Microsoft 70-649 Real Exam Questions

Exam 70-649 is intended for IT professionals who currently hold an MCSE on Windows Server 2003 certification and work in the complex computing environment of medium to large companies. The MCSE on Windows Server 2003 is a prerequisite for this exam. Without it, your transcript will show that you passed the exam but will not show credit for the resulting certifications.

1: Your company has a network that has an Active Directory domain. The domain has two servers named DC1 and DC2. You plan to collect events from DC2 and transfer them to DC1. You configure the required subscriptions by selecting the Normal option for the Event delivery optimization setting and by using the HTTP protocol. You discover that none of the subscriptions work. You need to ensure that the servers support the event collectors. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.Run the wecutil qc command on DC1.
B.Run the wecutil qc command on DC2.
C.Run the winrm quickconfig command on DC1.
D.Run the winrm quickconfig command on DC2.
E.Add the DC2 account to the Administrators group on DC1.
F.Add the DC1 account to the Administrators group on DC2.
Correct Answers: A D F

2: Your company has Active Directory Certificate Services (AD CS) and Network Access Protection (NAP) deployed on the network. You need to ensure that NAP policies are enforced on portable computers that use a wireless connection to access the network.  What should you do?

A.Configure all access points to use 802.1X authentication.
B.Configure all portable computers to use MS-CHAP v2 authentication.
C.Use the Group Policy Management Console to access the wireless Group Policy settings, and enable the Prevent connections to ad-hoc networks option.
D.Use the Group Policy Management Console to access the wireless Group Policy settings, and disable the Prevent connections to infrastructure networks option.
Correct Answers: A

3: Your company has 10 servers that run Windows Server 2008. The servers have RDP enabled for server administration. RDP is configured to use default security settings. All administrators’ computers run Windows Vista. You need to ensure the RDP connections are as secure as possible. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.Set the security layer for each server to the RDP Security Layer.
B.Configure the firewall on each server to block port 3389.
C.Acquire user certificates from the internal certificate authority.
D.Configure each server to allow connections only to Remote Desktop client computers that use Network Level Authentication.
Correct Answers: C D

4: Your network contains a server that runs Windows Server 2008. The server has the Network Policy Server (NPS) service role installed. You need to allow only members of a global group named Group1 VPN access to the network. What should you do?

A.Add Group1 to the RAS and IAS Servers group.
B.Add Group1 to the Network Configuration Operators group.
C.Create a new network policy and define a group-based condition for Group1. Set the access permission of the policy to Access granted. Set the processing order of the policy to 1.
D.Create a new network policy and define a group-based condition for Group1. Set the access permission of the policy to Access granted. Set the processing order of the policy to 3.
Correct Answers: C

5: Your company has deployed Network Access Protection (NAP). You configure secure wireless access to the network by using 802.1x authentication from any access point. You need to ensure that all client computers that access the network are evaluated by NAP.  What should you do?

A.Configure all access points as RADIUS clients to the Remediation Servers.
B.Configure all access points as RADIUS clients to the Network Policy Server (NPS).
C.Create a Network Policy that defines Remote Access Server as a network connection method.
D.Create a Network Policy that specifies EAP-TLS as the only available authentication method.
Correct Answers: B

6: You have a server that runs Windows Server 2008. You need to prevent the server from establishing communication sessions to other computers by using TCP port 25. What should you do?

A.From Windows Firewall, add an exception.
B.From Windows Firewall, enable the Block all incoming connections option.
C.From the Windows Firewall with Advanced Security snap-in, create an inbound rule.
D.From the Windows Firewall with Advanced Security snap-in, create an outbound rule.
Correct Answers: D

7: You deploy a Windows Server 2008 VPN server behind a firewall. Remote users connect to the VPN by using portable computers that run Windows Vista with the latest service pack.  The firewall is configured to allow only secured Web communications. You need to enable remote users to connect as securely as possible. You must achieve this goal without opening any additional ports on the firewall. What should you do?

A.Create an IPsec tunnel.
B.Create an SSTP VPN connection.
C.Create a PPTP VPN connection.
D.Create an L2TP VPN connection.
Correct Answers: B

8: Your company’s corporate network uses Network Access Protection (NAP). Users are able to connect to the corporate network remotely. You need to ensure that data transmissions between remote client computers and the corporate network are as secure as possible. What should you do?

A.Apply an IPsec NAP policy.
B.Configure a NAP policy for 802.1x wireless connections.
C.Configure VPN connections to use MS-CHAP v2 authentication.
D.Restrict Dynamic Host Configuration Protocol (DHCP) clients by using NAP.
Correct Answers: A

9: Your company has a single Active Directory domain. The domain has servers that run Windows Server 2008. You have a server named NAT1 that functions as a NAT server.  You need to ensure that administrators can access a server named RDP1 by using Remote Desktop Protocol (RDP). What should you do?

A.Configure NAT1 to forward port 389 to RDP1.
B.Configure NAT1 to forward port 1432 to RDP1.
C.Configure NAT1 to forward port 3339 to RDP1.
D.Configure NAT1 to forward port 3389 to RDP1.
Correct Answers: D

10: You perform a security audit of a server named CRM1. You want to build a list of all DNS requests that are initiated by the server. You install the Microsoft Network Monitor 3.0 application on CRM1. You capture all local traffic on CRM1 for 24 hours. You save the capture file as data.cap. You find that the size of the file is more than 1 GB. You need to create a file named DNSdata.cap from the existing capture file that contains only DNS-related data. What should you do?

A.Apply the display filter !DNS and save the displayed frames as a DNSdata.cap file.
B.Apply the capture filter DNS and save the displayed frames as a DNSdata.cap file.
C.Add a new alias named DNS to the aliases table and save the file as DNSdata.cap.
D.Run the nmcap.exe /inputcapture data.cap /capture DNS /file DNSdata.cap command.
Correct Answers: D

Download  |  Password: ciscobibles.com