Where To Get The 100% Valid 70-640 exam dumps? Come to PassLeader! Here you can get the latest version 70-640 PDF dumps or VCE dumps, we guarantee our 651q 70-640 exam questions are the latest and you will get all the new questions and answers, which are not available on other wesites now! Now try our best 70-640 exam dumps with VCE and you will acquire your 70-640 certification exam immediately.
keywords: 70-640 exam,651q 70-640 exam dumps,651q 70-640 exam questions,70-640 pdf dumps,70-640 practice test,70-640 vce dumps,70-640 study guide,70-640 braindumps,TS: Windows Server 2008 Active Directory, Configuring Exam
QUESTION 281
Your network contains a single Active Directory domain that has two sites named Site1 and Site2. Site1 has two domain controllers named DC1 and DC2. Site2 has two domain controllers named DC3 and DC4. DC3 fails. You discover that replication no longer occurs between the sites. You verify the connectivity between DC4 and the domain controllers in Site1. On DC4, you run repadmin.exe /kcc. Replication between the sites continues to fail. You need to ensure that Active Directory data replicates between the sites. What should you do?
A. From Active Directory Sites and Services, configure the NTDS Site Settings of Site2.
B. From Active Directory Sites and Services, configure DC3 so it is not a preferred bridgehead server.
C. From Active Directory Users and Computers, configure the NTDS settings of DC4.
D. From Active Directory Users and Computers, configure the location settings of DC4.
Answer: B
QUESTION 282
Your network contains an Active Directory domain named contoso.com. All domain controllers were upgraded from Windows Server 2003 to Windows Server 2008 R2 Service Pack 1 (SP1). The functional level of the domain is Windows Server 2003. You need to configure SYSVOL to use DFS Replication. Which tools should you use? (Each correct answer presents part of the solution. Choose two.)
A. Dfsrmig
B. Frsdiag
C. Ntdsutil
D. Set-ADForest
E. Repadmin
F. Set-ADDomainMode
G. DFS Management
Answer: AF
QUESTION 283
You manage an Active Directory forest named contoso.com. The forest contains an empty root domain named contoso.com and a child domain named child.contoso.com. All domain controllers run Windows Server 2008. The functional level of the forest is Windows Server 2008. You need to raise the functional level of the forest to Windows Server 2008 R2. You must achieve this goal by using the minimum amount of administrative effort. What should you do? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 284
Your network contains an Active Directory forest. The forest contains one domain named contoso.com. You attempt to run adprep /domainprep and the operation fails. You discover that the first domain controller deployed to the forest failed. You need to run adprep /domainprep successfully. What should you do?
A. Move the domain naming master role.
B. Install a read-only domain controller (RODC).
C. Move the PDC emulator role.
D. Move the RID master role.
E. Move the infrastructure master role.
F. Deploy an additional global catalog server.
G. Move the bridgehead server.
H. Move the schema master role.
I. Restart the Active Directory Domain Services (AD DS) service.
J. Move the global catalog server.
Answer: E
QUESTION 285
Your network contains an Active Directory forest. The forest contains one domain named contoso.com. You discover the following event in the Event log of client computers: “The time provider NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in %1 minutes.” You need to ensure that the client computers can synchronize their clocks properly. What should you do?
A. Move the domain naming master role.
B. Restart Active Directory Domain Services (AD DS) service.
C. Move the PDC emulator role.
D. Move the infrastructure master role.
E. Move the global catalog server.
F. Move the RID master role.
G. Move the bridgehead server.
H. Move the schema master role.
I. Deploy an additional global catalog server.
J. Install a read-only domain controller (RODC).
Answer: C
QUESTION 286
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. The DNS zone for contoso.com is Active Directory-integrated. You deploy a read-only domain controller (RODC) named RODC1. You install the DNS Server server role on RODC1. You discover that RODC1 does not have any application directory partitions. You need to ensure that RODC1 has a copy of the DNS application directory partition of contoso.com. What should you do?
A. From DNS Manager, create secondary zones.
B. Run Dnscmd.exe, and specify the /enlistdirectorypartition parameter.
C. From DNS Manager, right-click RODC1 and click Update Server Data Files.
D. Run Dnscmd.exe and specify the /createbuiltindirectorypartitions parameter.
Answer: B
QUESTION 287
Your network contains an Active Directory forest named contoso.com. You need to identify whether a fine-grained password policy is applied to a specific group. Which tool should you use?
A. Credential Manager
B. Group Policy Management Editor
C. Active Directory Users and Computers
D. Active Directory Sites and Services
Answer: C
QUESTION 288
Your network contains an Active Directory domain named contoso.com. You need to create one password policy for administrators and another password policy for all other users. Which tool should you use?
A. Group Policy Management Editor
B. Group Policy Management Console (GPMC)
C. Authorization Manager
D. Ldifde
Answer: D
QUESTION 289
Your network contains two Active Directory forests named contoso.com and fabrikam.com. Each forest contains one domain. A two-way forest trust exists between the forests. You plan to add users from fabrikam.com to groups in contoso.com. You need to identify which group you must use to assign users in fabrikam.com access to the shared folders in contoso.com. To which group should you add the users?
A. Group 1: Security Group – Domain Local.
B. Group 2: Distribution Group – Domain Local.
C. Group 3: Security Group – Global.
D. Group 4: Distribution Group – Global.
E. Group 5: Security Group – Universal.
F. Group 6: Distribution Group – Univeral.
Answer: E
QUESTION 290
Your network contains an Active Directory domain. The domain contains 5,000 user accounts. You need to disable all of the user accounts that have a description of Temp. You must achieve this goal by using the minimum amount of administrative effort. Which tools should you use? (Each correct answer presents part of the solution. Choose two.)
A. Find
B. Dsget
C. Dsmod
D. Dsadd
E. Net accounts
F. Dsquery
Answer: CF
http://www.passleader.com/70-640.html
QUESTION 291
Your network contains an Active Directory domain. The domain contains two ?le servers. The ?le servers are con?gured as shown in the following table.
You create a Group Policy object (GPO) named GPO1 and you link GPO1 to OU1. You con?gure the advanced audit policy. You discover that the settings are not applied to Server1. The settings are applied to Server2. You need to ensure that access to the ?le shares on Server1 is audited. What should you do?
A. From Active Directory Users and Computers, modify the permissions of the computer account for Server1.
B. From GPO1, configure the Security Options.
C. From Active Directory Users and Computers, add Server1 to the Event Log Readers group.
D. On Server1, run seceditexe and specify the /configure parameter.
E. On Server1, run auditpol.exe and specify the /set parameter.
Answer: E
QUESTION 292
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named Sales and an OU named Engineering. Each OU contains over 200 user accounts. The Sales OU and the Engineering OU contain several user accounts that are members of a universal group named Group1. You have a Group Policy object (GPO) linked to the domain. You need to prevent the GPO from being applied to the members of Group1 only. What should you do?
A. Modify the Group Policy permissions.
B. Configure Restricted Groups.
C. Configure WMI filtering.
D. Configure the link order.
E. Enable loopback processing in merge mode.
F. Link the GPO to the Sales OU.
G. Configure Group Policy Preferences.
H. Link the GPO to the Engineering OU.
I. Enable block inheritance.
J. Enable loopback processing in replace mode.
Answer: A
QUESTION 293
Your network contains an Active Directory domain. You have two Group Policy objects (GPOS) named GPO1 and GPO2. GPO1 and GPO2 are linked to the Finance organizational unit (OU) and contain multiple settings. You discover that GPO2 has a setting that con?icts with a setting in GPO1. When the policies are applied, the setting in GPO2 takes effect. You need to ensure that the settings in GPO1 supersede the settings in GPO2. The solution must ensure that all non-con?icting settings in both GPOs are applied. What should you do?
A. Configure the link order.
B. Configure Restricted Groups.
C. Enable block inheritance.
D. Link the GPO to the Finance OU.
E. Enable Ioopback processing in merge mode.
F. Enable Ioopback processing in replace mode.
G. Link the GPO to the Human Resources OU.
H. Configure Group Policy Preferences.
I. Configure WMI filtering.
J. Modify the Group Policy permissions.
Answer: A
QUESTION 294
You have a domain controller named DC1 that runs Windows Server 2008 R2. DC1 is con?gured as a DNS server for contoso.com. You install the DNS server server role on a member server named server1 and then you create a standard secondary zone for contoso.com. You con?gure DC1 as the master server for the zone. You need to ensure that Server1 receives zone updates from DC1. What should you do
A. On DC1, modify the permissions of contoso.com zone.
B. On Server1, add a conditional forwarder.
C. Add the Server1 computer account to the DNsUpdateProxy group.
D. On DC1, modify the zone transfer settings for the contoso.com zone.
Answer: D
QUESTION 295
A corporate network includes an Active Directory-integrated zone. AIl DNS servers that host the zone are domain controllers. You add multiple DNS records to the zone. You need to ensure that the new records are available on all DNS servers as soon as possible. Which tool should you use?
A. Active Directory Sites And Services console
B. Ntdsutil
C. Dnslint
D. Nslookup
Answer: A
QUESTION 296
Your network contains an Active Directory domain named contoso.com. Contoso.com contains two domain controllers named DC1 and DC2. DC1 and DC2 are con?gured as DNS servers and host the Active Directory-integrated zone for contoso.com. From DNS Manager on DC1, you enable scavenging for the contoso.com zone. You discover stale DNS records in the zone. You need to ensure that the stale DNS records are deleted from contoso.com. What should you do?
A. From DNS Manager, enable scavenging on DC1.
B. From DNS Manager, reload the zone.
C. Run dnscmd.exe and specify the ageallrecords parameter.
D. Run dnscmd.exe and specify the startscavenging parameter.
Answer: D
QUESTION 297
Your network contains an Active Directory forest. The forest contains one domain named contoso.com. You discover the following event in the Event log of domain controllers:
” The request for a new account-identi?er pool failed. The operation will be retried until the request succeeds. The error is ” %1 “”
You need to ensure that the domain controllers can acquire new account-identi?er pools successfully. What should you do?
A. Move the domain naming master role.
B. Move the global catalog server.
C. Restart the Active Directory Domain Services (AD DS) service.
D. Deploy an additional global catalog server.
E. Move the infrastructure master role.
F. Move the PDC emulator role.
G. Install a read-only domain controller (RODC).
H. Move the RID master role.
I. Move the bridgehead server.
J. Move the schema master role.
Answer: H
QUESTION 298
Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2008 R2 Enterprise. All client computers run Windows 7 Professional. The network contains an enterprise certi?cation authority (CA). You enable key archival on the CA. The CA is con?gured to use custom certi?cate templates for Encrypted File System (EFS) certi?cates. All users plan to encrypt files by using EFS. You need to ensure that the private keys for all new EFS certi?cates are archived. Which snap-in should you use?
A. Share and Storage Management
B. Security Configuration wizard
C. Enterprise PKI
D. Active Directory Administrative Center
E. Certification Authority
F. Group Policy Management
G. Certificate Templates
H. Authorization Manager
I. Certificates
Answer: E
QUESTION 299
Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2008 R2 Enterprise. All client computers run Windows 7 Professional. The network contains an enterprise certification authority (CA). You have a custom certi?cate template named Sales_Temp. Sales_Temp is published to the CA. You need to ensure that all of the members of a group named Sales can enroll for certi?cates that use Sales_Temp. Which snap-in should you use?
A. Enterprise PKI
B. Certification Authority
C. Share and storage Management
D. Certificate Templates
E. Security Configuration Wizard
F. Authorization Manager
G. Group Policy Management
H. Certificates
I. Active Directory Administrative Center
Answer: D
QUESTION 300
Your network contains an Active Directory forest named adatum.com. All domain controllers currently run Windows Server 2003 Service Pack 2 (SP2). The functional level of the forest and the domain is Windows Server 2003. You need to deploy a read-only domain controller (RODC) that runs Windows Server 2008 R2. What should you do first?
A. Deploy a writable domain controller that runs Windows Server 2008 R2.
B. Raise the functional level of the forest to Windows Server 2008.
C. Run adprep.exe.
D. Raise the functional level of the domain to Windows Server 2003.
Answer: C
http://www.passleader.com/70-640.html