70-649 cram(157 to 169) for client: Mar 2016 Edition

Virtual of 70-649 simulations materials and training tools for Microsoft certification for IT learners, Real Success Guaranteed with Updated 70-649 pdf dumps vce Materials. 100% PASS Today!

2016 Mar 70-649 Study Guide Questions:

Q157. Your network contains a Web server that runs Windows Server 2008 R2. 

Remote management is configured for Internet Information Services (IIS). 

From IIS Manager Permissions, you add a user to a Web site. 

You need to prevent the user from using Internet Information Services (IIS) Manager to modify the authorization rules of the Web site. 

Which settings should you configure? 

A. Authorization Rules 

B. Feature Delegation 

C. IIS Manager Permissions 

D. IIS Manager Users 

Answer: B


Q158. Your network contains a server named Server1 that runs Windows Server 2008 R2. You plan to deploy DirectAccess on Server1. 

You need to configure Windows Firewall on Server1 to support DirectAccess connections. What should you allow from Windows Firewall on Server1? 

A. ICMPv6 Echo Requests 

B. IPv6-Route 

C. ICMPv6 Redirect 

D. IGMP 

Answer: A


Q159. Your network contains an Active Directory domain. The domain contains a server that runs Windows Server 2008 R2. 

The server has the Remote Desktop Session Host (RD Session Host) role service and the Remote Desktop Web Access (RD Web Access) role service installed. 

When domain users run RemoteApp programs from the RD Web Access page, they are prompted for their credentials. 

You need to ensure that the domain users can run the RemoteApp programs without being prompted for their credentials. 

What should you do? 

A. From RemoteApp Deployment Settings, configure the Common RDP Settings. 

B. From RemoteApp Deployment Settings, configure the Digital Signature Settings. 

C. On each client computer, add the URL of the RD Web Access Web site to the Trusted sites zone. 

D. On each client computer, add the URL of the RD Web Access Web site to the Local intranet zone. 

Answer: B


Q160. Your company's corporate network uses Network Access Protection (NAP). 

Users are able to connect to the corporate network remotely. 

You need to ensure that data transmissions between remote client computers and the corporate network are as secure as possible. 

What should you do? 

A. Apply an IPSec NAP policy. 

B. Restrict Dynamic Host Configuration Protocol (DHCP) clients by using NAP. 

C. Configure a NAP policy for 802.IX wireless connections. 

D. Configure VPN connections to use MS-CHAP u2 authentication. 

Answer: A


70-649 sample question

Renew 70-649 training:

Q161. Your network contains a server named Server1. Server1 has the Volume Activation Management Tool (VAMT) installed. 

You need to activate Windows on a server named Server2 by using VAMT. 

Which firewall rule should you enable on Server2? 

A. COM+ Network Access (DCOM-In) 

B. COM+ Remote Administration (DCOM-In) 

C. Remote Service Management (RPC) 

D. Windows Management Instrumentation (WMI-In) 

Answer: D


Q162. Your network contains two Active Directory forests named contoso.com and fabrikam.com. 

You have a standalone Network Policy Server (NPS) named NPS1. 

You have a VPN server named VPN1. VPN1 is configured as a RADIUS client to NPS1. 

You need to ensure that users from both forests can establish VPN connections by using their own domain accounts. 

What should you do? 

A. On NPS1, configure remediation server groups. 

B. On NPS1, configure connection request policies. 

C. On VPN1, modify the DNS suffix search order. 

D. On VPN1, modify the IKEv2 Client connection controls. 

Answer: B


Q163. Your network contains an Active Directory domain named Contoso.com. Contoso.com contains an enterprise certification authority (CA) named CA1. 

You enable Secure Socket Tunneling Protocol (SSTP) on a server named Server1. 

A user named User1 attempts to establish an SSTP connection to Server1 and receives the following error message: "Error 0x80092013: The revocation function was unable to check revocation because the revocation server was offline." 

You verify that all certificates services are online. 

You need to ensure that User1 can connect to Server1 by using SSTP. 

What should you do first? 

A. Configure User1 for certificate auto enrollment. 

B. Configure a pre-shared key for IPSec on User1’s computer. 

C. Add a certificate to Server1 that contains Server1.contoso.com as a Subject Alternative Name (SAN). 

D. Publish the certificate revocation list distribution point (CDP) to a location that is accessible from the Internet. 

Answer: D


Q164. Your company has a main office and a branch office. 

The network contains an Active Directory domain. 

The main office contains a writable domain controller named Dc1. The branch office contains a read-only domain controller (RODC) named DC2. 

You discover that the password of an administrator named Admin1 is cached on DC2. 

You need to prevent Admin1’s password from being cached on DC2. 

What should you do? 

A. Create a Password Setting object (PSO). 

B. Modify the properties of DC2’s computer account. 

C. Modify the properties of the domain. 

D. Modify the NTDS Site Settings. 

Answer: B


70-649 practice exam

Approved 70-649 answers:

Q165. Your network contains an Active Directory domain named contoso.com. 

You publish a RemoteApp named Appl. The Remote Desktop Connection (.rdp) file for App1 is unsigned. 

When a user named User1 runs App1 from the Remote Desktop Web Access (RD Web Access) website, User1 is prompted for credentials. 

You need to prevent users from being prompted for credentials when they run Appl. 

What should you do? 

A. Enable the Allow Delegating Default Credentials Group Policy setting. 

B. Configure the SSL Settings for the RDWeb virtual directory. 

C. Enable the Assign a default domain for logon Group Policy setting. 

D. Modify the Authentication Settings for the RDWeb virtual directory. 

Answer: A


Q166. You deploy Network Access Protection (NAP) on your network. 

An administrator configures a network policy as shown in the exhibit. (Click the Exhibit button.) 


You discover that noncompliant client computers cannot access the remediation network. 

You need to configure the network policy to ensure that noncompliant client computers can access the remediation network. 

What should you do? 

A. In the Type of network access server list, click HCAP Server. 

B. In the Type of network access server list, click Health Registration Authority. 

C. In Access Permission, select the Ignore user account dial-in properties check box. 

D. In Access Permission, select the Grant access. Grant access if the connection request matches this policy option button. 

Answer: D


Q167. You manage a Web server named Server1 that runs Windows Server 2008 R2. Server1 has the SMTP Server feature installed. You need to verify whether you can connect to Server1 over TCP port 25. Which tool should you use? 

A. Internet Information Services (IIS) Manager 

B. Ftp 

C. Performance Monitor 

D. Windows Firewall 

E. Local Security Policy 

F. Telnet 

G. Iisreset 

H. System Configuration 

I. Services 

J. Component Services 

K. Internet Information Services (IIS) 6.0 Manager 

L. Security Configuration Wizard (SCW) 

Answer: F


Q168. Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. 

Network Access Protection (NAP) is deployed on Server1. Server2 has the Routing and Remote Access service (RRAS) role service installed. 

You need to configure Server2 to use NAP VPN enforcement. 

Which authentication method should you enable on Server2? 

A. Encrypted authentication (CHAP) 

B. Allow machine certificate authentication for IKEv2 

C. Extensible authentication protocol (EAP) 

D. Microsoft encrypted authentication version 2 (MS-CHAP v2) 

Answer: C


Q169. You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server named Server1. 

You need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS. 

Which protocol should you allow on Server1? 

A. SMB 

B. RPC 

C. Kerberos 

D. SSL 

Answer: D