Your network contains a Web server that runs Windows Server 2008 R2. You create an IIS Manager user account for a user named User1. When you attempt to delegate permissions for the Default Web Site to User1, you receive the following dialog box.
A. Feature Delegation
B. IIS Manager Permissions
C. IIS Manager Users
D. Management Service
Your network contains a Web server that runs Windows Server 2008 R2. You need to generate a report for each Active Server Page (ASP) that takes more than two seconds to process. What should you use?
A. Reports in Performance Monitor
B. Data Collector Sets (DCSs) in Performance Monitor
C. Logging in Internet Information Services (IIS) Manager
D. Failed Request Tracing Rules in Internet Information Services (IIS) Manager
Your network contains a Web server that runs Windows Server 2008 R2. You need to back up all Web site content. Which tool should you use?
B. Internet Information Services (IIS) Manager
C. Internet Information Services (IIS) 6.0 Manager
Backups are usally done with Windows Server Backup;
Wbadmin is the command-line counterpart to Windows Server Backup. You use Wbadmin to manage all aspects of backup configuration that you would otherwise manage in Windows Server Backup. This means that you can typically use either tool to manage backup and recovery.
Source: http://technet.microsoft.com/en-us/magazine/dd767786.aspx To not only backup the website content but also the IIS configuration backup the systemstate:
The -systemState parameter:
For Windows7 and Windows Server 2008 R2, creates a backup that includes the system state in addition to any other items that you specified with the -include parameter. The system state contains boot files (Boot.ini,
NDTLDR, NTDetect.com), the Windows Registry including COM settings, the SYSVOL (Group Policies and Logon Scripts), the Active Directory and NTDS.DIT on Domain Controllers and, if the certificates service is installed, the Certificate Store. If your server has the Web server role installed, the IIS Metadirectory will be included. If the server is part of a cluster, Cluster Service information will also be included.
Source: http://technet.microsoft.com/en-us/library/cc742083(WS.10).aspx Appcmd
The backup feature of Appcmd only backups the configuration of the IIS server, not the websites:
After you install IIS 7.0, you can backup your configuration by using the built-in command- line tool, AppCmd. exe. You can run AppCmd.exe to create a backup of your Web server before you have changed any configuration.
Files configuration IIS server: Administration.config ApplicationHost.config Redirection.config MBSchema.xml MetaBase.xml
To create a backup using AppCmd.exe
1. Open a command prompt as administrator and change to the %windir%\system32\inetsrv\ directory.
2. At the command prompt, type appcmd add backup "FirstBackup" and then press Enter.
3. This creates a backup with the name "FirstBackup". At a later date, if you need to restore the backup, use appcmd restore backup "FirstBackup"
You install all of the Web Server (IIS) role services on a server named Server1. You configure the Default Web Site to assign the IIS Manager Permissions for the site to a user named User1. From a different computer, User1 attempts to connect to the Default Web Site on Server1 by using Internet Information Services (IIS) Manager and receives the following error message.
A. From the Internet Information Services (IIS) Manager console, configure the Feature Delegation feature.
B. From the Internet Information Services (IIS) Manager console, configure the Management Service feature.
C. From the Services console, modify the properties of the Web Management Service service.
D. From the Services console, modify the properties of the Windows Remote Management (WS- Management)
Your network contains two Web servers named Server1 and Server2. Server1 has a Web site named Site1. Site 1 is configured to use SSL. You need to import the SSL certificate from Server1 to Server2. The solution must ensure that the private key is also imported. Which format should you use to export the certificate?
A. Base-64 encoded X.509 (.cer)
B. Cryptographic Message Syntax Standard PKCS #7 (.p7b)
C. DER encoded binary X.509 (.cer)
D. Personal Information Exchange PKCS #12 (.pfx)
To export a certificate with the private key
1. Open the Certificates snap-in for a user, computer, or service.
2. In the console tree under the logical store that contains the certificate to export, click Certificates.
3. In the details pane, click the certificate that you want to export.
4. On the Action menu, point to All Tasks, and then click Export.
5. In the Certificate Export Wizard, click Yes, export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)
6. Under Export File Format, do any of the following, and then click Next.
– To include all certificates in the certification path, select the Include all certificates in the certification path if possible check box.
– To delete the private key if the export is successful, select the Delete the private key if the export is successful check box.
– To export the certificate’s extended properties, select the Export all extended properties check box.
7. In Password, type a password to encrypt the private key you are exporting. In Confirm password, type the same password again, and then click Next.
8. In File name, type a file name and path for the PKCS #12 file that will store the exported certificate and private key. Click Next, and then click Finish.
Your network contains a Web server named Web1 that runs Windows Server 2008 R2. You import an SSL certificate to Web1. You need to enable SSL encryption for the Web site.
A. Add a new binding to the Web site.
B. Modify the Server Certificates settings.
C. Configure the handler mappings for the Web site.
D. Configure the Machine Key feature for the Web site.
Your network contains a Web server named Web1 that runs Windows Server 2008 R2. Web1 has a wildcard certificate installed. Web1 has two Web sites as shown.
You discover that when you go to the URL https://site1.contoso.com in Internet Explorer, you connect to Site2. You need to ensure that when users go to https://site1.contso.com in Internet Explorer, they connect to Site1. The solution must ensure that all connections to Site1 are secure. Which two settings should you modify? (Each correct answer presents part of the solution. Choose two.)
A. the bindings for Site1
B. the bindings for Site2
C. the HTTP Redirect settings for Site1
D. the HTTP Redirect settings for Site2
Your network contains a Web server that runs Windows Server 2008 R2. The server has two Web sites named Site1 and Site2. Site1 is accessed by using the name site1.contoso.com. Site2 is accessed by using the name site2.contoso.com. You plan to configure both Web sites to use SSL encryption. You need to ensure that users can access Site1 by using the URL https://site1.contoso.com and Site2 by using the URL https://site2.contoso.com.
What should you configure for each Web site?
A. a different application pool
B. a different host header site binding
C. a different IP address site binding
D. a different port site binding
Your network contains a Web server. You need to ensure that users can only access files that have the .htm, .html, .asp, and .aspx file extensions. What should you do?
A. Add an authorization rule.
B. Modify the handler mappings.
C. Update the default documents list.
D. Configure the request filtering settings.
Your network contains a Web server that runs Windows Server 2008 R2. The Web server has the Client Certificate Mapping Authentication role service installed. You create a Web site that requires client certificates for authentication. You need to enable client certificate mapping for the Web site.
Which tool should you use?
C. the Authorization Manager snap-in
D. the Certificates snap-in
Client Certificate Mapping Authentication
Client Certificate Mapping Authentication enables clients to authenticate with the Web server by presenting client certificates over Secure Socket Layer (SSL) connections. Note Certificate-based authentication enables clients to use client certificates to authenticate with the Web server. It is not required to enable secure communication between the client and the server. The Client Certificate Mapping Authentication uses the Directory Services Mapper (DS Mapper) service in Active Directory to map client certificates provided by the user to domain accounts. IIS also provides a custom certificate mapping feature, the IIS Client Certificate Mapping Authentication, which allows for more flexible mapping of client certificates to Windows accounts. See the section titled "IIS Client Certificate Mapping Authentication" later in this chapter for more information. Note Client Certificate Mapping Authentication is not part of the default IIS install and is not enabled by default.
You can manually install it from the Security feature category through Turn Windows Features On And Off on Windows Vista. You can also install it via the Security role service category of the Web Server (IIS) role in Server Manager on Windows Server 2008. See Chapter 12 for more information about installing and enabling modules. After the module is installed, you have to explicitly enable Client Certificate Mapping Authentication for it to be available. To use Client Certificate Mapping Authentication, you need to meet the following requirements:
The Web server must be a member of a Windows domain.
You must issue client certificates to your users by using a Certificate Authority (CA) trusted by the Web server.
You must map each client certificate to a valid domain account in Active Directory. Note You do not need to use Client Certificate Mapping Authentication to require clients to present client certificates. You can configure the server to always require client certificates to access the server, but use another authentication scheme to authenticate the client. To do this, see the section titled "Client Certificates" later in this chapter.
To enable Client Certificate Mapping Authentication on the Web server, you need to perform the following steps (after installing the Certificate Mapping Authentication module).
1. Enable Client Certificate Mapping Authentication. You can do this in IIS Manager by clicking the server node, double-clicking Authentication, selecting Active Directory Client Certificate Authentication, and clicking Enable in the Actions pane. Note that this can only be done at the server level when using IIS Manager, although you can enable Client Certificate Mapping Authentication for a specific URL through configuration.
2. Configure SSL on each Web site using this authentication method. Certificate authentication is possible only if the Web site is being accessed over an SSL connection and therefore requires an SSL binding to be configured for the Web site. See the section titled "Configuring SSL" later in this chapter for more details.
3. Enable DS Mapper for each Web site SSL binding. IIS Manager does this automatically for each Web site when the Client Certificate Mapping Authentication is enabled and you add an SSL binding for the Web site.
To do this manually, use the Netsh.exe command with the following syntax: netsh http add sslcert IP Address:Port dsmapperusage=enable, where IP Address and Port are the IP address and port of the corresponding binding.
4. Configure each Web site using this authentication method to accept client certificates (and possibly require them). This ensures that the server accepts client certificates when provided by the client and can also configure the server to require the client to present a certificate to proceed with the request. See the section titled "Client Certificates" later in this chapter for more details. You can also enable Client Certificate Mapping Authentication by editing the system.webServer/security/authentication/clientCertificateMappingAuthentication configuration section directly or by using Appcmd or other configuration APIs. You can enable this authentication method by using the following Appcmd syntax.
%systemroot%\system32\inetsrv\Appcmd set config /section: system.webServer/ security/authentication/clientCertificateMappingAuthentication /enabled: true The enabled attribute specifies whether or not the Client Certificate Mapping Authentication is enabled. You can enable this method for a specific URL. However, do note that the decision to use the Directory Services Mapper to map certificates to Windows domain accounts is dependent on each Web site binding having been configured to use the HTTP.sys DS Mapper setting.
If you want to pass Microsoft 70-643 successfully, donot missing to read latest lead2pass Microsoft 70-643 exam questions.
If you can master all lead2pass questions you will able to pass 100% guaranteed.
Why Choose Lead2pass?
If you want to pass the exam successfully in first attempt you have to choose the best IT study material provider, in my opinion, Lead2pass is one of the best way to prepare for the exam.
|One Time Purchase||✔||✖||✖||✖||✖|
|100% Pass Guarantee||✔||✖||✖||✖||✖|
|100% Money Back||✔||✖||✖||✖||✖|