Being worried about passing your 70-640 exam? Why not trying PassLeader’s 70-640 VCE or PDF dumps? We PassLeader now are offering the accurate 651q 70-640 exam questions and answers, you can get all the real exam questions from our 70-640 exam dumps. All our 651q 70-640 practice tests are the newest and same with the real test. We ensure that you can pass 70-640 exam easily with our premium 70-640 study guide! Now visit passleader.com to get the valid 70-640 braindumps with free version VCE Player!
keywords: 70-640 exam,651q 70-640 exam dumps,651q 70-640 exam questions,70-640 pdf dumps,70-640 practice test,70-640 vce dumps,70-640 study guide,70-640 braindumps,TS: Windows Server 2008 Active Directory, Configuring Exam
QUESTION 181
Your network contains two Active Directory forests named contoso.com and fabrikam.com. Each forest contains a single domain. A two-way forest trust exists between the forests. Selective authentication is enabled on the trust. Contoso.com contains a group named Group 1. Fabrikam.com contains a server named Server1. You need to ensure that users in Group1 can access resources on Server1. What should you modify?
A. the permissions of the Group1 group
B. the UPN suffixes of the contoso.com forest
C. the UPN suffixes of the fabrikam.com forest
D. the permissions of the Server1 computer account
Answer: A
QUESTION 182
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named Sales and an OU named Engineering. Users in the Sates OU frequently log on to client computers in the Engineering OU. You need to meet the following requirements:
– All of the user settings in the Group Policy objects (GPOs) linked to both the Sales OU and the Engineering OU must be applied to sales users when they log on to client computers in the Engineering OU.
– Only the policy settings in the GPOs linked to the Sales OU must be applied to sales users when they log on to client computers in the Sales OU.
– Policy settings in the GPOs linked to the Sales OU must not be applied to users in the Engineering OU.
What should you do?
A. Modify the Group Policy permissions.
B. Enable block inheritance.
C. Configure the link order.
D. Enable loopback processing in merge mode.
E. Enable loopback processing in replace mode.
F. Configure WMI filtering.
G. Configure Restricted Groups.
H. Configure Group Policy Preferences.
I. Link the GPO to the Sales OU.
J. Link the GPO to the Engineering OU.
Answer: D
QUESTION 183
You have an Active Directory domain named contoso.com. You need to view the account lockout threshold and duration for the domain. Which tool should you use?
A. Computer Management
B. Net Config
C. Active Directory Users and Computers
D. Gpresult
Answer: C
QUESTION 184
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and east.contoso.com. The contoso.com domain contains a domain controller named DC1. The east.contoso.com domain contains a domain controller named DC2. DC1 and DC2 have the DNS Server server role installed. You need to create a DNS zone that is available on DC1 and DC2. The solution must ensure that zone transfers are encrypted. What should you do?
A. Create a primary zone on DC1 and store the zone in a zone file. On DC1 and DC2, configure inbound rules and outbound rules by using Windows Firewall with Advanced Security. Create a secondary zone on DC2 and select DC1 as the master.
B. Create a primary zone on DC1 and store the zone in a DC=ForestDNSZones, DC=Contoso, DC=com naming context.
C. Create a primary zone on DC2 and store the zone in a DC= DC=East, DC=Contoso/DC=com naming context. Create a secondary zone on DC1 and select DC2 as the master.
D. Create a primary zone on DC1 and store the zone in a zone file. Configure DNSSEC for the zone. Create a secondary zone on DC2 and select DC1 as the master.
Answer: D
QUESTION 185
Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2008 R2. The network contains an enterprise certification authority (CA). You need to ensure that all of the members of a group named Managers can view the event log entries for Certificate Services. Which snap-in should you use?
A. Active Directory Administrative Center
B. Authorization Manager
C. Certificate Templates
D. Certificates
E. Certification Authority
F. Enterprise PKI
G. Group Policy Management
H. Security Configuration Wizard
I. Share and Storage Management
Answer: G
QUESTION 186
Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2008 R2 Enterprise. All client computers run Windows 7 Professional. The network contains an enterprise certification authority (CA). You need to approve a pending certificate request. Which snap-in should you use?
A. Active Directory Administrative Center
B. Authorization Manager
C. Certificate Templates
D. Certificates
E. Certification Authority
F. Enterprise PKI
G. Group Policy Management
H. Security Configuration Wizard
I. Share and Storage Management
Answer: E
QUESTION 187
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named Sales and an OU named Engineering. You have a Group Policy object (GPO) linked to the domain. You need to ensure that the settings in the GPO are not processed by user accounts or computer accounts in the Sales OU. You must achieve this goal by using the minimum amount of administrative effort. What should you do?
A. Modify the Group Policy permissions.
B. Enable block inheritance.
C. Configure the link order.
D. Enable loopback processing in merge mode.
E. Enable loopback processing in replace mode.
F. Configure WMI filtering.
G. Configure Restricted Groups.
H. Configure Group Policy Preferences.
I. Link the GPO to the Sales OU.
J. Link the GPO to the Engineering OU.
Answer: B
QUESTION 188
A corporate network includes a single Active Directory Domain Services (AD DS) domain. The domain contains 10 domain controllers. The domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You plan to create an Active Directory-integrated zone. You need to ensure that the new zone is replicated to only four of the domain controllers. What should you do first?
A. Use the ntdsutil tool to modify the DS behavior for the domain.
B. Use the ntdsutil tool to add a naming context.
C. Create a new delegation in the ForestDnsZones application directory partition.
D. Use the dnscmd tool with the /zoneadd parameter.
Answer: D
QUESTION 189
Your network contains an Active Directory forest named fabrikam.com. The forest contains the following domains:
– Fabrikam.com
– Eu.fabrikam.com
– Na.fabrikam.com
– Eu.contoso.com
– Na.contoso.com
You need to configure the forest to ensure that the administrators of any of the domains can specify a user principal name (UPN) suffix of contoso.com when they create user accounts from Active Directory Users and Computers. Which tool should you use?
A. Active Directory Sites and Services
B. Set-ADDomain
C. Set-ADForest
D. Active Directory Administrative Center
Answer: C
QUESTION 190
A corporate network includes a single Active Directory Domain Services (AD DS) domain and two AD DS sites. The AD DS sites are named Toronto and Montreal. Each site has multiple domain controllers. You need to determine which domain controller holds the Inter-Site Topology Generator role for the Toronto site. What should you do?
A. Use the Active Directory Sites and Services console to view the NTDS Site Settings for the Toronto site.
B. Use the Ntdsutil tool with the roles parameter.
C. Use the Ntdsutil tool with the LDAP policies parameter.
D. Use the Active Directory Sites and Services console to view the properties of each domain controller in the Toronto site.
Answer: A
http://www.passleader.com/70-640.html
QUESTION 191
Your network contains an Active Directory domain. The domain contains five sites. One of the sites contains a read-only domain controller (RODC) named RODC1. You need to identify which user accounts can have their password cached on RODC1. Which tool should you use?
A. Repadmin
B. Dcdiag
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Adtest
Answer: C
QUESTION 192
A network contains an Active Directory forest. The forest contains three domains and two sites. You remove the global catalog from a domain controller named DC2. DC2 is located in Site1. You need to reduce the size of the Active Directory database on DC2. The solution must minimize the impact on all users in Site1. What should you do first?
A. On DC2, start the Protected Storage service.
B. On DC2, stop the Active Directory Domain Services service.
C. Start DC2 in Safe Mode.
D. Start DC2 in Directory Services Restore Mode.
Answer: B
QUESTION 193
Your network contains an Active Directory domain named adatum.com. The functional level of the domain is Windows Server 2008. All domain controllers run Windows Server 2008 R2. All client computers run Windows 7 Enterprise. You need to receive a notification when more than 50 Active Directory objects are deleted per second. What should you do?
A. Run the Get-ADDomain cmdlet.
B. Run the dsget.exe command.
C. Run the ntdsutil.exe command.
D. Run the ocsetup.exe command.
E. Run the dsamain.exe command.
F. Run the eventcreate.exe command.
G. Create a Data Collector Set (DCS).
H. Create custom views from Event Viewer.
I. Configure subscriptions from Event Viewer.
J. Import the Active Directory module for Windows PowerShell.
Answer: G
QUESTION 194
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use?
A. Group Policy Management MMC Snap-In
B. Certificates MMC Snap-In on the Certificate Authority
C. Certificate Templates MMC Snap-In
D. Certification Authority MMC Snap-In
Answer: C
QUESTION 195
Your network contains an Active Directory forest. The forest contains one domain named contoso.com. You attempt to create a new child domain and you receive the following error message: “An LDAP read of operational attributes failed.” You need to ensure that you can add a new child domain to the forest. What should you do?
A. Move the PDC emulator role.
B. Move the RID master role.
C. Move the infrastructure master role.
D. Move the schema master role.
E. Move the domain naming master role.
F. Move the global catalog server.
G. Move the bridgehead server.
H. Install a read-only domain controller (RODC).
I. Deploy an additional global catalog server.
J. Restart the Active Directory Domain Services (AD DS) service.
Answer: E
QUESTION 196
Your network contains an Active Directory domain named adatum.com. The functional level of the domain is Windows Server 2003. All domain controllers run Windows Server 2008 R2. You mount an Active Directory snapshot. You need to ensure that you can connect to the snapshot by using LDAP. What should you do?
A. Run the Get-ADDomain cmdlet.
B. Run the dsget.exe command.
C. Run the ntdsutil.exe command.
D. Run the ocsetup.exe command.
E. Run the dsamain.exe command.
F. Run the eventcreate.exe command.
G. Create a Data Collector Set (DCS).
H. Create custom views from Event Viewer.
I. Configure subscriptions from Event Viewer.
J. Import the Active Directory module for Windows PowerShell.
Answer: E
QUESTION 197
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named Sales and an OU named Engineering. You need to ensure that when users log on to client computers, they are added automatically to the local Administrators group. The users must be removed from the group when they log off of the client computers. What should you do?
A. Modify the Group Policy permissions.
B. Enable block inheritance.
C. Configure the link order.
D. Enable loopback processing in merge mode.
E. Enable loopback processing in replace mode.
F. Configure WMI filtering.
G. Configure Restricted Groups.
H. Configure Group Policy Preferences.
I. Link the Group Policy object (GPO) to the Sales OU.
J. Link the Group Policy object (GPO) to the Engineering OU.
Answer: H
QUESTION 198
Your network contains an Active Directory forest named contoso.com. The forest contains two member servers named Server1 and Server2. Server1 and Server2 have the DNS Server server role installed. Server1 hosts a standard primary zone for contoso.com. Server2 is configured as a secondary name server for contoso.com. You experience issues with the copy of the zone on Server2. You verify that both copies of the zone have the same serial number. You need to transfer a complete copy of the zone from Server1 to Server2. What should you do on Server2?
A. From DNS Manager, right-click contoso.com and click Transfer from Master.
B. From Services, right-click DNS Server and click Refresh.
C. From Services, right-click DNS Server and click Restart.
D. From DNS Manager, right-click contoso.com and click Reload.
E. From DNS Manager, right-click contoso.com and click Transfer a new copy of zone from Master.
Answer: E
QUESTION 199
Your network contains an Active Directory domain. The domain contains two Active Directory sites named Site1 and Site2. Site1 contains two domain controllers named DC1 and DC2. Site2 contains two domain controller named DC3 and DC4. The functional level of the domain is Windows Server 2008 R2. The functional level of the forest is Windows Server 2003. Active Directory replication between Site1 and Site2 occurs from 20:00 to 01:00 every day. At 07:00, an administrator deletes a user account while he is logged on to DC1. You need to restore the deleted user account. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?
A. On DC3, stop Active Directory Domain Services, perform an authoritative restore, and then start Active Directory Domain Services.
B. On DC3, run the Restore-ADObject cmdlet.
C. On DC1, run the Restore-ADObject cmdlet.
D. On DC1, stop Active Directory Domain Services, restore the SystemState, and then start Active Directory Domain Services.
Answer: A
QUESTION 200
You create a standard primary zone for contoso.com. You need to specify a user named Admin1 as the person responsible for managing the zone. What should you do? (Each correct answer presents a complete solution. Choose two.)
A. Open the %Systemroot\System32\DNS\Contoso.com.dns file by using Notepad and change all instances of “hostmaster.contoso.com” to “admin1.contoso.com”.
B. From DNS Manager, open the properties of the Start of Authority (SOA) record ofcontoso.com, Specify admin1.contoso.com as the responsible person.
C. Open the %Systemroot\System32\DNS\Contoso.com.dns file by using Notepad and change all instances of “[email protected]” to “[email protected]”.
D. From DNS Manager, open the properties of the Start of Authority (SOA) record ofcontoso.com. Specify [email protected] as the responsible person.
Answer: BC
http://www.passleader.com/70-640.html