web analytics

OFFER Microsoft 70-649 PDF and VCE Free Download (211-220)

QUESTION 211
Your company has a server that runs an instance of Active Directory Lightweight Directory Services (AD LDS). You need to create new organizational units in the AD LDS application directory partition. What should you do?

A.    Use the Active Directory Users and Computers snap-in to create the organizational units on the AD LDS application directory partition.
B.    Use the ADSI Edit snap-in to create the organizational units on the AD LDS application directory partition.
C.    Use the dsadd OU <OrganizationalUnitDN> command to create the organizational units.
D.    Use the dsmod OU <OrganizationalUnitDN> command to create the organizational units.

Answer: B

QUESTION 212
Your network contains an Active Directory domain named contoso.com. The network contains client computers that run either Windows Vista or Windows 7. Active Directory Rights Management Services (AD RMS) is deployed on the network. You create a new AD RMS template that is distributed by using the AD RMS pipeline. The template is updated every month. You need to ensure that all the computers can use the most up-to-date version of the AD RMS template. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A.    Upgrade all of the Windows Vista computers to Windows 7.
B.    Upgrade all of the Windows Vista computers to Windows Vista Service Pack 2 (SP2).
C.    Assign the Microsoft Windows Rights Management Services (RMS) Client Service Pack 2 (SP2) to all users by using a Software Installation extension of Group Policy.
D.    Assign the Microsoft Windows Rights Management Services (RMS) Client Service Pack 2 (SP2) to all computers by using a Software Installation extension of Group Policy.

Answer: B

QUESTION 213
Your network contains a single Active Directory domain. Active Directory Rights Management Services (AD RMS) is deployed on the network. A user named User1 is a member of only the AD RMS Enterprise Administrators group. You need to ensure that User1 can change the service connection point (SCP) for the AD RMS installation. The solution must minimize the administrative rights of User1. To which group should you add User1?

A.    AD RMS Auditors
B.    AD RMS Service Group
C.    Domain Admins
D.    Schema Admins

Answer: C

QUESTION 214
Your network contains two Active Directory forests named contoso.com and adatum.com. Active Directory Rights Management Services (AD RMS) is deployed in contoso.com. An AD RMS trusted user domain (TUD) exists between contoso.com and adatum.com. From the AD RMS logs, you discover that some clients that have IP addresses in the adatum.com forest are authenticating as users from contoso.com. You need to prevent users from impersonating contoso.com users. What should you do?

A.    Configure trusted e-mail domains.
B.    Enable lockbox exclusion in AD RMS.
C.    Create a forest trust between adatum.com and contoso.com.
D.    Add a certificate from a third-party trusted certification authority (CA).

Answer: A

QUESTION 215
Your company has an Active Directory Rights Management Services (AD RMS) server. Users have Windows Vista computers. An Active Directory domain is configured at the Windows Server 2003 functional level. You need to configure AD RMS so that users are able to protect their documents. What should you do?

A.    Install the AD RMS client 2.0 on each client computer.
B.    Add the RMS service account to the local administrators group on the AD RMS server.
C.    Establish an e-mail account in Active Directory Domain Services (AD DS) for each RMS user.
D.    Upgrade the Active Directory domain to the functional level of Windows Server 2008.

Answer: C

QUESTION 216
Your network contains an Active Directory domain. The domain contains a server named Server1. Server1 runs Windows Server 2008 R2. You need to mount an Active Directory Lightweight Directory Services (AD LDS) snapshot from Server1. What should you do?

A.    Run ldp.exe and use the Bind option.
B.    Run diskpart.exe and use the Attach option.
C.    Run dsdbutil.exe and use the snapshot option.
D.    Run imagex.exe and specify the /mount parameter.

Answer: C

QUESTION 217
Your network contains a server named Server1 that runs Windows Server 2008 R2. You create an Active Directory Lightweight Directory Services (AD LDS) instance on Server1. You need to create an additional AD LDS application directory partition in the existing instance. Which tool should you use?

A.    Adaminstall
B.    Dsadd
C.    Dsmod
D.    Ldp

Answer: D

QUESTION 218
Your network contains a Routing and Remote Access server named RRAS1 and a DHCP server named DHCP1. RRAS1 and DHCP1 are located in different subnets. RRAS1 is configured to support VPN connections from the Internet. DHCP1 has a scope that provides IP addresses for the VPN connections. You need to ensure that VPN clients that connect to RRAS1 can receive IP addresses from DHCP1. What should you do?

A.    On DHCP1, configure a DHCP Relay Agent.
B.    On DHCP1, install the Routing role service.
C.    On RRAS1, configure a DHCP Relay Agent.
D.    On RRAS1, install the Routing role service.

Answer: C

QUESTION 219
Your network contains a server named Server1 that runs Windows Server 2008 R2. You plan to deploy DirectAccess on Server1. You need to configure Windows Firewall on Server1 to support DirectAccess connections. What should you allow from Windows Firewall on Server1?

A.    ICMPv6 Echo Requests
B.    ICMPv6 Redirect
C.    IGMP
D.    IPv6-Route

Answer: A

QUESTION 220
Network Access Protection (NAP) is configured for the corporate network. Users connect to the corporate network by using portable computers. The company policy requires confidentiality of data when the data is in transit between the portable computers and the servers. You need to ensure that users can access network resources only from computers that comply with the company policy. What should you do?

A.    Create an IPsec Enforcement Network policy.
B.    Create an 802.1X Enforcement Network policy.
C.    Create a Wired Network (IEEE 802.3) Group policy.
D.    Create an Extensible Authentication Protocol (EAP) Enforcement Network policy.

Answer: A

OFFER Microsoft 70-649 PDF and VCE Free Download