Latest Real 70-649 Tests Dumps and VCE Exam Questions 61-70

Ensurepass

QUESTION 61

Your network contains an Active Directory domain. The domain contains an enterprise certification authority (CA) named Server1 and a server named Server2. On Server2, you deploy Network Policy Server (NPS) and you configure a Network Access Protection (NAP) enforcement policy for IPsec. From the Health Registration Authority snap-in on Server2, you set the lifetime of health certificates to four hours. You discover that the validity period of the health certificates issued to client computers is one year. You need to ensure that the health certificates are only valid for four hours. What should you do?

 

A.      On Server1, run certutil.exe -setreg policyeditflags + editf_attributeenddate.

B.      On Server1, runcertutil.exe – setreg dbflags +dbflags_enablevolatilerequests.

C.      Modify the Request Handling settings of the certificate template used for the health certificates.

D.      Modify the Issuance Requirements settings of the certificate template used for the health certificates.

 

Correct Answer: A

 

 

QUESTION 62

Your network contains one Active Directory domain. You have a member server named Server1 that runs Windows Server 2008 R2. The server has the Routing and Remote Access Services role service installed. You implement Network Access Protection (NAP) for the domain. You need to configure the Point-to-Point Protocol (PPP) authentication method on Server1. Which authentication method should you use?

 

A.      Challenge Handshake Authentication Protocol (CHAP)

B.      Extensible Authentication Protocol (EAP)

C.      Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)

D.      Password Authentication Protocol (PAP)

 

Correct Answer: B

 

 

QUESTION 63

Your company has 10 servers that run Windows Server 2008 R2. The servers have Remote Desktop Protocol (RDP) enabled for server administration. RDP is configured to use default security settings. All administrators’ computers run Windows 7. You need to ensure the RDP connections are as secure as possible. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.      Set the security layer for each server to the RDP Security Layer.

B.      Configure the firewall on each server to block port 3389.

C.      Acquire user certificates from the internal certification authority.

D.      Configure each server to allow connections only to Remote Desktop client computers that use Network Level Authentication.

 

Correct Answer: CD

 

 

QUESTION 64

Your network contains an Active Directory domain named contoso.com. The network has DirectAccess deployed. You deploy a new server named Server1 that hosts a management application. You need to ensure that Server1 can initiate connections to DirectAccess client computers. Which settings should you modify from the DirectAccess Setup console?

 

A.      Application Servers

B.      DirectAccess Server

C.      Infrastructure Servers

D.      Remote Clients

 

Correct Answer: C

 

 

QUESTION 65

Your network contains two Active Directory forests named contoso.com and fabrikam.com. You have a standalone Network Policy Server (NPS) named NPS1. You have a VPN server named VPN1. VPN1 is configured as a RADIUS client to NPS1. You need to ensure that users from both forests can establish VPN connections by using their own domain accounts. What should you do?

 

A.      On NPS1, configure remediation server groups.

B.      On NPS1, configure connection request policies.

C.      On VPN1, modify the DNS suffix search order.

D.      On VPN1, modify the IKEv2 Client connection controls.

 

Correct Answer: B

 

 

QUESTION 66

Your network contains a server named Server1 that runs Windows Server 2008 R2.

 

Ÿ   Server1 has the Hyper-V server role installed.

Ÿ   Server1 hosts a virtual machine (VM) named VM1.

Ÿ   You take a snapshot of VM1 at 05:00 and at 19:00.

Ÿ   You use Hyper-V Manager to delete the snapshot taken at 05:00.

You need to ensure that the files created by the 05:00 snapshot are deleted from the hard disk on Server1. What should you do?

 

A.      At the command prompt, run the rmdir.exe command.

B.      From Windows Power Shell, run the Remove-Item cmdlet.

C.      From the Hyper-V Manager console, shut down VM1.

D.      From the Hyper-V Manager console, right-click VM1 and click Revert.

 

Correct Answer: C

 

 

QUESTION 67

Your network contains an Active Directory domain. The domain contains two servers named Server1 and Server2. You connect Server1 and Server2 to a logical unit number (LUN) on a Storage Area Network (SAN). You need to ensure that you can use the LUN in a failover cluster. What should you do?

 

A.      From Server Manager, run the Best Practices Analyzer.

B.      From File Server Resource Manager, generate a storage report.

C.      From Failover Cluster Manager, run the Validate a Configuration Wizard.

D.      From Share and Storage Management, verify the advanced settings of the LUN.

 

Correct Answer: C

 

 

QUESTION 68

Your network contains an Active Directory domain. The relevant servers in the domain are configured as shown in the following table:

 

clip_image002

 

You need to ensure that all device certificate requests use the MD5 hash algorithm. What should you do?

 

A.      On Server2, run the Certutil tool.

B.      On Server1, update the CEP Encryption certificate template.

C.      On Server1, update the Exchange Enrollment Agent (Offline Request) template.

D.      On Server3, set the value of the

HKLMSoftwareMicrosoftCryptographyMSCEPHashAlgorithmHashAlgorithm registry key.

 

Correct Answer: D

 

 

QUESTION 69

Your network contains an Active Directory domain. You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority (CA). You have a client computer named Computer1 that runs Windows 7. You enable automatic certificate enrollment for all client computers that run Windows 7. You need to verify that the Windows 7 client computers can automatically enroll for certificates. Which command should you run on Computer1?

 

A.      certreq.exe retrieve

B.      certreq.exe submit

C.      certutil.exe getkey

D.      certutil.exe pulse

 

Correct Answer: D

 

 

QUESTION 70

Your network contains two Active Directory forests named contoso.com and adatum.com. The functional level of both forests is Windows Server 2008 R2. Each forest contains one domain. Active Directory Certificate Services (AD CS) is configured in the contoso.com forest to allow users from both forests to automatically enroll user certificates. You need to ensure that all users in the adatum.com forest have a user certificate from the contoso.com certification authority (CA). What should you configure in the adatum.com domain?

 

A.      From the Default Domain Controllers Policy, modify the Enterprise Trust settings.

B.      From the Default Domain Controllers Policy, modify the Trusted Publishers settings.

C.      From the Default Domain Policy, modify the Certificate Enrollment policy.

D.      From the Default Domain Policy, modify the Trusted Root Certification Authority settings.

 

Correct Answer: C