Microsoft.Certify-Me.70-640.v2011-12-18.by

70-640-141211

Number: 70-640Passing Score: 700Time Limit: 120 minFile Version: 1.0

Microsoft 70-640

We only provide the real exam with quality. Your effort is just practice or memorise.

TS: Windows Server 2008 Active Directory,

Configuring

Version: 1.1

366 Q & AVisit for Free exam VCE and PDFwww.certify-me.co.ukMicrosoft 70-640 Exam

Topic 1, Exam Set 1

Exam D

QUESTION 1Your network contains an Active Directory domain.

You need to back up all of the Group Policy objects (GPOs), Group Policy permissions, and Group Policy linksfor the domain.

What should you do?

A. From Group Policy Management Console (GPMC), back up the GPOs.

B. From Windows Explorer, copy the content of the %systemroot%\SYSVOL folder.

C. From Windows Server Backup, perform a system state backup.

D. From Windows PowerShell, run the Backup-GPO cmdlet.

Answer: CSection: (none)

Explanation/Reference:Explanation:Microsoft 70-640 Exam

QUESTION 2Your network contains a domain controller that runs Windows Server 2008 R2. You need to reset the DirectoryServices Restore Mode (DSRM) password on the domain controller. Which tool should you use?

A. Ntdsutil

B. Dsamain

C. Active Directory Users and Computers

D. Local Users and Groups

Answer: ASection: (none)

Explanation/Reference:Explanation:

QUESTION 3Your network contains an Active Directory forest. All client computers run Windows 7.

The network contains a high-volume enterprise certification authority (CA).

You need to minimize the amount of network bandwidth required to validate a certificate.

What should you do?

A. Configure an LDAP publishing point for the certificate revocation list (CRL).

B. Configure an Online Certification Status Protocol (OCSP) responder.

C. Modify the settings of the delta certificate revocation list (CRL).

D. Replicate the certificate revocation list (CRL) by using Distributed File System (DFS).

Answer: BSection: (none)


QUESTION 4Your network contains an Active Directory domain. You have five organizational units (OUs) named Finance,HR, Marketing, Sales, and Dev. You link a Group Policy object named GPO1 to the domain as shown in theexhibit. (Click the Exhibit button.) Microsoft 70-640 Exam

You need to ensure that GPO1 is applied to users in the Finance, HR, Marketing, and Sales OUs. The solutionmust prevent GPO1 from being applied to users in the Dev OU. What should you do?

A. Enforce GPO1.

B. Modify the security settings of the Dev OU.

C. Link GPO1 to the Finance OU.

D. Modify the security settings of the Finance OU.



QUESTION 5Your network contains an Active Directory domain. The domain contains an organizational unit (OU) namedOU1. OU1 contains all managed service accounts in the domain. You need to prevent the managed serviceaccounts from being deleted accidentally from OU1. Which cmdlet should you use?

A. Set-ADUser

B. Set-ADOrganizationalUnit

C. Set-ADServiceAccount

D. Set-ADObject

Answer: DSection: (none)


QUESTION 6Your network contains an Active Directory domain named contoso.com. Contoso.com contains a writabledomain controller named DC1 and a read-only domain controller (RODC) named DC2. All domain controllersrun Windows Server 2008 R2. You need to install a new writable domain controller named DC3 in a remote site.The solution must minimize the amount of replication traffic that occurs during the installation of Active DirectoryDomain Services (AD DS) on DC3. What should you do first?

A. Run dcpromo.exe /createdcaccount on DC3.

B. Run ntdsutil.exe on DC2.

C. Run dcpromo.exe /adv on DC3.

D. Run ntdsutil.exe on DC1.



QUESTION 7Your network contains an Active Directory forest. The forest contains 10 domains. All domain controllers areconfigured as global catalog servers.

You remove the global catalog role from a domain controller named DC5.

You need to reclaim the hard disk space used by the global catalog on DC5.

What should you do?

A. From Active Directory Sites and Services, run the Knowledge Consistency Checker (KCC).

B. From Active Directory Sites and Services, modify the general properties of DC5.

C. From Ntdsutil, use the Semantic database analysis option.

D. From Ntdsutil, use the Files option.



QUESTION 8A corporate network includes an Active Directory-integrated zone. All DNS servers that host the zone aredomain controllers.Microsoft 70-640 ExamYou add multiple DNS records to the zone.

You need to ensure that the new records are available on all DNS servers as soon as possible.

Which tool should you use?

A. Ldp

B. Repadmin

C. Ntdsutil

D. Nslookup

E. Active Directory Sites And Services console

F. Active Directory Domains And Trusts console

G. Dnslint

H. Dnscmd

Answer: HSection: (none)

Explanation/Reference:Explanation: http://technet.microsoft.com/en-us/library/cc778513(WS.10).aspx

QUESTION 9You have a DNS zone that is stored in a custom application partition. You need to add a domain controller to thereplication scope of the custom application partition. Which tool should you use?

A. DNScmd

B. DNS Manager

C. Server Manager

D. Dsmod



QUESTION 10Your network contains a server named Server1 that runs Windows Server 2008 R2 Standard. Server1 has theActive Directory Certificate Services (AD CS) role installed. You configure a certificate template namedTemplate1 for autoenrollment. You discover that certificates are not being issued to any client computers. Theevent logs on the client computers do not contain any autoenrollment errors. You need to ensure that all of theclient computers automatically receive certificates based on Template1. What should you do? Microsoft 70-640Exam

A. Modify the Default Domain Policy Group Policy object (GPO).

B. Modify the Default Domain Controllers Policy Group Policy object (GPO).

C. Upgrade Server1 to Windows Server 2008 R2 Enterprise.

D. Restart Certificate Services on Server1.



QUESTION 11Your network contains a server that has the Active Directory Lightweight Directory Services (AD LDS) roleinstalled.

You need to perform an automated installation of an AD LDS instance.


A. Dism.exe

B. Servermanagercmd.exe

C. Adaminstall.exe

D. Ocsetup.exe



QUESTION 12Your network contains an Active Directory domain named contoso.com. A partner company has an ActiveDirectory domain named nwtraders.com.

The networks for contoso.com and nwtraders.com connect to each other by using a WAN link.

You need to ensure that users in contoso.com can access resources in nwtraders.com and resources on theInternet.

What should you do first?

A. Modify the Trusted Root Certification Authorities store.

B. Modify the Intermediate Certification Authorities store.

C. Create conditional forwarders.

D. Add a root hint to the DNS server.Microsoft 70-640 Exam



QUESTION 13Your network contains an Active Directory forest. The forest contains multiple domains.

You need to ensure that users in the human resources department can search for employees by using the

employeeNumber attribute.

What should you do?

A. From Active Directory Sites and Services, modify the properties of each global catalog server.

B. From the Active Directory Schema snap-in, modify the properties of the user object class.

C. From Active Directory Sites and Services, modify the NTDS Settings objectof each global catalog server.

D. From the Active Directory Schema snap-in, modify the properties of the employeeNumber attribute.



QUESTION 14Your network contains a single Active Directory domain. The domain contains an enterprise certificationauthority (CA).

You need to ensure that the encryption keys for e-mail certificates can be recovered from the CA database.

You modify the e-mail certificate template to support key archival.

What should you do next?

A. Issue the key recovery agent certificate template.

B. Run certutil.exe -recoverkey.

C. Run certreq.exe-policy.

D. Modify the location of the Authority Information Access (AIA) distribution point.


Explanation/Reference:Microsoft 70-640 Exam-recoverkey as this recovers archived keys but e-mail certificate Explanation: Not certutil.exetemplate does not have key archival by default.

QUESTION 15Your network contains an Active Directory-integrated DNS zone named contoso.com. You discover that thezone includes DNS records for computers that were removed from the network. You need to ensure that theDNS records are deleted automatically from the zone. What should you do?

A. From DNS Manager, set the aging properties.

B. Create a scheduled task that runs dnslint.exe /v /d contoso.com.

C. From DNS Manager, modify the refresh interval of the start of authority (SOA) record.

D. Create a scheduled task that runs ipconfig.exe /flushdns.



QUESTION 16Your network contains a domain controller that runs Windows Server 2008 R2.

You run the following command on the domain controller:

dsamain.exe C dbpath c:\$SNAP_201006170326_VOLUMEC$\Windows\NTDS\ntds.dit C ldapport 389 -allowNonAdminAccess

The command fails. You need to ensure that the command completes successfully.

How should you modify the command?

A. Change the value of the -dbpath parameter.

B. Include the path to Dsamain.

C. Change the value of the -ldapport parameter.

D. Remove the CallowNonAdminAccess parameter.



QUESTION 17Your network contains an Active Directory domain. The domain contains 10 domain controllers that runWindows Server 2008 R2.

You need to monitor the following information on the domain controllers during the next five days:

- Memory usage- Processor usage- The number of LDAP queries

What should you do?

A. Create a User Defined Data Collector Set (DCS) that uses the Active Directory Diagnostics template.

B. Use the System Performance Data Collector Set (DCS).

C. Create a User Defined Data Collector Set (DCS) that uses the System Performance template.

D. Use the Active Directory Diagnostics Data Collector Set (DCS).



QUESTION 18Your network contains an Active Directory domain named contoso.com.

Contoso.com contains a domain controller named DC1 and a read-only domain controller (RODC) namedRODC1.

You need to view the most recent user accounts authenticated by RODC1.


A. From Active Directory Sites and Services, right-click the Connection object for DC1, and then click ReplicateNow.

B. From Active Directory Sites and Services, right-click the Connection object for DC2, and then click ReplicateNow.

C. From Active Directory Users and Computers, right-click contoso.com, click Change DomainController, andthen connect to DC1.

D. From Active Directory Users and Computers, right-click contoso.com, click Change Domain Controller, andthen connect to RODC1.



QUESTION 19Your network contains an Active Directory domain. The domain contains 3,000 client computers.All of the client computers run Windows 7.

Users log on to their client computers by using standard user accounts.

You plan to deploy a new application named App1.

The vendor of App1 provides a Setup.exe file to install App1. Setup.exe requires administrative rights to run.

You need to deploy App1 to all client computers. The solution must meet the following requirements:

- App1 must automatically detect and replace corrupt application files.- App1 must be available from the Start menu on each client computer.


A. Create a logon script that calls Setup.exe for App1.

B. Create a .zap file.

C. Create a startup script that calls Setup.exe for App1.

D. Repackage App1 as a Windows Installer package.




Contoso.com contains two sites named Site1 and Site2. Site1 contains a domain controller named DC1.

In Site1, you install a new domain controller named DC2. You ship DC2 to Site2.

You discover that certain users in Site2 authenticate to DC1.Microsoft 70-640 ExamYou need to ensure that the users in Site2 always attempt to authenticate to DC2 first.

What should you do?

A. From Active Directory Users and Computers, modify the Location settings of the DC2 computer object.

B. From Active Directory Sites and Services, modify the Location attribute for Site2.

C. From Active Directory Sites and Services, move the DC2 server object.

D. From Active Directory Users and Computers, move the DC2 computer object.




Contoso.com contains a server named Server2. You open the System properties on Server2 as shown in theexhibit. (Click the Exhibit button.)

When you attempt to configure Server2 as an enterprise subordinate certification authority (CA), Microsoft 70-640 Examyou discover that the enterprise subordinate CA option is unavailable.

You need to configure Server2 as an enterprise subordinate CA.


A. Upgrade Server2 to Windows Server 2008 R2 Enterprise.

B. Log in as an administrator and run Server Manager.

C. Import the root CA certificate.

D. Join Server2 to the domain.



QUESTION 22Your network contains an Active Directory domain. The domain contains an enterprise certification authority(CA).

You need to ensure that only members of a group named Admin1 can create certificate templates.

Which tool should you use to assign permissions to Admin1?

A. the Certification Authority console

B. Active Directory Users and Computers

C. the Certificates snap-in

D. Active Directory Sites and Services



QUESTION 23Your network contains an Active Directory domain. All DNS servers are domain controllers. You view theproperties of the DNS zone as shown in the exhibit. (Click the Exhibit button.) Microsoft 70-640 Exam

You need to ensure that only domain members can register DNS records in the zone. What should you do first?

A. Modify the zone type.

B. Create a trust anchor.

C. Modify the Advanced properties of the DNS server.

D. Modify the Dynamic updates setting.



QUESTION 24Your company has a single Active Directory forest with a single domain. Consultants in different departments ofthe company require access to different network resources. The consultants belong to a global group namedTempWorkers. Three file servers are placed in a new Microsoft 70-640 Examorganizational unit named SecureServers. The file servers contain confidential data in shared folders. You needto prevent the consultants from accessing the confidential data.

What should you do?

A. Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit.Assign the Deny access to this computer from the network user right to the TempWorkers global group.

B. Create a new Group Policy Object (GPO) and link it to the domain. Assign the Deny access to this computerfrom the network user right to the TempWorkers global group.

C. On the three file servers, create a share on the root of each hard disk. Configure the Deny Full controlpermission for the TempWorkers global group on the share.

D. Create a new Group Policy Object (GPO) and link it to the domain. Assign the Deny log on locally user rightto the TempWorkers global group.

E. Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit.Assign the Deny log on locally user right to the TempWorkers global group.



QUESTION 25Your network contains two Active Directory forests named contoso.com and nwtraders.com. The functional levelof both forests is Windows Server 2003. Contoso.com contains one domain. Nwtraders.com contains twodomains. You need to ensure that users in contoso.com can access the resources in all domains. The solutionmust require the minimum number of trusts.

Which type of trust should you create?

A. external

B. forest

C. realm

D. shortcut



QUESTION 26You install an Active Directory domain in a test environment.Microsoft 70-640 ExamYou need to reset the passwords of all the user accounts in the domain from a domain controller.

Which two Windows PowerShell commands should you run? (Each correct answer presents part of the solution,choose two.)

A. $ newPassword = *

B. Import-Module ActiveDirectory

C. Import-Module WebAdministration

D. Get- AdUser -filter * | Set- ADAccountPossword - NewPassword $ newPassword - Reset

E. Set- ADAccountPossword - NewPassword - Reset

F. $ newPassword = (Read-Host - Prompt "New Password" - AsSecureString )

G. Import-Module ServerManager

Answer: DFSection: (none)

Explanation/Reference:

Explanation:

QUESTION 27DRAG DROP

Your network contains an Active Directory forest named contoso.com. The forest contains a domain controllernamed DC1 that runs Windows Server 2008 R2 Enterprise and a member server named Server1 that runsWindows Server 2008 R2 Standard.

You have a computer named Computer1 that runs Windows 7. Computer1 is not connected to the network. Youneed to join Computer1 to the contoso.com domain.

What should you do?

To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area andarrange them in the correct order.

Microsoft 70-640 Exam

A.

B.

C.

D.

Answer: Section: (none)


Explanation:

QUESTION 28HOTSPOT

Your network contains an Active Directory domain named contoso.com.

You need to ensure that IP addresses can be resolved to fully qualified domain names (FQDNs).

Under which node in the DNS snap-in should you add a zone?

To answer, select the appropriate node in the answer area.Microsoft 70-640 Exam

A.

B.

C.

D.



Explanation:Reverse Lookup ZonesSelect

QUESTION 29HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains a domaincontroller named Server1. Server1 has an IP address of 192.168.200.100.

You need to view the Pointer (PTR) record for Server1.Microsoft 70-640 ExamWhich zone should you open in the DNS snap-in to view the record?

To answer, select the appropriate zone in the answer area.

A.

B.

C.

D.



Explanation:200.168.192.in-addr.arpaSelectMicrosoft 70-640 Exam

QUESTION 30HOTSPOT

Your network contains an Active Directory domain.

You need to create a new site link between two sites named Site1 and Site3. The site link must support the

replication of domain objects.

Under which node in Active Directory Sites and Services should you create the site link?

To answer, select the appropriate node in the answer area.

A.

B.

C.

D.


Explanation/Reference:Microsoft 70-640 Exam

Explanation:IP container under Inter-Site Transports.Select the


Your network contains an Active Directory forest named adatum.com. The forest contains four child domainsnamed europe.adatum.com, northamerica.adatum.com, asia.adatum.com, and africa.adatum.com.

You need to create four new groups in the forest root domain. The groups must be configured as shown in thefollowing table.Microsoft 70-640 Exam

What should you do?

To answer, drag the appropriate group type to the correct group name in the answer area.

A.

B.

C.

D.




Explanation:

QUESTION 32HOTSPOT

You need to modify the Password Replication Policy on a read-only domain controller (RODC).


To answer, select the appropriate tool in the answer area.

A.

B.

C.

D.

Answer:

Section: (none)


Explanation:Active Directory Users and Computers.Select

QUESTION 33HOTSPOT

Your network contains an Active Directory forest named contoso.com.

The password policy of the forest requires that the passwords for all of the user accounts be changed every 30days.

You need to create user accounts that will be used by services. The passwords for these accounts must bechanged automatically every 30 days.

Which tool should you use to create these accounts?

To answer, select the appropriate tool in the answer area.


A.

B.

C.

D.



Explanation:Active Directory Module for Windows PowerShell.Select

QUESTION 34Your network contains two forests named adatum.com and litwareinc.com. The functional level of all thedomains is Windows Server 2003. The functional level of both forests is Windows 2000.

You need to create a forest trust between adatum.com and litwareinc.com.


A. Create an external trust.

B. Raise the functional level of both forests.

C. Configure SID filtering.

D. Raise the functional level of all the domains.



QUESTION 35Your network contains an Active Directory forest named adatum.com.Microsoft 70-640 ExamAll client computers used by the marketing department are in an organizational unit (OU) named MarketingComputers. All user accounts for the marketing department are in an OU named Marketing Users.

You purchase a new application.

You need to ensure that every user in the domain who logs on to a marketing department computer can use theapplication. The application must only be available from the marketing department computers.

What should you do?

A. Create and link a Group Policy object (GPO) to the Marketing Users OU. Copy the installation package to ashared folder on the network. Assign the application.

B. Create and link a Group Policy object (GPO) to the Marketing Computers OU. Copy the installation packageto a shared folder on the network. Assign the application.

C. Create and link a Group Policy object (GPO) to the Marketing Computers OU. Copy the installation packageto a local drive on each marketing department computer. Publish the application.

D. Create and link a Group Policy object (GPO) to the Marketing Users OU. Copy the installation package to afolder on each marketing department computer. Publish the application.



QUESTION 36Your network contains an Active Directory forest named adatum.com.

You need to create an Active Directory Rights Management Services (AD RMS) licensing-only cluster.

What should you install before you create the AD RMS root cluster?

A. The Failover Cluster feature

B. The Active Directory Certificate Services (AD CS) role

C. Microsoft Exchange Server 2010

D. Microsoft SharePoint Server 2010

E. Microsoft SQL Server 2008

Answer: ESection: (none)


Explanation:

QUESTION 37HOTSPOT

Your network contains an Active Directory forest.

The DNS infrastructure fails.

You rebuild the DNS infrastructure.

You need to force the registration of the Active Directory Service Locator (SRV) records in DNS.

Which service should you restart on the domain controllers?

To answer, select the appropriate service in the answer area.

A.

B.

C.

D.



Explanation:Netlogon service.Select the

QUESTION 38Your network contains an Active Directory domain named contoso.com. The contoso.com domain contains adomain controller named DC1.

You create an Active Directory-integrated GlobalNames zone. You add an alias (CNAME) resource recordnamed Server1 to the zone. The target host of the record is server2.contoso.com.

When you ping Server1, you discover that the name fails to resolve. You are able to successfully ping server2.contoso.com.

You need to ensure that you can resolve names by using the GlobalNames zone.

Which command should you run?

A. Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /domain

B. Dnscmd DCl.contoso.com /config /Enableglobalnamessupport forest

C. DnscmdDCl.contoso.com/config/Enableglobalnamessupport 1 Microsoft 70-640 Exam

D. Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /forest




The network has a branch office site that contains a read-only domain controller (RODC) named R0DC1.R0DC1 runs Windows Server 2008 R2.

A user logs on to a computer in the branch office site.

You discover that the user's password is not stored on R0DC1.

You need to ensure that the user's password is stored on RODC1 when he logs on to a branch office sitecomputer.

What should you do?

A. Modify the RODC s password replication policy by removing the entry for the Allowed RODC PasswordReplication Group.

B. Modify the RODC's password replication policy by adding R0DC1's computer account to the list of allowedusers, groups, and computers.

C. Add the user's user account to the built-in Allowed RODC Password Replication Group on R0DC1.

D. Add R0DC1's computer account to the built-in Allowed RODC Password Replication Group on R0DC1.



QUESTION 40You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server namedServer1.Microsoft 70-640 ExamYou need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS.

Which protocol should you allow on Server1?

A. Kerberos

B. SSL

C. SMB

D. RPC



QUESTION 41Your network contains an Active Directory domain named contoso.com. Contoso.com contains a memberserver that runs Windows Server 2008 R2 Standard.

You need to create an enterprise subordinate certification authority (CA) that can issue certificates based onversion 3 certificate templates.

You must achieve this goal by using the minimum amount of administrative effort.


A. Run the certutil.exe - addenrollmentserver command.

B. Install the Active Directory Certificate Services (AD CS) role on the member server.

C. Upgrade the member server to Windows Server 2008 R2 Enterprise.

D. Run the certutil.exe - installdefaulttemplates command.



QUESTION 42Your network contains a server named Server1. The Active Directory Rights Management Services (AD RMS)server role is installed on Server1.Microsoft 70-640 ExamAn administrator changes the password of the user account that is used by AD RMS. You need to update ADRMS to use the new password.

Which console should you use?

A. Active Directory Rights Management Services


C. Local Users and Groups

D. Services



QUESTION 43Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link.Contoso has an Active Directory forest that contains a single domain named ad.contoso.com.

The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primaryzone.

You install a new domain controller named DC2 in the branch office. You install DNS on DC2.

You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WANlink fails.

What should you do?

A. Create a new secondary zone named ad.contoso.com on DC2.

B. Create a new stub zone named ad.contoso.com on DC2.

C. Configure the DNS server on DC2 to forward requests to DC1.

D. Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.



QUESTION 44Microsoft 70-640 ExamYour network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise.

You enable key archival on the CA. The CA is configured to use custom certificate templates for Encrypted FileSystem (EFS) certificates.

You need to archive the private key for all new EFS certificates.

Which snap-in should you use?

A. Active Directory Users and Computers

B. Authorization Manager

C. Group Policy Management

D. Enterprise PKI

E. Security Templates

F. TPM Management

G. Certificates

H. Certification Authority

I. Certificate Templates



QUESTION 45Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise.

You need to ensure that all of the members of a group named Group1 can view the event log entries forCertificate Services.


A. Certificate Templates

B. Certification Authority

C. Authorization Manager

D. Active Directory Users and Computers

E. TPM Management

F. Security Templates

G. Group Policy Management

H. Enterprise PKIMicrosoft 70-640 Exam

I. Certificates




You need to ensure that users can enroll for certificates that use the IPSEC (Offline request) certificate template


A. Enterprise PKI

B. TPM Management

C. Certificates

D. Active Directory Users and Computers

E. Authorization Manager

F. Certification Authority

G. Group Policy Management

H. Security Templates

I. Certificate Templates

Answer: ISection: (none)



You have a custom certificate template named Template 1. Template1 is published to the CA.

You need to ensure that all of the members of a group named Group1 can enroll for certificates that useTemplate1.

Which snap-in should you use?Microsoft 70-640 Exam

A. Security Templates

B. Enterprise PKI

C. Certification Authority

D. Certificate Templates

E. Certificates

F. TPM Management

G. Authorization Manager

H. Group Policy Management

I. Active Directory Users and Computers




You need to approve a pending certificate request.


A. Active Directory Users and Computers

B. Authorization Manager

C. Certification Authority

D. Group Policy Management

E. Certificate Templates

F. TPM Management

G. Certificates

H. Enterprise PKI

I. Security Templates




Your network contains an Active Directory domain named adatum.com.

You need to use Group Policies to deploy the line-of-business applications shown in the following Microsoft 70-640 Examtable.

What should you do?

To answer, drag the appropriate deployment method to the correct application in the answer area.

A.

B.

C.

D.



Explanation:


Your network contains an Active Directory forest named contoso.com.

You need to create an Active Directory Rights Management Services (AD RMS) licensing-only cluster.

What should you do?

To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area andarrange them in the correct order.Microsoft 70-640 Exam

A.

B.

C.

D.



Explanation:



Your network contains two forests named contoso.com and fabrikam.com. The functional level of all thedomains is Windows Server 2003. The functional level of both forests is Windows 2000.

You need to create a trust between contoso.com and fabrikam.com. The solution must ensure that users from

contoso.com can only access the servers in fabrikam.com that have the Allowed to Authenticate permission set.

What should you do?


A.

B.

C.

D.




Explanation:

QUESTION 52Your network contains an Active Directory domain named adatum.com.

You need to ensure that IP addresses can be resolved to fully qualified domain names (FQDNs).

Under which node in the DNS snap-in should you add a zone?

A. Reverse Lookup Zones

B. adatum.com

C. Forward Lookup Zones

D. Conditional Forwarders

E. _msdcs.adatum.com




Your company has a main office and a branch office. All servers are located in the main office.

The network contains an Active Directory forest named adatum.com. The forest contains a domain Microsoft70-640 Examcontroller named MainDC that runs Windows Server 2008 R2 Enterprise and a member server namedFileServer that runs Windows Server 2008 R2 Standard.

You have a kiosk computer named Public_Computer that runs Windows 7. Public_Computer is not connectedto the network.

You need to join Public_Computer to the adatum.com domain.

What should you do?


A.

B.

C.

D.



Explanation:Microsoft 70-640 Exam

QUESTION 54Your network contains an Active Directory domain named adatum.com. The domain contains a domaincontroller named DC1. DC1 has an IP address of 192.168.200.100.

You need to identify the zone that contains the Pointer (PTR) record for 0C1.

Which zone should you identify?

A. adatum.com

B. _msdcs.adatum.com

C. 100.168.192.in-addr.arpa

D. 200.168.192.in-addr.arpa



QUESTION 55Your network contains an Active Directory forest named adatum.com.

The DNS infrastructure fails.

You rebuild the DNS infrastructure.Microsoft 70-640 ExamYou need to force the registration of the Active Directory Service Locator (SRV) records in DNS.

Which service should you restart on the domain controllers?

A. Netlogon

B. DNS Server

C. Network Location Awareness

D. Network Store Interface Service

E. Online Responder Service



QUESTION 56Your network contains an Active Directory domain named adatum.com.

The password policy of the domain requires that the passwords for all user accounts be changed every 50 days.

You need to create several user accounts that will be used by services. The passwords for these accounts mustbe changed automatically every 50 days.

Which tool should you use to create the accounts?

A. Active Directory Administrative Center


C. Active Directory Module for Windows PowerShell

D. ADSI Edit

E. Active Directory Domains and Trusts



QUESTION 57Your network contains an Active Directory domain. The domain contains several domain controllers. You needto modify the Password Replication Policy on a read-only domain controller (RODC).Microsoft 70-640 ExamWhich tool should you use?

A. Group Policy Management

B. Active Directory Domains and Trusts

C. Active Directory Users and Computers

D. Computer Management

E. Security Configuration Wizard



QUESTION 58

HOTSPOT

Your network contains an Active Directory forest named contoso.com. All client computers run Windows 7Enterprise.

You need automatically to create a local group named PowerManagers on each client computer that contains abattery. The solution must minimize the amount of administrative effort.

Which node in Group Policy Management Editor should you use?

To answer, select the appropriate node in the answer area.

A.

B.

C.

D.



Explanation:Control Panel Settings under Preferences.Select

QUESTION 59Your network contains an Active Directory forest. The forest contains domain controllers that run WindowsServer 2008 R2. The functional level of the forest is Windows Server 2003. The functional level of the domain isWindows Server 2008.

From a domain controller, you need to perform an authoritative restore of an organizational unit (OU).


A. Raise the functional level of the forest

B. Modify the tombstone lifetime of the forest.

C. Restore the system state.

D. Raise the functional level of the domain.



QUESTION 60Your network contains an Active Directory forest. The forest contains two domains named contoso.com andwoodgrovebank.com.

You have a custom attribute named Attribute 1 in Active Directory. Attribute 1 is associated to Microsoft 70-640ExamUser objects.

You need to ensure that Attribute1 is included in the global catalog.

What should you do?

A. From the Active Directory Schema snap-in, modify the properties of the Attribute 1 attributeSchema object.

B. In Active Directory Users and Computers, configure the permissions on the Attribute 1 attribute for Userobjects.

C. From the Active Directory Schema snap-in, modify the properties of the User classSchema object.

D. In Active Directory Sites and Services, configure the Global Catalog settings for all domain controllers in theforest.



QUESTION 61Your network contains a server named Server1. Server1 runs Windows Server 2008 R2 and has the ActiveDirectory Lightweight Directory Services (AD LDS) role installed. Server1 hosts two AD LDS instances named

Instance1 and Instance2.

You need to remove Instance2 from Server1 without affecting Instance1.


A. NTDSUtil

B. Dsdbutil

C. Programs and Features in the Control Panel

D. Server Manager



QUESTION 62Your network contains an Active Directory domain. All domain controllers run Windows Server Microsoft 70-640Exam2008 R2.

You need to compact the Active Directory database.

What should you do?

A. Run the Get-ADForest cmdlet.

B. Configure subscriptions from Event Viewer.

C. Run the eventcreate.exe command.

D. Configure the Active Directory Diagnostics Data Collector Set (OCS).

E. Create a Data Collector Set (DCS).

F. Run the repadmin.exe command.

G. Run the ntdsutil.exe command.

H. Run the dsquery.exe command.

I. Run the dsamain.exe command.

J. Create custom views from Event Viewer.

Answer: GSection: (none)


QUESTION 63Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2.

You need to collect all of the Directory Services events from all of the domain controllers and store the events ina single central computer.

What should you do?

A. Run the ntdsutil.exe command.

B. Run the repodmin.exe command.

C. Run the Get-ADForest cmdlet.

D. Run the dsamain.exe command.

E. Create custom views from Event Viewer.

F. Run the dsquery.exe command.

G. Configure the Active Directory Diagnostics Data Collector Set (DCS),

H. Configure subscriptions from Event Viewer.

I. Run the eventcreate.exe command.

J. Create a Data Collector Set (DCS).Microsoft 70-640 Exam



QUESTION 64Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. Youneed to receive a notification when more than 100 Active Directory objects are deleted per second.

What should you do?

A. Create custom views from Event Viewer.

B. Run the Get-ADForest cmdlet.

C. Run the ntdsutil.exe command.

D. Configure the Active Directory Diagnostics Data Collector Set (DCS).

E. Create a Data Collector Set (DCS).

F. Run the dsamain.exe command.

G. Run the dsquery.exe command.

H. Run the repadmin.exe command.

I. Configure subscriptions from Event Viewer.

J. Run the eventcreate.exe command.

Answer: ESection: (none)



You need to create a snapshot of Active Directory.

What should you do?

A. Run the dsquery.exe command.

B. Run the dsamain.exe command.

C. Create custom views from Event Viewer.

D. Configure subscriptions from Event Viewer.

E. Create a Data Collector Set (DCS).Microsoft 70-640 Exam

F. Configure the Active Directory Diagnostics Data Collector Set (DCS).

G. Run the repadmin.exe command.

H. Run the ntdsutil.exe command.

I. Run the Get-ADForest cmdlet.

J. Run the eventcreate.exe command.




You mount an Active Directory snapshot.

You need to ensure that you can query the snapshot by using LDAP.

What should you do?

A. Run the dsamain.exe command.

B. Create custom views from Event Viewer.

C. Run the ntdsutil.exe command.

D. Configure subscriptions from Event Viewer.

E. Run the Get-ADForest cmdlet.

F. Create a Data Collector Set (DCS).

G. Run the eventcreate.exe command.

H. Configure the Active Directory Diagnostics Data Collector Set (DCS).

I. Run the repadmin.exe command.

J. Run the dsquery.exe command.



Microsoft.Certify-Me.70-640.v2011-12-18.by

Documents

Transcript of Microsoft.Certify-Me.70-640.v2011-12-18.by