IT certification study guide

ExamPDF




Exam : 70-649

Title : Upgrading MCSE on

Wndws Serv 2003 to

Wndws Serv 2008


Version : Demo











http://www.exampdf.com/
IT certification training material, The fastest way to pass the exam.

---

The safer , easier way to help you pass any IT exams.
1. Your company has a main office and 15 branch offices. The company has a single Active Directory
domain. All servers run Windows Server 2008.You need to ensure that the VPN connections between the
main office and the branch offices meet the following requirements:
All data must be encrypted by using end-to-end encryption.
The VPN connection must use computer-level authentication.
User names and passwords cannot be used for authentication.
What should you do?
A. Configure an IPsec connection to use tunnel mode and preshared key authentication.
B. Configure a PPTP connection to use version 2 of the MS-CHAP v2 authentication.
C. Configure a L2TP/IPsec connection to use the EAP-TLS authentication.
D. Configure a L2TP/IPsec connection to use version 2 of the MS-CHAP v2 authentication.
Answer: C
2. Your company has Active Directory Certificate Services (AD CS) and Network Access Protection (NAP)
deployed on the network. You need to ensure that NAP policies are enforced on portable computers that
use a wireless connection to access the network. What should you do?
A. Configure all access points to use 802.1X authentication.
B. Configure all portable computers to use MS-CHAP v2 authentication.
C. Use the Group Policy Management Console to access the wireless Group Policy settings, and enable
the Prevent connections to ad-hoc networks option.
D. Use the Group Policy Management Console to access the wireless Group Policy settings, and disable
the Prevent connections to infrastructure networks option.
Answer: A
3. Your company has 10 servers that run Windows Server 2008. The servers have RDP enabled for
server administration. RDP is configured to use default security settings. All administrators' computers run
Windows Vista. You need to ensure the RDP connections are as secure as possible. Which two actions
should you perform? (Each correct
Answer presents part of the solution. Choose two.)
A. Set the security layer for each server to the RDP Security Layer.
B. Configure the firewall on each server to block port 3389.
2 / 8

---

The safer , easier way to help you pass any IT exams.
C. Acquire user certificates from the internal certificate authority.
D. Configure each server to allow connections only to Remote Desktop client computers that use Network
Level Authentication.
Answer: CD
4. Your network contains a server that runs Windows Server 2008. The server has the Network Policy
Server (NPS) service role installed. You need to allow only members of a global group named Group1
VPN access to the network. What should you do?
A. Add Group1 to the RAS and IAS Servers group.
B. Add Group1 to the Network Configuration Operators group.
C. Create a new network policy and define a group-based condition for Group1. Set the access
permission of the policy to Access granted. Set the processing order of the policy to 1.
D. Create a new network policy and define a group-based condition for Group1. Set the access
permission of the policy to Access granted. Set the processing order of the policy to 3.
Answer: C
5. Your company has deployed Network Access Protection (NAP). You configure secure wireless access
to the network by using 802.1x authentication from any access point. You need to ensure that all client
computers that access the network are evaluated by NAP. What should you do?
A. Configure all access points as RADIUS clients to the Remediation Servers.
B. Configure all access points as RADIUS clients to the Network Policy Server (NPS).
C. Create a Network Policy that defines Remote Access Server as a network connection method.
D. Create a Network Policy that specifies EAP-TLS as the only available authentication method.
Answer: B
6. You have a server that runs Windows Server 2008. You need to prevent the server from establishing
communication sessions to other computers by using TCP port 25. What should you do?
A. From Windows Firewall, add an exception.
B. From Windows Firewall, enable the Block all incoming connections option.
C. From the Windows Firewall with Advanced Security snap-in, create an inbound rule.
D. From the Windows Firewall with Advanced Security snap-in, create an outbound rule.
Answer: D
3 / 8

---

The safer , easier way to help you pass any IT exams.
7. Your company has a single Active Directory domain and an enterprise root certificate authority. The
company plans touse Network Access Protection (NAP) to protect the VPN connections. You build two
servers named NPS1 and VPN1. You configure the following functions on the two servers as shown in
thefollowing table.
You need to ensure that the system health policy is applied to all client computers that attempt VPN
connections. What should you do?
A. Reconfigure NPS1 as a RADIUS client.
B. Reconfigure VPN1 as a RADIUS client.
C. Add the NAP role to a domain controller.
D. Add the NAP role to an Enterprise Certificate server.
Answer: B
8. You deploy a Windows Server 2008 VPN server behind a firewall. Remote users connect to the VPN
by using portable computers that run Windows Vista with the latest service pack. The firewall is
configured to allow only secured Web communications. You need to enable remote users to connect as
securely as possible. You must achieve this goal without opening any additional ports on the firewall.
What should you do?
A. Create an IPsec tunnel.
B. Create an SSTP VPN connection.
C. Create a PPTP VPN connection.
D. Create an L2TP VPN connection.
Answer: B
9. Your company's corporate network uses Network Access Protection (NAP). Users are able to connect
to the corporate network remotely. You need to ensure that data transmissions between remote client
computers and the corporate network are as secure as possible. What should you do?
A. Apply an IPsec NAP policy.
B. Configure a NAP policy for 802.1x wireless connections.
4 / 8

---

The safer , easier way to help you pass any IT exams.
C. Configure VPN connections to use MS-CHAP v2 authentication.
D. Restrict Dynamic Host Configuration Protocol (DHCP) clients by using NAP.
Answer: A
10. Your company has a single Active Directory domain. The domain has servers that run Windows
Server 2008. You have a server named NAT1 that functions as a NAT server. You need to ensure that
administrators can access a server named RDP1 by using Remote Desktop Protocol (RDP). What should
you do?
A. Configure NAT1 to forward port 389 to RDP1.
B. Configure NAT1 to forward port 1432 to RDP1.
C. Configure NAT1 to forward port 3339 to RDP1.
D. Configure NAT1 to forward port 3389 to RDP1.
Answer: D
11. You perform a security audit of a server named CRM1. You want to build a list of all DNS requests
that are initiated by the server. You install the Microsoft Network Monitor 3.0 application on CRM1. You
capture all local traffic on CRM1 for 24 hours. You save the capture file as data.cap. You find that the size
of the file is more than 1 GB. You need to create a file named DNSdata.cap from the existing capture file
that contains only DNS-related data. What should you do?
A. Apply the display filter !DNS and save the displayed frames as a DNSdata.cap file.
B. Apply the capture filter DNS and save the displayed frames as a DNSdata.cap file.
C. Add a new alias named DNS to the aliases table and save the file as DNSdata.cap.
D. Run the nmcap.exe /inputcapture data.cap /capture DNS /file DNSdata.cap command.
Answer: D
12. Your company has a network that has an Active Directory domain. The domain has two servers
named DC1 and DC2. You plan to collect events from DC2 and transfer them to DC1. You configure the
required subscriptions by selecting the Normal option for the Event delivery optimization setting and by
using the HTTP protocol. You discover that none of the subscriptions work. You need to ensure that the
servers support the event collectors. Which three actions should you perform? (Each correct
Answer presents part of the solution. Choose three.)
A. Run the wecutil qc command on DC1.
B. Run the wecutil qc command on DC2.
C. Run the winrm quickconfig command on DC1.
5 / 8

---

The safer , easier way to help you pass any IT exams.
D. Run the winrm quickconfig command on DC2.
E. Add the DC2 account to the Administrators group on DC1.
F. Add the DC1 account to the Administrators group on DC2.
Answer: ADF
13. Your company has a network that has 100 servers. You install a new server that runs Windows Server
2008. The server has the Web Server (IIS) role installed. You discover that the Reliability Monitor has no
data, and that the Systems Stability chart has never been updated. You need to configure the server to
collect the Reliability Monitor data. What should you do?
A. Run the perfmon.exe /sys command on the server.
B. Configure the Task Scheduler service to start automatically.
C. Configure the Remote Registry service to start automatically.
D. Configure the Secondary Logon service to start automatically.
Answer: B
14. Your company has an Active Directory domain that has two domain controllers named DC1 and DC2.
You prepare both servers to support event subscriptions. On DC1, you create a new default subscription
for DC2. You need to review system events for DC2. Which event log should you select?
A. system log on DC1
B. application log on DC2
C. Forwarded Events log on DC1
D. Forwarded Events log on DC2
Answer: C
15. Your company has a network that has 100 servers. A server named Server1 is configured as a file
server. Server1 is connected to a SAN and has 15 logical drives. You want to automatically run a data
archiving script if the free space on any of the logical drives is below 30 percent. You need to automate
the script execution. You create a new Data Collector Set. What should you do next?
A. Add the Event trace data collector.
B. Add the Performance counter alert.
C. Add the Performance counter data collector.
6 / 8

---

The safer , easier way to help you pass any IT exams.
D. Add the System configuration data collector.
Answer: B
16. Your network consists of a single Active Directory domain. All servers run Windows Server 2008. You
have a server named Server1 that hosts shared documents. Users report extremely slow response times
when they try to open theshared documents on Server1. You log on to Server1 and observe real-time
data indicating that the processor is operating at 100 percent of capacity. You need to gather additional
data to diagnose the cause of the problem. What should you do?
A. In the Performance console, create a counter log to track processor usage.
B. In Event Viewer, open and review the application log for Performance events.
C. In Windows Reliability and Performance Monitor, use the Resource View to see the percentage of
processor capacityused by each application.
D. In Windows Reliability and Performance Monitor, create an alert that will be triggered when processor
usage exceeds80 percent for more than five minutes on Server1.
Answer: C
17. You have two servers that run Windows Server 2008 named Server1 and Server2. You install WSUS
on both servers. You need to configure WSUS on Server1 to receive updates from Server2. What should
you do on Server1?
A. Configure a proxy server.
B. Configure an upstream server.
C. Create a new replica group.
D. Create a new computer group.
Answer: B
18. Your company has a server named DC1 that runs Windows Server 2008. DC1 has the DHCP Server
role installed.You find that a desktop computer named SALES4 is unable to obtain an IP configuration
from the DHCP server. You install the Microsoft Network Monitor 3.0 application on DC1. You enable
P-mode in the Network Monitorapplication configuration. You plan to capture only the DHCP
server-related traffic between DC1 and SALES4.The network interface configuration for the two
computers is shown in the following table.
You need to build a filter in the Network Monitor application to capture the DHCP traffic between DC1 and
SALES4. Which filter should you use?
7 / 8

---

The safer , easier way to help you pass any IT exams.
A. IPv4.Address == 169.254.15.84 && DHCP
B. IPv4.Address == 192.168.2.1 && DHCP
C. Ethernet.Address == 0x000A5E1C7F67 && DHCP D. Ethernet.Address == 0x001731D55EFF &&
DHCP
Answer: D
19. You install WSUS on a server that runs Windows Server 2008. You need to ensure that the traffic
between the WSUS administrative Web site and the server administrators computer is encrypted. What
should you do?
A. Configure SSL encryption on the WSUS server Web site.
B. Run the netdom trust /SecurePasswordPrompt command on the WSUS server.
C. Configure the NTFS permissions on the content directory to Deny Full Control permission to the
Everyone group.
D. Configure the WSUS server to require Integrated Windows Authentication (IWA) when users connect
to the WSUS server.
Answer: A
20. You have 10 standalone servers that run Windows Server 2008. You install WSUS on a server named
Server1. You need to configure all of the servers to receive updates from Server1. What should you do?
A. Configure the Windows Update settings on each server by using the Control Panel.
B. Run the wuauclt.exe /detectnow command on each server.
C. Run the wuauclt.exe /reauthorization command on each server.
D. Configure the Windows Update settings on each server by using a local group policy.
Answer: D
8 / 8

---

This document was created with Win2PDF available at http://www.win2pdf.com.
The unregistered version of Win2PDF is for evaluation or non-commercial use only.
This page will not be added after purchasing Win2PDF.

---