Flydumps Microsoft 70-643 exam questions and answers in PDF are prepared by our expert, Moreover, they are based on the recommended syllabus covering all the Microsoft 70-643 exam objectives.You will find them to be very helpful and precise in the subject matter since all the Microsoft 70-643 exam content is regularly updated and has been checked for accuracy by our team of Microsoft expert professionals.
QUESTION 1
A server runs Windows Server 2008. The Terminal Services role is installed on the server. You deploy a new application on the server. The application creates files that have an extension of .xyz.
You need to ensure that users can launch the remote application from their computers by double- clicking a file that has the .xyz extension.
What should you do?
A. Configure the Remote Desktop Connection Client on the users’ computers to point to the server.
B. Configure the application as a published application by using a Remote Desktop Program file.
C. Configure the application as a published application by using a Windows Installer package file.
D. Configure the application as a published application by using a Terminal Server Web Access Web site.
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Launching Apps from the Desktop For users who want to double-click documents to launch the application, terminal services now provides the ability to “install”
the remote application’s link to the desktop. This process effectively wraps the RemoteApp’s RDP file into a Windows Installer package–an MSI file–that is later
installed to desktops in the environment. At the same time, the installed MSI can modify the file extension associations on the desktop to reroute a double-clicked
file to its associated RemoteApp on the terminal server. Figure 3 shows how the file extension associations have been modified on a client system after a Word
RemoteApp is installed. Now, double-clicking any of the common Word file extensions will launch Word via the Remote Desktop Connection.
Figure 3 File extension associations that have been altered to launch the Remote Desktop Connection To create a Windows Installer package out of an existing RemoteApp, first navigate to the TS RemoteApp Manager. Right-click the RemoteApp of interest and select Create Windows Installer Package. By default, all created Windows Installer packages are stored in the location C:\Program Files\Packaged Programs, but this location can be changed from within the RemoteApp Wizard. Also configurable within the wizard are the name and port for the server that will host the RemoteApp, as well as server authentication, certificate settings, and TS Gateway settings. Settings that relate to the application’s location after installation to a candidate desktop are shown in Figure
4. As you can see, it is possible to create a shortcut on the desktop as well as to a location within the Start menu folder. The most important checkbox on this screen is at the very bottom. It’s the checkbox for Take over client settings, and it re-associates any file extension associations for the RemoteApp from the local desktop to the terminal server. This checkbox must be selected if you want users to be able to double-click documents to launch their TS-hosted application. Click Next and Finish to complete the wizard. Please Note: -Since Windows2008R2 Terminal Services (TS) is now rebranded to Remote Desktop Services (RDS)-Source: http://technet.microsoft.com/en-us/query/dd314392
QUESTION 2
You have a server that runs Windows Server 2008 R2. The server has the RD Gateway role service installed.
You need to provide a security group access to the RD Gateway server.
What should you do?
A. Add the security group to the Remote Desktop Users group.
B. Add the security group to the TS Web Access Computers group.
C. Create and configure a Remote Desktop Resource Authorization Policy.
D. Create and configure a Remote Desktop Connection Authorization Policy.
Correct Answer: D Explanation
Explanation/Reference:
Explanation:
Remote Desktop connection authorization policies (RD CAPs) allow you to specify who can connect to an RD Gateway server.
Source: http://technet.microsoft.com/en-us/library/cc753324.aspx
QUESTION 3
Your company uses Public folders and Web Distributed Authoring and Versioning. The company asks you to install Microsoft Windows SharePoint Services (WSS) as a server in a new server farm. You plan to install WSS on a server that runs Windows Server 2008 R2.
You start the Configuration Wizard to begin the installation. You receive an error message as shown in the exhibit.
You need to configure WSS to start SharePoint Services 3.0 SP 2 Central Administration.
What should you do?
A. Install the Windows Internal Database.
B. Install a Microsoft SQL Server 2005 server.
C. Install the Active Directory Rights Management Services role.
D. Install the Active Directory Lightweight Directory Services role.
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
To resolve this problem, you need to install Microsoft SQL Server 2005 server on the farm. This error message occurs when either the SQL Server does not exist
or the SQL Server services id stopped.
The server farm account is used to access your configuration database. It also acts as the application pool identity for the SharePoint Central Administration
application pool, and it is the account under which the Windows SharePoint Services Timer service runs. The SharePoint Products and Technologies
Configuration Wizard adds this account to the SQL Server Logins, the SQL Server Database Creator server role, and the SQL Server Security Administrators
server role. If SQL Server is not available then the above mentioned error message will appear.
Reference: Configuration Wizard – Failed to Connect
http://blogs.msdn.com/neilth/archive/2008/04/25/failed-to-connect-or-database-name-does-not- exist.aspx
QUESTION 4
You manage a member server that runs Windows Server 2008 R2. The server runs the Remote Desktop Gateway (RD Gateway) role service.
You need to find out whether a user named User1 has ever connected to his office workstation through the RD Gateway server.
What should you do?
A. View the events in the Monitoring folder from the RD Gateway Manager console.
B. View the Event Viewer Security log.
C. View the Event Viewer Application log.
D. View the Event Viewer Terminal Services-Gateway log.
Correct Answer: D Explanation
Explanation/Reference:
Explanation: By using TS Gateway Manager, you can specify the types of events that you want to monitor, such as unsuccessful or successful connection attempts to internal network computers through a TS Gateway server. When these events occur, you can monitor the corresponding events by using Windows Event Viewer. TS Gateway server events are stored in Event Viewer under Application and Services Logs\Microsoft\Windows \Terminal Services-Gateway\. Source: http://technet.microsoft.com/en-us/library/cc730618(WS.10).aspx
QUESTION 5
Your company has an Active Directory domain. All the servers in the company run either Windows Server 2008 R2 or Windows Server 2003. A Windows Server 2003 server named Server1 runs Microsoft SQL Server 2005 SP2 and Microsoft Windows SharePoint Services (WSS) 2.0.
The company plans to migrate to WSS 3.0 SP2 on a Windows Server 2008 R2 server named Server2.
You need to migrate the configuration and content from Server1 to Server2.
What should you do?
A. Back up the SharePoint configuration and content from Server1. Install WSS 3.0 SP2 on Server2. Restore the backup from Server1 to Server2.
B. Upgrade Server1 to Windows Server 2008 R2. Back up the SharePoint configuration and content from Server1. Install WSS 3.0 SP2 on Server2. Restore the backup from Server1 to Server2.
C. Back up the SQL Server 2005 configuration and the WSS 2.0 databases from Server1. Install SQL Server 2005 on Server2. Restore the SQL Server 2005 backup from Server1 to Server2.
D. Back up the WSS 2.0 configuration and content from Server1. Install WSS 2.0 on Server2. Restore the backup from Server1 to Server2. Perform an in-place upgrade of WSS 2.0 to WSS 3.0 SP2 on Server2.
Correct Answer: D Explanation
Explanation/Reference:
Explanation:
To migrate to SharePoint Services (WSS) 3.0. from Server1 to Server2 with all the configuration and content, you need to install WSS 2.0 on Server2. Back up the
WSS 2.0 configuration and content from Server1 and restore the backup from Server1 to Server2. Perform an in-place upgrade of WSS 2.0 to WSS 3.0 on
Server2.
When you run an in-place upgrade, all content and configuration data is upgraded in-place, at one time. When you start the in-place upgrade process, the Web
server and Web sites remain offline until the upgrade has been installed. In-place upgrades are best for a stand-alone server and small installations as in this case
Reference: Install and configure Office SharePoint Server for an in-place upgrade http://technet.microsoft.com/en-us/library/cc263212(TechNet.10).aspx
Reference: Determine upgrade approach (Office SharePoint Server) http://technet.microsoft.com/en-us/library/cc263447(TechNet.10).aspx
QUESTION 6
Your company has an Active Directory domain. You have a server named KMS1 that runs Windows Server 2008 R2. You install and configure Key Management Service (KMS) on KMS1. You plan to deploy Windows Server 2008 R2 on 10 new servers. You install the first two servers. The servers fail to activate by using KMS1.
You need to activate the new servers by using the KMS server.
What should you do first?
A. Complete the installation of the remaining eight servers.
B. Configure Windows Management Instrumentation (WMI) exceptions in Windows Firewall on the new servers.
C. Install Volume Activation Management Tool (VAMT) on the KMS server and configure Multiple Activation Key (MAK) Proxy Activation.
D. Install Volume Activation Management Tool (VAMT) on the KMS server and configure Multiple Activation Key (MAK) Independent Activation.
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
Key Management Service
With KMS, IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation.
KMS is a lightweight service that does not require a dedicated system and can easily be co-hosted on a system that provides other services. By default, volume
editions of Windows 7 and Windows Server 2008 R2 connect to a system that hosts the KMS service to request activation. No action is required from the user.
KMS requires a minimum number of computers (physical or virtual machines) in a network environment.
The organization must have at least five computers to activate Windows Server 2008 R2 and at least 25 computers to activate clients that are running Windows 7.
These minimums are referred to as activation thresholds.
To use KMS activation with Windows 7, the computer must have the qualifying OS license (often obtained through OEMs as part of the new PC purchase) and
contain a Windows Marker in BIOS.
Source: http://technet.microsoft.com/en-us/library/ff793423.aspx
QUESTION 7
You have four Remote Desktop Session Host Servers that run Windows Server 2008 R2. The Remote Desktop Session Host Servers are named Server1,
Server2, Server3, and Server4.
You install the Remote Desktop Connection Broker role service on Server1.
You need to configure load balancing for the four Remote Desktop Session Host Servers. You must ensure that Server2 is the preferred server for Remote
Desktop Services sessions.
Which tool should you use?
A. Group Policy Management
B. Remote Desktop Session Host Configuration
C. Remote Desktop Connection Manager
D. RD Gateway Manager
Correct Answer: B Explanation
Explanation/Reference:
ExplanationExplanation:
You can configure a Remote Desktop Session Host (RD Session Host) server to join a farm in RD Connection
Broker, and to participate in RD Connection Broker Load Balancing, by using the Remote Desktop Session Host Configuration tool.
To configure RD Connection Broker settings
1.
On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration .
2.
In the Edit settings area, under RD Connection Broker, double-click Member of farm in RD Connection Broker.
3.
On the RD Connection Broker tab of the Properties dialog box, click Change Settings.
4.
In the RD Connection Broker Settings dialog box, click Farm member.
5.
In the RD Connection Broker server name box, type the name of the RD Connection Broker server.
6.
In the Farm name box, type the name of the farm that you want to join in RD Connection Broker.
7.
Click OK to close the RD Connection Broker Settings dialog box.
8.
To participate in RD Connection Broker Load Balancing, select the Participate in Connection Broker Load-Balancing check box.
9.
Optionally, in the Relative weight of this server in the farm box, modify the server weight. By default, the value is 100. The server weight is relative. Therefore, if you assign one server a value of 50, and one a value of 100, the server with a weight of 50 will receive half the number of sessions.
10.
Verify that you want to use IP address redirection. By default, the Use IP address redirection setting is enabled. If you want to use token redirection mode, select Use token redirection. For more information, see About IP Address and Token Redirection.
11.
In the Select IP addresses to be used for reconnection box, select the check box next to each IP address that you want to use.
12.
When you are finished, click OK. Source: http://technet.microsoft.com/en-us/library/cc771383.aspx
QUESTION 8
You have a server that runs Windows Server 2008 R2. The server has Microsoft SharePoint Foundation 2010 installed. The server is configured to accept incoming email.
You create a new document library.
You need to ensure that any user can send e-mail to the document library.
What should you do?
A. Modify the RSS setting for the document library.
B. Modify the permissions for the document library.
C. Modify the incoming email settings for the document library.
D. Enable anonymous authentication for the Web application.
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Explanation:
Enable and configure email settings for a library
Use this procedure to enable and configure email settings for a library to receive email messages in the
SharePoint document library in a site.
Enable and configure email settings for a library
1. Open the site in which you want to receive email messages by using either of the following methods:
-In Internet Explorer, type the URL o the site.
-On the View Site Collection page, click the site collection that you want to view.
2.
In the left navigation pane of the home page, click View All Site Content.
3.
In the Documents section, click a document library name to open the library for which you want to enable and configure email settings.
4.
On the Settings menu, click Document Library Settings, Picture Library Settings, or Form Library Settings, depending on the kind of library that you are enabling and configuring.
5.
In the Communications section, click Incoming email settings.
6.
In the Email section, select Yes to enable this library to receive email messages.
7.
In the Email address box, type a unique name to use as part of the email address for this library.
8.
In the Email Attachments section, decide where to save and how to group the email attachments in this library, and then choose whether to overwrite files that have the same name. Note: If you decide not to overwrite files that have the same name and then later try to save a file that has the same name as one that already exists in the library, four random digits are appended to the file name for the new attachment. If this action fails, a globally unique identifier (GUID) is appended to the file name. If neither of these actions can produce a unique file name, the attachment is discarded.
9.
In the Email Message section, choose whether to save the original email message in this library. If you select Yes, the original message is saved as a separate item in the library.
10.
In the Email Meeting Invitations section, choose whether to save the attachments to your meeting invitations in this library.
11.
In the Email Security section, choose whether to archive email messages only from members of the site who can write to the library or to archive regardless of who sends the email message.
12.
Click OK to save the changes that you have made in the settings.
Source: http://technet.microsoft.com/en-us/library/cc262800.aspx
QUESTION 9
A server named Server2 runs Windows Server 2008 R2. The Remote Desktop Services server role is installed on Server2.
You plan to deploy an application on Server2. The application vendor confirms that the application can be deployed in a Remote Desktop Services environment.
The application does not use Microsoft Windows Installer packages for installation. The application makes changes to the current user registry during installation.
You need to install the application to support multiple user sessions.
What should you do?
A. Run the mstsc /v:Server2 /admin command from the client computer to log on to Server2. Install the application.
B. Run the change user /execute command on Server2. Install the application and run the change user /install command on Server2.
C. Run the change user /install command on Server2. Install the application and run the change user /execute command on Server2.
D. Run the change logon /disable command on Server2. Install the application and run the change logon /enable command on Server2.
Correct Answer: C Explanation
Explanation/Reference:
Explanation: Change user Changes the install mode for the terminal server
Source: http://technet.microsoft.com/en-us/library/cc730696(WS.10).aspx
QUESTION 10
Your company has an Active Directory domain. A server named Server2 runs Windows Server 2008 R2. All client computers run Windows 7.
You install the Remote Desktop Services server role, RD Web Access role service, and RD Gateway role service on Server2.
You need to ensure that all client computers have compliant firewall, antivirus software, and antispyware.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure Network Access Protection (NAP) on a server in the domain.
B. Add the Remote Desktop Services servers to the Windows Authorization Access domain local security group.
C. Add the Remote Desktop Services client computers to the Windows Authorization Access domain local security group.
D. Enable the Request clients to send a statement of health option in the Remote Desktop client access policy. Correct Answer: AD
Explanation
Explanation/Reference:
Explanation To ensure that all client machines have firewall, antivirus software and anti-spyware software installed, you should set the Request clients to sent a health option statement in the Remote Desktop Services client access policy and install and configure Network Access Protection (NAP) on the server in the domain.
Source: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=8e47649e-962c-42f8- 9e6f-21c5ccdcf490&displaylang=en
QUESTION 11
Your network consists of a single Active Directory domain. The domain contains a server that runs Windows Server 2008 R2. The server has Microsoft SharePoint Foundation 2010 installed. You need to allow users to create distribution lists from a SharePoint site. What should you do on the SharePoint Foundation 2010 server?
A. Set the outgoing mail character set to 1200(Unicode).
B. Enable the SharePoint Directory Management Service.
C. Configure the site to accept messages from authenticated users only.
D. Configure the site to use the default Rights Management server in Active Directory Domain Services.
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
To configure WSS server in such a way that it allow users to create distribution lists from a SharePoint site, you need to enable the SharePoint Directory
Management Service on the server. A distribution list contains the email addresses of existing address lists as well as the email addresses of other site members.
Distribution lists are available only if the SharePoint Directory Management Service is enabled in Central Administration.
All new subsites that are created in an email-enabled site collection are automatically email-enabled also. If you choose to use an existing group during site
creation, the distribution list for the parent site (if available) will be associated with the new site
Reference: Introduction to incoming email/ New site creation walkthrough http://office.microsoft.com/en-us/help/HA100823061033.aspx
QUESTION 12
You manage a server that runs Windows Server 2008. The server has the Web Server (IIS) role installed. The server hosts an Internet-accessible Web site that
has a virtual directory named /orders/. A Web server certificate is installed and an SSL listener has been configured for the Web site.
The /orders/ virtual directory must meet the following company policy requirements:
Be accessible to authenticated users only.
Allow authentication types to support all browsers.
Encrypt all authentication traffic by using HTTPS.
All other directories of the Web site must be accessible to anonymous users and be available without SSL
You need to configure the /orders/ virtual directory to meet the company policy requirements.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure the Web site to the Require SSL setting.
B. Configure the /orders/ virtual directory to the Require SSL setting.
C. Configure the Digest Authentication setting to Enabled for the /orders/ virtual directory.
D. Configure the Basic Authentication setting to Enabled and the Anonymous Authentication setting to Disabled for the Web site.
E. Configure the Basic Authentication setting to Enabled and the Anonymous Authentication setting to Disabled for the / orders/ virtual directory.
Correct Answer: BE Explanation
Explanation/Reference:
Explanation:
To configure the /salesorders/ virtual directory so that it is accessible to authenticated users only and it should allow authentication types to support all browsers,
you need to configure the Basic Authentication setting to Enabled for the / salesorders / virtual directory, because the Basic authentication is supported by mostly all the browsers.
Next you need to Disable the Anonymous Authentication setting to for the / salesorders / virtual directory, so that only authenticated users can access the virtual directory. Finally, you need to configure only the /salesorders / virtual directory to the Require SSL setting so that only the authentication traffic to this directory is encrypted and all other directories of the Website must be accessible to anonymous users and be available without SSL.
To configure authentication for a virtual directory or a physical directory in a Web site, you need to configure the virtual directory for the Web site and not the website.
Reference: How to configure IIS Web site authentication http://support.microsoft.com/kb/308160
QUESTION 13
You have a Windows Server 2008 R2 server that has the Web Server (IIS) server role installed. The server hosts multiple Web sites.
You need to configure the server to automatically release memory for a single Web site. You must achieve this goal without affecting the other Web sites.
What should you do?
A. Create a new Web site and edit the bindings for the Web site.
B. Create a new application pool and associate the Web site to the application pool.
C. Create a new virtual directory and modify the Physical Path Credentials on the virtual directory.
D. From the Application Pool Defaults, modify the Recycling options.
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
To configure the server to automatically release memory for a single website without affecting the other Web sites, you need to create a new application pool and
associate the Web site to the application pool
An application pool is a group of one or more URLs that are served by a worker process or a set of worker processes. Application pools set boundaries for the
applications they contain, which means that any applications that are running outside a given application pool cannot affect the applications in the application pool.
You can configure the server to automatically release memory or to release memory after reaching maximum used memory.
Reference: IIS 7.0: Managing Application Pools in IIS 7.0 http://technet2.microsoft.com/windowsserver2008/en/library/1dbaa793-0a05-4914-a065-4d109db3b9101033.mspx?mfr=true
Reference: IIS 7.0: Configuring Recycling Settings for an Application Pool http://technet2.microsoft.com/windowsserver2008/en/library/0d5770e3-2f6f-4e11-a47c-9bab6a69ebc71033.mspx?mfr=true
QUESTION 14
You install the Windows Deployment Services (WDS) role on a server that runs Windows Server 2008 R2.
You plan to install Windows 7 on a computer that does not support Preboot Execution Environment (PXE). You have a Windows 7 image that is stored on the WDS server.
You need to start the computer and install the image that is stored on the WDS server.
What should you create?
A. a capture image
B. a CD-ROM that contains PXE drivers
C. a discover image
D. an install image
Correct Answer: C Explanation
Explanation/Reference:
Explanation: To start the computer and install Windows Vista image stored on the WDS server, you should create the Discover image. If you have a computer that is not PXE enabled, you can create a discover image and use it to install an operating system on that computer. When you create a discover image and save it to media (CD, DVD, USB drive, and so on), you can then boot a computer to the media. The discover image on the media locates a Windows Deployment Services server, and the server deploys the install image to the computer. You can configure discover images to target a specific Windows Deployment Services server. This means that if you have multiple servers in your environment, you can create a discover image for each, and then name them based on the name of the server. Reference: http://technet2.microsoft.com/WindowsVista/en/library/9e197135-6711-4c20-bfad- fc80fc2151301033.mspx?mfr=true
QUESTION 15
Your company has an Active Directory domain. The Terminal Services role is installed on a member server named TS01. The Terminal Services Licensing role service is installed on a new test server named TS10 in a workgroup.
You cannot enable the Terminal Services Per User Client Access License (TS Per User CAL) mode in the Terminal Services Licensing role service on TS10.
You need to ensure that you can use TS Per User CAL mode on TS10. What should you do?
A. Join TS10 to the domain.
B. Disjoin TS01 from the domain.
C. Extend the schema to add attributes for Terminal Services Licensing.
D. Create a Group Policy object (GPO) that configures TS01 to use TS10 for licensing.
Correct Answer: A Explanation
Explanation/Reference:
Explanation: To ensure that you could employ Terminal Services per User CAL mode on TK2, you need to connect TK2 to the Active Directory domain because TS Per User CAL tracking and reporting is supported only in domain-joined scenarios. Reference: TS Licensing/Are there any special considerations? http://technet2.microsoft.com/windowsserver2008/en/library/5a4afe2f-5911-4b3f-a98a-338b442b76041033.mspx?mfr=true
QUESTION 16
You have a Windows Server 2008 R2 server that has the Web Server (IIS) server role installed. The server contains a Web site.
You need to ensure that the cookies sent from the Web site are encrypted on users’ computers.
Which Web site feature should you configure?
A. Authorization Rules
B. Machine Key
C. Pages And Controls
D. SSL Settings
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
To encrypt the cookies sent from the website on the users’ computer, you need to use machine key. Encrypting cookies is important to prevent tampering. A
hacker can easily view a cookie and alter it. So to protect the cookie, machine key is used in ASP .NET 2.0. Encryption is based on a hash plus the actual data
encrypted, so that if you try to change the data, it’s pretty difficult. ASP.NET’s ViewState uses the Machinekey config file section to configure the keys and such…
this is important when the application is going to be run on a web farm, where load balancing webservers may be in no affinity mode.
Reference: http://www.codeproject.com/KB/web-security/HttpCookieEncryption.aspx
QUESTION 17
Your company has a server that runs Windows Server 2008 R2. The server has the Web Server (IIS) role installed.
You need to activate SSL for the default Web site.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Obtain and import a server certificate by using the IIS Manager console.
B. Select the Generate Key option in the Machine Key dialog box for the default Web site.
C. Add bindings for the HTTPS protocol to the default Web site by using the IIS Manager console.
D. Install the Digest Authentication component for the Web server role by using the Server Manager console.
Correct Answer: AC Explanation
Explanation/Reference:
Explanation:
To activate SSL for the default Web site on the server, you need to get an appropriate certificate and create an HTTPS binding on a site. On Windows Vista and
Windows Server 2008, HTTP.sys handles SSL encryption/decryption in kernel mode, resulting in up to 20% better performance for secure connections.
Moving SSL to kernel mode requiresstoring SSL binding information in two places. First, the binding is stored in %windir%\system32\inetsrv\applicationHost.config
for your site. When the site starts, IIS 7.0sends the binding to HTTP.sys and HTTP.sys starts listening for requests on the specified IP:Port (this works for all
bindings).
Second, SSL configuration associated with the binding is stored in HTTP.sys configuration.When a client connects and initiates an SSL negotiation, HTTP.sys
looks in its SSL configuration for the
IP:Port pair that the client connected to. The HTTP.sys SSL configuration must include a certificate hash and the name of the certificate’s store for the SSL
negotiation to succeed.
Reference: How to Setup SSL on IIS 7.0
http://learn.iis.net/page.aspx/144/how-to-setup-ssl-on-iis-7/
QUESTION 18
Your network contains a Windows Server 2008 R2 server that has the Web Server (IIS) server role installed.
You have a Web application that uses a custom application pool. The application pool is set to recycle every 1,440 minutes. The Web application does not support multiple worker processes. You need to configure the application pool to ensure that users can access the Web application after the application pool is recycled.
What should you do?
A. Set the Shutdown Executable option to True.
B. Set the Process Orphaning Enabled option to True.
C. Set the Disable Overlapped Recycle option to True.
D. Set the Disable Recycling for Configuration Changes option to True.
Correct Answer: C Explanation
Explanation/Reference:
Explanation: Explanation: Overlapped Recycling In an overlapped recycling scenario, the process targeted for a recycle continues to process all remaining requests while a replacement worker process is created simultaneously. The new process is started before the old worker process stops, and requests are then directed to the new process. This design prevents delays in service, since the old process continues to accept requests until the new process has initialized successfully, and is instructed to shut down only after the new process is ready to handle requests. Considerations When Recycling Applications When applications are recycled, it is possible for session state to be lost. During an overlapped recycle, the occurrence of multi-instancing is also a possibility. Loss of session state: Many IIS applications depend on the ability to store state. IIS 6.0 can cause state to be lost if it automatically shuts down a worker process that has timed out due to idle processing, or if it restarts a worker process during recycling. Occurrence of multi-instancing: In multi-instancing, two or more instances of a process run simultaneously. Depending on how the application pool is configured, it is possible for multiple instances of a worker process to run, each possibly loading and running the same application code. The occurrence of an overlapped recycle is an example of multi-instancing, as is a Web garden in which two or more processes serve the application pool regardless of the recycling settings. If your application cannot run in a multi-instance environment, you must configure only one worker process for an application pool (which is the default value), and disable the overlapped recycling feature if application pool recycling is being used.
Source: http://technet.microsoft.com/en-us/library/ms525803(VS.90).aspx
QUESTION 19
You manage a server that runs Windows Server 2008 R2. The Remote Desktop Services server role is installed on the server. A Remote Desktop Services application runs on the server. Users report that the application stops responding.
You monitor the memory usage on the server for a week. You discover that the application has a memory leak.
A patch is not currently available. You create a new resource-allocation policy in Windows System Resource Manager (WSRM). You configure a Process Matching Criteria named TrackShip and select the application. You need to terminate the application when the application consumes more than half of the available memory on the server.
What should you do?
A. Configure the resource-allocation policy and set the maximum working set limit option to half the available memory on the server. Set the new policy as a Profiling Policy.
B. Configure the resource-allocation policy and set the maximum working set limit option to half the available memory on the server. Set the new policy as a Managing Policy.
C. Configure the resource-allocation policy and set the maximum committed memory option to half the available memory on the server. Set the new policy as a Profiling Policy.
D. Configure the resource-allocation policy and set the maximum committed memory option to half the available memory on the server. Set the new policy as a Managing Policy.
Correct Answer: D Explanation
Explanation/Reference:
Explanation:
To create a memory resource allocation
1.
In the Add or Edit Resource Allocation dialog box, on the General tab, in the Process matching criteria list, select a process matching criterion for the matched
processes that will be managed by the resource allocation.
2.
On the Memory tab, select one or both:
Use maximum committed memory for each process
Use maximum working set limit for each process
3.
If you selected Use maximum committed memory for each process:
In the Maximum committed memory limit per process box, type a value in megabytes (MB). In the If memory is surpassed box, select an action to take when the
limit is reached.
4.
If you selected Use maximum working set limit for each process, in the Maximum working set limit per process box, type a value in MB.
5.
Click OK.
To add additional memory resource allocations, click Add, and then repeat steps 15.
Source: http://technet.microsoft.com/en-us/library/cc771472.aspx
QUESTION 20
You manage a member server that runs Windows Server 2008 R2. The server has the Web Server (IIS) role installed.
The Web server hosts a Web site named Intranet1. Only internal Active Directory user accounts have access to the Web site.
The authentication settings for Intranet1 are configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that users authenticate to the Web site by using only the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2) encrypted Active Directory credentials.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Add the Digest Authentication role service and the URL Authorization role service to the server.
B. Add the Windows Authentication role service to IIS. Configure the Windows Authentication setting to Enabled in the Intranet1 properties.
C. Configure the Basic Authentication setting to Disabled in the Intranet1 properties.
D. Configure the Default domain field for the Basic Authentication settings on Intranet1 by adding the name of the Active Directory domain.
E. Configure the Basic Authentication setting to Disabled and the Anonymous Authentication setting to Enabled in the Intranet1 properties.
Correct Answer: BC Explanation
Explanation/Reference:
Explanation: To ensure that the users accessing the website are authenticated through MS-CHAPv2 encrypted Active Directory credentials, you should Add Windows Authentication role service to the IIS server. Enable the Windows Authentication settings in the intranet-e properties and disable the basic authentication setting in the intranet-e properties. Basic authentication is a set of basic rules that authenticate users. To implement MS-CHAPv2, you have to disable the basic authentication and then, add windows authentication role services to the IIS server. After adding it, you should enable it. The Windows Authentication role service will allow the website to be authenticated through MS- CHAPv2.
