web analytics

OFFER Microsoft 70-649 PDF and VCE Free Download (191-200)

QUESTION 191
Your network contains an Active Directory domain named contoso.com. The network contains client computers that run either Windows Vista or Windows 7. Active Directory Rights Management Services (AD RMS) is deployed on the network. You create a new AD RMS template that is distributed by using the AD RMS pipeline. The template is updated every month. You need to ensure that all the computers can use the most up-to-date version of the AD RMS template. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A.    Upgrade all of the Windows Vista computers to Windows 7.
B.    Upgrade all of the Windows Vista computers to Windows Vista Service Pack 2 (SP2).
C.    Assign the Microsoft Windows Rights Management Services (RMS) Client Service Pack 2 (SP2) to all users by using a Software Installation extension of Group Policy.
D.    Assign the Microsoft Windows Rights Management Services (RMS) Client Service Pack 2 (SP2) to all computers by using a Software Installation extension of Group Policy.

Answer: B

QUESTION 192
Your network contains a single Active Directory domain. Active Directory Rights Management Services (AD RMS) is deployed on the network. A user named User1 is a member of only the AD RMS Enterprise Administrators group. You need to ensure that User1 can change the service connection point (SCP) for the AD RMS installation. The solution must minimize the administrative rights of User1. To which group should you add User1?

A.    AD RMS Auditors
B.    AD RMS Service Group
C.    Domain Admins
D.    Schema Admins

Answer: C

QUESTION 193
Your company has a server that runs an instance of Active Directory Lightweight Directory Services (AD LDS). You need to create new organizational units in the AD LDS application directory partition. What should you do?

A.    Use the Active Directory Users and Computers snap-in to create the organizational units on the AD LDS application directory partition.
B.    Use the ADSI Edit snap-in to create the organizational units on the AD LDS application directory partition.
C.    Use the dsadd OU <OrganizationalUnitDN> command to create the organizational units.
D.    Use the dsmod OU <OrganizationalUnitDN> command to create the organizational units.

Answer: B

QUESTION 194
Network Access Protection (NAP) is configured for the corporate network. Users connect to the corporate network by using portable computers. The company policy requires confidentiality of data when the data is in transit between the portable computers and the servers. You need to ensure that users can access network resources only from computers that comply with the company policy. What should you do?

A.    Create an IPsec Enforcement Network policy.
B.    Create an 802.1X Enforcement Network policy.
C.    Create a Wired Network (IEEE 802.3) Group policy.
D.    Create an Extensible Authentication Protocol (EAP) Enforcement Network policy.

Answer: A

QUESTION 195
Your network contains a Routing and Remote Access server named RRAS1 and a DHCP server named DHCP1. RRAS1 and DHCP1 are located in different subnets. RRAS1 is configured to support VPN connections from the Internet. DHCP1 has a scope that provides IP addresses for the VPN connections. You need to ensure that VPN clients that connect to RRAS1 can receive IP addresses from DHCP1. What should you do?

A.    On DHCP1, configure a DHCP Relay Agent.
B.    On DHCP1, install the Routing role service.
C.    On RRAS1, configure a DHCP Relay Agent.
D.    On RRAS1, install the Routing role service.

Answer: C

QUESTION 196
Your network contains an Active Directory domain. The network has DirectAccess deployed. You deploy the DirectAccess Connectivity Assistant (DCA) to all client computers. You need to ensure that users can view their DirectAccess status by using the DCA. Which two group policy settings should you configure? (Each correct answer presents part of the solution. Choose two.)

A.    Dynamic Tunnel Endpoints (DTEs)
B.    Corporate Portal Site
C.    Corporate Resources
D.    PortalName

Answer: AC

QUESTION 197
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and eu.contoso.com. You install a Network Policy Server (NPS) named Server1 in the contoso.com domain. You need to ensure that Server1 can read the dial-in properties of the user accounts in the eu.contoso.com domain. What should you do?

A.    In the contoso.com domain, add Server1 to the RAS and IAS Servers group.
B.    In the contoso.com domain, add Server1 to the Windows Authorization Access group.
C.    In the eu.contoso.com domain, add Server1 to the RAS and IAS Servers group.
D.    In the eu.contoso.com domain, add Server1 to the Windows Authorization Access group.

Answer: C

QUESTION 198
Your company has a single Active Directory domain. The company network is protected by a firewall. Remote users connect to your network through a VPN server by using PPTP. When the users try to connect to the VPN server, they receive the following error message: Error 721: The remote computer is not responding. You need to ensure that users can establish a VPN connection. What should you do?

A.    Open port 1423 on the firewall.
B.    Open port 1723 on the firewall.
C.    Open port 3389 on the firewall.
D.    Open port 6000 on the firewall.

Answer: B

QUESTION 199
Your company uses Network Access Protection (NAP) to enforce policies on client computers that connect to the network. Client computers run Windows 7. A Group Policy is used to configure client computers to obtain updates from Windows Server Update Services (WSUS). Company policy requires that updates labeled Important and Critical must be applied before client computers can access network resources. You need to ensure that client computers meet the company policy requirement. What should you do?

A.    Enable automatic updates on each client.
B.    Enable the Security Center on each client.
C.    Quarantine clients that do not have all available security updates installed.
D.    Disconnect the connection until the required updates are installed.

Answer: C

QUESTION 200
Your network contains two Active Directory forests named contoso.com and adatum.com. Active Directory Rights Management Services (AD RMS) is deployed in contoso.com. An AD RMS trusted user domain (TUD) exists between contoso.com and adatum.com. From the AD RMS logs, you discover that some clients that have IP addresses in the adatum.com forest are authenticating as users from contoso.com. You need to prevent users from impersonating contoso.com users. What should you do?

A.    Configure trusted e-mail domains.
B.    Enable lockbox exclusion in AD RMS.
C.    Create a forest trust between adatum.com and contoso.com.
D.    Add a certificate from a third-party trusted certification authority (CA).

Answer: A

OFFER Microsoft 70-649 PDF and VCE Free Download