nerdexam
Exams70-467Questions#60
Microsoft

70-467 · Question #60

70-467 Question #60: Real Exam Question with Answer & Explanation

The correct answer is A: Register a service principal name for the Report Server service.. A (not B): If you are deploying Reporting Services in a network that uses the Kerberos protocol for mutual authentication, you must create a Service Principal Name (SPN) for the Report Server service if you configure it to run as a domain user account. - See step 6 below. To regi

Question

You need to configure security for the SSRS instance on SSRS01 to connect to SSAS and minimize downtime. What should you do? (Each correct answer presents part of the solution. Choose all that apply.)

Options

  • ARegister a service principal name for the Report Server service.
  • BRegister a service principal name for the Analysis Services service.
  • CRestart the IIS service.
  • DConfigure SSRS01 to use the Negotiate authentication type.
  • EConfigure SSRS01 to use the Custom authentication type.

Explanation

A (not B): If you are deploying Reporting Services in a network that uses the Kerberos protocol for mutual authentication, you must create a Service Principal Name (SPN) for the Report Server service if you configure it to run as a domain user account. - See step 6 below. To register an SPN for a Report Server service running as a domain user - Install Reporting Services and configure the Report Server service to run as a domain user account. Note that users will not be able to connect to the report server until you complete the following steps. - Log on to the domain controller as domain administrator. - Open a Command Prompt window. - Copy the following command, replacing placeholder values with actual values that are valid for your network: - Setspn-a http/<computer-name>.<domain-name>:<port> <domain-user- - Run the command. - Open the RsReportServer.config file and locate the <AuthenticationTypes> section. Add <RSWindowsNegotiate/> as the first entry in this section to enable NTLM. - RSWindowsNegotiate. If you initially set the Windows service account for the report server to NetworkService or LocalSystem in Reporting Services Configuration Manager, RSWindowsNegotiate is added to the RSReportServer.config file as the default setting. With this setting, the report server can accept requests from client applications requesting Kerberos or NTLM authentication. If Kerberos is requested and the authentication fails, the report server switches to NTLM authentication and prompts the user for credentials unless the network is configured to manage authentication transparently. Using RSWindowsNegotiate is your best option because it provides the greatest flexibility for multiple clients in an intranet environment. Not C: IIS is not mention in this scenario. - From scenario: - A single-server deployment of SQL Server 2008 R2 Reporting Services (SSRS) in native mode is installed on a server named SSRS01. The Reporting Server service is configured to use a domain service account.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 70-467 Practice