QUESTION 21
Your network contains a server named Server1 that runs Windows Server 2008 R2. You create an Active Directory Lightweight Directory Services (AD LDS) instance on Server1. You need to create an additional AD LDS application directory partition in the existing instance. Which tool should you use?
A. Adaminstall
B. Dsadd
C. Dsmod
D. Ldp
Answer: D
QUESTION 22
You deploy a new Active Directory Federation Services (AD FS) federation server. You request new certificates for the AD FS federation server. You need to ensure that the AD FS federation server can use the new certificates. To which certificate store should you import the certificates?
A. Computer
B. IIS Admin Service service account
C. Local Administrator
D. World Wide Web Publishing Service service account
Answer: A
QUESTION 23
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has the Active Directory Federation Services (AD FS) Federation Service role service installed. You plan to deploy AD FS 2.0 on Server2. You need to export the token-signing certificate from Server1, and then import the certificate to Server2. Which format should you use to export the certificate?
A. Base-64 encoded X.509 (.cer)
B. Cryptographic Message Syntax Standard PKCS #7 (.p7b)
C. DER encoded binary X.509 (.cer)
D. Personal Information Exchange PKCS #12 (.pfx)
Answer: D
QUESTION 24
Your network contains a single Active Directory domain. The domain contains five read-only domain controllers (RODCs) and five writable domain controllers. All servers run Windows Server 2008. You plan to install a new RODC that runs Windows Server 2008 R2. You need to ensure that you can add the new RODC to the domain. You want to achieve this goal by using the minimum amount of administrative effort. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. At the command prompt, run adprep.exe /rodcprep.
B. At the command prompt, run adprep.exe /forestprep.
C. At the command prompt, run adprep.exe /domainprep.
D. From Active Directory Domains and Trusts, raise the functional level of the domain.
E. From Active Directory Users and Computers, pre-stage the RODC computer account.
Answer: BC
QUESTION 25
Your company has an Active Directory forest that contains a single domain. The domain member server has an Active Directory Federation Services (AD FS) server role installed. You need to configure AD FS to ensure that AD FS tokens contain information from the Active Directory domain.
What should you do?
A. Add and configure a new account store.
B. Add and configure a new account partner.
C. Add and configure a new resource partner.
D. Add and configure a Claims-aware application.
Answer: A
QUESTION 26
Your network contains a Network Policy Server (NPS) named Server1. Server1 is configured to use SQL logging. You add a second NPS server named Server2. You need to ensure that Server2 has the same RADIUS authentication and logging settings as Server1. You export the NPS settings from Server1, and then import the settings to Server2. What should you do next on Server2?
A. Create a new ODBC data source.
B. Run netsh.exe nps reset config.
C. Manually configure the SQL logging settings.
D. Restart the Network Policy Server (NPS) role service.
Answer: C
QUESTION 27
Your company has 10 servers that run Windows Server 2008 R2. The servers have Remote Desktop Protocol (RDP) enabled for server administration. RDP is configured to use default security settings. All administrators’ computers run Windows 7. You need to ensure the RDP connections are as secure as possible. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Set the security layer for each server to the RDP Security Layer.
B. Configure the firewall on each server to block port 3389.
C. Acquire user certificates from the internal certification authority.
D. Configure each server to allow connections only to Remote Desktop client computers that use Network
Level Authentication.
Answer: CD
QUESTION 28
Your network contains a server named Server1 that runs Windows Server 2008 R2. You plan to deploy DirectAccess on Server1. You need to configure Windows Firewall on Server1 to support DirectAccess connections. What should you allow from Windows Firewall on Server1?
A. ICMPv6 Echo Requests
B. ICMPv6 Redirect
C. IGMP
D. IPv6-Route
Answer: A
QUESTION 29
Your network contains a Network Policy Server (NPS) named Server1. NPS1 provides authentication for all of the VPN servers on the network. You need to track the usage information of all VPN connections. Which RADIUS attribute should you log?
A. Acct-Session-Id
B. Acct-Status-Type
C. Class
D. NAS-Identifier
Answer: C
QUESTION 30
Your network contains a server named Server1.contoso.com. Server1 is located on the internal network. You have a client computer named Computer1 that runs Windows 7. Computer1 is located on a public network that is connected to the Internet. Computer1 is enabled for DirectAccess. You need to verify whether Computer1 can resolve Server1 by using DirectAccess. Which command should you run on Computer1?
A. nbtstat.exe Ca server1.contoso.com
B. netsh.exe dnsclient show state
C. nslookup.exe server1.contoso.com
D. ping.exe server1.contoso.com
Answer: D
OFFER Microsoft 70-649 PDF and VCE Free Download