not necessary to write a script to ensure multiuser support. You need only to install the program by using the Control Panel option.



References:





______________________________________________________________________________________________________________________________________________


You are deploying a file server named Server15 in the Fabrikam.com Research department. Server15 will be used to host mission-critical data that is frequently accessed and updated. For this particular server, you want to choose a local fault-tolerant storage solution that is highly reliable and offers good performance. The efficient use of physical disks is not a high priority.


1. Striped volume

2. Mirrored volume <Correct>

3. RAID-5 volume

4. Spanned volume

Explanation:Windows Server 2008 provides two built-in fault-tolerant solutions for locally stored storage disks: mirrored volumes and RAID-5 volumes. A mirrored volume is a fault-tolerant volume that consists of two physical disk copies (mirrors) of the same disk. The advantage of a mirrored volume over a RAID-5 volume is that a mirrored volume is more reliable and offers better write performance. The disadvantage of a mirrored volume is that it does not use disk space efficiently: a full 50 percent of the available space is used for fault tolerance. A RAID-5 volume, however, uses disks efficiently but does not offer the same degree of write performance that a mirrored volume does. In addition, a RAID-5 is not the best solution for mission-critical data because of the short outage required to replace the disk after a failure.

Neither a spanned volume nor a striped volume offers fault tolerance. A spanned volume is merely a single logical drive that occupies space on one or more physical disks. A striped volume is a single logical volume consisting of multiple physical disks and to which data is written in a striped manner across these disks. Striping data in this way improves performance.



References:




______________________________________________________________________________________________________________________________________________

You are an IT support specialist for Blue Yonder Airlines. The Blueyonderairlines.com network is composed of a single Active Directory domain and includes 50 servers, 30 of which run Windows Server 2003 and 20 of which run Windows Server 2008.

The IT staff is planning a consolidation project to reduce the number of physical servers in your organization. You are currently determining which existing servers on your network can act as hosts for virtual machines.

A server named SRV23 is a 64-bit, dual-processor machine running Window Server 2003.

If you want to preserve the two 64-bit processors in a virtual environment, which of the following servers can you use to host SRV23? (Each correct answer presents a complete solution. Choose two.)

1. A server with a single dual-core CPU and running Windows Server 2008 and Windows Virtual Server 2005

2. A dual-CPU server running Windows Server 2008 and Windows Server Hyper-V <Correct>

3. A dual-CPU server running Windows Server 2003 and Windows Virtual Server 2005

4. A dual-CPU server running Windows Server 2003 and Windows Virtual Server 2005

5. A server with a single dual-core CPU running Windows Server 2008 and Windows Server Hyper-V <Correct>

Explanation:To host a virtual machine that emulates a dual-processor server, you need to run that machine in a Windows Server Hyper-V environment. Windows Virtual Server 2005 does not support dual-CPU guests. In addition, the number of CPUs you create for the guest (virtual) machine is limited by the number of physical CPUs on the host.



References:




______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for managing performance of a computer running the Web Server (IIS) server role. The server currently hosts three Web applications which are accessible to the public by using the Internet. During periods of high activity, you find that one of the Web applications uses the majority of CPU and memory resources. During these times, users have reported slow performance or timeouts when accessing the other applications. You want to ensure that users of these applications have equal access to resources during these periods.

Which of the following actions should you take? (Each correct answer presents part of the solution. Choose two.)

1. Using Windows System Resource Manager, select the Equal_Per_Session resource allocation policy.

2. Configure each Web application to use the same application pool.

3. Using Windows System Resource Manager, select the Equal_Per_IISAppPool resource allocation policy.<Correct>

4. Using Windows System Resource Manager, select the Equal_Per_User resource allocation policy.

5. Configure each Web application to use a separate application pool. <Correct>

Explanation:The Equal_Per_IISAppPool Windows System Resource Manager resource allocation policy helps ensure that applications that are part of one application pool do not consume excessive resources on the server. To use this option, you should create a separate application pool for each of the Web applications.

The Equal_Per_User resource allocation policy applies to users who log on to the computer running Windows Server 2008. This option is not relevant because users will access the server by using HTTP over the Internet. The Equal_Per_Session setting is designed to manage resource allocation for users who access the computer by using Terminal Services.



References:


Windows System Resource ManagerMicrosoft.comLink: http://www.microsoft.com/windowsserver2003/technologies/management/wsrm/default.mspx

Common Administrative Tasks: Creating Application PoolsIIS.NET Web siteLink: http://www.iis.net/default.aspx?tabid=2&subtabid=23&i=1008



______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Fabrikam, Inc. Your responsibilities include supporting terminal servers and clients.

Recently, users have been complaining about the performance of their Terminal Services sessions on a terminal server named TS6. You open Terminal Services Manager and find many disconnected sessions from the same users.

You want to prevent users from establishing more than one simultaneous connection to TS6.

What should you do?

1. In Terminal Services Configuration, configure TS6 to enable reconnections but prevent new logons.

2. In Terminal Services Configuration, configure TS6 to allow reconnections but prevent new logons until the server is restarted.

3. In Terminal Services Configuration, configure TS6 to restrict each user to a single session. <Correct>

4. In Terminal Services configuration, configure TS6 to end sessions that are disconnected.

Explanation:To prevent users from establishing more than one simultaneous connection to a terminal server, use Terminal Services Configuration to enable the option to restrict each user to a single session.

The two options that enable reconnections but prevent new logons will stop all new user logons. You do not want to prevent users from logging on. You only want users to establish no more than one logon session.

The option to end sessions that are disconnected will not prevent users from establishing more than one simultaneous connection. It will only prevent all disconnected user sessions.



References:





______________________________________________________________________________________________________________________________________________

You are responsible for managing data stored on a Windows Server 2008 server running Windows SharePoint Services (WSS). The server currently consists of the default SharePoint Team Site included with the WSS installation. Users have uploaded numerous files to the site and rely on it to share information. Recently, a user accidentally deleted several documents from the site. He reports that there are no other copies of the documents available. You decide to perform a restore operation from the most recent backup. You want to minimize the time required to perform the restore and the disruption to other users of the site. The Select the components to restore options are shown in the exhibit.

Which option should you select to meet these requirements?

1. SharePoint - 80

2. WSS_Content <Correct>

3. Windows SharePoint Services Search

4. Farm

5. Windows SharePoint Services Web Application

Explanation:To minimize restore time, select only the Content Database (WSS_Content ) option. This will restore the user data without affecting the server configuration.

The other restore options include additional information (such as farm and server configuration) that will increase the restore time and will potentially change server settings.



References:


Administering backup and recovery for Windows SharePoint Services 3.0 technologyMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/64171b8c-5608-4e69-881a-67996080b7ff1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You work as a network support specialist for a company named Fabrikam.com, whose corporate network consists of a single Active Directory domain. The Fabrikam.com network includes 10 servers running Windows Server 2008 and 200 clients running Windows Vista Enterprise. All client computers are running Remote Desktop Connection 6.0.

Your network includes a terminal server named TS70. You need to take TS70 offline for maintenance, but when you log on to TS70 locally and open Terminal Services Manager, you discover that a single user named PauloN is connected to TS70 in an active Terminal Services session.

You want to shut down the computer within five minutes, but you also want to give PauloN a chance to save his work.


1. In Terminal Services Manager, send PauloN a message indicating that you will shut the server down in five minutes and requesting him to save his work. <Correct>

2. In Terminal Services Manager, choose the option to disconnect PauloN's session.

3. In Terminal Services Manager, choose the option to log off PauloN. <Correct>

4. In Terminal Services Manager, choose the option to reset PauloN's session.

5. Log on to TS70 through an RDP connection and send PauloN a message indicating that you will shut the server down in five minutes and requesting him to save his work.

Explanation:You want to give a single user a chance to save his work, and then you need to end his session. The best way to do this is to send a message from Terminal Services Manager informing the user of the need to save his work. Then, to end a session, choose the log off option.

You do not need to connect to TS70 through an RDP connection. You can send a message and log off a user from the console session on TS70.

You do not need to reset PauloN's session. Resetting a session deletes it immediately, closing all programs without giving the user a last chance to save his work. You should reset a session only when it is unresponsive.

You should not disconnect the session. Disconnecting the session leaves the session open and prevents the user from accessing his desktop to save his work.



References:




______________________________________________________________________________________________________________________________________________


Your company network includes a terminal server farm named TSFARM3. The farm includes four servers, named TS7, TS8, TS9, and TS10. The TS Session Broker role service is installed on TS7, and all four servers have been configured to use TS7 as the TS Session Broker server. You are using round robin in DNS to distribute the initial client requests among the terminal servers. You are not using any additional load-balancing technology.

In Terminal Services Manager, you discover that there are many active sessions on TS7, TS9, and TS10 but no active sessions on TS8.

You want client sessions to be distributed equally among all four servers.

Which of the following steps is most likely to fix the problem?

1. On TS8, disable the option to use IP address redirection.

2. On TS8, assign a value of 1 for the relative weight of the server in the farm.

3. At the DNS server for Contoso.com, add a DNS entry for TSFARM3 that points to the IP address of TS8.

4. Add TS8 to the Session Directory Computers local group on TS7. <Correct>

Explanation:If TS8 is not a member of the Session Directory Computers local group on TS7, the TS Session Broker service on TS7 will not route any Terminal Services connections to TS8. Therefore, adding TS8 to this group is a potential solution to the problem. None of the other answer choices are potential solutions to the problem presented.

You should disable the option to use IP address redirection only if you have implemented a load-balancing solution that supports TS Session Broker routing tokens. In this particular case, because you have implemented no load-balancing solution beyond DNS round robin and TS Session Broker itself, disabling this option is much more likely to cause a problem than to solve one.

Adding a DNS entry for TSFARM3 that points to the IP address of TS8 will help distribute some initial client requests for TSFARM3 to TS8. However, because TS8 is a member of a TS Session Broker farm, the client requests are then redistributed among all four members. Therefore, adding this record cannot solve the problem described.

Assigning TS8 a relative weight of 1 would likely reduce client sessions on TS8. The default weight assigned to each server is 100. Therefore, a server assigned a value of 1 would typically receive 1 percent of the normal client session load.



References:


A closer look at Session Broker load balancing in Windows Server 2008Brianmadden.comLink: http://www.brianmadden.com/content/article/A-closer-look-at-Session-Broker-load-balancing-in-Windows-Server-2008

Windows Server 2008 RC0 TS Session Broker Load Balancing Step-by-Step GuideMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/f9fe9c74-77f5-4bba-a6b9-433d823bbfbd1033.mspx?mfr=true

Terminal Services Session Broker (TS Session Broker)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/902a6081-9ecd-45ec-96ee-f51097d71c8c1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a Windows SharePoint Service (WSS) administrator responsible for performing backups of a collection of SharePoint sites. Recently, the WSS server has been running low on available disk space, and additional storage resources will not be available for several weeks. You want to reduce the size of WSS backups while ensuring that all user data is protected and can be recovered in the case of a server failure.

Which of the following methods will enable you to reduce the size of WSS backups while meeting these requirements? (Choose all that apply.)

1. Deselect the Windows SharePoint Services Search option when creating the backup. <Correct>

2. Deselect the Windows SharePoint Services Web Application option when creating the backup.

3. Deselect the Farm option when creating the backup.

4. Select Full for the Type Of Backup setting.

5. Select Differential for the Type Of Backup setting. <Correct>

Explanation:To reduce backup size while still meeting these requirements, you can remove the Windows SharePoint Service Search option. Search indexes can be re-created automatically after a restore operation if necessary. Differential backups store only changes made since the last backup and will, therefore, minimize backup size.

Full backups include all the data that is selected for backup and will not reduce the amount of required disk space. Deselecting the Web Application or Farm settings will not ensure that all data is included in the backup.



References:


Back up Windows SharePoint Services 3.0 by using Central AdministrationMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/984b70c7-cd35-4977-bdaf-5ad11183c3731033.mspx?mfr=true

Administering backup and recovery for Windows SharePoint Services 3.0 technologyMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/64171b8c-5608-4e69-881a-67996080b7ff1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are configuring an internal Web server that is running Windows Server 2008. The server will host a single Web application named ProsewareIntranet. All users who require access to this Web application must have individual client certificates installed on their computers. All data transfer should be encrypted.

Which configuration options should you select to meet these security requirements? (Choose all that apply.)

1. Import all relevant client certificates to the Web server. <Correct>

2. Enable One-To-One Client Certificate Mapping. <Correct>

3. Enable Active Directory Client Certificate Mapping.

4. Enable Secure Sockets Layer (SSL) for the Web site. <Correct>

5. Enable Many-To-One Client Certificate Mapping.

Explanation:To authenticate clients individually, you must enable One-To-One Client Certificate Mapping and enable SSL for the Web site. You must then import client certificates so the Web server can use them for authentication.

The Many-To-One option enables you to use a single client certificate on each of the client computers. The Active Directory option requires you to set up an internal Certification Authority.



References:


IIS 7.0: Configure Client Certificate Mapping AuthenticationMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/db6ef395-f372-4ec5-9968-0531274c27af1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a network administrator for a company named Contoso.com whose network is composed of a single Active Directory domain. The Contoso.com network includes 10 servers running Windows Server 2008 and 200 clients running Windows Vista Enterprise. Your job responsibilities include installing new servers and clients on the network.

You are implementing Windows Deployment Services (WDS) to facilitate deployment of Windows Vista to clients on the corporate network. You have already installed WDS on a server named WDS8 and have added default install images included on the Windows Vista product DVD. You now need to add the default boot image. In the Windows Deployment Services console, you right-click the Boot Images folder and select Add Boot Image.

Which steps should you then perform to add the default boot image?

1. Browse to the \Sources directory in the Windows Server 2008 DVD and select the file named Intall.wim.

2. Browse to the \Sources directory in the Windows Server 2008 DVD and select the file named Boot.wim.<Correct>

3. Browse to the \Sources directory in the Windows Vista DVD and select the file named Boot.wim.

4. Browse to the \Sources directory in the Windows Vista DVD and select the file named Install.wim.

Explanation:The boot images native to Windows product DVDs are contained in files named Boot.wim. You do not want to select Install.wim because this file contains install images, not boot images. Finally, you want to select the Boot.wim file from the Windows Server 2008 DVD, not from the Windows Vista DVD. The Boot.wim file contained on the Windows Vista DVD does not support the full functionality of WDS.



References:





______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for configuring Windows SharePoint Services. Several users have requested the ability to add documents to their workspaces by using e-mail. You have enabled e-mail by using the Configure Incoming E-Mail Settings option in the SharePoint Central Administration Web site. The Settings Mode is configured as Advanced. However, users report that they are still unable to add documents by using e-mail.

Which of the following will resolve the problem?

1. Add the SMTP Server feature to the computer running Windows Server 2008. <Correct>

2. Add the Web Server (IIS) server role to the computer running Windows Server 2008.

3. Modify the Incoming E-Mail Server Display Address.

4. Configure a valid file system path for the E-Mail Drop Folder.

Explanation:To receive e-mail messages, the server must be configured with an available SMTP server.

You know the Web Server (IIS) server role is already installed because you are able to access the SharePoint Central Administration Web site. The E-Mail Drop Folder setting is used to specify the location in which the server should look for new messages. It will not enable the automatic receipt of messages directly by the server. The incoming display address identifies the source of documents that have been added to the server through e-mail.


Sub Objective(s):Configure Windows SharePoint Services e-mail integration.

References:


Configure incoming e-mail settings (Windows SharePoint Services)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/445dd72e-a63b-46d0-b92d-bcf0aa9d8d061033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Fabrikam.com Your responsibilities include managing terminal servers and clients.

Your company network includes a terminal server farm named TSFARM7. The farm includes three servers, named TS-A, TS-B, and TS-C. The TS Session Broker role service is installed on TS-A, and all three servers have been configured to use TS-A as the TS Session Broker server.

Your manager asks you to take TS-B offline for maintenance. In advance of shutting down the server, you need to ensure that no new user sessions are initiated on TS-B while the disruption to Terminal Services users is minimized. You want to enable users to reconnect to disconnected sessions.

Which of the following commands enables you to prevent new user logons on TS-B before taking the server offline?

1. Change user /install

2. Change logon /drain <Correct>

3. Change user /execute

4. Change logon /disable

Explanation:The Change logon /drain command prevents new user logons on a terminal server. The Change user /execute command puts a terminal server in Execute mode, which is suitable for normal operations. The Change user /install command puts a terminal server in Install mode, which is useful for installing applications with multiuser support. The Change logon /disable command prevents new logons and reconnections to disconnected sessions but does not affect currently logged-on users.



References:

MCTS Self-Paced Training Kit (Exam 70-643): Configuring Windows Server 2008 Applications InfrastructureChapter 3 - Lesson 1 and Chapter 4 - Lesson 3


Introducing Terminal Services Server Drain ModeTerminal Services Team BlogLink: http://blogs.msdn.com/ts/archive/2007/06/15/introducing-terminal-services-server-drain-mode.aspx




______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for installing and configuring Windows SharePoint Services (WSS) for your organization. Currently, you need to provide access to WSS in each of three remote branch offices. The remote offices are connected to the central office by using low-speed WAN links. Your organization's security policy requires you to store all documents centrally within the corporate data center. You also want to avoid using the WAN links for providing access to specific SharePoint sites and would like to ensure that the failure of a single SharePoint server will not prevent users in other locations from accessing their data and content.

How should you configure Windows SharePoint Services to meet these requirements? (Each correct answer presents part of the solution. Choose two.)

1. Configure a server in one of the branch offices to host a SharePoint database.

2. Configure a server in the corporate data center in a single server configuration.

3. Configure a server in the corporate data center to host a SharePoint database. <Correct>

4. Configure each remote office server to use a single server configuration.

5. Configure each remote office server to use a server farm configuration. <Correct>

Explanation:The requirements specify that each branch office should include a front-end SharePoint server and that the SharePoint database should be stored on a server that is located in the corporate data center. You can create this configuration by using the server farm configuration for Windows SharePoint Services.

The other options do not meet these requirements because a single server configuration includes a database that is stored on the same server as the SharePoint database.



References:


Deployment for Windows SharePoint Services 3.0 technologyMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/1f505e96-60e2-41ac-bf5d-9739105f047c1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist in a company named Adventure Works. The Adventure-works.com network is composed of a single Active Directory domain. Your job responsibilities include deploying and supporting terminal servers.

You have been asked to deploy a RemoteApp program named App13 on a terminal server named TS13. The plan is to have users connect to App13 through TS Web Access on a server named WebApp3. You are a member of the local Administrators group on TS13.

You install App13 on TS13 and add the program to the list of RemoteApp programs in TS RemoteApp Manager. You then connect to the TS Web Access site on WebApp3, but you do not see any option to point TS Web Access to TS13.

You want to configure TS Web Access on WebApp3 to point to TS13.


1. Add WebApp3 to the TS Web Access Computers security group on TS13.


3. In TS RemoteApp Manager on TS13, configure App13 with the option to be displayed in TS Web Access.

4. Ask a member of the Administrators group on WebApp3 to add your user account to the TS Web Access Administrators security group on WebApp3. <Correct>

Explanation:To configure TS Web Access to point to a remote server, you need to access the settings available through the Configuration tab on the TS Web Access page. This tab is visible only if you are a member of the Administrators security group or the TS Web Access Administrators security group on the TS Web Access server. If you need to modify the TS Web Access configuration and do not see this tab, you need to be added to one of these two local groups.

You do not need to configure App13 with the option to be displayed in TS Web Access. The goal in this question is to configure TS Web Access on WebApp3 to point to TS13. Verifying the properties of App13 in TS RemoteApp Manager on TS13 does not affect the configuration of TS Web Access on WebApp3.

You do not need to add WebApp3 to the TS Web Access Computers security group on TS13 yet. This procedure is indeed a necessary step in this configuration process. However, the specific requirements of this question are that you need to configure TS Web Access on WebApp3 to point to TS13. This option will not achieve this specific result.

You do not need to add TS13 to the TS Web Access Computers security group on WebApp3. This step would allow TS13 to read the list of RemoteApp programs configured on WebApp3, but it would not enable you to see the Configuration tab in TS Remote Access.



References:





______________________________________________________________________________________________________________________________________________

You are configuring security for an IIS 7 Web application running on Windows Server 2008. The Web application has been written using ASP.NET and should be accessible to both internal and external users. You have changed the file system location for the Default Web Site to the Web application's folder. The application uses a Web page named Login.aspx to process logon attempts. The current authentication configuration for the Default Web Site is shown in the exhibit.

When users attempt to connect to the Web site using the URL http://Server1.contoso.com, they report that they receive an error stating that they do not have the necessary permissions to access the default Web page.

Which of the following changes should you make to resolve this issue?

1. Enable Windows Authentication.

2. Enable ASP.NET Impersonation.

3. Enable Forms Authentication. <Correct>

4. Enable Basic Authentication.

Explanation:Because the application requires both internal and external users to access its Login.aspx page, you should enable Forms Authentication. When unauthenticated users attempt to access the site, they will be redirected automatically to the page you specify in the Forms Authentication options.

ASP.NET Impersonation manages the permission that will be used by the Web application. Because users will be using Forms Authentication, this setting is not required. Basic Authentication and Windows Authentication are not appropriate because all users should use the Login.aspx page to authenticate.



References:





______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for configuring security permissions on a computer running Windows Server 2008 and the FTP Publishing Service (FTP 6). The name of the server is ContosoFTP01. You have set up a new FTP site by using the IIS 6.0 Manager. The root folder for the FTP site is C:\Data\CompanyPolicies. You want all users on the network to be able to access only the files that have been granted Read permissions for the IUSR_ContosoFTP01 account. Several users have reported that they are able to modify the files and access files for which the IUSR_ContosoFTP01 account is not assigned any permissions. Other users, however, do have the correct effective permissions. You have verified that the NTFS file system permissions are configured properly. The current Security Accounts settings for the server are configured as shown in the exhibit.

How should you resolve this issue?

1. Verify the Password setting.

2. Disable the Allow anonymous connections option.

3. Change the User name setting.

4. Enable the Allow only anonymous connections option. <Correct>

Explanation:By default, users are able to access content based on NTFS file system permissions granted to the accounts they use to log on to the server. Therefore, users who provide valid Windows account credentials can have additional permissions on the server. Allowing only anonymous connections will grant all users the permissions of the IUSR_ContosoFTP01 account.

The User name and Password settings are correct because some users are able to access files by using anonymous authentication. Disabling anonymous connections will prevent users from having the effective permission of the IUSR_ContosoFTP01 account.



References:


Configuring Anonymous FTP Authentication (IIS 6.0)Microsoft TechNetLink: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/26a80508-791c-42c2-bb2e-1427d4ddf8c2.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for configuring the SMTP Server feature for use by multiple applications. Currently, the server is using only the default virtual SMTP server to provide outbound messaging support for a single domain. The server is configured with the only available public IP address. To support a second domain, you have decided to add a new SMTP virtual server. After using the New SMTP Virtual Server Wizard to create a new site, you find that you cannot start the new virtual server. The exhibit shows the current Advanced settings on the General tab of the properties of the new SMTP server.

Which change should you make to resolve this issue?

1. Use the Add command to add a new IP Address and TCP Port setting for the SMTP virtual server.

2. Use the Edit command to change the TCP Port number setting for the SMTP virtual server. <Correct>

3. Use the Edit command to change the IP Address setting for the SMTP virtual server.

4. Use the Remove command to remove the default IP Address and TCP Port setting for the SMTP virtual server.

Explanation:Each SMTP virtual server must use a unique combination of TCP port and IP address to be started concurrently. Changing the TCP port number will enable the SMTP virtual server to be started.

Changing the IP Address setting will not resolve the issue because the server is configured with only a single IP address and only one public IP address is available. Adding a new binding will not resolve the conflict issue with the default SMTP virtual server. Removing the binding will make the SMTP server inaccessible to users and applications.



References:





______________________________________________________________________________________________________________________________________________

You are a network administrator for a company named Fabrikam.com whose network is composed of a single Active Directory domain. The Fabrikam.com network includes 10 servers running Windows Server 2008 and 200 clients running Windows Vista Enterprise Edition. Your job responsibilities include installing new servers and clients on the network.

You are preparing to implement Windows Deployment Services (WDS) to facilitate the deployment of Windows Vista clients on the corporate network. You have already obtained a server to be used as the WDS server, and you now need to verify that the components WDS needs are available on the network.

Which of the following components is NOT needed by WDS?

1. Active Directory environment

2. A DHCP server

3. PXE-boot clients <Correct>

4. An NTFS partition located on the Windows Deployment Services server

Explanation:WDS requires an NTFS partition on the Windows Deployment Services (WDS) server, an Active Directory environment, and a DHCP server available on the network. Although WDS provides support for PXE-boot clients, you can boot non-PXE clients to Windows Preinstallation Environment (WinPE) media by creating a discover image. Using the image, the non-PXE clients can find an appropriate WDS server and complete image installation.



References:





______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator troubleshooting an SMTP problem. Recently, several users have reported that they are receiving unwanted e-mail messages routed through the SMTP server. You want the SMTP server to be used only for transferring messages within your organization. Currently, the SMTP virtual server is configured to use the mail.contoso.com domain name. One user has forwarded an unwanted message that has the following header information:

* From: [email protected]* To: [email protected]

How can you resolve this problem?

1. Change the Fully Qualified Domain Name (FQDN) setting for the SMTP virtual server.

2. Change the IP Address assignment for the SMTP virtual server.

3. In the properties of the SMTP virtual server, add Relay Restrictions settings. <Correct>

4. Configure the SMTP virtual server to use a Smart Host that has access to the Internet.

Explanation:The unwanted message includes To and From addresses that are not part of the domain of the SMTP virtual server. To prevent these messages from being transferred, enable Relay Restrictions.

The Smart Host setting is used for automatically forwarding outbound mail to a specific server. It will not directly stop relaying. Because the SMTP virtual server will be used for routing internal mail, the FQDN setting should remain as it is currently configured. Changing IP address settings will not directly prevent the unwanted messages from being transferred.



References:





______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for configuring Windows Media Services. Your organization plans to provide a video stream of its latest shareholders' conference to users who are part of your organization as well as to non-employees over the Internet. You want to minimize the amount of bandwidth that is used for providing the content to client computers. You also want to enable viewers to fast-forward through the content. You plan to create a new publishing point by using the Add Publishing Point Wizard.

Which configuration options should you use to meet these requirements? (Each correct answer presents part of the solution. Choose two.)

1. Select Encoder for the Content Type option.

2. Select On-Demand Publishing Point for the Publishing Point Type option. <Correct>

3. Configure the new publishing point to use unicast streams. <Correct>

4. Configure the new publishing point to use multicast streams.

5. Select Broadcast Publishing Point for the Publishing Point Type option.

Explanation:To allow users to fast-forward through content, you must configure the publishing point to serve on-demand content. Because content will be viewed by users over the Internet, enable the unicast option.

Broadcast publishing points provide access to live media. Multicast transmissions are generally used for live broadcasts and do not allow users to fast-forward through content. The Encoder Content Type setting is used to provide direct access to a live media stream and does not allow users to access the data on demand.



References:


Distributing contentMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/e0bd70e8-db7c-4d2d-acb8-685d5edc66c01033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are attempting to troubleshoot a Secure Sockets Layer (SSL) problem on a Windows Server 2008 IIS installation. You have recently obtained and installed a security certificate for the local server from a trusted third-party Certificate Authority (CA). You have also created a new site binding for the default Web site on the server, as shown in the exhibit. There are no other site bindings for the Web site. You are able to connect to the site using an SSL connection by using the Browse command in the Actions pane of IIS Manager. However, users report that they are unable to connect to the Web site using the URL https://Extranet.contoso.com.

How can you enable users to connect securely to the site by using this URL?

1. Change the SSL Certificate setting.

2. Export and re-import the SSL certificate.

3. Change the port assignment to port 443. <Correct>

4. Change the site binding to respond to only a specific IP address.

Explanation:The default port for HTTPS traffic is port 443. When users attempt to connect to a URL using HTTPS, their Web browser will automatically attempt to connect on this port. Because the site binding is set to use a different port, users would have to specify the port number (by using, for example, the URL https://Server1.contoso.com:8080). By changing the port binding to 443, users will be connected to the site automatically.

Changing the site binding to respond on a specific IP address will not resolve the default port issue. Because you are able to access the site locally, re-importing or changing the SSL certificate will not resolve the problem.



References:


How to Setup SSL on IIS7IIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Configuring-Security/Using-SSL/How-to-Setup-SSL-on-IIS7



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for managing security of a Windows SharePoint Services installation. Recently, a user reported that she downloaded and opened a file that resulted in a virus warning error from her computer's antivirus software. You want to prevent users from uploading or downloading documents that contain viruses. You have configured the antivirus settings by using the SharePoint Central Administration site as shown in the exhibit. However, the user who originally reported the problem is still able to download the infected file.

Which of the following changes should you make to resolve the problem?

1. Increase the Antivirus Time Out setting.

2. Increase the Number of threads setting.

3. Disable the Attempt to clean infected documents option.

4. Install a Windows SharePoint Services-compatible antivirus program on the server. <Correct>

Explanation:Although you can configure antivirus settings by using the SharePoint Central Administration Web site, Windows SharePoint Services does not include default antivirus software. To enable antivirus functionality, you must install a compatible antivirus program on the server.

The time out and number of threads settings can affect performance, but they will not prevent a user from downloading infected documents. The Attempt to clean infected documents option will have an effect only if a compatible antivirus program is installed on the server.



References:


Configure anti-virus settings (Windows SharePoint Services)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/f351d617-9f8d-46d4-a726-4c4a695a25831033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a network administrator for a company named Fabrikam.com whose network is composed of a single Active Directory domain. The Fabrikam.com network includes 10 servers running Windows Server 2008 and 200 clients running Windows Vista Enterprise. Your job responsibilities include installing new servers and clients on the network.

You are implementing Windows Deployment Services (WDS) to facilitate the deployment of Windows Vista to clients on the corporate network. You have already installed WDS on a server named WDS7, and you now want to add the default install images included in a product DVD. In the Windows Deployment Services console, you right-click the Install Images folder and select Add Install Image.

Which steps should you then perform to add a default install image?

1. Browse to the \Sources directory in the Windows Server 2008 DVD and select the file named Install.wim.

2. Browse to the \Sources directory in the Windows Vista DVD and select the file named Boot.wim.

3. Browse to the \Sources directory in the Windows Server 2008 DVD and select the file named Boot.wim.

4. Browse to the \Sources directory in the Windows Vista DVD and select the file named Install.wim. <Correct>

Explanation:An install image is an image that is applied to a client hard drive during installation. Because you are using WDS to deploy Windows Vista, you need to select an install image or set of images from the Windows Vista DVD (and not from the Windows Server 2008 DVD). Install.wim is the name of the file on the Windows Vista DVD that includes Windows Vista install images. Boot.wim is not helpful because it includes only the boot image used to boot the client computer and run the Setup program.



References:





______________________________________________________________________________________________________________________________________________


Your company network includes a terminal server farm named TSFARM4. The farm includes four servers, named TS11, TS12, TS13, and TS14. The TS Session Broker role service is installed on TS11, and you have added all four servers to the Session Directory Computers local group on TS11. You are using round-robin in DNS to distribute the initial client requests among the terminal servers. You are not using any additional load-balancing technology.

Users complain that they cannot re-connect to disconnected Terminal Services sessions on TSFARM4.

You want users to be able to re-connect to disconnected Terminal Services sessions on the server farm.

Which of the following steps is most likely to fix the problem?

1. On each server, enable the option to join a farm in TS Session Broker. <Correct>

2. On each server, assign a value of 100 for the relative weight of the server in the farm.

3. On all four servers, disable the option to use IP address redirection.

4. At the DNS server for Contoso.com, add DNS entries for TSFARM4 that point to each member server's IP address.

Explanation:If users cannot re-connect to disconnected Terminal Services sessions, no TS Session Broker farm has been configured. After you install the TS Session Broker role service on a server and add the member servers to the Session Directory Computers local group on that server, you need to configure each member server to join the farm. You can find this option in the Terminal Services Configuration console.

You should disable the option to use IP address redirection only if you have implemented a load-balancing solution that supports the use of TS Session Broker routing tokens. Clearing this option would prevent TS Session Broker from distributing client requests, and it would not help users re-connect to disconnected TS sessions.

Adding DNS entries for each server member enables initial client requests to be distributed evenly among all servers. It does not allow users to re-connect to disconnected sessions.

Assigning each server a relative weight of 100 would configure TS Session Broker to redistribute client requests equitably among all server members. It would not enable users to re-connect to disconnected sessions.



References:






______________________________________________________________________________________________________________________________________________


Your company network includes a terminal server farm named TSFARM5. The farm includes four servers, named TS1, TS2, TS3, and TS4. The TS Session Broker role service is installed on TS1. You are using round-robin in DNS to distribute the initial client requests among the terminal servers. You are not using any additional load-balancing technology.

Because TS4 is the most powerful of the four servers, you want TS4 to host half of the total number of Terminal Services client sessions in the farm. You have assigned all three other servers a relative weight of 100 in the server farm.

Which value should you assign to TS4 for its relative weight in the server farm?

1. 150

2. 200

3. 300 <Correct>

4. 50

Explanation:If you have assigned all three other servers a relative weight of 100, the total weight of the three servers combined is 300. For TS4 to receive half of the total of the entire farm, you should, therefore, assign it a matching value of 300.



References:





______________________________________________________________________________________________________________________________________________


You are planning to install a new Finance application named FinApp on a server named Finance4. The application requires a dedicated volume with more than 150 GB of space.

Currently, Finance4 is equipped with the following three volumes:

* Volume C is used to store System data. It has 9.3 GB of storage capacity, 2 GB of which is free.* Volume E is used to store applications. This volume is 150 GB in size and has 100 GB free.* Volume F is used as an archive and has a storage capacity of 250 GB, of which 100 GB is currently free.

All volumes remain at their original sizes.

You open Disk Management on Finance4 and observe the disk information provided in the exhibit. You run a disk utility on the local disks and find that all disks are healthy and reveal no bad sectors.

You want to dedicate as much space as possible to the volume where FinApp resides.

Which of the following steps should you perform?

In the list on the right, select the steps you should perform to accomplish your goal. Place your selections in the list on the left in the order in which they should be performed. Place your selections in the list on the left by clicking the items in the list on the right and clicking the arrow button. You can also use the up and down buttons to rearrange items in the list on the left. You may not need to use all of the items from the list on the right.

Explanation:You have 149 GB available, but you want to allocate more than 150 GB (and as much space as possible) to the new finance application. In this situation, you should shrink volume E to create more space on Disk 1. Shrinking volume E would maximize the free space on Disk 1 and enable you to create a new volume G with more than 150 GB of storage space. The shrink operation is very likely to succeed because there is ample free space on the volume, a shrink operation has not yet been run, and a disk utility has found no bad sectors.

You do not need to convert a volume to a dynamic disk to shrink the volume.

Moving the contents of volume E into a new volume would not maximize the space available for FinApp. Also, it would cause the applications installed on the volume to stop functioning. (Typically, you have to reinstall applications if you want to move them to a new volume.)



References:




______________________________________________________________________________________________________________________________________________

You work as a network support specialist for a company named Fabrikam.com, whose corporate network consists of a single Active Directory domain. Your job responsibilities include managing terminal servers and clients.

Your network includes a terminal server named TS80 that is used to host a line-of-business application named App80. As many as 30 users can be connected to TS80 simultaneously to use App80. However, when more than 25 users are connected to TS80, the performance of App80 degrades significantly.

You have discovered that many users leave Remote Desktop connections to TS80 open for extended periods of time. You want to prevent inactive user connections such as these from exhausting the limited resources of TS80.

How can you configure the session settings on TS80 to automatically log off user sessions that have been inactive for 15 minutes?


Explanation:You want to set a 15-minute limit on inactive (idle) sessions. To do this, you need to select the top Override User Settings check box and then choose 15 Minutes from the Idle Session Limit drop-down list. You also want idle sessions to be logged off automatically after 15 minutes. (You do not want them merely to be disconnected.) To accomplish this goal, you need to select the bottom Override User Settings check box and then choose the End Session option.

You do not want to set a limit for disconnected sessions. The question states a requirement to limit inactive connected sessions, not disconnected sessions.

You do not want to set a limit for active sessions. The question states a requirement to limit inactive sessions, not active sessions.

You do not want to choose the option to disconnect from the session when the session limit is reached. The question states a requirement to log off an idle session, not just to disconnect the session from the server.



References:




______________________________________________________________________________________________________________________________________________

You are a systems administrator configuring a Windows Server 2008 Web server for use by your organization's software development group. The developers would like the ability to install a custom request handler for handling Web pages that have the extension .nwind. The handler has been written using the Microsoft .NET Framework and should be available to all the applications hosted within the Default Web Site. You plan to create a new handler mapping for the Default Web Site.

Which type of handler mapping should you create?

1. Module Mapping

2. Managed handler <Correct>

3. Script Map

4. Wildcard Script Map

Explanation:Managed handlers are used for creating request mappings that should be processed using code based on the .NET Framework (also known as "managed code").

Script Maps and Wildcard Script Maps use an executable file or script file to handle request processing. Module Mappings are based on the built-in request handlers included with the Web Server (IIS) server role or on custom modules developed according to the module specifications.



References:


An End-to-End Extensibility Example for IIS7 DevelopersIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Extending-IIS7/Getting-Started/An-End-to-End-Extensibility-Example-for-IIS7-Devel

Build a Custom IIS7 ServerIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Deploy-an-IIS7-Server/Installing-IIS7/Build-a-Custom-IIS7-Server



______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Wide World Importers. Your responsibilities include deploying and managing terminal servers.

You need to configure a policy to enable only members of the Remote Desktop Users group to access your company's Terminal Services Gateway server from outside the corporate network.


1. Configure a Terminal Services Resource Authorization Policy (TS RAP).

2. Configure a Remote Access Policy.

3. Configure a Terminal Services Connection Authorization Policy (TS CAP). <Correct>

4. Do nothing. Members of the Remote Desktop Users group can always access a TS Gateway server.

Explanation:You need to configure a TS CAP because these policies authorize selected users to connect to TS Gateway.

You do not need to configure a TS RAP. A TS RAP does not authorize connections to TS Gateway. A TS RAP authorizes users to connect from TS Gateway to certain terminal server resources.

You do not need to configure a Remote Access Policy. A Remote Access Policy authorizes certain users to connect to a network through a virtual private network or dial-up connection.

Remote Desktop Users are not automatically authorized to use TS Gateway.



References:





______________________________________________________________________________________________________________________________________________

You are a network administrator for a company named Contoso.com whose network is composed of a single Active Directory domain. The Contoso.com network includes 10 servers running Windows Server 2008 and 200 clients running Windows Vista Enterprise. Your job responsibilities include installing new servers and clients on the network.

You are preparing to implement Windows Deployment Services (WDS) to facilitate the deployment of Windows Vista clients on the corporate network. You have already installed the WDS server role on a server named WDS1. You now want to test the WDS installation by deploying an image captured from a Windows Vista DVD to a PXE-boot client computer.

Which of the following images do you need to install? (Each correct answer presents part of the solution. Choose two.)

1. A capture image

2. A discover image

3. A boot image <Correct>

4. A RIPREP image

5. An install image <Correct>

Explanation:To deploy a basic image to PXE-boot clients, you need an install image and a boot image.

Install images are the operating system images that you deploy to the client computer. You can use the default install image (install.wim) located in the \Sources directory on the Windows Vista or Windows Server 2008 DVDs.

Boot images are the images that you boot a client computer into before installing the operating system image. The boot image presents a boot menu that contains the images users can install onto their computers. These images contain Windows PE 2.0 and the WDS client. You can use the default boot image (boot.wim) that is included in the \Sources directory of the Windows Vista or Windows Server 2008 installation media.

In special cases (not in a basic test scenario), you might also need a capture image or a discover image. Capture images are boot images that launch the WDS Capture Utility instead of Setup. When you boot a reference computer (that has been prepared with Sysprep) into a capture image, a wizard creates an install image of the reference computer and saves it as an image (WIM file). Discover images are boot images that force Setup.exe to launch in Windows Deployment Services mode and then discover a Windows Deployment Services server. These images are typically used to deploy images to computers that are not PXE enabled or that are on networks that do not allow PXE.

RIPREP images are the images used in the previous version of WDS, which is known as Remote Installation Services. WDS does not deploy RIPREP images, but it enables you to convert RIPREP images to WIM files, which can then be deployed through WDS.



References:





______________________________________________________________________________________________________________________________________________

You work as a network support specialist for a company named Contoso.com whose corporate network consists of a single Active Directory domain. The corporate network includes 10 servers running Windows Server 2008 Enterprise and 200 clients running Windows Vista Enterprise. All client computers are running Remote Desktop Connection 6.0.

Your network includes a terminal server named TS40 that hosts a line-of-business application named App40. Many users connect to TS40 throughout the day to enter inventory-related data in App40. As many as 40 users can be connected to TS40 before the performance starts to degrade noticeably .

Your manager informs you that some employees who connect to TS40 are using chat clients and other programs whose functions are unrelated to App40 or their jobs in general. Although chat clients are allowed in Fabrikam.com and on TS40, your manager wants to know which users are abusing this privilege and putting an unnecessary strain on the TS40 resources. He asks you to configure TS40 so that you can monitor and interact with user sessions without user permission.

The current RDP-Tcp settings for TS40 are shown in the exhibit. You need to configure TS40 to meet your manager's request.

What should you do? (Choose all that apply.)

1. Clear the Require User's Permission check box <Correct>

2. Enable the Interact With The Session option. <Correct>

3. Enable the Do Not Allow Remote Control option.

4. Enable the Use Remote Control With The Following Settings option. <Correct>

Explanation:You need to configure TS40 so that managers can monitor and interact with user sessions. To meet this requirement, select the Use Remote Control With The Following Settings option and then click Interact With The Session option in the Level Of Control area.

You also need to configure TS40 so that these remote control actions can be performed without the user's permission. To meet this requirement, clear the Require User's Permission check box.



References:How to Setup SSL on IIS 7IIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Configuring-Security/Using-SSL/How-to-Setup-SSL-on-IIS7



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist in a company named A Datum Corporation. The Adatum.com network is composed of a single Active Directory domain. Your job responsibilities include deploying and supporting user applications.

You install several applications to be used as RemoteApp programs on a terminal server named TS11, and you add these programs to the list of RemoteApp programs.

On a server named WebApp2, you configure TS Web Access to point to TS11. However, one of the RemoteApp programs installed on TS11, named App11, does not display on the TS Web Access site on WebApp2.

You want users to access App11 and all other RemoteApp programs installed on TS11 by browsing to the TS Web Access page on WebApp2.

What steps should you take to achieve this goal?

1. Add WebApp2 to the TS Web Access Computers security group on TS11.

2. Configure TS Web Access on WebApp2 to point to TS11.


4. On TS11, configure App11 with the option to make the program available in TS Web Access. <Correct>

Explanation:In this question scenario, all RemoteApp programs installed on TS11 except for App11 are displayed on the TS Web Access page on WebApp2. Therefore, App11 must be configured differently from the other RemoteApp applications. For each RemoteApp program to be available in TS Web Access, the program must be configured with the option to be available in TS Web Access. You can find this option in TS RemoteApp Manager by selecting the RemoteApp program and then clicking Properties in the Actions pane.

You do not need to add WebApp2 to the TS Web Access Computers security group on TS11. The computer must already be added to the group because other RemoteApp programs are being displayed in TS Web Access.

You do not need to add TS11 to the TS Web Access Computers security group on WebApp2. This step is not necessary in this scenario because WebApp2 needs to read the list of RemoteApp programs on TS11, not vice versa.

You do not need to configure TS Web Access on WebApp2 to point to TS11. TS Web Access on WebApp2 must already be pointing to TS11 because all RemoteApp programs installed on TS11 except for App11 are being displayed on the TS Web Access page.



References:





______________________________________________________________________________________________________________________________________________

You work as an IT support specialist in a company named Trey Research. The Treyresearch.net network is composed of a single Active Directory domain. Your job responsibilities include deploying and supporting user applications.

Your network includes a terminal server named TS9 that hosts a RemoteApp program named App9. Users connect to App9 through TS Web Access. App9 is the only application listed in TS Web Access.

Recently, you have noticed that users are automatically launching applications, other than App9, once their RDP sessions to TS9 are established.

As much as possible, you want to reserve the resources of TS9 for App9. You want to prevent users from running other programs upon the initial connection to TS9.

Which of the following steps accomplishes this goal?

1. Remove all programs except for App9 from the RemoteApp program list on TS9.

2. Sign an RDP file for App9 with a digital certificate.

3. On TS9, select the option to disable users from starting unlisted programs on initial connection. <Correct>

4. Configure an RDP file for App9 with a custom RDP port.

Explanation:You need to prevent users from starting unlisted programs when they connect to TS9. To achieve this result, you need to configure the Terminal Server Settings in TS RemoteApp Manager with the option to prevent users from starting unlisted programs on initial connections.

Removing programs from the RemoteApp list will not affect whether users can launch programs on initial connection. In addition, it is likely that no other programs besides App9 are added to the RemoteApp programs list because no other programs are appearing in TS Web Access.

Creating an RDP file for App9 that is signed with a digital certificate will have no affect on the users' ability to launch programs on initial connection. It will serve only to assure users that the RDP file originates from TS9.

Configuring an RDP file for App9 with a custom RDP port will have no affect on the users' ability to launch programs on initial connection. Configuring a custom RDP port adds an extra level of security for the server.



References:





______________________________________________________________________________________________________________________________________________

You are a network administrator for Trey Research, whose corporate network consists of a single Active Directory domain. Your job includes supporting Windows servers.

You have recently performed a physical-to-virtual migration of a server named TreySRV3. TreySRV3 now runs Windows NT Server 4.0 SP5 in a virtual environment on a parent server running Windows Server 2008. TreySRV3 is used only to host an application named App23 that can run on Windows NT, Windows 2000, or Windows Server 2003.

After the migration, you discover that TreySRV3 is slow and difficult to manage. For example, you have trouble positioning the cursor inside the virtual machine and then removing the cursor from the virtual machine onto the parent operating system.

You want to improve the performance and user experience on TreySRV3 so that the server is easier to manage.

Given the choices below, what would be the best way to solve the problem?

1. Install VM Additions on the parent server running Windows Server 2008.

2. Upgrade TreySRV3 to Windows Server 2008 and then install VM Additions.

3. Upgrade TreySRV3 to Windows Server 2003 and then install VM Additions. <Correct>

4. Install VM Additions on TreySRV3 without upgrading the operating system.

Explanation:Of the four answer choices, the only option that solves the problem is to upgrade TreySRV3 to Windows Server 2003 and then install VM Additions. This choice enables you to install VM Additions and support the hosted application, App23.

You cannot simply install VM Additions on TreySRV3 without upgrading the operating system because VM Additions requires Windows NT 4.0 SP6a or later, and TreySRV3 is running SP5. You cannot upgrade TreySRV3 to Windows Server 2008 because the application it hosts, App23, does not run on Windows Server 2008. Installing VM Additions on the parent server will not improve the user experience within virtual machines hosted as guests on the server. You need to add VM Additions to the guest system itself.



References:




______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Contoso.com. Your responsibilities include managing terminal servers and clients.

You have configured a terminal server farm named TSFARM1. The farm includes three servers, named TS1, TS2, and TS3.

Users connecting to TSFARM1 report that when they are accidentally disconnected from a Terminal Services session, they cannot always reconnect to the same session and continue their work.

Which step should you take to ensure that users who are disconnected from TSFARM1 are able to reconnect to their open sessions?

1. Configure round-robin distribution.

2. Configure Network Load Balancing.

3. Configure TS Session Broker. <Correct>

4. Configure failover clustering.

Explanation:The TS Session Broker role service is used to keep track of all the user sessions on the terminal servers in a terminal server farm. If users who are accidentally disconnected from a Terminal Services farm attempt to reconnect, TS Session Broker directs those users back to the particular server farm member on which their session is hosted.

None of the other answer choices enable a user to reconnect to a disconnected session on a terminal server farm.



References:





______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Fabrikam.com.

You have been tasked with deploying a terminal server named TS1 to host an application named App1. You expect between 10 and 20 users to connect to TS1 each week from any of five terminal stations located at the Fabrikam.com front desk. Your network does not currently include a terminal server, and you do not foresee a need to support any other Terminal Services clients in the organization.





3. Purchase 5 Terminal Services per-device CALs. <Correct>


Explanation:You should purchase per-device CALs when you need to support fewer Terminal Services client computers than users, as is the case here. Because you need to support only five computers, you need to purchase only five per-device licenses.



References:


Terminal Services Licensing (TS Licensing)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/04bf6206-1546-4326-a9a0-b32bc50aeb8d1033.mspx?mfr=true

Terminal Services Client Access Licenses (TS CALs)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/aa57d355-5b86-4229-9296-a7fcce77dea71033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

Which of the following is NOT a requirement to run Hyper-V on Windows Server 2008?

1. Hardware-assisted virtualization

2. Hardware data execution protection

3. Virtualization-compatible memory <Correct>

4. 64-bit processor

Explanation:The hardware requirements to run Hyper-V all relate to the CPU. The processor must be 64-bit, it must support hardware-assisted virtualization, and it must include a data execution protection feature (also called No-Execute Bit or Execute Disable Bit).



References:




______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator configuring security for the Web Server (IIS) server role. You have recently obtained a certificate from a trusted third-party Certification Authority (CA) and have installed it on the server. You used the Common Name (CN) value of www.FourthCoffee.com when you generated the original certificate request.

Your organization's security policy states that users should not be unable to access the site unless they are using a strongly encrypted connection. You have also configured the SSL settings for the server's Web site to Require SSL and Require 128-Bit SSL. Users report that they are unable to access the site when using the following URL:

https://www.FourthCoffee.com

Which of the following actions should you take to resolve the issue?

1. Edit the site bindings for the Web site to respond to HTTPS requests on port 443. <Correct>

2. Generate a new certificate request for the domain name FourthCoffee.com.

3. Change the SSL Certificates Client Certificates setting to Require.

4. Re-import the SSL certificate for the Web site.

Explanation:To allow connections to the Web site, using the provided URL, you must create an HTTPS binding that responds on the default port of 443.

The CN for the Web site is correct because it matches the DNS name used in the URL. Re-importing the SSL certificate is unnecessary because the certificate request has already been completed. SSL client certificates are used to authenticate clients, and the default setting of Ignore will meet the security requirements for the server.



References:


How to Setup SSL on IIS 7IIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Configuring-Security/Using-SSL/How-to-Setup-SSL-on-IIS7



______________________________________________________________________________________________________________________________________________

You work for a company named Northwind Traders, whose corporate network consists of a single Active Directory domain. The corporate network includes a server named TS1 that runs a finance application named App1. No other applications are hosted on TS1.

You need to configure a policy that will authorize only members of the Finance security group to connect to the terminal server named TS1 from the Internet. Members of the Finance security group can already connect from the Internet to other terminal servers on the network.

What should you do?

1. Configure a Remote Access Policy.

2. Configure a Terminal Services Resource Authorization Policy (TS RAP). <Correct>

3. Configure a Terminal Services Connection Authorization Policy (TS CAP).

4. Use Group Policy to enforce Remote Desktop Connection settings for members of the Finance group to use the corporate TS Gateway server.

Explanation:You need a TS RAP because a TS RAP is the policy that authorizes users to connect to specific terminal server resources in a network. You do not need a TS CAP because members of the Finance group can already access other terminal servers on the Northwindtraders.com network.

You do not need to configure a Remote Access Policy. A Remote Access Policy authorizes certain users to connect to a network through a virtual private network or dial-up connection. It does not enable users to connect to terminal server resources on a network from points outside that network.

You do not want to force all members of the Finance group to use TS Gateway because some members might be connecting from inside the corporate network. In addition, this solution does not address the problem that members of the Finance group are not yet authorized to connect to TS1 through TS Gateway. To authorize users to do that, you need a TS RAP.



References:





______________________________________________________________________________________________________________________________________________

You are responsible for managing security for a Windows Server 2008 IIS Web server. Recently, you enabled the Management Service on the server for use by three remote administrators. The administrators use Windows Credentials to connect to IIS. Recently, you found that a remote administrator had changed the name of the logon page for a specific ASP.NET application. You want to prevent this from happening again for any of the Web applications or Web sites on the server. The exhibit shows the current Feature Delegation settings for the Web server.

Which of the following changes should you make to meet the security requirements?

1. Change the Authentication-Forms option to Read Only. <Correct>

2. Change the ASP.NET Impersonation option to Read Only.

3. Use the Custom Site Delegation command in the Actions pane.

4. Use the Reset All Delegation command in the Actions pane.

Explanation:The unwanted change was performed using the Forms Authentication settings. Changing this setting to Read Only will prevent remote administrators from making a similar modification in the future.

The ASP.NET Impersonation settings apply to how permissions are handled for ASP.NET Web applications. Resetting delegation settings and using custom site delegation will not meet the security requirements.



References:


Configuring Remote Administration and Feature Delegation in IIS 7IIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Delegation-in-IIS7/Delegating-permissions-in-IIS-Manager/Configuring-Remote-Administration-and-Feature-Dele



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for managing a Windows SharePoint Services (WSS) installation. Your organization currently enables 150 users to create and manage individual SharePoint sites on the server. Recently, you have noticed that there are over 200 sites on the server that appear to be unused. You would like to verify whether the sites are still needed and delete those that are not. You want to perform these tasks by using the least administrative effort.

Which of the following actions should you take?

1. Configure the Site User Configuration And Deletion settings for the WSS sites. <Correct>

2. Configure the Site Lock setting to No Access for sites that you suspect are unused.

3. Create a new Quota Template for users of all sites.

4. Change the Primary Site Collection Administrator account.

Explanation:You can enable the Site User Configuration And Deletion settings to verify automatically whether a site is in use by requiring e-mail responses from site administrators. You can also use these settings to delete unused sites automatically.

Quota templates can be used to restrict access to storage resources, but they will not automatically delete existing SharePoint sites. Site Lock settings will apply to all users of all sites on the server. The administrator account settings determine which users have the ability to create and modify sites but will not automatically delete unused sites.



References:


Create quota templates (Windows SharePoint Services)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/6d984258-158b-40d5-b4a5-cdb2cfe8e5f31033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for Contoso.com. The Contoso.com network is composed of 30 computers running Windows Server 2003 and 300 computers running Windows XP Professional. All servers and clients are located in one building, and all company computers can communicate with each other on the network.

You plan to upgrade all your servers to Windows Server 2008.

Which of the following licensing and activation options should you choose for your servers?

1. Volume licensing with activation through Key Management Service (KMS) <Correct>

2. Volume licensing with activation through a Multiple Activation Key (MAK)

3. Volume licensing without activation

4. Retail licensing with independent activation

Explanation:All versions of Windows Server 2008, including volume-license versions, need to be activated. For volume-license versions, you have a choice of two types of keys: KMS and MAK.

A single KMS is used for an entire organization, and the key is installed on a single host: the KMS server. You can obtain KMS when you purchase at least five volume-license versions of Windows Server 2008 or 25 volume-license versions of Windows Vista. When available, KMS activation is typically preferable to MAK-based activation because KMS activation requires no user intervention and is centrally managed. KMS activation requires that the computers needing to be activated can connect to the locally hosted KMS server at least once every 180 days.

You do not want to activate the servers through a MAK. MAK keys are independently managed keys that resemble retail keys. However, a MAK can be activated only a specific number of times, and it can be relatively difficult to manage. For instance, you need to keep track of the number of times the MAK has been activated, and you need to make sure that the MAK is kept in a secure location so that it is not used without your knowledge. In addition, activation through a MAK is not automated: a user needs to enter the MAK manually on each Windows installation he or she wants to activate. With KMS, everything is handled automatically once the KMS host is installed and activated.

You do not want to purchase retail licensing with individual keys. This option would be more difficult to implement and manage than a volume-license key would be.



References:







______________________________________________________________________________________________________________________________________________

The corporate network is composed of a single Active Directory domain. Your job responsibilities include supporting Windows servers.

You have installed the Windows Server Hyper-V server role on a computer named Srv1 that is running Windows Server 2008. On Srv1, you are running a test server named Test2 as a virtual machine.

You want to maintain checkpoints of Test2 as you test key settings and administrative changes. You want to be able to revert to any checkpoint for testing purposes.

What should you do?

1. Create a snapshot before making a change. <Correct>

2. After making a change, turn the virtual machine off and choose Save Changes.

3. Create a snapshot after making a change.

4. Before making a change, turn the virtual machine off and choose Save Changes.

Explanation:When you are performing testing on a server in Hyper-V, you should create snapshots of the server before you test important configuration changes. This way, you can revert to a state prior to the change.

You do not need to shut down and save the changes to make a checkpoint. In the Virtualization Management Console, it is far more efficient to create a snapshot of a live server.



References:




______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for configuring Windows Media Services. Your organization plans to provide numerous video files to users over the Internet. Users should see a brief introduction video before viewing the content of each video. You have created a new on-demand publishing point to provide access to the video files.

Which of the following methods will enable you to meet these requirements by using the least administrative effort?

1. Configure the publishing point to use Wrapper Advertisements. <Correct>

2. Create a separate playlist file for each video and include the introduction video at the beginning of each playlist.

3. Create a single playlist that includes all the available videos and place the introduction video before each content video.

4. Configure the publishing point to use Interstitial Advertisements.

Explanation:Wrapper advertisements enable you to place video clips at the beginning of your content. You can use this feature to include the introduction video before each video.

Creating individual playlists will require significant administrative effort. A single playlist will not enable direct access to specific media files. Interstitial advertisements are displayed during the playback of video, not at the beginning or end of playback.



References:


Deployment considerationsMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/88fd57a5-ca07-4462-b741-4bb052fdfecf1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for Fabrikam.com. The Fabrikam.com network is composed of 20 servers running Windows Server 2008 and 200 clients running Windows XP Professional. All 20 servers and 200 clients are members of the Fabrikam.com Active Directory domain.

You are about to begin upgrading your client computers to Windows Vista Enterprise. You have already purchased Windows Vista Enterprise with 225 volume licenses and have obtained an associated Key Management Service (KMS). You have also installed a KMS host on a server named kms1.contoso.com and activated KMS.

Some of the computers on the network that you plan to upgrade to Windows Vista are not members of the Fabrikam.com Active Directory domain. These computers are found in a research subnet and use a BIND 9.0 server, which is also located outside the Active Directory domain, for DNS name resolution. In preliminary testing, you find that the research computers cannot automatically discover the KMS host. You have ruled out network connectivity problems.

You want to be able to activate Windows Vista on the clients in the research subnet.

What should you do?

1. Create a Service (SRV) record on the BIND server that points to the KMS server at kms1.contoso.com.<Correct>

2. Create a Host (A) record on the BIND server that points to the KMS server at kms1.contoso.com.

3. Obtain a Multiple Activation Key for the research computers and activate the installations by using independent activation.

4. Obtain a Multiple Activation Key for the research computers and activate the installations by using proxy activation.

Explanation:A Windows client locates KMS servers by querying a DNS server for an SRV record of a service named _vlmcs._TCP. If a client wants to discover a KMS server, therefore, the DNS server with which the client communicates needs to contain an SRV record named _vlmcs._TCP that points to the KMS server. Although in most cases this DNS record is created automatically, in some situations, you need to create the record manually.

You should not obtain a MAK. You should use a MAK only for clients that are isolated and that have no means to communicate with the KMS server. In addition, you have already purchased sufficient licenses for use with KMS.



References:







______________________________________________________________________________________________________________________________________________

You are an IT support specialist for Proseware, Inc. The Proseware.com network is composed of a single Active Directory domain. All servers on the network are running Windows Server 2008.

A mail server named Mail1 is used heavily by employees, and your manager has decided that the server should be added to a failover cluster to improve availability. Because of storage size requirements and other constraints, you would like to configure the two-node failover cluster with three 3 terabyte (TB) disks.

Which of the following tasks is required to meet this storage design option?

1. Configure the disks with Fibre Channel connections.

2. Configure the disks with iSCSI connections.

3. Configure all disks with the GUID partition table (GPT) partition style. <Correct>

4. Configure all disks with the Master Boot Record (MBR) partition style.

Explanation:Only the GPT partition style, and not the MBR partition style, supports disks beyond 2 TB. Disk size is not limited by storage connection technologies.



References:




______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for managing Windows SharePoint Services (WSS) on a computer running Windows Server 2008. You have deployed WSS in a single server configuration. Recently, you have noticed that the WSS server is running low on disk space and that a few users are using a majority of the storage resources. You have created a new quota template that is configured as shown in the exhibit. When users exceed 2500 MB of storage space, you would like to prevent them from adding or changing any content on the site. However, you notice that users who have exceeded the quota limitations are still able to upload new files. Users report that they have not received any e-mail notifications about storage space usage.

Which of the following changes should you make to resolve the problem?

1. Add a new Site Lock setting that specifies the lock status of Read-Only.

2. Modify the Current Quota Template for the site to use the Engineering Quota. <Correct>

3. Add a new Site Lock setting that specifies the lock status of Adding Content Prevented.

4. Modify the Current Quota Template for the site to use an Individual Quota.

5. Add a new Site Lock setting that specifies the lock status of Not Locked.

Explanation:For storage quotas to be effective, you must assign them to a site. This method enables you to use a single quota template for multiple Web sites.

Site Lock settings specify which capabilities users will have for the site regardless of whether they have exceeded their quota. Selecting the Individual Quota option will not use the settings from the Engineering Quota template.



References:


Create quota templates (Windows SharePoint Services)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/6d984258-158b-40d5-b4a5-cdb2cfe8e5f31033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for managing a computer running Windows Server 2008, IIS 7, and FTP 7. Your organization's Web developers require the ability to update content occasionally on a Web site named CustomerDatabase by using FTP. All users of the FTP site should have access to the contents of the Web site's root folder. To increase security, you must be able to start and stop the FTP site without affecting the operation of the Web site. You also want to minimize the administrative effort required to set up the FTP site.

Which method should you use to meet these requirements?

1. Configure FTP User Isolation settings to use the User Name Directory.

2. Configure the FTP User Isolation setting to User Name Physical Directory (Enable Global Virtual Directories).

3. Create a new FTP site by using IIS Manager.

4. Add a new FTP site binding to the CustomerDatabase Web site. <Correct>

Explanation:Adding a new site binding for FTP is the easiest method of enabling FTP functionality. The FTP site can be started and stopped independently of the Web site by using IIS Manager.

Creating a new FTP site will not meet the requirement of minimizing administrative effort. The FTP User Isolation settings will not configure the FTP site to provide access to the FTP root directory for all users.



References:


Adding FTP to a Web SiteIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Using-FTP-Server-in-IIS7/Adding-FTP-to-a-Web-site



______________________________________________________________________________________________________________________________________________

You are a network administrator for a company named Fabrikam.com whose network is composed of a single Active Directory domain. The Fabrikam.com network includes 10 servers running Windows Server 2008 and 200 clients running Windows XP Professional. Your job responsibilities include installing new servers and clients on the network.

You are implementing Windows Deployment Services (WDS) to facilitate the deployment of Windows Vista to clients on the corporate network. You have already installed WDS on a server named WDS4, and you have already performed a test deployment onto a PXE-boot client computer with an image captured from another master computer. You now want to deploy the same captured image, named Capture4.wim, onto a client computer named Client4 that is not PXE-boot capable.

From the list on the right, select the tasks that you should perform to accomplish your goal. Place your selections in the list on the left in the order in which the tasks should be performed. Place your selections in the list on the left by clicking those items in the list on the right and clicking the arrow. You can also use the Up and Down buttons to rearrange items in the list on the left. You may not need to use all the items from the list on the right.

Explanation:A discover image is a boot image that you create on the WDS server and then transfer to CD media. You can then boot from that CD media to enable a non-PXE-boot client to locate and communicate with a WDS server over the network. When the non-PXE-boot client communicates with the WDS server, it then downloads to the local computer a boot menu from which a user can choose an image to install.



References:





______________________________________________________________________________________________________________________________________________

You work as a network support specialist for a company named Fabrikam.com whose corporate network consists of a single Active Directory domain. Your job responsibilities include deploying and managing terminal servers.

Recently, you deployed a terminal server named TS50. TS50 will be used to host a line-of-business application in the in Fabrikam.com domain.

Your manager has asked you to create a user group named TS_Admins with the privileges required to administer Terminal Services on TS50. She does not want the group to be assigned administrative privileges to the server or to the domain in general. She also does not want TS_Admins to be able to administer other terminal servers in the domain. However, she does want to be able to modify the permissions of TS_Admins so that its members can administer other terminal servers in the future.

You want to create a group named TS_Admins that is assigned the appropriate privileges and restrictions described by your manager.

What should you do? (Each correct answer presents a complete solution. Choose two.)

1. Add TS_Admins to the Remote Desktop Users group on a domain controller in the Fabrikam.com domain.

2. Assign the TS_Admins group the Full Control - Allow permission to the Remote Desktop Protocol (RDP) on TS50.<Correct>

3. Create a group named TS_Admins in the Contoso.com domain. <Correct>

4. Create a group named TS_Admins on TS50.

5. Add TS_Admins to the Remote Desktop Users group on TS50.

6. Assign the TS_Admins group the User Access - Allow permission to the Remote Desktop Protocol (RDP) on TS50.

Explanation:The requirements are to create a group with administrative privileges to Terminal Services on TS50. The group might be used in the future to provide administrative privileges to other terminal servers.

To create a group that might be used to manage other terminal servers, the group must be created in the Contoso.com domain and not locally on TS50. To assign that group the rights to manage Terminal Services, you must assign the group the Full Control - Allow permissions to the RDP protocol. You can configure this option on the Security tab of RDP-Tcp properties in the Terminal Services Configuration console on TS50.

Adding TS_Admins to the Remote Desktop Users group only allows them to access a computer as a client. It does not assign any administrative privileges to its members. Assigning an account the User Access-Allow permission is the same as adding that account to the Remote Desktop Users group; it does not assign any administrative privileges to that account.



References:




______________________________________________________________________________________________________________________________________________

Your organization's security policy requires all access to a Windows Server 2008 Web application named EmployeeRecords to be authenticated using client certificates. Your company has deployed services to function as its own Certification Authority (CA), and all required users of the application have been assigned client certificates. You also want to simplify administration of certificates.

Which security option should you enable to meet these requirements?

1. Use Active Directory Client Certificate Mapping. <Correct>

2. Use Many-To-One Client Certificate Mapping.

3. Use Windows Authentication.

4. Use One-To-One Client Certificate Mapping.

Explanation:Active Directory Client Certificate Mapping is designed for use with an internal Certification Authority (CA) such as one based on a Windows Server 2008 domain controller. This option enables individual users to be assigned their own certificates, which can then be validated by the Web server.

One-To-One and Many-To-One mappings are based on client certificates that are manually installed on users' computers. These methods will be more difficult to administer because they do not rely on the internal CA services. Windows Authentication is not based on the use of client certificates and, therefore, does not meet the requirements.



References:


IIS 7.0: Configure Client Certificate Mapping AuthenticationMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/db6ef395-f372-4ec5-9968-0531274c27af1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 system administrator responsible for securing IIS 7. Your organization's security policy requires all communications to and from the Web server to be encrypted. The Web server will support users who are connecting from the Internet as well as users connecting from your company's internal network. You have already configured the appropriate site bindings for all Web sites on the server.

Which actions should you take to meet these requirements? (Each correct answer presents part of the solution. Choose two.)

1. Enable Active Directory Client Certificate Mapping.

2. Create a Self-Signed Security Certificate on the Web server.

3. Obtain and install a certificate from a trusted third-party Certification Authority (CA). <Correct>

4. Enable the Require SSL option for all Web sites on the server. <Correct>

5. Enable Many-to-One Client Certificate Mapping.

Explanation:To meet the requirements, you should require SSL for all connections to the server. To support Internet and local users, you should obtain and install a certificate from a CA.

A Self-Signed Security Certificate is generally used only for development and testing. If you choose this option, users will receive a warning stating that the certificate is not valid when they attempt to connect. The server uses Client Certificate Mapping options to identify valid clients. The security requirements do not include using client certificates.



References:


IIS 7.0: Configuring Secure Sockets Layer in IIS 7.0Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/70c33ea8-4192-4110-be70-a11e11984f1e1033.mspx?mfr=true

IIS 7.0: Configuring Server Certificates in IIS 7.0Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/bf4afb4c-4ce3-40e1-bd4b-d7df6daeb9b61033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You work as a network support specialist for a company named Contoso.com whose corporate network consists of a single Active Directory domain. Your job responsibilities include managing terminal servers and clients.

Your network includes a terminal server named TS90 that is used to host a line-of-business application named App90. As many as 20 users can be connected to TS90 simultaneously to run App90. However, when 15 or more users have sessions on the TS90, the performance of App90 is noticeably degraded.

Although you have instructed users to log off their Remote Desktop sessions on TS90 when they are finished with their work, you notice that many users simply disconnect by closing their Remote Desktop windows. As a result, during work hours, typically 5-10 disconnected sessions remain hosted on TS90. You want to prevent users from keeping disconnected sessions on TS90 and to preserve the limited resources of TS90 for connected user sessions.

How can you configure the session settings on TS90 to log off disconnected sessions automatically after five minutes?


Explanation:You want to set a five-minute limit on disconnected sessions. To do this, you need to select the top Override User Settings check box and then choose 5 Minutes from the End A Disconnected Session drop-down list.

You do not want to set a limit for active sessions. The question states a requirement to limit disconnected sessions, not active sessions. (Active sessions are always connected.)

You do not want to set a limit for idle sessions. The question states a requirement to limit just disconnected sessions, not all idle sessions. (Some idle sessions are connected.)

You do not need to associate an action with active session limits. This setting does not affect disconnected sessions.



References:




______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for configuring security for a Windows SharePoint Services (WSS) site that is located on a computer that is running Windows Server 2008. The WSS site was initially configured to allow access only to employees of your organization. However, you have recently been asked to enable a group of external consultants to connect to the server. All external users will be given Windows accounts on the WSS server. The appropriate network settings have been made. You want to ensure that users will access the site securely.

Which of the following changes should you make to the Web application to meet these requirements?

1. Configure the Authentication Type for the Web application to Windows. <Correct>

2. Configure the Authentication Type for the Web application to Web Single Sign On.

3. Configure the Authentication Type for the Web application to Forms.

4. Enable Anonymous Access for the Web application.

Explanation:Because external users will have Windows accounts, Windows Authentication provides the most secure authentication method.

Forms Authentication is used for when applications will perform their own authentication for external users. Anonymous access settings allow users to access content without providing authentication information. The Web Single Sign On option requires access to a Web-based authentication provider.



References:


Configure authentication (Windows SharePoint Services)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/0d1026ac-9923-4c7d-a06a-57e7d4c519d71033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a systems administrator troubleshooting a remote management problem for IIS on a computer running Windows Server 2008. After you log on to the server locally, you are able to connect to the server and manage all the Web sites and their settings. However, when you attempt to connect using IIS Manager User, you are unable to do so. The current configuration of the Management Service is shown in the exhibit. You have stopped the Management Service so you can make changes to the configuration.

Which change should you make to the Management Service configuration to resolve this problem?

1. Change the Identity Credentials setting to Windows Credentials Or IIS Manager Credentials. <Correct>

2. Select an IP Address on which the Management Service will respond.

3. Create a new Allow entry under IPv4 Address Restrictions and add the IP address of the local computer.

4. Change the port number on which the Management Service will respond.

Explanation:The problem is caused because Management Service is not initially configured to access IIS Manager User credentials. Enabling this option should enable you to connect.

Changing the IP address and port settings will not resolve the problem because you are already able to connect to IIS using Windows Credentials. IPv4 Address Restrictions are ineffective when there are no entries in the list. Therefore, this is not the cause of the problem.



References:





______________________________________________________________________________________________________________________________________________


You have deployed a terminal server named TS3 to host several applications. You want to configure a specific application named App3 to use no more than 40 percent of the processing power of TS3.

What should you do?

1. In Windows System Resource Manager, add App3 as a Process Matching Criteria and select Equal_Per_User as the managing policy.

2. In Windows System Resource Manager, add App3 as a Process Matching Criteria and select Equal_Per_Process as the managing policy.

3. In Windows System Resource Manager, add App3 as a Process Matching Criteria and select a custom Resource Allocation Policy as the managing policy. <Correct>

4. In Windows System Resource Manager, add App3 as a Process Matching Criteria and select Equal_Per_Session as the managing policy.

Explanation:When you want to control the resources allocated to a specific application, process, user, or group, you need to add those elements to a Process Matching Criteria and then use that criterion in a custom Resource Allocation Policy. Once you have created the policy, then you must select that policy as the managing policy.

The other answer choices all refer to built-in Resource Allocation policies. You cannot configure or customize these policies to restrict resource allocation to a specific application.



References:




______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for managing a public Web server that is running IIS 7 on Windows Server 2008. Currently, the server is hosting eight different Web sites. At certain times during the week, you find that one or more of the applications experiences a large number of requests. During these times, you find that all CPUs on the server are running at near maximum usage and response times for all the sites on the server are extremely high. You want to limit the resources that can be used by specific Web sites.

How can you meet this requirement?

1. Use Windows System Resource Manager (WSRM) to limit CPU utilization for each Web site. <Correct>

2. Place each Web application in a separate application pool.

3. Use Task Manager to lower the priority of Web applications that are consuming the majority of CPU and memory resources.

4. Use the Performance And Reliability Monitor to lower the priority of Web applications that are consuming the majority of CPU and memory resources.

Explanation:The purpose of WSRM is to provide a method for limiting the CPU and memory system resources that specific applications and services can use.

Changing the priority of the IIS process by using the Performance And Reliability Monitor or Task Manager will affect all Web sites and will not necessarily reduce performance problems. Placing the applications in separate application pools will not limit the CPU and memory resources that are available to specific Web sites.



References:


Throttling Resources and Aiding Performance on IIS Using Windows System Resource Manager (WSRM)IIS.NET Web siteLink: http://www.iis.net/default.aspx?tabid=2&subtabid=26&i=15



______________________________________________________________________________________________________________________________________________


You are implementing a terminal server farm named TSFARM6. The farm includes four terminal servers, named TS5, TS6, TS7, and TS8. TS5 is running Windows Server 2008, and the other three servers are running Windows Server 2003.

You install the TS Session Broker role service on TS5, and then you add all four servers to the Session Directory Computers local group on TS5. You configure round-robin in DNS to distribute the initial client requests among all four terminal servers. You are not using any additional load-balancing technology.

Users complain that they cannot re-connect to disconnected Terminal Services sessions on TSFARM6. You want users who establish Terminal Services sessions on the farm to be able to re-connect to disconnected sessions.

Which of the following steps should you perform to solve the problem? (Each correct answer presents part of the solution. Choose two.)

1. Configure all four servers to join the terminal server farm. <Correct>

2. Configure all four servers to participate in Session Broker Load Balancing.

3. Configure all four servers with a relative weight of 100 in the server farm.

4. Configure all four servers with the option to restrict each user to a single session.

5. Upgrade TS6, TS7, and TS8 to Windows Server 2008. <Correct>

Explanation:A basic feature of a TS Session Broker farm is that users connecting to the farm can re-connect to a disconnected session. Each member of the TS Session Broker farm must be running Windows Server 2008. Then, you need to join each server to the farm. (Only once each server is running Windows Server 2008 can you use the Terminal Services Configuration console to join each server to a TS Session Broker farm.)

Configuring all four servers to participate in Session Broker Load Balancing will only enable the TS Session Broker service to distribute client requests effectively among farm members. Assigning a relative weight of 100 to each server ensures that each server will receive an equal share of the client requests. Configuring each server with the option to restrict each user to a single session only prevents users from owning two simultaneous sessions on a particular server.



References:




Terminal Services Session Broker (TS Session Broker)

Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/902a6081-9ecd-45ec-96ee-f51097d71c8c1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a Web server administrator planning to migrate several Web applications from IIS 6 to IIS 7. Your development team has informed you that one of the Web applications requires the ability to query the configuration settings of the Web server directly.

Which of the following roles services should you add to the Web Server (IIS) role to enable this application to function properly?

1. IIS 6 Metabase Compatibility <Correct>

2. IIS 6 WMI Compatibility

3. IIS 6 Management Console

4. IIS 6 Scripting Tools

Explanation:The version of IIS that is included with Windows Server 2003, IIS 6, uses a metabase to store configuration information. Because the Web application requires access to query configuration settings, the IIS 6 Metabase Compatibility role service should be installed.

The other IIS 6 compatibility options are related to supporting scripting features (such as the Active Directory Services Interface [ADSI]) or for performing management tasks using previous versions of GUI tools.



References:


Metabase Compatibility with IIS7IIS.NET Web siteLink: http://www.iis.net//articles/view.aspx/IIS7/Use-IIS7-Administration-Tools/Using-XML-Configuration/Metabase-Compatibility-with-IIS7



______________________________________________________________________________________________________________________________________________

You are a network administrator for a company named Contoso.com whose network is composed of a single Active Directory domain. Your job responsibilities include installing new servers and clients on the network.

You are preparing to implement Windows Deployment Services (WDS) to facilitate deployment of new Windows Vista clients on the corporate network. You have already installed the WDS server role on a server named Server1.

You want to enable users working at PXE-boot client computers to be able to choose a Windows Vista installation image from a boot menu on startup. You have configured the PXE Response Settings on Server1 as shown in the exhibit.

You start a PXE-boot client named Client1, but it does not receive any response from Server1. You have ruled out the possibility of network connectivity problems.

You want Server1 to respond to Client1 and provide Client1 with a menu of images to install.

What should you do?

1. Log on to Server1 with the built-in Administrator account and wait for a prompt to approve Client1's request.

2. Open the Pending Devices folder in the Windows Deployment Services console and wait for Client1's request to appear. Accept the request. <Correct>

3. Create a CD with a discover image and boot Client1 from the CD.

4. Create an account in Active Directory for Client1.

Explanation:The exhibit shows that the PXE Response Policy on Server1 has been configured so that Server1 will respond to all client requests. However, requests from unknown clients require administrator approval. To approve client requests from unknown clients, you simply need to select the Pending Devices folder in the Windows Deployment Services console. In the details pane, right-click the pending request from Client1 and then select Accept. After this procedure, Server1 will provide Client1 with a menu of images to download.

You should not log on to Server1 with the built-in Administrator account and wait for a prompt. The notification from Client1 appears in the Pending Requests folder of the Windows Deployment Services console, not as a prompt.

You do not need to create an account in Active Directory for Client1. You merely need to approve the request in the Pending Devices folder.

You do not need to create a CD from a discover image. Such CDs are useful for non-PXE-boot clients, and Client1 is a PXE-boot client.



References:




______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for managing multiple Web sites on a server running the Web Server (IIS) server role. The Default Web Site is currently accessible to users over the Internet and includes four Web applications. Each application is based on ASP.NET 2.0 and is compatible with the Integrated Managed Pipeline Mode. Recently, one of the applications, FabrikamOrders, has been found to occasionally use a large amount of CPU time. During these periods, performance of all the Web sites decreases.

You would like to prevent the FabrikamOrders application from using more than 80 percent of available CPU time over any given five-minute period. You have created a new application pool and have assigned the FabrikamOrders application to the pool. The Advanced Settings options for the application pool are shown in the exhibit.

Which change should you make?

1. Change the Processor Affinity Enabled setting to True.

2. Change the Limit Action to KillW3wp.

3. Configure the Limit setting to 20.

4. Change the Shutdown Time Limit (Seconds) setting to 300.

5. Configure the Limit setting to 80. <Correct>

Explanation:The Limit option, which is disabled by default, specifies the maximum amount of CPU time that can be used by the application pool. The Limit Interval setting specifies the period of time over which the CPU performance will be measured before the limit is reached.

The Limit Action setting would force the worker process to be terminated when the limit is reached. This would affect user activity and processing of current requests. The Processor Affinity Enabled setting forces worker processes to stay on the same CPU. The Shutdown Time Limit specifies the amount of time IIS will wait for a worker process to complete executing requests before the process will be automatically killed.



References:



Introduction to IIS 7 ArchitectureIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Extending-IIS7/Getting-Started/Introduction-to-IIS-7-Architecture



______________________________________________________________________________________________________________________________________________

You are a network administrator for a company named Contoso.com whose network is composed of a single Active Directory domain. The Fabrikam.com network includes 10 servers running Windows Server 2008 and 200 clients running Windows Vista Enterprise. All clients are running on x86 hardware.

You have implemented Windows Deployment Services (WDS) to facilitate deployment of new Windows Vista clients on the corporate network. You have installed the WDS server role on a server named Server1.

Currently, when users start PXE-boot client computers with no operating system, they must quickly press F12 to receive a boot menu from Server1. Users complain that they cannot always press F12 fast enough to receive the boot menu.

You want to configure Server1 so that PXE-boot client computers will automatically receive a boot menu without any user intervention.

What should you do?

1. Select PXEboot.com as the default boot program.

2. Select PXEboot.n12 as the default boot program. <Correct>

3. Select AbortPXE.com as the default boot program.

4. Select a default boot image that runs on the x86 architecture.

Explanation:By default, the WDS server runs a network boot program that requires the user to press F12 for PXE boot to continue. This default program is PXEboot.com. However, you can select a different network boot program on the WDS server properties Boot tab. The network boot program that allows for PXE boot to proceed without user intervention is PXEboot.n12.

The network boot program AbortPXE.com allows the WDS client to begin booting immediately by using the next boot device specified in the BIOS. This allows for devices that should not boot by using PXE to begin their secondary boot process immediately without waiting for a timeout.

You do not need to select a default boot image that runs on the x86 architecture. Whether or not you are required to press F12 does not depend on the boot image but on the network boot program selected for the client's architecture.



References:


Boot TabWindows Deployment Services Help



______________________________________________________________________________________________________________________________________________


You have deployed a terminal server named TS5 to host several applications.

You are concerned about the memory demands of an application named App5 that is running on TS5. You want to configure App5 to write an event log message whenever App5 uses more than 512 MB of RAM.

Arrange the tasks in the list below in the order in which they should be performed to achieve your goal. Place the first task at the top of the list. Use the up and down buttons to rearrange items.

Explanation:When you want to control the resources allocated to a specific application, process, user, or group, you need to add those elements to a Process Matching Criteria policy and then use those criteria in a custom Resource Allocation Policy. Therefore, you have to create the Process Matching Criteria policy before the Resource Allocation Policy that uses it.

A Resource Allocation is a rule found in a Resource Allocation Policy that defines how much of a certain resource (processor or memory) should be allocated to a specific Process Matching Criteria policy. To create a policy that writes an event log message when App5 uses more than 512 MB of RAM, first select the option to create the policy and then add a new Resource Allocation that specifies App5. Next, configure the Resource Allocation with a memory limit of 512 MB of RAM and then choose the option to write an event log message when the memory limit is surpassed. This last step completes the configuration of the new Resource Allocation Policy. However, to meet your goal of using the policy, you finally need to set it as the managing policy.



References:




______________________________________________________________________________________________________________________________________________

You are a network administrator for Lucerne Publishing, whose corporate network consists of a single Active Directory domain. Your job includes supporting Windows servers.

You have recently performed a physical-to-virtual migration of a server named SRV14. SRV14 now runs Windows 2000 Server in Virtual PC on a host server running Windows Server 2008. SRV14 is used only to host an application named App14 that can run on Windows NT, Windows 2000, or Windows Server 2003.

After the migration, you discover that SRV14 is slow and difficult to manage. For example, you have trouble positioning the cursor inside the virtual machine and then removing the cursor from the virtual machine onto the parent operating system.

You want to improve the performance and user experience on SRV14 so that the server is easier to manage.

What should you do?

1. Upgrade SRV14 to Windows Server 2003.

2. Install Virtual Machine Additions. <Correct>

3. Install the Windows Server Hyper-V role on Windows Server 2008.

4. Install Virtual Machine Remote Control (VMRC) client.

Explanation:Virtual Machine (VM) Additions greatly improves the performance and user experience for virtual machines in Virtual PC, Virtual Server, and Hyper-V. VM Additions is available for Windows NT 4.0 SP6a and later.

VMRC enables a user to connect to a guest virtual machine from a remote computer without using Remote Desktop Protocol (RDP). It does not improve the performance and user experience of the virtual machine.

You do not need to install the Windows Server Hyper-V server role on the host server. VM Additions can be added to virtual machines running in Virtual PC, Virtual Server, and Hyper-V.

You do not need to upgrade the guest system to Windows Server 2003. VM Additions can be installed on guest systems running Windows 2000 Server. In addition, just upgrading the operating system will not solve the user experience problems described in the question. To do that, you would need to install VM Additions.



References:




______________________________________________________________________________________________________________________________________________

You are a Windows Media Services systems administrator configuring a new computer running Windows Server 2008 to provide access to video content. The content should be available for use on demand and should enable users to perform actions such as fast-forwarding during playback. Your organization plans to make the content available to the public over the Internet.

Which protocol should you enable for the Windows Media server?

1. Real Time Streaming Protocol (RTSP) over UDP

2. Real Time Streaming Protocol (RTSP) over TCP

3. Multicast streaming

4. Hypertext Transfer Protocol (HTTP) <Correct>

Explanation:To provide access to Internet users who are located behind firewalls, configure the stream to use HTTP. Most firewalls allow communications on port 80, so users who can get to your organization's Web site should be able to play the content.

RTSP over UDP or TCP requires specific ports to be open on the firewall. Therefore, these protocols are more appropriate for intranet environments. Multicast streaming will not allow users to fast-forward content.



References:


Selecting data transfer protocolsMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/02045ce5-f638-4bfd-afe1-7e4af55795551033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are an IT support specialist for Fabrikam, Inc. The Fabrikam.com network is composed of a single Active Directory domain. All servers on the network are running Windows Server 2008.

You are configuring a Network Load Balancing (NLB) farm of six Terminal Servers to be used internally by Fabrikam employees. You want to limit the NLB functionality on the farm to Remote Desktop Protocol (RDP) requests.

Using Network Load Balancing Manager, you choose the option to create a new cluster.

Which port range should you specify for the cluster?

1. 3379 to 3388

2. 441 to 443

3. 443 to 443

4. 3389 to 3389 <Correct>

Explanation:RDP and Terminal Services use port 3389 by default. If you want to restrict NLB to RDP, you should restrict the port range to that single port.



References:




______________________________________________________________________________________________________________________________________________

You are a systems administrator who is responsible for managing the configuration of a Windows Server 2008 Web server. The server currently hosts five Web sites, each of which includes at least two Web applications. A Web developer has requested that you make several changes to the configuration of the Web server to improve performance and to resolve various authentication issues. You have verified that the site content has been backed up properly. You would like to be able to restore the IIS configuration quickly if the changes need to be reversed.

Which of the following methods should you use to achieve this goal?

1. Make a copy of the \Inetpub\History folder prior to making changes.

2. Make a copy of the Web.config files for every Web application folder prior to making changes.

3. Use the AppCmd utility to create a new backup of the configuration prior to making any changes. <Correct>

4. Enable Shared Configuration for the Web server prior to making changes.

Explanation:The AppCmd Add Backup command will enable you to make an on-demand copy of the IIS configuration prior to making changes. You can restore the configuration later, using the AppCmd Backup command.

Shared Configuration is designed to enable multiple Web servers to use the same centralized configuration files. It is not designed for performing backup and restore operations for the server configuration.

Backups of the server's configuration are stored in the \Inetpub\History folder, but you should perform manual backups prior to making changes to ensure that the most recent configuration is available and to simplify the restore process.

It is not necessary to make a copy of the Web.config files because these will already be included in the file system backup of the Web server's content. Also, most server-related configuration changes will not affect application configuration files directly.



References:


Getting Started with AppCmd.exe: Managing backupsIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Use-IIS7-Administration-Tools/Using-the-Command-Line/Getting-Started-with-AppCmd-exe?Page=3



______________________________________________________________________________________________________________________________________________

You work as a network support specialist for a company named Fabrikam.com whose corporate network consists of a single Active Directory domain. The network includes 10 servers running Windows Server 2008 and 200 clients running Windows XP Professional. All client computers are running Remote Desktop Connection 6.0.

Recently, you deployed a terminal server named TS60, which will be used to host a line-of-business application in the Fabrikam.com domain. However, in your preliminary testing, you have discovered that clients cannot connect to TS60. You have verified that all members of the Domain Users group in Active Directory are members of the Remote Desktop Users group on TS60. You have also verified that domain users can connect to other terminal servers deployed in your organization.

You open RDP-Tcp Properties on TS60 and observe the dialog box shown in the exhibit.

You want domain users in your organization to be able to connect to TS60 by using Remote Desktop Connection.

What should you do?

1. Create a self-signed certificate on TS60 and choose the option to select the certificate in RDP-Tcp Properties.

2. Set the Security layer option to RDP Security Layer.

3. Set the Encryption level option to Low.

4. Clear the option to allow connections only from computers running Remote Desktop with Network Level Authentication.<Correct>

Explanation:The exhibit shows that TS60 has been configured to accept connections only from computers running Remote Desktop with Network Level Authentication (NLA). By default, Remote Desktop Connection 6.0 running on Windows XP Professional does not support NLA. Therefore, to allow users working on computers running Windows XP to connect to TS60, you should clear the option to require NLA.

Changing the Security layer option to RDP Security Layer will have no effect. The Negotiate option already enables maximum compatibility with Remote Desktop clients. Changing the Encryption level option to Low will have no effect for the same reason. Creating a certificate will also have no effect because, as the exhibit shows, a self-signed (Auto-generated) certificate has already been created and selected.



References:




______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for configuring Windows Media Services. Several weeks ago, you configured the server with a new on-demand publishing point. You configured the Publishing Point to provide access to all the files in a directory. Visitors to your company's Web site should have the ability to start viewing a playlist on demand.

Users initially reported that they were able to connect to the content and view the details. However, you have received reports that other Web sites are linking directly to specific video files. Your organization's policy requires a banner, copyright information, and interstitial advertising to be shown to users of the videos. You want to prevent users from directly accessing the content without seeing the other videos.

Which change should you make to meet these requirements?

1. Deselect the Enable Access To Directory Content Using Wildcards option. <Correct>

2. Configure the publishing point to use multicast.

3. Configure the content type for the publishing point to Encoder (A Live Stream).

4. Change the type of the publishing point to Broadcast Publishing Point.

Explanation:Wildcard functionality enables users to request a video file directly if they know the full path to the content. Disabling this option restricts users to accessing only the playlists or video files that you make directly available.

The live stream, multicast, and Broadcast Publishing Point options will not enable users to access content on demand.



References:


Distributing contentMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/e0bd70e8-db7c-4d2d-acb8-685d5edc66c01033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for configuring a new computer running Windows Server 2008 as a Web server for your organization's human resources department. You have added the Web Server (IIS) server role, using the default options. The Web server will host three Web applications, all of which must belong to the same Web site. All three applications depend on .NET Framework 2.0. The applications have the following requirements:

* HRBenefits: Classic Managed Pipeline mode* HRInternal: Integrated Managed Pipeline mode* HRRecords: Classic or Integrated Managed Pipeline mode

You want to provide the optimal performance while ensuring that the applications run properly. You plan to create two separate applications pools: AppPoolHR01 and AppPoolHR02.

Which of the following configuration methods will enable the applications to work based on their requirements? (Each correct answer presents part of the solution. Choose two.)

1. Configure AppPoolHR01 to use the Integrated Managed Pipeline mode and add the HRInternal and HRRecords applications to AppPoolHR01. <Correct>

2. Configure AppPoolHR01 to use the Integrated Managed Pipeline mode and add the HRBenefits and HRInternal applications to AppPoolHR01.

3. Configure AppPoolHR02 to use the Classic Managed Pipeline mode and add the HRBenefits, HRInternal, and HRRecords applications to AppPoolHR02.

4. Configure AppPoolHR02 to use the Classic Managed Pipeline mode and add the HRBenefits applications to AppPoolHR02. <Correct>

5. Configure AppPoolHR02 to use the Integrated Managed Pipeline mode and add the HRBenefits application to AppPoolHR02.

Explanation:The Integrated Managed Pipeline mode provides increased performance for ASP.NET applications and, therefore, should be used whenever possible. Because both the HRInternal and HRRecords applications support this mode, they should be placed in the same application pool. Only the HRBenefits application requires the Classic Pipeline Mode, so it should be placed in a separate application pool.



References:


Taking Advantage of the IIS7 Integrated PipelineIIS.NET Web siteLink: http://www.iis.net/default.aspx?tabid=2&subtabid=23&i=1081



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator attempting to troubleshoot performance-related problems for the Web Server (IIS) server role. Specifically, a single Web application appears to be the target of an excessive amount of unwanted traffic. The site is designed to be accessible by a small number of users over the Internet. However, during certain times of the week, many thousands of requests are sent to the site. You are attempting to isolate the source of the requests, but you would like users to receive an error message when more than 50 simultaneous requests are being processed by the Web application. You have assigned the Web application to its own application pool. The application pool is currently using all of its default settings.

Which application pool property setting should you change to meet these requirements?

1. In the CPU section, configure the Limit Action to KillW3wp.

2. In the Process Model section, configure the Maximum Worker Processes to 50.

3. In the General section, configure the Queue Length to 50. <Correct>

4. In the Process Orphaning section, set the Enabled property to True.

Explanation:The Queue Length setting specifies the maximum number of requests that can be processed by the application pool. When this limit is exceeded, users will receive an HTTP 503 error, "Service Unavailable."

The Limit Action setting specifies that worker processes will be terminated when they exceed a certain amount of CPU usage. The Maximum Worker Processes option specifies how many independent threads can be used to process requests, but it will not prevent additional requests from being processed. The Process Orphaning option is useful for Web developers who want to debug the status of failed or nonresponsive worker processes.



References:



Introduction to IIS 7 ArchitectureIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Extending-IIS7/Getting-Started/Introduction-to-IIS-7-Architecture



______________________________________________________________________________________________________________________________________________

You are responsible for deploying a new Web application on a computer running Windows Server 2008. The application should be accessible only to users within your organization. The Web server is a member of the cohovineyard.com domain, and all users have Active Directory user accounts. The Web application does not include any logon page, and all content should be available to users in your organization. You want to maximize security for the server's configuration and simplify the authentication process.

Which authentication method should you use for the Web site?

1. Basic Authentication

2. Windows Authentication <Correct>

3. Anonymous Authentication

4. Forms Authentication

Explanation:Windows Authentication is designed to integrate with directory services accounts stored in Active Directory. When this option is enabled, credentials will be verified automatically without requiring the user to enter passwords or usernames. Additionally, Windows Authentication uses a secure method of transmitting credentials.

Basic Authentication does not use a secure method for transmitting credentials and will require users to type in authentication information. Forms authentication is designed to redirect users to a logon page. Anonymous Authentication will not allow users to provide credentials to access the content.



References:






______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for Contoso.com. The Contoso.com network is composed of 20 computers running Windows Server 2008 and 200 computers running Windows XP Professional. All except one of the servers and all except 20 of the clients are located in one building and are members of the Contoso.com Active Directory domain.

The remaining server and 20 clients are situated in a satellite office. These computers are not members of the Contoso.com Active Directory domain. Users at this office share files with the workers at the main office primarily through e-mail. There is no VPN or other technology that allows computers at the satellite office to communicate with computers located inside the Contoso.com network.

You and the rest of the IT staff are planning to upgrade all the network's clients to Windows Vista Enterprise Edition. You have been tasked with determining the best method to activate the new Windows Vista installations.

Which activation method should you recommend? (Each correct answer presents part of the solution. Choose two.)

1. Volume licensing with activation through a Multiple Activation Key (MAK) at the main office

2. Volume licensing with activation through a Multiple Activation Key (MAK) at the satellite office <Correct>

3. Volume licensing with activation through Key Management Service (KMS) at the satellite office

4. Retail licensing with independent activation at the satellite office

5. Retail licensing with independent activation at the main office

6. Volume licensing with activation through Key Management Service (KMS) at the main office <Correct>

Explanation:You want to use KMS to activate the clients at the main office and a MAK to activate the clients at the satellite office. When available, KMS activation is typically preferable to MAK-based activation because KMS activation requires no user intervention and is centrally managed. However, KMS activation requires that the computers needing to be activated can connect to a locally hosted KMS server at least once every 180 days.

The 20 computers at the satellite office will not be able to connect to a KMS server at the main office, so they need a separate solution. You cannot install a KMS server at the satellite office because a KMS server requires at least 25 activations to function. The two options that remain are a MAK or a set of retail keys. Of these two options, a MAK is typically preferable, especially when you have five or more computers to activate. A single, volume-license MAK is far easier to manage than 20 separate retail keys.



References:




Microsoft Product Activation

Microsoft.comLink: http://www.microsoft.com/licensing/resources/vol/default.mspx#EPEAC



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for configuring SMTP services on a publicly accessible server. Currently, the server is configured with two IP addresses. Requests received from the Internet are automatically forwarded to the internal IP address 10.10.0.100. The IP address 10.1.0.132 is accessible only from the internal network. Your organization's security policy requires you to be able to easily start and stop the SMTP server for each IP address independently.

How should you configure the SMTP server?

1. Create a single SMTP virtual server and bind both IP addresses to it.

2. Create a single SMTP virtual server and configure the Smart Host setting to use IP Address 10.1.0.132.

3. Create two separate SMTP virtual servers and bind one IP address and port number to each. <Correct>

4. Create a single SMTP virtual server and configure the Smart Host setting to use IP address 10.10.0.100.

Explanation:To start and stop SMTP services independently and easily, you must create two SMTP virtual servers. Each SMTP virtual server should respond to requests on one of the IP addresses assigned to the server.

Creating a single SMTP virtual server will not enable you to start and stop SMTP services independently. Smart Host settings are used for automatically forwarding e-mail and will not affect how the SMTP virtual server responds to incoming requests.



References:





______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator attempting to troubleshoot a problem related to Windows Media Services. In the past, users reported that they were able to access playlists and media files over the Internet or over your organization's LAN. Recently, numerous network-related configuration changes have been made. Users now report that they are receiving numerous timeouts, stuttering video, and other problems when attempting to access the content. You suspect that the problem is related to network issues and want to test the configuration by viewing content on the local server.

Which of the following should you add to the server configuration to do this?

1. The RPC Over HTTP Proxy feature

2. The File Services server role

3. The Windows System Resource Manager feature

4. The Windows Desktop Experience feature <Correct>

5. The Quality Windows Audio Video Experience feature

Explanation:To test playback functionality on the server, you must install the Windows Desktop Experience feature. This feature includes Windows Media Player, which you can use to view statistics related to content performance.

The Quality Windows Audio Video Experience feature is used for network-level Quality of Service (QoS) capabilities and is not relevant to performance local testing. The RPC Over HTTP Proxy and Windows System Resource Manager are not associated with Windows Media Services. The File Services server role is not used by Windows Media Services to provide access to content.



References:


How To Improve Server Performance when Streaming On-Demand Content from a Remote ShareMicrosoft Help and SupportLink: http://support.microsoft.com/kb/812633



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 Web server administrator responsible for configuring numerous Web applications. Currently, the Web server hosts a single Web site that includes four Web applications. The Web applications are all intended for use by employees of your organization. Recently, your company policy has stated that all the sites should have access to files that are stored on a central file server. Users should be able to navigate to this folder by adding /Policies to the end of the default URL for each Web application. You also want to minimize the amount of administrative effort it takes to set up this configuration.

Which action should you take to meet these requirements?

1. Add a new site binding for the Web site.

2. Add a new Web application that provides access to the Policies content to the Web site.

3. Add a separate virtual directory to each Web application and specify a UNC path for the Physical Path setting.<Correct>

4. Create a single virtual directory for the Web site and specify a UNC path for the Physical Path setting.

Explanation:Each Web application will have its own URL that includes the Web application name. To meet these requirements, create a new virtual directory for each of the Web applications.

Adding a new Web application would not meet the URL requirements because the name of the Web application would be included in the path. A single virtual directory would not allow for adding /Policies to the end of the URL for each of the Web applications. Site bindings would not affect the path used to access the Policies information.



References:


Understanding Sites, Apps, and Vdirs in IIS7: IntroductionIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Getting-Started/Understanding-Sites,-Apps,-and-Vdirs-in-IIS7



______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for configuring security for an internal Web application running on Windows Server 2008. Users access the site and its content by using the base URL http://Server1.contoso.com. You want to prevent access to a specific folder named Admin that is located within the Web application's content structure. Only three users should have access to this folder. You want to avoid changing the file system permissions for the Admin content folder.

Which of the following should you do to meet these requirements?

1. Configure IPv4 Address Restrictions for the Admin folder.

2. Convert the Admin folder to a Web application and assign the appropriate permissions.

3. Add a virtual directory called Admin and change the authentication settings to Specified User.

4. Create a new URL Authorization Rule for the Admin folder and allow the appropriate users. <Correct>

Explanation:URL Authorization Rules allow you to restrict access to specific content without relying on file system permissions. You can add Allow and Deny rules to determine which users can access the content.

Converting the Admin folder to a virtual directory or to a Web application will not automatically control which users have access to the content. IPv4 Address Restrictions will not allow you to manage access based on usernames.



References:


Understanding IIS7 URL AuthorizationIIS.NET Web siteLink: http://www.iis.net//articles/view.aspx/IIS7/Managing-IIS7/Configuring-Security/URL-Authorization/Understanding-IIS7-URL-Authorization



______________________________________________________________________________________________________________________________________________


The Sales department stores data for current projects on a server named Sales2 and on a volume named Sales. You now need to add a second volume to the Sales2 server to store data for an application named SalesApp. The storage requirement for the volume is 400 GB. The volume must be reserved exclusively for SalesApp.

You open Disk Management on Sales2 and observe the disk information shown in the exhibit.

What should you do to create a 400 GB volume for SalesApp?

1. Create a new mirrored volume.

2. Extend the existing Sales volume.

3. Create a new striped volume.

4. Create a new spanned volume. <Correct>

Explanation:The only way to create a new volume with 400 GB of storage space in this scenario is to create a spanned volume by using the unallocated space on disks 1 and 2. A spanned volume is merely a single logical drive that occupies space on one or more physical disks.

You cannot use a striped volume. A striped volume uses multiple disk partitions of equal size. In this case, the maximum partition size is 150 GB, equivalent to the space remaining on Disk 1. The striped volume would, therefore, be limited to 300 GB.

You cannot use a mirrored volume. A mirrored volume uses multiple partitions of equal size to provide the storage capacity equivalent to one of these partitions. In this scenario, the maximum storage space you could create from a new mirrored volume would be 150 GB.

You should not extend the existing Sales volume. Although you could extend the volume to include all of the remaining available space, the SalesApp application requires that a 400 GB volume be reserved exclusively for the application. By extending the existing Sales volume, you would not be dedicating a new volume to SalesApp.



References:




______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for Contoso.com. The Contoso.com network is composed of three computers running Windows Server 2003 and 30 computers running Windows XP Professional. All servers and clients are located in one building, and all company computers can communicate with each other on the network. Although the number of client computers in your organization might increase by as many as five in the next year, you do not foresee any need to add any new servers to the network.

You plan to upgrade all your servers to Windows Server 2008.

Which of the following licensing and activation options should you choose for your servers?

1. Retail licensing with independent activation <Correct>

2. Volume licensing with activation through Key Management Service (KMS)

3. Volume licensing without activation

4. Volume licensing with activation through a Multiple Activation Key (MAK)

Explanation:All versions of Windows Server 2008, including volume-license versions, need to be activated.

Retail licensing in this case is the best option because you have only three servers. Volume licensing is not a good option because volume licenses are sold in groups of no fewer than five. You have no plans to add more servers, so purchasing more licenses than you need is not a sensible decision. In addition, although you could theoretically obtain a MAK to be activated five times even when you do not have five servers, you do not even have the option to use KMS with fewer than five servers. When you use KMS, you need to activate at least five times, or KMS will stop working.



References:




Microsoft Product ActivationMicrosoft.comLink: http://www.microsoft.com/licensing/resources/vol/default.mspx#EPEAC



______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for managing a Windows Server 2008 Web server that hosts 12 public Web sites. You want to ensure that during peak periods of usage, none of the Web sites can exceed 500KB/sec of total bandwidth.

How can you meet this requirement?

1. Assign each Web site to a separate application pool.

2. Use the Windows System Resource Manager (WSRM) to limit the system resources each Web application can use.

3. Use the Limits option for each Web site in IIS Manager to define bandwidth usage limitations for each Web site.<Correct>

4. Create unique host headers for each of the Web sites.

5. Add multiple IP addresses to the Web server's network adapter and assign each Web site to a separate IP address.

Explanation:You can define individual bandwidth limitations for every Web site on the server by using the Limits option in the site's Action pane. IIS will throttle responses automatically to avoid consuming all available network resources when these limits are reached.

Changing host header settings, IP address assignments, and application pool assignments will not affect bandwidth use. WSRM is used primarily to manage CPU and memory system resources and does not provide a simple method for limiting bandwidth consumption for specific Web sites.



References:


Understanding Sites, Apps, and Vdirs in IIS7: SitesIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Getting-Started/Understanding-Sites,-Apps,-and-Vdirs-in-IIS7?Page=2



______________________________________________________________________________________________________________________________________________

You are a Web server administrator for a computer running Windows Server 2008 that is experiencing high CPU use. You suspect that the problem is being caused by a large number of users connecting to the IIS server service on the computer.

How can you obtain more details about current activity for the Web server? (Each correct answer presents a complete solution. Choose two.)

1. Use the command AppCmd list requests to view a list of currently executing requests on the server. <Correct>

2. Use Task Manager to monitor the w3wp.exe processes on the server.

3. Enable Failed Request Tracing Rules for the Web server.

4. Use the View Current Requests command in the Worker Processes item in IIS Manager to view currently executing requests. <Correct>

Explanation:The AppCmd list requests command returns details about all the current activity for the Web server process. A large number of executing requests can indicate the source of the resource use issue. The Worker Processes item in IIS Manager can be used to view executing requests for each of the application pools on the server.

Task Manager will show information about CPU and memory use for various processes but will not show current activity for the Web server. Failed Request Tracing Rules is used primarily to gather information for troubleshooting application or server-related problems that result in an error.



References:


Diagnostics and Troubleshooting with IIS7IIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Explore-IIS7/Getting-Started/Diagnostics-and-Troubleshooting-with-IIS7



______________________________________________________________________________________________________________________________________________

You work as a network support specialist for a company named Fabrikam.com whose corporate network consists of a single Active Directory domain. The client network includes 10 servers running Windows Server 2008 Enterprise, two of which are running Terminal Services, and 200 clients running Windows Vista Enterprise. All client computers are running Remote Desktop Connection 6.0. The two terminal servers in your organization, TS1 and TS2, host line-of-business applications.

Your manager has asked you to configure the terminal servers and clients so that users do not have to enter credentials to connect to the terminal servers. She asks you to configure Terminal Services connections so that each user's Windows credentials are automatically supplied to all current and future terminal servers in the Fabrikam.com network.

You want to configure Terminal Services clients so that they will automatically supply each user's Windows credentials to terminal servers.

What should you do?

1. In a domain-level Group Policy Object, enable the Allow Delegating Saved Credentials policy setting.

2. In a domain-level Group Policy Object, disable the Deny Delegating Saved Credentials policy setting.

3. In a domain-level Group Policy Object, enable the Allow Delegating Default Credentials policy setting. <Correct>

4. In a domain-level Group Policy Object, disable the Deny Delegating Default Credentials policy setting.

Explanation:By default, users have to enter credentials when they connect to a terminal server. However, if you enable the Allow Delegating Default Credentials policy setting in Group Policy, the clients that fall within the scope of the policy will connect to the terminal servers you specify in the policy by using each user's default Windows credentials. This feature is known as Single Sign-on (SSO). You do not want to disable the Deny Delegating Default Credentials policy setting because this step will not enable SSO; it will merely prevent other policies from disabling SSO.

The Allow Delegating Saved Credentials and Deny Delegating Saved Credentials policy settings affect whether a Terminal Services client can use saved credentials (not default Windows credentials) to connect to terminal servers.



References:


Single Sign-On for Terminal ServicesMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/e97073f7-98b0-44a8-babd-5832996fb6aa1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for monitoring a Windows SharePoint Services server. To troubleshoot performance problems, you would like to collect information about which sites are most commonly used on the server. You have selected the Enable Logging option for the Usage Analysis Processing settings on the server. However, when you attempt to view usage information, a report is not available.

Which change should you make to resolve this problem?

1. Enable the Data Retrieval Service.

2. Modify the Incoming E-Mail Settings options.

3. Configure the Enable Usage Analysis Processing option. <Correct>

4. Modify the Outgoing E-Mail Settings options.

Explanation:To view information about site usage, you must enable the Usage Analysis Processing option. By default, this setting is disabled, but you can configure the specific time of day during which usage information will be analyzed.

E-mail settings are used only for sending and receiving messages and will not automatically enable the creation of usage analysis data. The Data Retrieval Service can be used to obtain database information within a WSS site.



References:


Plan for performance and capacity (Windows SharePoint Services)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/7bb49963-a511-40aa-b607-7eb244ec1d521033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You work as an IT support specialist for a company named Consolidated Messenger. The company network is composed of a single Active Directory domain. Your job responsibilities include supporting user applications.

A server named TS5 in your organization currently is running Terminal Services. You want authorized users to be able to launch a desktop on TS5 by clicking an icon on the TS Web Access site.

Which of the following steps will enable users to launch a desktop on TS5 by clicking an icon on the TS Web Access site?

1. In TS RemoteApp Manager on TS5, configure the Terminal Server Settings with the option to show a remote desktop connection to the terminal server in TS Web Access. <Correct>

2. In TS RemoteApp Manager on TS5, configure the Terminal Server Settings to enable users to start both listed and unlisted programs on initial connection.

3. In TS RemoteApp Manager on TS5, add Remote Desktop Connection to the list of RemoteApp programs.

4. In TS RemoteApp Manager on TS5, configure the TS Gateway settings to detect TS Gateway server settings automatically.

Explanation:To have TS Web Access display a link to the terminal server desktop, you need to configure the Terminal Server Settings in TS RemoteApp Manager. In Terminal Server Settings, select the option to show a remote desktop connection to the terminal server in TS Web Access. None of the other answer choices achieve this desired result.



References:





______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Tailspin Toys. Your responsibilities include supporting terminal servers and clients.

Users in the Art department who connect to terminal servers complain that they cannot choose specific printers within their Terminal Services sessions. Different printing jobs require different printers, but users do not see their normal selection of printers.

You want users to see their usual selection of printers within Terminal Services sessions.

What should you do?

1. In Group Policy, enable the policy setting to redirect only the default client printer.

2. In Group Policy, enable the policy setting to use Terminal Services Easy Print printer driver first.

3. In Group Policy, disable the policy setting to redirect only the default client printer. <Correct>

4. In Group Policy, disable the policy setting to use Terminal Services Easy Print printer driver first.

Explanation:In the question scenario, users are not seeing the full range of printer options within Terminal Services sessions. This problem can be caused by a Group Policy setting that redirects only the client's default printer to the Terminal Services session. To make the full selection of client printers appear (not just the default printer) in the Terminal Services session, you need to disable this Group Policy setting.

You do not need to enable or disable the policy setting to use Terminal Services Easy Print printer driver first. This setting, when enabled, uses a standard printer driver that improves Terminal Services printing for clients running Remote Desktop Connection 6.1 or later.



References:


Terminal Services PrintingMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/484d57e7-feb4-4dcc-9d13-152c053516471033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are responsible for securing a Windows Server 2008 Web server. Currently, a Web application on the server is running under Full (internal) .NET Trust Level. The developers of the application have informed you that the Web application is built primarily using ASP.NET, but it needs to call several components that were written using the Component Object Model (COM) standard.

Which of the following .NET Trust Level configuration files should you assign to the Web application?

1. web_minimaltrust.config

2. web_hightrust.config

3. web_lowtrust.config

4. web_mediumtrust.config <Correct>

Explanation:To be able to call a COM object (also known as unmanaged code), the application must be assigned Medium .NET Trust Level. This level is defined in the web_mediumtrust.config file.

High .NET Trust Level provides additional permissions, which will not minimize permissions. Low and Minimal levels will not allow the application to call unmanaged code.



References:


ASP.NET Trust Levels and Policy FilesMSDN LibraryLink: http://msdn2.microsoft.com/en-us/library/wyts434y(VS.80).aspx



______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for administering a computer running Windows Server 2008. The computer is currently configured to host four Web applications, all of which were built by using Microsoft ASP.NET. Recently, your organization's Web development team requested the ability to send standard e-mail message notifications as part of an upgrade to a Web application. You would like to install and configure Simple Mail Transport Protocol (SMTP) service on the computer.

Which action should you take?

1. Using Server Manager, add the SMTP Server feature to the computer. <Correct>

2. Using Server Manager, add the SMTP Server role to the computer.

3. Using IIS Manager, configure the SMTP E-Mail settings in the ASP.NET configuration section for each Web application.

4. Using Server Manager, add the SMTP Server role service to the Web Server (IIS) role.

Explanation:SMTP Server is a feature that can be added to and removed from a Windows Server 2008 installation without requiring changes to any other roles or role services.

The SMTP E-Mail settings in the ASP.NET configuration section are used to specify details about the address of an SMTP server on the network. These settings do not automatically create a new SMTP Server service on the computer.



References:





______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Fabrikam.com. The Fabrikam.com network includes a single Active Directory forest that is composed of two Active Directory domains, Fabrikam.com and Contoso.com.

The Fabrikam.com domain includes several terminal servers and a Terminal Services license server named TSL-2. These terminal servers are used to host various applications for users in the Fabrikam.com domain. All your terminal servers, including TSL-2, are running Windows Server 2008.

Your manager asks you to deploy a terminal server to host an application named App1 for users in the Contoso.com domain. You install Terminal Services on a server named TS-30.contoso.com. You configure TS-30 to discover a license server automatically.

After several days, you begin to receive messages on TS-30, indicating that Terminal Services will stop functioning if licensing is not configured. In the Terminal Services Configuration console on TS-30, the licensing mode is listed as Not Configured. You have verified that TS-30 and TSL-2 can communicate with each other on the network. You have also verified that the terminal servers in the Fabrikam.com domain can automatically discover TSL-2.

You want Terminal Services on TS-30 to locate the license server on TSL-2.

What should you do? (Each correct answer presents a complete solution. Choose two.)

1. Move TS-30 to the Fabrikam.com domain.

2. Set the Discovery Scope on TSL-2 to Forest. <Correct>

3. Configure TS-30 with the option to use a specified license server. <Correct>

4. Install a TS license server on TS-30.

5. Move TSL-2 to the Contoso.com domain.

Explanation:The problem stated is that TS-30 is not automatically discovering the TS license server on TSL-2, which is found on another domain in the same forest. Given that terminal servers in the same domain can automatically discover TSL-2, it is likely that the Discovery Scope on TSL-2 is set to Domain, which is the default setting. To make the TS license server discoverable to other domains in the same forest, you can set its Discovery Scope to Forest. Another option is to specify TSL-2 as the license server on TS-30; this step would remove the need for automatic discovery.

Moving TSL-2 to the Contoso.com domain would cause unnecessary network disruption. Terminal servers in production in the Fabrikam.com domain already rely on TSL-2, so moving the license server without changing the license server's discover scope is not an option.

Moving TS-30 to the Fabrikam.com domain is not the best option because you are deploying the server to host an application for users in the Contoso.com domain.

Installing a TS license server on TS-30 does not meet the stated goal of TS-30 locating TSL-2.



References:


Terminal Services License Server Discovery

Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/fc40594d-72af-42ca-b44f-b7434aea0dde1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Contoso.com. Your job responsibilities include supporting terminal servers and clients.

The Contoso.com domain includes several terminal servers and a Terminal Services license server named TSL-5. These terminal servers host various applications for users in the Contoso.com domain. Two hundred users access these applications from as many as 175 client computers located throughout the Contoso.com network. To support these network applications, you have purchased and installed 200 Terminal Services per-device client access licenses (CALs).

All your terminal servers, including TSL-5, are running Windows Server 2008.

Recently, you have deployed a terminal server named TS8 in the Contoso.com domain to host a new application named App8. After several days, you begin to receive messages on TS8, indicating that Terminal Services will stop functioning if licensing is not configured. In the Terminal Services Configuration console on TS8, you open the Properties dialog box and select the Licensing tab, as shown in the exhibit.

You have verified that TS8 and TSL-5 can communicate with each other on the network. You have also verified that the terminal servers in the Contoso.com domain can automatically discover TSL-5 and have been functioning properly for at least one year.

You want Terminal Services on TS8 to locate the license server on TSL-5 and obtain client licenses.

What should you do?

1. On TS8, set the Terminal Services discovery mode to Use the specified license servers and then specify TSL-5.contoso.com as the license server.

2. Purchase more per-user CALs.

3. Purchase more per-device CALs.

4. On TS8, set the Terminal Services licensing mode to Per-Device. <Correct>

Explanation:The question states that per-device CALs have been purchased for the license server, but TS8 has been configured to use the Per-User licensing mode. To fix this problem, you merely need to reconfigure the licensing mode as Per-Device.

It is not necessary to purchase either per-device or per-user licenses because there are sufficient per-device licenses (two hundred licenses for 175 computers). Specifying the license server manually will not fix the problem because TSL-5 has installed per-device licenses, not per-user licenses, and TS8 is currently configured to request per-user licenses.



References:


Configuring License Settings on a Terminal ServerMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/82675181-0fab-4e71-a2d0-9432312a6d6e1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________


You have deployed a terminal server named TS4 to host several applications. You want to ensure that no user exhausts more than an equal share of TS4's processing power. You also want to prevent an administrative application named App4 from being subject to any CPU bandwidth restrictions.

What should you do?

1. Install Windows System Resource Manager and set Equal_Per_User as the managing policy. Add App4 as an exclusion. <Correct>

2. Install Windows System Resource Manager and set Equal_Per_Session as the managing policy. Add App4 as an exclusion.

3. Install Windows System Resource Manager and set Equal_Per_Session as the managing policy. Add App4 as a Process Matching Criteria policy.

4. Install Windows System Resource Manager and set Equal_Per_User as the managing policy. Add App4 as a Process Matching Criteria policy.

Explanation:You want to divide CPU usage equally among users, not among sessions, so you need to set Equal_Per_User as the managing policy. Adding App4 as a Process Matching Criteria policy enables you to use that element only later in a custom Resource Allocation Policy. Adding App4 as an exclusion will remove it from the list of processes being managed by this policy.



References:




______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for managing the configuration of four Windows Server 2008 FTP servers. Each server is running the FTP Publishing Service role service (FTP 6) and is configured with a single FTP site. All the FTP servers will provide access to the same content that is located on a file server within your environment. Your organization's security policy specifies that only a single user account named FTPSecureAccess should have access to these files. You have verified the NTFS file system permissions.

Which setting change should you make to meet these requirements?

1. On the Directory Security tab of each FTP site, add a rule for the IP address of the file server.

2. On the FTP Site tab of each FTP site, change the IP address setting to the IP address of the file server.

3. On the Home Directory tab of each FTP site, choose A Directory Located On Another Computer and provide the credentials of the FTPSecureAccess account. <Correct>

4. On the Home Directory tab of each FTP site, choose A Directory Located On This Computer and use a UNC path to the file server.

Explanation:By choosing a directory located on a different computer, you can allow all the FTP servers to provide access to the same content. You can also use the Connect As option to provide credentials for the FTPSecureAccess user account.

The local directory option is intended to provide access to files located on each FTP server. Settings on the Directory Security tab control which IP addresses have access to the FTP server. The IP address setting on the FTP site refers to which TCP/IP address(es) the FTP server will listen on for connections.



References:


Security in IIS 6.0 (IIS 6.0)Microsoft TechNetLink: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/f8f81568-31f2-4210-9982-b9391afc30eb.mspx?mfr=true

Changing FTP Site Home Directories (IIS 6.0)Microsoft TechNetLink: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/fea27bf1-28d4-46f7-8dcf-4771ee69ef64.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a network administrator for a company named Fabrikam.com whose network is composed of a single Active Directory domain. The Fabrikam.com network includes 10 servers running Windows Server 2008 and 200 clients running Windows Vista Enterprise. Your job responsibilities include installing new servers and clients on the network.

You are implementing Windows Deployment Services (WDS) on a server named WDS8 to facilitate deployment of Windows Vista to clients on the corporate network. WDS8 already functions as a DHCP server.

You want to allow the local DHCP server and WDS to work on the same server.

Which command should you run to enable these two features to function together?

1. WDSUTIL /Set-Server /UseDHCPPorts:no /DHCPoption60:no

2. WDSUTIL /Set-Server /UseDHCPPorts:yes /DHCPoption60:yes

3. WDSUTIL /Set-Server /UseDHCPPorts:yes /DHCPoption60:no

4. WDSUTIL /Set-Server /UseDHCPPorts:no /DHCPoption60:yes <Correct>

Explanation:You need to enable DHCP option 60 and disable the use of DHCP ports for the WDS server. DHCP must inform the client computer that there is a PXE server listening on the network by including DHCP option tag 60 in the DHCPOffer packet. In addition, because both the PXE server (WDS server) and the DHCP server listen on port 67 by default, when WDS and a DHCP server exist on the same computer, the WDS PXE server must delegate the responsibility of listening on port 67 for incoming PXE boot requests to the local DHCP server. Otherwise, a conflict would result.



References:





______________________________________________________________________________________________________________________________________________


Users in the Marketing department store project data on a network share named Projects. The Projects share is hosted on a file server named MKTG1, which is running Windows Server 2008. On MKTG1, volume E has been reserved exclusively for the Projects shared folder.

Users in the Marketing department inform you that they are unable to copy a large new project folder to the Projects share. On MKTG1, you discover that volume E has only 500 MB of space remaining.

You open Disk Management and observe the disk information provided in the exhibit.

You want to make at least 100 GB of new storage space available to Marketing users through the Projects share. You also want to provide fault tolerance with any new storage.

What should you do?

1. Using Disk Management, create a new mirrored volume in the unallocated spaces on Disk 1 and Disk 2 and then mount this volume as a subfolder in the Projects share folder. <Correct>

2. Using the Diskpart utility, select volume E and use the command EXTEND SIZE=102400.

3. Using Disk Management, create a new simple volume in the unallocated space on Disk1 and then mount this volume as a subfolder in the Projects shared folder.

4. Using the Diskpart utility, use the commands CREATE VOLUME SIMPLE SIZE=102400 DISK=1 and then ASSIGN MOUNT=E:\MARKETING.

Explanation:The Projects folder is located on a mirrored volume. You cannot extend a mirrored volume. The only way to add more space to the mirrored volume is to create a second volume and then mount this new volume in a folder on the original mirrored volume. In this scenario, you want the new space to provide fault tolerance, so the new volume must itself also be a mirror.

You do not want to create a new simple volume in Disk Management because this procedure would not provide fault tolerance to the new data. Using the Diskpart utility with the CREATE VOLUME and ASSIGN commands performs the same task, so this option will also not meet your requirements. Finally, you do not want to use the EXTEND SIZE command because this procedure would fail on a mirrored volume.



References:




______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for configuring SSL settings for an FTP 7 site running on Windows Server 2008. Your organization's security policy requires all authentication information and commands sent to the FTP server to be encrypted. However, for performance reasons, you would like to disable SSL encryption for the data that is sent during file upload and download operations. You have decided to use the Custom FTP SSL Settings option.

How should you configure the Advanced SSL Policy settings for the FTP site? (Each correct answer presents part of the solution. Choose two.)

1. Configure the Control Channel setting to Require Only For Credentials.

2. Configure the Data Channel setting to Require.

3. Configure the Control Channel setting to Allow.

4. Configure the Control Channel setting to Require. <Correct>

5. Configure the Data Channel setting to Deny. <Correct>

6. Configure the Data Channel setting to Allow.

Explanation:To meet the security and performance requirements, you should require SSL encryption for all control channel communications and deny SSL encryption for all data channel communications.

The other settings will not meet the performance and security requirements.



References:






______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for managing four computers running Windows Server 2008 that are running IIS. The servers are used by your organization's software development team and are not members of your organization's Active Directory domain. Recently, several developers have requested the ability to test Secure Sockets Layer (SSL)-based connections on their development servers. You would like to minimize costs related to enabling SSL. Additionally, developers must retain the ability to access all development Web sites without using SSL.

Which of the following options will meet these requirements?

1. Change the site bindings for all relevant sites to respond to HTTP port 443.

2. Create a self-signed SSL certificate on each Web server that requires SSL. <Correct>

3. Create separate application pools for each Web application that requires SSL.

4. Generate a certificate request on each development Web server and submit it to a trusted third-party Certificate Authority (CA).

Explanation:Self-signed certificates are designed to allow developers, testers, and systems administrators to test SSL functionality without the cost of obtaining a third-party certificate.

Application pool assignments will not affect SSL settings. Changing the current site bindings will not enable SSL and will prevent users from accessing sites using non-SSL connections. Obtaining a certificate from a third-party CA generally involves significant costs.



References:


Tip/Trick: Enabling SSL on IIS 7.0 Using Self-Signed CertificatesScottGu's BlogLink: http://Weblogs.asp.net/scottgu/archive/2007/04/06/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates.aspx



______________________________________________________________________________________________________________________________________________

You are an IT support specialist for Adventure Works. The Adventure-works.com network is composed of a single Active Directory domain. All servers on the network are running Windows Server 2008.

A file server named File6 is used heavily by employees, and your manager has decided that the server should be added to a failover cluster to improve availability.

You have been tasked with creating a two-node failover cluster for File6.

Arrange the tasks in the list below in the order in which they should be performed to achieve your goal. Place the first task at the top of the list. Use the up and down buttons to rearrange items.

Explanation:To create a failover cluster, first configure the hardware and then add the Failover Clustering feature on each node. Then, in the Failover Cluster Management console, choose the option to validate the cluster. This will run the Cluster Configuration Validation tool. If the cluster is properly validated, you can then run the Create Cluster Wizard. Finally, you should run the High Availability Wizard to add the File Server service component.



References:




______________________________________________________________________________________________________________________________________________

You are a network support specialist for Litware, Inc. The Litware.com network includes 25 servers running Windows Server 2008 and 250 client computers running Windows Vista.

The Litware Web site is hosted on a single server named LitWeb. LitWeb is currently hosted in the company's perimeter network and is assigned a public IP address. Recently, traffic to LitWeb has been increasing, and performance has deteriorated significantly. You want to improve the performance and availability of the Web site by distributing Web requests between two Web servers. You have only one unused public IP address to assign to a server in your organization You do not require that Web requests be automatically directed to the live partner if one of the Web servers fails.


1. Configure both machines as a virtual cluster on a single server.

2. Add an identical server and configure the servers as a failover cluster.

3. Add an identical server and configure the servers with round-robin distribution. <Correct>

4. Add an identical server and configure the servers as a Network Load Balancing (NLB) cluster.

Explanation:Only by configuring round-robin distribution can you meet your goals with just one additional IP address. With round-robin distribution, your DNS server is configured with multiple records of the same server name, such as WWW or Web1. Each record, however, points to a different server IP address. As clients query DNS for the address of the server owning a name such as WWW or Web1, the DNS server cycles through the records and responds to different addresses in succession. This process allows requests to be distributed among multiple servers, but it also does not prevent requests from being forwarded to a server that is not operational.

You cannot configure NLB because NLB would require at least two public addresses: one for the additional server and a virtual IP address for the NLB cluster. In addition, you can meet the requirements with round-robin DNS, which is easier to implement and configure than NLB is.

Failover clustering is used to prevent server downtime after a failure, not to distribute requests among servers. Configuring both machines as a virtual cluster will not improve performance beyond what would result from hosting the Web server on the base physical server. In addition, a virtual cluster would require more than one additional IP address.



References:




______________________________________________________________________________________________________________________________________________

You are a Windows SharePoint Services systems administrator responsible for managing backups on several computers running Windows Server 2008. You would like to use the Stsadm.exe command-line utility to perform the backups by using a scheduled script. You would also like the backup data to be stored in a single file so it can be copied to other servers. Each backup file should contain the entire contents of the server configuration.

Which Stsadm command should you use?

1. stsadm backup -filename WSSBackup.bak -backupmethod differential -url http://ServerName

2. stsadm -o backup -filename WSSBackup.bak -backupmethod differential -url http://ServerName

3. stsadm -o backup -filename WSSBackup.bak -backupmethod full -url http://ServerName <Correct>

4. stsadm backup -directory C:\Backups -backupmethod full -url http://ServerName

Explanation:The correct command specifies the operation, the filename to which the backup data will be stored, the full backup method, and the URL of the server.

The other options will not meet the requirements.



References:





______________________________________________________________________________________________________________________________________________

You are an IT support specialist in a company named Fabrikam.com. The Fabrikam.com network includes a single Active Directory forest that is composed of two Active Directory domains, Fabrikam.com and Contoso.com.

The Fabrikam.com domain includes several terminal servers and a Terminal Services license server named TSL-1. These terminal servers are used to host various applications for users in the Fabrikam.com domain. All of your terminal servers, including TSL-1, are running Windows Server 2003.

On the Contoso.com network, you deploy a new terminal server named TS-20. TS-20 is running Windows Server 2008. You attempt to specify TSL-1 as the license server for TS-20, but TS-20 is unable to verify that TSL-1 is a valid license server.

You need to connect TS-20 to TSL-1 or to another valid license server.

Which of the following steps is most likely to enable you to accomplish this goal?

1. Install a new license server running Windows Server 2008 in the Fabrikam.com domain. <Correct>

2. Set the discovery scope on TSL-1 to Domain.

3. Install a new license server running Windows Server 2003 in the Contoso.com domain.

4. Set the discovery scope on TSL-1 to Forest.

Explanation:A Windows Server 2008 terminal server cannot communicate with a license server running Windows Server 2003. Of the choices presented, the best way to solve the problem described is to install a license server on a computer running Windows Server 2008. An alternative not mentioned is to upgrade the original license server.



References:


TS LicensingMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/2a9fd6e5-f880-4a9b-b492-e4f6f7983e951033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for managing a Windows Server 2008 FTP server. Originally, you configured the server to use the FTP Publishing Service role service to create an FTP site on TCP port 21. The server is configured with a single IP address. You have recently downloaded and installed the FTP 7 software to take advantage of new features such as FTP Over SSL. Using IIS Manager 7.0, you have created a new FTP site, using the default settings. However, you receive an error message when you attempt to start the FTP site.

Which of the following will help resolve this issue? (Choose all that apply.)

1. Change the FTP IPv4 Address And Domain Restrictions settings for the FTP 7 site.

2. Modify the FTP Firewall Support options for the FTP site.

3. Create a new SSL certificate for the server and assign it for use on the FTP 7 site.

4. Remove the FTP Publishing Service from the computer. <Correct>

5. Change the TCP port for the new FTP site to port 2000. <Correct>

Explanation:Each FTP site on a computer running Windows Server 2008 must be assigned to a unique combination of IP address, port number, and host name. The default setting for FTP 6 and FTP 7 is to use TCP port 21. Therefore, you should either remove the FTP Publishing Service from the computer or change the TCP port of the new FTP site.

Firewall support, SSL certificate, and address and domain restriction settings will not prevent the FTP site from starting.



References:






______________________________________________________________________________________________________________________________________________

You are an IT support specialist for Humongous Insurance. The Humongousinsurance.com network is composed of a single Active Directory domain. All servers on the network are running Windows Server 2008.

A database server named DB4 is used heavily by employees, and your manager has decided that the server should be added to a failover cluster to improve availability.

To help design the storage for the failover cluster, your manager gives you a list of storage connection technologies and asks you to investigate which can be used.

Which of the following storage connection technologies is NOT compatible with failover clustering in Windows Server 2008?

1. Serial Attached SCSI (SAS)

2. iSCSI

3. Parallel SCSI <Correct>

4. Fibre channel

Explanation:Failover clusters in Windows Server 2008 support only three types of storage connections: Serial Attached SCSI (SAS), iSCSI, and Fibre Channel.



References:




______________________________________________________________________________________________________________________________________________

You are a Web server administrator responsible for coordinating the migration of an application from one Web site to another. Specifically, you want all users who attempt to connect to the URL http://Internal.fabrikam.com to be sent automatically to the URL http://Intranet.fabrikam.com. Due to network security requirements, you are currently unable to change any Domain Name Service (DNS) records.

Which of the following methods will enable you to achieve this result? (Each correct answer presents a complete solution. Choose two.)

1. Create a new virtual directory that points to http://Intranet.fabrikam.com.

2. Enable the HTTP Redirect option for the current Web site and provide the address of http://Intranet.fabrikam.com.<Correct>

3. Modify the host header name in the site bindings for the http://Internal.fabrikam.com Web site.

4. Modify the content of the default document on the current Web site to perform an automatic HTTP redirect when users access the old site. <Correct>

5. Enable the HTTP Redirect option for the current Web site and provide the address of http://Internal.fabrikam.com.

Explanation:You can enable HTTP redirection through the configuration of the Web site or through a redirect command on the default page of the Web site.

The HTTP Redirect option requires the URL of the site to which users should be redirected automatically. Therefore, the site should be http://Intranet.fabrikam.com. Creating a new virtual directory will not redirect requests automatically that go to the Web site's default document. The host header information enables a single Web server to respond differently based on DNS information. It will not redirect users automatically to another Web site.



References:


IIS 7.0: Add a Web SiteMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/f6c26eb7-ad7e-4fe2-9239-9f5aa4ff44ce1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________


Users in the Art department store data on a network share named Artwork. The Artwork share is hosted on a file server named ART1, which is running Windows Server 2008. On ART1, volume E has been reserved exclusively for the Artwork shared folder.

A user in the Art department informs you that he is unable to copy a large object to the Artwork share. On ART1, you discover that volume E has only 500 MB of space remaining.

You open Disk Management and observe the disk information provided in the exhibit.

You want to make at least 100 GB more space available to users in the root of the Artwork share.

Which is the most efficient method to achieve this goal?

1. Using the ImageX utility, capture and apply an image of volume E onto a new, larger volume on Disk 1.

2. Back up the Artwork folder on Disk 1. Replace Disk 1 with a new physical disk. Restore the Artwork folder onto the new disk.

3. Using Disk Management, create a new simple volume in the unallocated space on Disk1 and then mount this volume as a subfolder in the Artwork shared folder.

4. Using the Diskpart utility, select volume E and use the command EXTEND SIZE=102400. <Correct>

Explanation:You need to increase the size of volume E. The easiest way to do this is to extend the volume by using Disk Management or the Diskpart utility.

You do not want to use the ImageX utility to capture an image of the volume and apply it to a larger volume because that is unnecessarily complicated. Although this procedure could accomplish the desired goal if performed properly, it is also far more time-consuming than simply extending the volume.

You do not want to mount a new volume as a subfolder in the Artwork folder because you want to make more space available in the root of the Artwork share. In addition, this solution is unnecessarily complicated and not as simple as extending the volume.

You do not want to replace the physical disk because it is unnecessarily complicated. You have enough disk space available on the current disk. There is no need to replace the disk.



References:




______________________________________________________________________________________________________________________________________________

You are attempting to troubleshoot a Secure Sockets Layer (SSL) problem on an IIS 7 installation. Originally, the server was configured to use a self-signed certificate. Users reported that they received warnings when connecting to the Web site on the server. You corrected this problem by obtaining and installing an Internet Services server certificate that was obtained from a trusted third-party Certification Authority (CA). However, users still report that they receive a warning when connecting to the Web site.

What should you to do to resolve this problem?

1. Modify the site bindings to use the new server certificate that you obtained from the CA. <Correct>

2. Re-import the server certificate that you obtained from the CA.

3. Enable Many-To-One Client Certificate Mapping.

4. Enable the Require SSL option for the Web site.

Explanation:The site bindings information for the Web site includes information about which server certificate to use for incoming SSL-enabled connections. Importing a new certificate will not automatically update this setting; therefore, the server is still using the original self-signed certificate. You can change this by editing the HTTPS site binding information and specifying the name of the appropriate server certificate.

The Web server uses Client certificates to authenticate client computers. This is not a requirement. Re-importing the server certificate will not edit the site bindings. Enabling the Require SSL option will not change which server certificate is being used.



References:


IIS 7.0: Configuring Secure Sockets Layer in IIS 7.0Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/70c33ea8-4192-4110-be70-a11e11984f1e1033.mspx?mfr=true

IIS 7.0: Configuring Server Certificates in IIS 7.0Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/bf4afb4c-4ce3-40e1-bd4b-d7df6daeb9b61033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 Web server administrator attempting to troubleshoot a problem that has been reported by a Web developer. The developer reports that ASP.NET Web pages with the .aspx extension are being properly executed on the Web server. However, files such as .gif and .jpg images are not being returned to the user. The problem extends to all four of the Web applications that have been created within the Default Web Site on a particular Web server.

What should you do to repair this problem?

1. Disable the Secure Sockets Layer (SSL) requirement for the Default Web Site.

2. Add the .jpg and .gif file extensions to the ASPClassic Handler Mapping for the Default Web Site and for each of the Web applications.

3. Verify the configuration of the StaticFile Handler Mapping for the Default Web Site and for each of the Web applications.<Correct>

4. Verify the configuration of the PageHandlerFactory-Integrated Handler Mapping for the Default Web Site and for each of the Web applications.

Explanation:IIS 7 includes a default Handler Mapping called StaticFile for processing requests to files such as HTML, GIF, and JPG files. If this Handler Mapping is missing or incorrectly configured, users will be unable to retrieve these types of files.

The PageHandlerFactory-Integrated Handler Mapping is not associated with static file types. SSL settings should not affect the processing and return of image types. Adding the .jpg and .gif extensions to the ASPClassic Handler Mapping will not allow them to be processed correctly.



References:


An End-to-End Extensibility Example for IIS7 DevelopersIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Extending-IIS7/Getting-Started/An-End-to-End-Extensibility-Example-for-IIS7-Devel

Build a Custom IIS7 ServerIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Deploy-an-IIS7-Server/Installing-IIS7/Build-a-Custom-IIS7-Server



______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator responsible for configuring and managing SMTP services. Your organization currently hosts a Web application called ContosoOnline that is accessed by thousands of Internet users per hour. To improve performance, you have placed copies of the ContosoOnline application on eight computers running Windows Server 2008. To meet the performance requirements for outbound e-mail, you have added the SMTP feature to each of these computers. Your organization's security policy specifies that only one SMTP server should have direct outbound access to the Internet. The name of this server is SMTP06.contoso.com, and its internal IP address is 10.10.9.37. You have verified that this server has sufficient capacity to transmit all outbound messages.

How should you configure the remaining SMTP virtual servers?

1. Add the IP address 10.10.9.37 to the bindings for each of the SMTP virtual servers.

2. Configure each of the SMTP virtual servers to use SMTP06.contoso.com as a smart host. <Correct>

3. Change the Fully Qualified Domain Name (FQDN) setting on each of the SMTP virtual servers to SMTP06.contoso.com.

4. Create Relay Restrictions rules on each of the SMTP virtual servers.

Explanation:The Smart Host settings specify that an SMTP virtual server should forward all its outbound messages to a specific SMTP server. Because only SMTP06.contoso.com has direct access to the Internet, all messages should be forwarded to this computer.

IP address bindings define the addresses and port numbers on which the SMTP server will respond. The FQDN setting should be configured to use the name of the DNS domain from which e-mail will be sent. They do not affect outbound message transmission. Relay Restrictions rules will specify which users can send messages that are neither to nor from the SMTP server's local domain.



References:





______________________________________________________________________________________________________________________________________________


You are deploying a file server named Server16 in the Fabrikam.com Advertising department. The server will be used to archive a large amount of data that is read frequently but rarely updated. For this particular server, you want to choose a local fault-tolerant storage solution that uses physical disks efficiently.


1. Spanned volume

2. Mirrored volume

3. RAID-5 volume <Correct>

4. Striped volume

Explanation:A RAID-5 volume is a fault-tolerant logical drive that consists of three or more physical disks. In a RAID-5 volume, data is written in a manner that stripes across the disks and that also adds what is called a parity bit as a means to recover the data in case one disk is lost. In a RAID-5 volume, the storage space equivalent to one disk is used for fault tolerance. The advantage of RAID-5 is that it uses disk space efficiently and that it offers very good read performance. The disadvantage of a RAID-5 volume is that it offers relatively poor write performance. In this scenario, the efficient use of disk space is a priority, and write performance is not. Therefore, a RAID-5 is the best solution.

A mirrored volume is not the best option because it does not use disk space efficiently.

Neither a spanned volume nor a striped volume offers fault tolerance. A spanned volume is merely a single logical drive that occupies space on one or more physical disks. A striped volume is a single logical volume consisting of multiple physical disks and to which data is written in a striping manner across these disks.



References:




______________________________________________________________________________________________________________________________________________

You are a member of a group of systems administrators responsible for managing backups on a Windows Server 2008 Web server. Several days ago, another systems administrator documented that she created an on-demand backup of the server configuration by using the AppCmd utility. She then made some configuration changes to the server based on a request from the organization's application development team. Today, the developers have informed you that they would like to revert the server configuration to its state before the changes were made. You want to perform this action by using the least administrative effort.

How can you find the name of the backup file that was created before the changes were made?

1. Search the C:\Inetpub\History folder for a subfolder that has a descriptive name.

2. Use the AppCmd list backup command. <Correct>

3. Examine the ApplicationHost.config file for the name of the latest on-demand backup.

4. Create a Windows PowerShell script to query the IIS configuration database for information about the last backup.

Explanation:Using the named backup is important because it will roll back the configuration to the correct point in time. The AppCmd list backup command returns a list of the most recent backups, whether they were performed automatically or manually.

The History folder contains only a list of automatic backups. Creating a Windows PowerShell script will require additional effort. The ApplicationHost.config file does not contain a list of backups.



References:


Getting Started with Appcmd in IIS 7.0IIS.NET Web siteLink: http://www.iis.net/default.aspx?tabid=2&subtabid=23&i=1222



______________________________________________________________________________________________________________________________________________

You are a systems administrator responsible for managing SMTP services on a computer running Windows Server 2008. Recently, a user reported that she is occasionally unable to send messages that include a 6 MB attachment when using the SMTP server. In some cases, however, messages with a 6 MB attachment are sent correctly. When the user receives an error message, she has been able to resend the message successfully by trying again. Your organization's e-mail policy allows users to send attachments that are up to 10 MB in size. The exhibit shows the current Messages settings for the SMTP virtual server.

How can you resolve this issue?

1. Enable the Limit number of messages per connection to setting.

2. Increase the Limit session size to setting. <Correct>

3. Enable the Limit number of recipients per message to setting.

4. Increase the Limit message size to setting.

Explanation:The session size setting limits the total size of all messages sent during a single connection. The problem is most likely caused by the user sending multiple messages with attachments during the same connection to the same SMTP server.

The message size settings are correct because the user is sometimes able to send messages with large attachments. Enabling the other limit options will not affect the attachment or session size issue.



References:





______________________________________________________________________________________________________________________________________________


Your company has a Storage Area Network (SAN) that is connected to an e-mail server running Windows Server 2008 Enterprise. You notice that the SAN volumes remain offline by default whenever you start the e-mail server after performing maintenance. After you bring the volumes online, the storage system functions properly.

You want the SAN volumes to be brought online by default whenever you start the e-mail server.

What should you do?

1. In the Diskpart utility, use the SAN POLICY=OFFLINESHARED command.

2. In Storage Manager for SANs, enable the Discovery Domain Set for the Discovery Domain in your iSCSI fabric.

3. In the Diskpart utility, use the SAN POLICY=ONLINEALL command. <Correct>

4. In Storage Manager for SANs, configure an iSCSI initiator.

Explanation:You can use the Diskpart utility to set a SAN policy. When the policy is set to ONLINEALL, all SAN volumes are brought online by default.

You do not need to configure iSCSI in Storage Manager for SANs. The SAN is already configured because it functions properly once you bring it online.



References:




______________________________________________________________________________________________________________________________________________

You are a Windows Server 2008 systems administrator assisting a user with setting up a Windows SharePoint Services site. The user would like to send documents to a Shared Documents section of a SharePoint site. However, she is unable to determine the e-mail address to which she should send the messages.

How can you determine the required e-mail address information?

1. In the properties of the Shared Documents component, select Incoming E-Mail Settings. <Correct>

2. Using the SharePoint Central Administration Web site, select the Outgoing E-Mail Settings option.

3. Using the SharePoint Central Administration Web site, select the Incoming E-Mail Settings option.

4. Using the SharePoint Central Administration Web site, select Approve/Reject Distribution Groups.

Explanation:Incoming e-mail address settings are defined individually for components such as a Shared Documents section. You can access and change these settings by modifying the Incoming E-Mail Settings options.

The SharePoint Central Administration Web site is designed to configure server-wide settings for incoming and outgoing messages. These settings do not include the e-mail address to which the user should send documents.


Sub Objective(s):Configure Windows SharePoint Services e-mail integration.

References:


Configure incoming e-mail settings (Windows SharePoint Services)Microsoft TechNetLink: http://technet2.microsoft.com/windowsserver/WSS/en/library/445dd72e-a63b-46d0-b92d-bcf0aa9d8d061033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are a systems administrator for a company that hosts a high-traffic public Web site. For performance reasons, the site has been designed to use 15 individual IIS servers to support requests. Your Web development team occasionally requests configuration changes that must be applied to all the IIS servers individually. To simplify systems administration, you would like to be able to make the configuration setting changes in a single location. You have configured a computer named Server1 with the settings that you want to apply to all the Web servers. The exhibit shows the current configuration of Server1.

Which of the following steps should you perform first to meet these requirements?

1. Use the Export Configuration command to create an IIS configuration file for use by all the servers. <Correct>

2. Use the AppCmd utility to create a backup of the current IIS configuration.

3. For the Physical Path setting, provide the location of one of the ApplicationHost.config files on one of the other servers.

4. Copy all the Web application content from the server to a shared network location.

Explanation:The first step you should perform is to export the configuration file from Server1 because its configuration settings will be used for the other servers. You can then enable Shared Configuration and provide the location of the configuration file to all the servers.

You cannot set the Physical Path setting until you have a configuration file that is ready for use. The AppCmd utility cannot be used to create a Shared Configuration file. Copying the Web application content will not configure all the servers to use the same configuration settings file.



References:


Shared ConfigurationIIS.NET Web siteLink: http://www.iis.net/articles/view.aspx/IIS7/Use-IIS7-Administration-Tools/Using-XML-Configuration/Centralized-Configuration

70-643 Measure Up

Documents

Transcript of 70-643 Measure Up