Free Download Updated PassLeader Exam Dumps

Where To Get The 100 Percent Valid 70-642 Exam Dumps? PassLeader — one famous IT Certification Exam Study Materials Supplier — is offer the 100 percent valid 448q 70-642 exam dumps, which covers all the new 70-642 exam questions with detailed explanation and it has been helped many people passing 70-642 exam easily! Welcome to choose the best 448q 70-642 practice test from passleader.com, both 70-642 PDF dumps and 70-642 VCE dumps are available now!

keywords: 70-642 exam,448q 70-642 exam dumps,448q 70-642 exam questions,70-642 pdf dumps,70-642 vce dumps,70-642 braindumps,70-642 practice tests,70-642 study guide,TS: Windows Server 2008 Network Infrastructure, Configuring Exam

QUESTION 321
Your network contains a DNS zone for contoso.com. All servers register their host names in DNS by using dynamic updates. The network contains a server named Server1.contoso.com. From a computer named Computer1 that runs Windows 7, you successfully resolve Server1.contoso.com to an IP address. You change the IP address of Server1.contoso.com. From Computer1, you discover that server1.contoso.com still resolves to the old IP address. You successfully connect to server1.contoso.com by using the new IP address. You need to ensure that you can immediately resolve Server1.contoso.com to the new IP address. What should you do on Computer1?

A.    Run ipconfig.exe and specify the /flushdns parameter.
B.    Run netsh.exe and specify the dnsclient context.
C.    Restart the Peer Name Resolution Protocol (PNRP) service.
D.    Run dnscacheugc.exe.

Answer: A
Explanation:
ipconfig/flushdns – Flushes and resets the contents of the DNS client resolver cache. During DNS troubleshooting, you can use this procedure to discard negative cache entries from the cache, as well as any other entries that have been added dynamically.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ipconfig.mspx?mfr=true

QUESTION 322
You network contains an Active Directory forest named Contoso.com. The forest contains two domains named Contoso.com and child.contoso.com. The Contoso.com domain contains a server named Server1. Server1 has the Network Policy and Access Services (NPAS) server role instead. You need to ensure that Server1 can read the dial-in properties of user accounts in the child.contoso.com domain. Which tool should you use?

A.    Netcfg
B.    Active Directory Users and Computers
C.    Useraccountcontrolsettings
D.    Authorization manager

Answer: B

QUESTION 323
Your network contains an Active Directory forest named contoso.com. The forest contains a server named Server1 that runs Windows Server 2008 R2 Service Pack 1 (SP1) Standard. The forest contains a server named Server2 that runs Windows Server 2008 R2 SP1 Enterprise. Server1 and Server2 have the Print and Document Services server role installed. You need to migrate the print queues, printer settings, printer ports, and language monitors from Server1 to Server2. Which tool should you use?

A.    Printbrm
B.    Active Directory Users and Computers
C.    Active Directory Sites and Services
D.    Devices and Printers

Answer: A

QUESTION 324
You manage a server named Server1 that runs Windows Server 2008 R2 Service Pack 1 (SP1). Server1 has the File Services server role installed. You have a file share named Share1. You need to ensure that any Microsoft Word files saved to Share1 that contain the word “confidential” are moved automatically to a folder named Confidential. What should you configure in File Server Resource Manager? (Each correct answer presents part of the solution. Choose three.)

A.    a classification rule
B.    a file management task
C.    a file screen
D.    a file group
E.    a classification property

Answer: ABE

QUESTION 325
Your network contains two Active Directory forests named contoso.com and fabrikam.com. Fabrikam.com contains a server named Server1 that has the Print and Document Services server role installed. Server1 contains 50 shared printers. You join Server1 to the contoso.com domain. You need to ensure that all of the shared printers on Server1 are listed in the contoso.com forest. Which tool should you use? (Each correct answer presents a complete solution. Choose two.)

A.    Printui.exe
B.    Print Management
C.    Pmmngr.vbs
D.    Pubprn.vbs
E.    Setprinter.exe

Answer: BD

QUESTION 326
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. You are configuring DirectAccess. You create a static host (A) record for isatap.contoso.com. You discover that the DNS server fails to respond to queries for the isatap.contoso.com record. You need to ensure that the DNS server resolves queries for isatap.contoso.com. What should you do?

A.    Create a stub zone for isatap.contoso.com
B.    Run dnscmd /config /enableglobalqueryblocklist 0
C.    Run dnscmd /config /enableglobalqueryblocklist 1
D.    Create a canonical name (CNAME) record for isatap.contoso.com

Answer: B
Explanation:
dnscmd [<ServerName>] /config /enableglobalqueryblocklist 0|1 0 – If you want to disable the global query block list 1 – If you want the DNS Server service to ignore queries for the names in the block list
http://technet.microsoft.com/en-us/library/ee649250(v=ws.10).aspx

QUESTION 327
You need to ensure that only the members of the Power Users group and the members of the Administrators group can view the events in the System log. Which tools should you use?

A.    Wecutil
B.    Event Viewer
C.    Local Group Policy Editor
D.    Local Users and Groups

Answer: C

QUESTION 328
Your network contains a domain controller named DC1 that runs Windows Server 2008 R2 Service Pack 1 (SP1). You need to create a script to clear the address table cache of the physical network interface. Which tool should you run in the script?

A.    dnscmd.exe
B.    arp.exe
C.    netbtugc.exe
D.    nbtstat.exe

Answer: B

QUESTION 329
Your network contains a DNS server that hosts a zone for fabrikam.com. Dynamic updates are enabled on the zone. The network contains a Web server named web1.fabrikam.com. Web1.fabrikam.com uses the 172.23.1.6 IP address. Web1.fabrikam.com hosts three websites as shown in the exhibit. (Click the Exhibit button.)

You change the IP address of web1.fabrikam.com to 172.23.1.20. After the change, users report that they cannot access Web2 and Web3. The users can access Web1. You change the IP address of web1.fabrikam.com to 172.23.1.6. The users report that they can access all three websites. You need to ensure that when you change the IP address of web1.fabrikam.com, the users can access all three websites. What should you do?

A.    Change the host (A) records of web2.fabrikam.com and web3.fabrikam.com to service location (SRV) records.
B.    Restart the Netlogon service on web1.fabrikam.com.
C.    Restart the DNS Client service on web1.fabrikam.com.
D.    Change the host (A) records of web2.fabrikam.com and web3.fabrikam.com to canonical name (CNAME) records.

Answer: D

QUESTION 330
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. The service location (SRV) records for both of the domain controllers have default values. An SRV record for DC1 is shown in the exhibit. (Click the Exhibit button.)

You need to modify the SRV records to ensure that DC2 is contacted for authentication only when DC1 is unavailable. What should you do?

A.    Increase the weight value of the SRV records for DC2.
B.    Increase the weight value of the SRV records for DC1.
C.    Increase the priority value of the SRV records for DC1.
D.    Increase the priority value of the SRV records for DC2.

Answer: D
Explanation:
Priority The priority of the server. Clients attempt to contact the server with the lowest priority. Weight A load-balancing mechanism that is used when selecting a target host from those that have the same priority. Clients randomly choose SRV records that specify target hosts to be contacted, with probability proportional to the weight.
http://technet.microsoft.com/en-us/library/cc961719.aspx

http://www.passleader.com/70-642.html

QUESTION 331
Your network contains two Active Directory domains named contoso.com and fabrikam.com. Each domain contains several domain controllers. All of the domain controllers are configured as DNS servers for their respective domain. From a client computer in contoso.com, you discover that you cannot resolve host names in fabrikam.com. You need to ensure that the client computers in contoso.com can resolve host names in fabrikam.com. What should you do in contoso.com?

A.    Create a conditional forwarder.
B.    Disable forwarders.
C.    Modify the DNS suffix search order on all of the DNS servers.
D.    Create a reverse lookup zone.

Answer: A

QUESTION 332
Your network contains an Active Directory domain named contoso.com. A partner organization has an Active Directory domain named fabrikam.com. Your company plans to provide VPN access for fabrikam.com users. You need to configure Network Policy Server (NPS) to forward authentication requests to fabrikam.com. What should you configure on the NPS server?

A.    connection request policies
B.    system health validators (SHVs)
C.    health policies
D.    remediation server groups

Answer: A
Explanation:
Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.
http://technet.microsoft.com/en-us/library/cc753603.aspx

QUESTION 333
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server3 that has the DHCP Server server role installed. You need to configure Windows Firewall on Server3 to allow IPv4 client computers access to the DHCP Server service. Which port or ports should you allow through Windows Firewall?

A.    TCP 53 and UDP 53
B.    TCP 995
C.    TCP 67 and TCP 68
D.    UDP 995
E.    TCP 993
F.    TCP 587 and UDP 587
G.    UDP 993
H.    UDP 546 and UDP 547
I.    TCP 1433
J.    UDP 67 and UDP 68
K.    TCP 546 and TCP 547
L.    TCP 636
M.    UDP 1433

Answer: J
Explanation:
Use of well-known UDP ports for client/server communication Both BOOTP and DHCP use the same reserved protocol ports for sending and receiving messages between servers and clients. Both BOOTP and DHCP servers use UDP port 67 to listen for and receive client request messages. BOOTP and DHCP clients typically reserve UDP port 68 for accepting message replies from either a BOOTP server or DHCP server. Because DHCP and BOOTP messages use nearly identical format types and packet structures, and typically use the same well-known service ports, BOOTP or DHCP relay agent programs usually treat BOOTP and DHCP messages as essentially the same message type, without differentiating between them.
http://technet.microsoft.com/en-us/library/cc781243(v=ws.10).aspx

QUESTION 334
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server2 that has the DNS Server server role installed. You need to configure the Windows Firewall on Server2 to allow client computers access to the DNS Server service. Which port or ports should you allow through Windows Firewall?

A.    UDP 546 and UDP 547
B.    UDP 993
C.    TCP 993
D.    TCP 995
E.    UDP 995
F.    TCP 67 and TCP 68
G.    TCP 636
H.    TCP 587 and UDP 587
I.    TCP 546 and TCP 547
J.    UDP 67 and UDP 68
K.    UDP 1433
L.    TCP 1433
M.    TCP 53 and UDP 53

Answer: M
Explanation:
http://technet.microsoft.com/pt-br/library/dd197515(v=ws.10).aspx

QUESTION 335
Your network contains a server named DC1 that has the DHCP Server server role installed. You discover that clients are not being assigned IP addresses from DC1. You open the DHCP console as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that the clients can be assigned IP addresses from DC1. What should you do?

A.    Compact the database.
B.    Configure DHCP link layer-based filtering.
C.    Configure a DHCP Relay Agent.
D.    Restore the database from a backup.
E.    Configure Routing Information Protocol version 2 (RIPv2) on the router.
F.    Increase the database cleanup interval.
G.    Configure Open Shortest Path First (OSPF) on the router.
H.    Configure name protection.
I.    Reconcile the scope.
J.    Modify the start address.
K.    Authorize DC1 in Active Directory.

Answer: K

QUESTION 336
You need to ensure that only the members of the Power Users group and the members of the Administrators group can view the events in the System log. Which tools should you use?

A.    Wecutil
B.    Event Viewer
C.    Cacls
D.    Wevtutil

Answer: D

QUESTION 337
Your network contains an Active Directory forest named contoso.com. The forest contains a server named Server1 that runs Windows Server 2008 R2 Service Pack 1 (SP1) Standard. The forest contains a server named Server2 that runs Windows Server 2008 R2 SP1 Enterprise. Server1 and Server2 have the Print and Document Services server role installed. You need to migrate the print queues, printer settings, printer ports, and language monitors from Server1 to Server2. Which tool should you use?

A.    Print Management
B.    Printmig
C.    Active Directory Users and Computers
D.    Printui

Answer: A

QUESTION 338
Your network contains an Active Directory domain named contoso.com. The domain contains two Active Directory sites named Site1 and Site2. You have a domain-based Distributed File System (DFS) namespace named \\contoso.com\public that has a single namespace server located in Site1. You install another namespace server in Site2. You need to verify that the client computers in Site2 use the new namespace server. You want to achieve this goal by using the minimum amount of administrative effort. Which tool should you use?

A.    Share and Storage Management
B.    DFS Management
C.    Windows Explorer
D.    Services for Network File System (NFS)

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc732863(v=ws.10).aspx

QUESTION 339
Your network contains an Active Directory domain named contoso.com. The domain contains three VPN servers named VPN1, VPN2, and VPN3 that run Windows Server 2008 R2. You need to configure all of the VPN servers to use the same network policies. What should you configure on the VPN servers?

A.    remediation server groups
B.    the RADIUS Accounting accounting provider
C.    connection request policies
D.    the RADIUS Authentication authentication provider

Answer: C
Explanation:
Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.
http://technet.microsoft.com/en-us/library/cc753603.aspx

QUESTION 340
Your network contains an Active Directory forest. The forest contains the member servers configured as shown in the following table.

All servers run Windows Server 2008 R2. You deploy a new server named Server1. You need to configure Server1 to provide central authentication for all dial-up connections and all VPN connections. What should you install on Server1?

A.    Active Directory Lightweight Directory Services (AD LDS)
B.    Active Directory Federation Services (AD FS)
C.    Network Policy Server (NPS)
D.    Routing and Remote Access service (RRAS)

Answer: C
Explanation:
http://www.windowsnetworking.com/articles_tutorials/understanding-new-windows-server-2008-networkpolicy-server.html

http://www.passleader.com/70-642.html

Want To Pass The New 70-642 Exam Easily? DO NOT WORRY! PassLeader now is supplying the latest and 100 percent pass ensure version 448q 70-642 PDF dumps and VCE dumps, the new updated 70-642 braindumps are the most accurate with all the new changed 70-642 exam questions, it will help you passing 70-642 exam easily and quickly. Now visit the our site passleader.com and get the valid 448q 70-642 VCE and PDF exam questions and FREE VCE PLAYER!

QUESTION 341
Your network contains a server named Server1 that runs Windows Server 2008 R2 Service Pack 1 (SP1). A user named Admin1 opens Event Viewer on Server1 as shown in the exhibit. (Click the Exhibit button.)

Admin1 can view the events in the Application log and the System log. You need to ensure that Admin1 can view the events in the Security log. What should you modify?

A.    the user rights assignment
B.    the membership of the Event Log Readers group
C.    the permissions on the Server1 computer object
D.    the permissions on the Security.evtx file

Answer: A

QUESTION 342
Your network contains a DNS server that runs Windows Server 2008 R2 Service Pack 1 (SP1). You need to enable cache locking on the DNS server. Which tool should you use? (Each correct answer presents a complete solution. Choose two.)

A.    Regedit
B.    Dns
C.    Netsh
D.    DNS Manager
E.    Server Manager
F.    Dnscmd

Answer: AF
Explanation:
Open an elevated command prompt.
Type the following command, and then press ENTER:
dnscmd /Config /CacheLockingPercent <percent>
Restart the DNS Server service.
To configure cache locking using the Windows interface Click Start, click Run, type regedit.exe, and then press ENTER.
In Registry Editor, open
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters
If the CacheLockingPercent registry key is not present, right-click Parameters, click New, click DWORD (32-bit) Value, and then type CacheLockingPercent for the name of the new registry key.
Double-click the CacheLockingPercent registry key. Under Base, choose Decimal, under Value data type a value from 0 to 100 for the cache locking percent, and then click OK.
Close Registry Editor.
Restart the DNS Server service.
http://technet.microsoft.com/en-us/library/ee649148(v=ws.10)

QUESTION 343
Your network contains a server named Server1. An administrator named Admin1 installs the Windows Server Update Services (WSUS) server role on Server1. You open the Windows Server Update Services console and view the Products and Classifications options as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can select updates for Windows Server 2008 R2 Service Pack 1 (SP1) from the Products and Classifications options. What should you do?

A.    Add your user account to the WSUS Administrators group.
B.    Synchronize Server1 to the Microsoft Update servers.
C.    Configure a server that runs Windows Server 2008 R2 SP1 to download updates from Server1.
D.    Restart the Update Services service.

Answer: B
Explanation:
http://www.networkinghints.com/administrator/windows-server/can%C2%B4t-find-windows-7-servicepack-1-in-wsus/
http://windowsteamblog.com/windows/b/bloggingwindows/archive/2011/03/08/windows-7-sp1-available-viawsus.aspx

QUESTION 344
Your network contains an Active Directory domain named litwareinc.com. All domain controllers and servers run Windows Server 2008 R2 Service Pack 1 (SP1). A domain controller named DC1 hosts a primary zone for litwareinc.com. You have two servers named Server1 and Server2. Both servers host the same website. Server1 is located on a subnet named Subnet1. Server2 is located on a subnet named Subnet2. You create two host (A) records for web.litwareinc.com. One record points to the IP address of Server1. The other record points to the IP address of Server2. All users access the website by using the URL http://web. litwareinc.com. You discover that the client computers on Subnet1 always connect to Server1 when they access the URL http://web.litwareinc.com. You need to ensure that all of the client computers are distributed randomly between Server1 and Server2 when accessing the URL http://web.litwareinc.com. What should you do?

A.    Modify the time-to-live (TTL) value for the A records of Server1.litwareinc.com and server1.litwareinc.com.
B.    Disable DNS round robin on DC1.
C.    Disable netmask ordering on DC1.
D.    Modify the time-to-live (TTL) value for the A records ofweb.litwareinc.com.

Answer: C
Explanation:
Round robin: Determines whether the DNS server uses the round robin mechanism to rotate and reorder a list of resource records if multiple resource records exist of the same type that exist for a query answer. By default, the DNS Server service uses round robin. Netmask ordering: Determines whether the DNS server reorders address (A) resource records within the same resource record that is set in the server’s response to a query based on the Internet Protocol (IP) address of the source of the query.By default, the DNS Server service uses local subnet priority to reorder A resource records.
http://technet.microsoft.com/en-us/library/cc757837(v=ws.10).aspx

QUESTION 345
Your network contains an Active Directory domain. The domain contains several VPN servers that have the Routing and Remote Access service (RRAS) role service installed. You need to configure all of the VPN servers to use the same network policies. The solution must ensure that any changes to the network policies automatically apply to all of the VPN servers. What should you configure on the VPN servers?

A.    connection request policies
B.    system health validators (SHVs)
C.    IKEv2 client connections
D.    health policies
E.    the RADIUS Accounting accounting provider
F.    the RADIUS Authentication authentication provider
G.    the Windows Accounting accounting provider
H.    Group Policy preferences
I.    the Windows Authentication authentication provider
J.    remediation server groups

Answer: F

QUESTION 346
You have a virtual machine named VM1. VM1 uses a VHD file named Vml.vhd. A critical error occurs on VM1 that prevents the operating system on VM1 from starting. You need to mount Vml.vhd on a server that runs Windows Server 2008 R2 Service Pack 1 (SP1). Which tool should you use?

A.    Share and Storage Management
B.    Mountvol
C.    Storage Explorer
D.    Disk Management

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/bb490934.aspx

QUESTION 347
Your network contains a server named Server1. An administrator named Admin1 installs the Windows Server Update Services (WSUS) server role on Server1. You open the Windows Server Update Services console and view the Products and Classifications options as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can select updates for Windows Server 2008 R2 Service Pack 1 (SP1) from the Products and Classifications options. What should you do?

A.    From a command prompt, run wuauclt /detectnow.
B.    From a command prompt, run gpudate /force.
C.    From the WSUS Administration console, synchronize Server1.
D.    From the Service console, restart the Update Services service.

Answer: C

QUESTION 348
Your network contains a server named Server1 that runs Windows Server 2008 R2 Service Pack 1 (SP1). Server1 has a static IP address. You need to configure Server1 to receive an IP address from a DHCP server. Which Netsh context should you use?

A.    dhcpclient
B.    Ian
C.    interface
D.    netio

Answer: C
Explanation:
netsh interface
http://technet.microsoft.com/pt-br/library/cc738592(v=ws.10).aspx#BKMK_1

QUESTION 349
Your network contains servers that run Windows Server 2008 R2. All client computers run Windows 7. The network contains a VPN server that has the Routing and Remote Access service (RRAS) role service installed. You need to prevent VPN Reconnect from reestablishing the connection when a client computer disconnects from the network for more than one minute. Which VPN server properties should you modify?

A.    IP version 4 (IPv4)
B.    Internet Key Exchange version 2 (IKEv2)
C.    Point-to-Point Protocol (PPP)
D.    IP version 6 (IPv6)

Answer: B
Explanation:
VPN Reconnect uses IKEv2 technology to provide seamless and consistent VPN connectivity, automatically re-establishing a VPN when users temporarily lose their Internet connections. Users who connect using wireless mobile broadband will benefit most from this capability.
http://technet.microsoft.com/en-us/library/dd637830(v=ws.10).aspx

QUESTION 350
Your network contains an Active Directory forest named contoso.com. The forest contains a server named Server1 that is configured as an enterprise certification authority (CA). The forest contains a server named Server2 that has the Network Policy Server (NPS) role service installed. You deploy Network Access Protection (NAP). You discover that Server1 fails to issue health certificates. You need to ensure that health certificates can be issued. What should you do?

A.    Install an additional server, configure the new server as a standalone CA, and then configure the Health Registration Authority (HRA) to use the CA.
B.    From the Network Policy Server console, create a new health policy.
C.    From the Network Policy Server console, modify the Windows System Health Validators settings.
D.    Install the Host Credential Authorization Protocol (HCAP) role service on Server1.

Answer: A

http://www.passleader.com/70-642.html

QUESTION 351
Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 has the Network Policy Server (NPS) role service installed. You need to ensure that the NPS log files on Server1 contain information about the duration of client connections. What should you do?

A.    Enable the Authentication requests setting.
B.    Configure the DTS Compliant log file format.
C.    Configure the IAS (Legacy) log file format.
D.    Enable the Accounting requests setting.

Answer: B
Explanation:
The DTS Compliant log format is the newest one and only its XML have attributes for session duration such as Acct-Session-Time = “The length of time (in seconds) for which the session has been active.
http://technet.microsoft.com/en-us/library/cc771748(v=ws.10).aspx

QUESTION 352
Your network contains an Active Directory domain. The domain contains several VPN servers that run Windows Server 2008 R2. You need to log the time and the date users establish VPN connections to the network. The log must be stored in a central location. What should you configure on the VPN servers?

A.    the Windows Accounting accounting provider
B.    connection request policies
C.    health policies
D.    the RADIUS Accounting accounting provider

Answer: D
Explanation:
RADIUS accounting logs information about dial-in connections. This information is often used for billing purposes.

QUESTION 353
Your network contains a domain controller named DC1. DC1 hosts a zone named fabhkam.com. The properties of the zone are shown in the exhibit.(Click the Exhibit button.)

You need to ensure that only secure dynamic updates are accepted for the fabrikam.com zone. What should you do first?

A.    Configure the zone to be stored in Active Directory.
B.    Change the zone to a secondary zone.
C.    Pause the zone.
D.    Modify the NTFS permissions of the zone file.

Answer: A

QUESTION 354
Your network contains a DNS server that runs Windows Server 2008 R2 Service Pack 1 (SP1). You need to prevent the DNS server from accepting updates for cached resource records until the time-to-live (TTL) value of the cached resource records expires. Which tool should you use? (Each correct answer presents a complete solution. Choose two.)

A.    Server Manager
B.    Netsh
C.    DNS Manager
D.    Regedit
E.    Dnscmd
F.    Dns

Answer: DE

QUESTION 355
A corporate network includes two servers named File1 and File2 that run Windows Server 2008 R2. You need to ensure that a specific user can schedule Data Collector Sets (DCSs) on File2. The solution must minimize the number of rights assigned to the user. What should you do?

A.    Add the user to the Performance Log Users group on File2.
B.    Assign the Profile single process user right to the user on File2.
C.    Assign the Bypass traverse checking user right to the user on File2.
D.    Add the user to the Performance Monitor Users group on File2.

Answer: A

QUESTION 356
Your company is implementing Network Access Protection (NAP) with DHCP enforcement. You need to define which network resources non-compliant client computers can access. What should you configure?

A.    remediation server groups
B.    health policies
C.    connection request policies
D.    system health validators (SHVs)

Answer: A
Explanation:
Remediation server groups are used to specify servers that are available to noncompliant Network Access Protection (NAP) clients for the purpose of remediating their health state to comply with health requirements. The type of remediation servers that are required depend on your health requirements and network access methods.
http://technet.microsoft.com/en-us/library/dd759158.aspx

QUESTION 357
You need to mount a VHD file that was created by using Windows Server Backup. Which tool should you use?

A.    Storage Explorer
B.    Imagex
C.    Disk Management
D.    Mount

Answer: C
Explanation:
Disk Management – How to Mount and Unmount VHD Images:
http://www.7tutorials.com/disk-management-how-mount-and-unmount-vhd-images

QUESTION 358
Your network contains a server named DC1 that has the DHCP Server server role installed. Clients located on the same subnet as DC1 are assigned valid IP addresses from DC1. Clients located on a different subnet are not assigned IP addresses from DC1. You verify that there is network connectivity between the two subnets. You need to ensure that the clients on both of the subnets can receive IP addresses from DC1. What should you do?

A.    Authorize DC1 in Active Directory.
B.    Increase the database cleanup interval.
C.    Configure Routing Information Protocol version 2 (RIPv2) on the router.
D.    Configure a DHCP Relay Agent.
E.    Restore the database from a backup.
F.    Configure name protection.
G.    Reconcile the scope.
H.    Configure DHCP link layer-based filtering.
I.    Modify the start address.
J.    Configure Open Shortest Path First (OSPF) on the router.
K.    Compact the database.

Answer: D

QUESTION 359
Your network contains a server named Server1 that runs Windows Server 2008 R2 Service Pack 1 (SP1). You log on to Server1 by using an account named Admin1, and then you open Event Viewer as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can view all of the events in the Security log. What should you do?

A.    From the Local Group Policy Editor, set Retain old events to Enabled for the Security log.
B.    From a command prompt, run net localgroup /add “Event Log Readers” Admin1.
C.    From Event Viewer, right-click Security, and then click Refresh.
D.    From the Local Group Policy Editor, set Log access to Enabled for the Security log.
E.    From Event Viewer, right-click Security, and then click Clear Filter.

Answer: E

QUESTION 360
Your network contains a server named Server1 that runs Windows Server 2008 R2 Service Pack 1 (SP1). Server1 has Microsoft SQL Server 2008 R2 and the File Services server role installed. Users report that access to Server1 during the morning is very slow. An administrator creates a Data Collector Set and provides the results shown in the exhibit. (Click the Exhibit button.)

You need to log the CPU utilization of the processes running on Server1 if the CPU utilization exceeds 85 percent for more than one minute. What should you do? (Each correct answer presents part of the solution. Choose two.)

A.    Configure an action on the performance alert to run the systempropertiesperformance.exe command.
B.    Configure a trigger on the performance alert to start the System Performance Data Collector Set.
C.    Enable the SQMLogger event trace session.
D.    Create a scheduled task that runs the Get-PSProvider cmdlet.
E.    Create a Data Collector Set that has a performance alert for \Processor (_Total)\%Processor Time.

Answer: BE

http://www.passleader.com/70-642.html

QUESTION 361
Your network contains an Active Directory domain named contoso.com. The domain contains two Active Directory sites named Site1 and Site2. You have a domain-based Distributed File System (DFS) namespace named \\contoso.com\public that has a single namespace server located in Site1. You install another namespace server in Site2. You need to verify that the client computers in Site2 use the new namespace server. You want to achieve this goal by using the minimum amount of administrative effort. Which tool should you use?

A.    Share and Storage Management
B.    DfsrAdmin
C.    Dfscmd
D.    Dfsrdiag

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc736784(v=ws.10).aspx#BKMK_26

QUESTION 362
Your network contains a server named DC1 that has the DHCP Server server role installed. DC1 has a DHCP scope for the 10.10.10.0/24 network ID. You discover the following warning message in the Event log on DC1:
“Scope, Scope1, is 98 percent full with only two IP addresses remaining.”
You need to ensure that DC1 has enough IP addresses to assign to clients. The solution must not cause any IP conflicts. What should you do?

A.    Configure Routing Information Protocol version 2 (RIPv2) on the router.
B.    Authorize DC1 in Active Directory.
C.    Configure Open Shortest Path First (OSPF) on the router.
D.    Modify the start address.
E.    Configure DHCP link layer-based filtering.
F.    Configure name protection.
G.    Restore the database from a backup.
H.    Compact the database.
I.    Increase the database cleanup interval.
J.    Configure a DHCP Relay Agent.
K.    Reconcile the scope.

Answer: I

QUESTION 363
Your network contains a server named Server1 that runs Windows Server 2008 R2 Service Pack (SP1). All users have laptops that run Windows 7. The users frequently work from network locations that only allow outbound communication to the Internet by using HTTP and HTTPS. You plan to configure Server1 as a VPN server. You need to identify which VPN protocol you should use to ensure that all of the users can establish VPN connections to Server1. Which VPN protocol should you identify?

A.    PPTP
B.    SSTP
C.    L2TP
D.    IKEv2

Answer: B

QUESTION 364
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has Microsoft SQL Server 2008 R2 installed. You need to configure the Windows Firewall on Server1 to allow client computers access to the SQL Server installation. Which port or ports should you allow through Windows Firewall?

A.    TCP 1433
B.    TCP 587 and UDP 587
C.    UDP 67 and UDP 68
D.    TCP 53 and UDP 53
E.    TCP 546 and TCP 547
F.    UDP 546 and UDP 547
G.    TCP 636
H.    UDP 1433
I.    TCP 995
J.    UDP 995
K.    UDP 993
L.    TCP 993
M.    TCP 67 and TCP 68

Answer: A
Explanation:
SQL Server is a Winsock application that communicates over TCP/IP by using the sockets network library. SQL Server listens for incoming connections on a particular port. The default port for SQL Server is 1433. The port doesn’t need to be 1433, but 1433 is the official Internet Assigned Number Authority (IANA) socket number for SQL Server.
http://support.microsoft.com/kb/287932/EN-US

QUESTION 365
Your network contains a file server named Server1 that runs Windows Server 2008 R2. You have several UNIX-based client computers on the network. Users report that they cannot access shared folders on Server1 from the UNIX-based client computers. You need to ensure that users can access the shared folders on Server1. What should you install on Server1?

A.    Network Policy Server (NPS)
B.    Services for Network File System (NFS)
C.    Simple TCP/IP Services
D.    File Server Resource Manager (FSRM)

Answer: B
Explanation:
Services for Network File System (NFS) provides a file-sharing solution for enterprises that have a mixed Windows and UNIX environment. Services for NFS enables users to transfer files between computers running the Windows Server 2008 operating system and UNIX-based computers using the NFS protocol.
http://technet.microsoft.com/en-us/library/cc753302(v=ws.10).aspx

QUESTION 366
Your network contains a file server named Server1 that runs Windows Server 2008 R2. Server1 contains several shared folders. All of the shared folders are located in a volume named Data. You create a new shared folder named Shares in the Data volume. You need to limit the amount of data that users can save in Shares. The limit must NOT apply to any other shared folders. Which tool should you use?

A.    Share and Storage Management
B.    File Server Resource Manager (FSRM)
C.    Storage Explorer
D.    Windows Explorer

Answer: B

QUESTION 367
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server6 that runs a third-party POP3 server. Server6 only supports encrypted POP3 connections. You need to configure the Windows Firewall on Server6 to allow client computers access to the POP3 server. Which port or ports should you allow through Windows Firewall?

A.    UDP 993
B.    TCP 587 and UDP 587
C.    UDP 995
D.    TCP 53 and UDP 53
E.    UDP 546 and UDP 547
F.    TCP 636
G.    TCP 995
H.    TCP 546 and TCP 547
I.    UDP 1433
J.    UDP 67 and UDP 68
K.    TCP 1433
L.    TCP 993
M.    TCP 67 and TCP 68

Answer: G
Explanation:
http://technet.microsoft.com/en-us/library/cc959833.aspx

QUESTION 368
Your network contains a server named DC1 that has the DHCP Server server role installed. You discover the following warning message in the Event log of DC1:
“‘The DHCP service encountered the following error while cleaning up the database: An error occurred while accessing the DHCP database. Look at the DHCP server event log for more information on this error.”
You need to resolve the warning message. What should you do?

A.    Restore the database from a backup.
B.    Increase the database cleanup interval.
C.    Configure Routing Information Protocol version 2 (RIPv2) on the router.
D.    Configure name protection.
E.    Reconcile the scope.
F.    Authorize DC1 in Active Directory.
G.    Configure Open Shortest Path First (OSPF) on the router.
H.    Compact the database.
I.    Configure DHCP link layer-based filtering.
J.    Modify the start address.
K.    Configure a DHCP Relay Agent.

Answer: A

QUESTION 369
Your network contains a domain controller named DC1. DC1 hosts a zone named contoso.com. The properties of the zone are shown in the exhibit. (Click the Exhibit button.)

You need to ensure that only secure dynamic updates are accepted for the contoso.com zone. What should you do first?

A.    Modify the NTFS permissions of the zone file.
B.    Change the zone to a secondary zone.
C.    Configure the zone to be stored in Active Directory.
D.    Pause the zone.

Answer: C

QUESTION 370
Your network contains an Active Directory domain named contoso.com. The domain contains two DNS servers named DC1 and Server1. DC1 is a domain controller. Server1 is member server. On Server1, you create a primary zone named fabrikam.com. You need to create a copy of the fabrikam.com zone on DC1. What should you do? (Each correct answer presents part of the solution. Choose two.)

A.    Create a new secondary zone on DC1.
B.    Run the New Delegation Wizard on DC1.
C.    Create a new Active Directory-integrated stub zone on DC1.
D.    Run the New Delegation Wizard on Server1.
E.    Modify the Name Servers list for the fabrikam.com zone.
F.    Modify the start of authority (SOA) record of the fabrikam.com zone.

Answer: AE
Explanation:
http://technet.microsoft.com/en-us/library/dd197427(v=ws.10).aspx
A DNS database can be partitioned into multiple zones. A zone is a portion of the DNS database that contains the resource records with the owner names that belong to the contiguous portion of the DNS namespace. Zone files are maintained on DNS servers. A single DNS server can be configured to host zero, one, or multiple zones. The new zone fabrikam.com is a totally new domain and zone and is thus in no way related to contoso.com. This is allowed as DNS servers are capable of hosting multiple, unrelated zones.

http://www.passleader.com/70-642.html

QUESTION 371
Your network contains a domain controller named DC1. DC1 hosts a zone for contoso.com. The properties of the zone are shown in the exhibit. (Click the Exhibit button.)

You need to audit all of the changes made to the zone by a user named User1. What should you do first?

A.    Configure the zone as Active Directory-integrated.
B.    Configure the Debug Logging settings on DC1.
C.    Configure the Event Logging settings on DC1.
D.    Add Userl to the DnsUpdateProxy group.

Answer: A

QUESTION 372
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008 R2 Service Pack 1 (SP1). Server1 has the Windows Server Update Services (WSUS) server role installed. Server1 downloads updates from Microsoft Update every day. You have an isolated test network that is not connected to the production network. On the test network, you implement a WSUS server named Server2. Server2 has the same WSUS configuration as Server1. You need to ensure that Server2 can distribute the same updates as Server1. Which actions should you perform? (Each correct answer present part of the solution. Choose three.)

A.    On Server2, run wsusutil.exe and specify the import parameter.
B.    On Server1, run wsusutil.exe and specify the export parameter.
C.    On Server2, restore the system state.
D.    On Server1, back up the system state.
E.    Copy the WSUSContent folder from Server1 to Server2.

Answer: ABE
Explanation:
http://technet.microsoft.com/en-us/library/cc463370(v=ws.10).aspx#BKMK_V3

QUESTION 373
Your network contains a subnet named Subnet1. You add a new subnet named Subnet2 to the network. Subnet1 and Subnet2 are connected by a router named Router1. You need to configure the IP addresses on Router1 to ensure that IP traffic can be routed between Subnet1 and Subnet2. Which IP addresses should you assign to Router1? To answer, drag the appropriate IP address to the correct interface in the answer area. Select and Place:

Answer:

QUESTION 374
Your network contains an Active Directory forest named contoso.com. The forest contains a server named Server1 that has two network adapters. You plan to configure Server1 as a DirectAccess server. You need to assign the correct IP addresses to the external network card on the DirectAccess server. What should you do? To answer, drag the appropriate IP address to the correct network adapter in the answer area. Select and Place:

Answer:

QUESTION 375
Your network contains a server named Server1 that runs Windows Server 2008 R2. On Server1, you share a folder named Share1. Users report that when they try to open some of the folders in Share1, they receive an Access is Denied error message. You need to ensure that when the users connect to Share1, they only see the files and the folders to which they are assigned permissions. Which administrative tool should you use to achieve this task? To answer, select the appropriate tool in the answer area.

Answer:

QUESTION 376
You configure a full server backup on a server as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that a full server backup runs each day at 23:45 and that a custom script runs when the backup completes. Which tool should you use?

A.    Task Scheduler
B.    Windows Server Backup
C.    System Configuration
D.    Services

Answer: A

QUESTION 377
Your company contains an active directory domain name contoso.com. The network contains three subnets that they are separated by firewall. The domain has a server named server5 that has active directory lightweight services. Server5 only support encrypted LDAP connection. You need to configure to ensure the client computers can access the LDAP services on server5. Which port should you allow through windows firewall.

A.    TCP 389
B.    TCP 636
C.    UDP 636
D.    UDP 53

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

QUESTION 378
You are an administrator at Oaktree.com. Oaktree.com has opened a new branch office at a new location. Windows Server 2008 is implemented on the servers. The initial network has 20 computers. You are asked to configure an appropriate IP addressing scheme in the network. Which network address should you use to accomplish this task?

A.    192.10.100.0/26
B.    192.10.100.0/30
C.    192.10.100.0/29
D.    192.10.100.0./31
E.    None of the above

Answer: A

QUESTION 379
You have a server that runs Windows Server 2008. You need to prevent the server from establishing communication sessions to other computers by using TCP port 25. What should you do?

A.    From Windows Firewall, add an exception.
B.    From Windows Firewall, enable the Block all incoming connections option.
C.    From the Windows Firewall with Advanced Security snap-in, create an inbound rule.
D.    From the Windows Firewall with Advanced Security snap-in, create an outbound rule.

Answer: D

QUESTION 380
A domain controller named DC12 runs critical services. Restructuring of the organizational unit hierarchy for the domain has been completed and unnecessary objects have been deleted. You need to perform an offline defragmentation of the Active Directory database on DC12. You also need to ensure that the critical services remain online. What should you do?

A.    Start the domain controller in the Directory Services restore mode.
Run the Defrag utility.
B.    Start the domain controller in the Directory Services restore mode.
Run the Ntdsutil utility.
C.    Stop the Domain Controller service in the Services (local) Microsoft Management Console (MMC).
Run the Defrag utility.
D.    Stop the Domain Controller service in the Services (local) Microsoft Management Console (MMC).
Run the Ntdsutil utility.

Answer: D

http://www.passleader.com/70-642.html

QUESTION 381
You need to identify all failed logon attempts on the domain controllers. What should you do?

A.    Run Event Viewer.
B.    View the Netlogon.log file.
C.    Run the Security Configuration Wizard.
D.    View the Security tab on the domain controller computer object.

Answer: A

QUESTION 382
You create 200 new user accounts. The users are located in six different sites. New users report that they receive the following error message when they try to log on: “The username or password is incorrect.” You confirm that the user accounts exist and are enabled. You also confirm that the user name and password information supplied are correct. You need to identify the cause of the failure. You also need to ensure that the new users are able to log on. Which utility should you run?

A.    Rsdiag
B.    Rstools
C.    Repadmin
D.    Active Directory Domains and Trusts

Answer: C

QUESTION 383
You need to validate whether Active Directory successfully replicated between two domain controllers. What should you do?

A.    Run the DSget command.
B.    Run the Dsquery command.
C.    Run the RepAdmin command.
D.    Run the Windows System Resource Manager.

Answer: C

QUESTION 384
Your network consists of a single Active Directory domain.? All domain controllers run Windows Server 2008 R2. You need to identify the Lightweight Directory Access Protocol (LDAP) clients that are using the largest amount of available CPU resources on a domain controller. What should you do?

A.    Review performance data in Resource Monitor.
B.    Review the Hardware Events log in the Event Viewer.
C.    Run the LAN Diagnostics Data Collector Set. Review the LAN Diagnostics report.
D.    Run the Active Directory Diagnostics Data Collector Set. Review the Active Directory Diagnostics report.

Answer: D

QUESTION 385
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. You need to capture all replication errors from all domain controllers to a central location. What should you do?

A.    Configure event log subscriptions.
B.    Start the System Performance data collector set.
C.    Start the Active Directory Diagnostics data collector set.
D.    Install Network Monitor and create a new capture.

Answer: A

QUESTION 386
You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement a certification authority (CA) server that meets the following requirements:
– Allows the certification authority to automatically issue certificates
– Integrates with Active Directory Domain Services
What should you do?

A.    Install and configure the Active Directory Certificate Services server role as a Standalone Root CA.
B.    Install and configure the Active Directory Certificate Services server role as an Enterprise Root CA.
C.    Purchase a certificate from a third-party certification authority. Install and configure the Active Directory Certificate Services server role as a Standalone Subordinate CA.
D.    Purchase a certificate from a third-party certification authority. Import the certificate into the computer store of the schema master.

Answer:

QUESTION 387
Your network contains an Active Directory forest named adatum.com. You need to create an Active Directory Rights Management Services (AD RMS) licensing-only cluster. What should you install before you create the AD RMS root cluster?

A.    The Failover Cluster feature
B.    The Active Directory Certificate Services (AD CS) role
C.    Microsoft Exchange Server 2010
D.    Microsoft SharePoint Server 2010
E.    Microsoft SQL Server 2008

Answer: E

QUESTION 388
Your network contains an Active Directory domain named contoso.com. The contoso.com domain contains a domain controller named DC1. You create an Active Directory-integrated GlobalNames zone. You add an alias (CNAME) resource record named Server1 to the zone. The target host of the record is server2.contoso.com. When you ping Server1, you discover that the name fails to resolve. You are able to successfully ping server2.contoso.com. You need to ensure that you can resolve names by using the GlobalNames zone. Which command should you run?

A.    Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /domain
B.    Dnscmd DCl.contoso.com /config /Enableglobalnamessupport forest
C.    Dnscmd DCl.contoso.com/config/Enableglobalnamessupport 1
D.    Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /forest

Answer: C

QUESTION 389
You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server named Server1. You need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS. Which protocol should you allow on Server1?

A.    Kerberos
B.    SSL
C.    SMB
D.    RPC

Answer: B

QUESTION 390
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Server 2008 R2 Standard. You need to create an enterprise subordinate certification authority (CA) that can issue certificates based on version 3 certificate templates. You must achieve this goal by using the minimum amount of administrative effort. What should you do first?

A.    Run the certutil.exe – addenrollmentserver command.
B.    Install the Active Directory Certificate Services (AD CS) role on the member server.
C.    Upgrade the member server to Windows Server 2008 R2 Enterprise.
D.    Run the certutil.exe – installdefaulttemplates command.

Answer: C

http://www.passleader.com/70-642.html

QUESTION 391
Your network contains a server named Server1. The Active Directory Rights Management Services (AD RMS) server role is installed on Server1. An administrator changes the password of the user account that is used by AD RMS. You need to update AD RMS to use the new password. Which console should you use?

A.    Active Directory Rights Management Services
B.    Active Directory Users and Computers
C.    Local Users and Groups
D.    Services

Answer: A

QUESTION 392
Your network contains an Active Directory domain. The domain contains several domain controllers. You need to modify the Password Replication Policy on a read-only domain controller (RODC). Which tool should you use?

A.    Group Policy Management
B.    Active Directory Domains and Trusts
C.    Active Directory Users and Computers
D.    Computer Management
E.    Security Configuration Wizard

Answer: C

QUESTION 393
Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise. You need to approve a pending certificate request. Which snap-in should you use?

A.    Active Directory Users and Computers
B.    Authorization Manager
C.    Certification Authority
D.    Group Policy Management
E.    Certificate Templates
F.    TPM Management
G.    Certificates
H.    Enterprise PKI
I.    Security Templates

Answer: C

QUESTION 394
Your network contains an Active Directory domain named adatum.com. You need to ensure that IP addresses can be resolved to fully qualified domain names (FQDNs). Under which node in the DNS snap-in should you add a zone?

A.    Reverse Lookup Zones
B.    adatum.com
C.    Forward Lookup Zones
D.    Conditional Forwarders
E.    _msdcs.adatum.com

Answer: A

QUESTION 395
Your network contains an Active Directory domain named adatum.com. The domain contains a domain controller named DC1. DC1 has an IP address of 192.168.200.100. You need to identify the zone that contains the Pointer (PTR) record for 0C1. Which zone should you identify?

A.    adatum.com
B.    _msdcs.adatum.com
C.    100.168.192.in-addr.arpa
D.    200.168.192.in-addr.arpa

Answer: D

QUESTION 396
Your network contains an Active Directory forest named adatum.com. The DNS infrastructure fails. You rebuild the DNS infrastructure. You need to force the registration of the Active Directory Service Locator (SRV) records in DNS. Which service should you restart on the domain controllers?

A.    Netlogon
B.    DNS Server
C.    Network Location Awareness
D.    Network Store Interface Service
E.    Online Responder Service

Answer: A

QUESTION 397
Your network contains an Active Directory domain named adatum.com. The password policy of the domain requires that the passwords for all user accounts be changed every 50 days. You need to create several user accounts that will be used by services. The passwords for these accounts must be changed automatically every 50 days. Which tool should you use to create the accounts?

A.    Active Directory Administrative Center
B.    Active Directory Users and Computers
C.    Active Directory Module for Windows PowerShell
D.    ADSI Edit
E.    Active Directory Domains and Trusts

Answer: C

QUESTION 398
Hotspot Questions
Your network contains an Active Directory forest named contoso.com. All client computers run Windows 7 Enterprise. You need to automatically create a local group named PowerManagers on each client computer that contains a battery. The solution must minimize the amount of administrative effort. Which node in Group Policy Management Editor should you use? To answer, select the appropriate node in the answer area.

Answer:

QUESTION 399
Drag and Drop Questions
Your network contains two forests named contoso.com and fabrikam.com. The functional level of all the domains is Windows Server 2003. The functional level of both forests is Windows 2000. You need to create a trust between contoso.com and fabrikam.com. The solution must ensure that users from contoso.com can only access the servers in fabrikam.com that have the Allowed to Authenticate permission set. What should you do? To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order.

Answer:

QUESTION 400
Your network has an internal network and a perimeter network. A firewall named Firewall1 separates the perimeter network and the Internet. You deploy a server named Server1 to the perimeter network. You configure Server1 as a PPTP VPN server. You need to ensure that users from the Internet can establish VPN connections to Server1. The solution must minimize the number of open ports on Firewall1. What should you open on the firewall? (Each correct answer presents part of the solution. Choose three.)

A.    UDP 1723
B.    UDP 4500
C.    TCP 500
D.    TCP 4500
E.    UDP 500
F.    Protocol 50
G.    TCP 1723
H.    Protocol 47

Answer: AGH
Explanation:
http://www.speedguide.net/port.php?port=1723

http://www.passleader.com/70-642.html

What are the new 70-640 exam questions? And Where to download the latest 70-640 exam dumps? Now, PassLeader have been publised the new version of 70-640 braindumps with new added 70-640 exam questions. PassLeader offer the latest 70-640 PDF and VCE dumps with New Version VCE Player for free download, and PassLeader’s new 651q 70-640 practice tests ensure your exam 100 percent pass. Visit www.passleader.com to get the 100 percent pass ensure 651q 70-640 exam questions!

keywords: 70-640 exam,651q 70-640 exam dumps,651q 70-640 exam questions,70-640 pdf dumps,70-640 practice test,70-640 vce dumps,70-640 study guide,70-640 braindumps,TS: Windows Server 2008 Active Directory, Configuring Exam

QUESTION 16
Your company has two Active Directory forests named contoso.com and fabrikam.com. Both forests run only domain controllers that run Windows Server 2008. The domain functional level of contoso.com is Windows Server 2008. The domain functional level of fabrikam.com is Windows Server 2003 Native mode. You configure an external trust between contoso.com and fabrikam.com. You need to enable the Kerberos AES encryption option. What should you do?

A.    Raise the forest functional level of fabrikam.com to Windows Server 2008.
B.    Raise the domain functional level of fabrikam.com to Windows Server 2008.
C.    Raise the forest functional level of contoso.com to Windows Server 2008.
D.    Create a new forest trust and enable forest-wide authentication.

Answer: B

QUESTION 17
All consultants belong to a global group named TempWorkers. You place three file servers in a new organizational unit named SecureServers. The three file servers contain confidential data located in shared folders. You need to record any failed attempts made by the consultants to access the confidential data. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Create and link a new GPO to the SecureServers organizational unit. Configure the Deny access to this computer from the network user rights setting for the TempWorkers global group.
B.    Create and link a new GPO to the SecureServers organizational unit. Configure the Audit privilege use Failure audit policy setting.
C.    Create and link a new GPO to the SecureServers organizational unit. Configure the Audit object access Failure audit policy setting.
D.    On each shared folder on the three file servers, add the three servers to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.
E.    On each shared folder on the three file servers, add the TempWorkers global group to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.

Answer: CE

QUESTION 18
You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an Enterprise Root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server2 to issue certificate revocation lists (CRLs) for the enterprise root CA. Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Import the enterprise root CA certificate.
B.    Import the OCSP Response Signing certificate.
C.    Add the Server1 computer account to the CertPublishers group.
D.    Set the Startup Type of the Certificate Propagation service to Automatic.

Answer: AB

QUESTION 19
Your company has an Active Directory forest. The forest includes organizational units corresponding to the following four locations:
– London
– Chicago
– New York
– Madrid
Each location has a child organizational unit named Sales. The Sales organizational unit contains all the users and computers from the sales department. The offices in London, Chicago, and New York are connected by T1 connections. The office in Madrid is connected by a 256-Kbps ISDN connection. You need to install an application on all the computers in the sales department. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Create a Group Policy Object (GPO) named OfficeInstall that assigns the application to users. Link the GPO to each Sales organizational unit.
B.    Disable the slow link detection setting in the Group Policy Object (GPO).
C.    Configure the slow link detection threshold setting to 1,544 Kbps (T1) in the Group Policy Object (GPO).
D.    Create a Group Policy Object (GPO) named OfficeInstall that assigns the application to the computers. Link the GPO to each Sales organizational unit.

Answer: BD

QUESTION 20
Your company has a domain controller server that runs the Windows Server 2008 R2 operating system. The server is a backup server. The server has a single 500-GB hard disk that has three partitions for the operating system, applications, and data. You perform daily backups of the server. The hard disk fails. You replace the hard disk with a new hard disk of the same capacity. You restart the computer on the installation media. You select the Repair your computer option. You need to restore the operating system and all files. What should you do?

A.    Select the System Image Recovery option.
B.    Run the Imagex utility at the command prompt.
C.    Run the Wbadmin utility at the command prompt.
D.    Run the Rollback utility at the command prompt.

Answer: C

QUESTION 21
You need to remove the Active Directory Domain Services role from a domain controller named DC1. What should you do?

A.    Run the netdom remove DC1 command.
B.    Run the Dcpromo utility. Remove the Active Directory Domain Services role.
C.    Run the nltest /remove_server: DC1 command.
D.    Reset the Domain Controller computer account by using the Active Directory Users and Computers utility.

Answer: B

QUESTION 22
Your company has an Active Directory forest. The company has branch offices in three locations. Each location has an organizational unit. You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Run the Delegation of Control wizard and delegate the right to link GPOs for their branch organizational units to the branch office administrators.
B.    Add the user accounts of the branch office administrators to the Group Policy Creator Owners Group.
C.    Modify the Managed By tab in each organizational unit to add the branch office administrators to their respective organizational units.
D.    Run the Delegation of Control wizard and delegate the right to link GPOs for the domain to the branch office administrators.

Answer: AB

http://www.passleader.com/70-640.html

QUESTION 23
One of the remote branch offices is running a Windows Server 2008 read only domain controller (RODC). For security reasons you don’t want some critical credentials like (passwords, encryption keys) to be stored on RODC. What should you do so that these credentials are not replicated to any RODC’s in the forest? (Select 2)

A.    Configure RODC filtered attribute set on the server.
B.    Configure RODC filtered set on the server that holds Schema Operations Master role.
C.    Delegate local administrative permissions for an RODC to any domain user without granting that user any user rights for the domain.
D.    Configure forest functional level server for Windows server 2008 to configure filtered attribute set.
E.    None of the above.

Answer: BD

QUESTION 24
Company has a server with Active Directory Rights Management Services (AD RMS) server installed. Users have computers with Windows Vista installed on them with an Active Directory domain installed at Windows Server 2003 functional level. As an administrator at Company, you discover that the users are unable to benefit from AD RMS to protect their documents. You need to configure AD RMS to enable users to use it and protect their documents. What should you do to achieve this functionality?

A.    Configure an email account in Active Directory Domain Services (AD DS) for each user.
B.    Add and configure ADRMSADMIN account in local administrators group on the user computers.
C.    Add and configure the ADRMSSRVC account in AD RMS server’s local administrator group.
D.    Reinstall the Active Directory domain on user computers.
E.    All of the above.

Answer: A

QUESTION 25
Company has an active directory forest on a single domain. Company needs a distributed application that employs a custom application. The application is directory partition software named PARDAT. You need to implement this application for data replication. Which two tools should you use to achieve this task? (Choose two answers. Each answer is a part of a complete solution)

A.    Dnscmd
B.    Ntdsutil
C.    Ipconfig
D.    Dnsutil
E.    All of the above

Answer: AB

QUESTION 26
Company has an Active Directory forest with six domains. The company has 5 sites. The company requires a new distributed application that uses a custom application directory partition named ResData for data replication. The application is installed on one member server in five sites. You need to configure the five member servers to receive the ResData application directory partition for data replication. What should you do?

A.    Run the Dcpromo utility on the five member servers.
B.    Run the Regsvr32 command on the five member servers
C.    Run the Webadmin command on the five member servers
D.    Run the RacAgent utility on the five member servers

Answer: A

QUESTION 27
As an administrator at Company, you have installed an Active Directory forest that has a single domain. You have installed an Active Directory Federation services (AD FS) on the domain member server. What should you do to configure AD FS to make sure that AD FS token contains information from the active directory domain?

A.    Add a new account store and configure it.
B.    Add a new resource partner and configure it
C.    Add a new resource store and configure it
D.    Add a new administrator account on AD FS and configure it
E.    None of the above

Answer: A

QUESTION 28
Company runs Window Server 2008 on all of its servers. It has a single Active Directory domain and it uses Enterprise Certificate Authority. The security policy at ABC.com makes it necessary to examine revoked certificate information. You need to make sure that the revoked certificate information is available at all times. What should you do to achieve that?

A.    Add and configure a new GPO (Group Policy Object) that enables users to accept peer certificates and link the GPO to the domain.
B.    Configure and use a GPO to publish a list of trusted certificate authorities to the domain.
C.    Configure and publish an OCSP (Online certificate status protocol) responder through ISAS (Internet Security and Acceleration Server) array.
D.    Use network load balancing and publish an OCSP responder.
E.    None of the above.

Answer: D

QUESTION 29
As the Company administrator you had installed a read-only domain controller (RODC) server at remote location. The remote location doesn’t provide enough physical security for the server. What should you do to allow administrative accounts to replicate authentication information to Read-Only Domain Controllers?

A.    Remove any administrative accounts from RODC’s group.
B.    Add administrative accounts to the domain Allowed RODC Password Replication group.
C.    Set the Deny on Receive as permission for administrative accounts on the RODC computer account Security tab for the Group Policy Object (GPO).
D.    Configure a new Group Policy Object (GPO) with the Account Lockout settings enabled. Link the GPO to the remote location. Activate the Read Allow and the Apply group policy Allow permissions for the administrators on the Security tab for the GPO.
E.    None of the above.

Answer: B

QUESTION 30
ABC.com boasts a two-node Network Load Balancing cluster which is called web.L2P.com. The purpose of this cluster is to provide load balancing and high availability of the intranet website only. With monitoring the cluster, you discover that the users can view the Network Load Balancing cluster in their Network Neighborhood and they can use it to connect to various services by using the name web.L2P.com. You also discover that there is only one port rule configured for Network Load Balancing cluster. You have to configure web.L2P.com NLB cluster to accept HTTP traffic only. Which two actions should you perform to achieve this objective? (Choose two answers. Each answer is part of the complete solution)

A.    Create a new rule for TCP port 80 by using the Network Load Balancing Cluster console
B.    Run the wlbs disable command on the cluster nodes
C.    Assign a unique port rule for NLB cluster by using the NLB Cluster console
D.    Delete the default port rules through Network Load Balancing Cluster console

Answer: AD

http://www.passleader.com/70-640.html

QUESTION 31
ABC.com has a main office and a branch office. ABC.com’s network consists of a single Active Directory forest. Some of the servers in the network run Windows Server 2008 and the rest run Windows server 2003. You are the administrator at ABC.com. You have installed Active Directory Domain Services (AD DS) on a computer that runs Windows Server 2008. The branch office is located in a physically insecure place. It has no IT personnel onsite and there are no administrators over there. You need to setup a Read-Only Domain Controller (RODC) on the Server Core installation computer in the branch office. What should you do to setup RODC on the computer in branch office?

A.    Execute an attended installation of AD DS
B.    Execute an unattended installation of AD DS
C.    Execute RODC through AD DS
D.    Execute AD DS by using deploying the image of AD DS
E.    none of the above

Answer: B

QUESTION 32
You had installed an Active Directory Federation Services (AD FS) role on a Windows server 2008 in your organization. Now you need to test the connectivity of clients in the network to ensure that they can successfully reach the new Federation server and Federation server is operational. What should you do? (Select all that apply)

A.    Go to Services tab, and check if Active Directory Federation Services is running.
B.    In the event viewer, Applications, Event ID column look for event ID 674.
C.    Open a browser window, and then type the Federation Service URL for the new federation server.
D.    None of the above.

Answer: BC

QUESTION 33
ABC.com has purchased laptop computers that will be used to connect to a wireless network. You create a laptop organizational unit and create a Group Policy Object (GPO) and configure user profiles by utilizing the names of approved wireless networks. You link the GPO to the laptop organizational unit. The new laptop users complain to you that they cannot connect to a wireless network. What should you do to enforce the group policy wireless settings to the laptop computers?

A.    Execute gpupdate/target:computer command at the command prompt on laptop computers.
B.    Execute Add a network command and leave the SSID (service set identifier) blank.
C.    Execute gpupdate/boot command at the command prompt on laptops computers.
D.    Connect each laptop computer to a wired network and log off the laptop computer and then login again.
E.    None of the above.

Answer: D

QUESTION 34
The Company has a Windows 2008 domain controller server. This server is routinely backed up over the network from a dedicated backup server that is running Windows 2003 OS. You need to prepare the domain controller for disaster recovery apart from the routine backup procedures. You are unable to launch the backup utility while attempting to back up the system state data for the data controller. You need to backup system state data from the Windows Server 2008 domain controller server. What should you do?

A.    Add your user account to the local Backup Operators group.
B.    Install the Windows Server backup feature using the Server Manager feature.
C.    Install the Removable Storage Manager feature using the Server Manager feature.
D.    Deactivating the backup job that is configured to backup Windows 2008 server domain controller on the Windows 2003 server.
E.    None of the above.

Answer: B

QUESTION 35
You are an administrator at ABC.com. Company has a RODC (read-only domain controller) server at a remote location. The remote location doesn’t have proper physical security. You need to activate nonadministrative accounts passwords on that RODC server. Which of the following action should be considered to populate the RODC server with non-administrative accounts passwords?

A.    Delete all administrative accounts from the RODC’s group.
B.    Configure the permission to Deny on Receive for administrative accounts on the security tab for Group Policy Object (GPO).
C.    Configure the administrative accounts to be added in the Domain RODC Password Replication Denied group.
D.    Add a new GPO and enable Account Lockout settings. Link it to the remote RODC server and on the security tab on GPO, check the Read Allow and the Apply group policy permissions for the administrators.
E.    None of the above.

Answer: C

QUESTION 36
ABC.com has a network that is comprise of a single Active Directory Domain. As an administrator at ABC.com, you install Active Directory Lightweight Directory Services (AD LDS) on a server that runs Windows Server 2008. To enable Secure Sockets Layer (SSL) based connections to the AD LDS server, you install certificates from a trusted Certification Authority (CA) on the AD LDS server and client computers. Which tool should you use to test the certificate with AD LDS?

A.    Ldp.exe
B.    Active Directory Domain services
C.    ntdsutil.exe
D.    Lds.exe
E.    wsamain.exe
F.    None of the above

Answer: A

QUESTION 37
ABC.com boasts a main office and 20 branch offices. Configured as a separate site, each branch office has a Read-Only Domain Controller (RODC) server installed. Users in remote offices complain that they are unable to log on to their accounts. What should you do to make sure that the cached credentials for user accounts are only stored in their local branch office RODC server?

A.    Open the RODC computer account security tab and set Allow on the Receive as permission only for the users that are unable to log on to their accounts.
B.    Add a password replication policy to the main Domain RODC and add user accounts in the security group.
C.    Configure a unique security group for each branch office and add user accounts to the respective security group. Add the security groups to the password replication allowed group on the main RODC server.
D.    Configure and add a separate password replication policy on each RODC computer account.

Answer: D

QUESTION 38
The corporate network of Company consists of a Windows Server 2008 single Active Directory domain. The domain has two servers named Company 1 and Company 2. To ensure central monitoring of events you decided to collect all the events on one server, to collect events from Company, and transfer them to Company 1. You configure the required event subscriptions. You selected the Normal option for the Event delivery optimization setting by using the HTTP protocol. However, you discovered that none of the subscriptions work. Which of the following actions would you perform to configure the event collection and event forwarding on the two servers? (Select three. Each answer is a part of the complete solution).

A.    Run window execute the winrm quickconfig command on Company 2.
B.    Run window execute the wecutil qc command on Company 2.
C.    Add the Company 1 account to the Administrators group on Company 2.
D.    Run window execute the winrm quickconfig command on Company 1.
E.    Add the Company 2 account to the Administrators group on Company 1.
F.    Run window execute the wecutil qc command on Company 1.

Answer: ADF

QUESTION 39
Your company has a main office and 40 branch offices. Each branch office is configured as a separate Active Directory site that has a dedicated read-only domain controller (RODC). An RODC server is stolen from one of the branch offices. You need to identify the user accounts that were cached on the stolen RODC server. Which utility should you use?

A.    Dsmod.exe
B.    Ntdsutil.exe
C.    Active Directory Sites and Services
D.    Active Directory Users and Computers

Answer: D

QUESTION 40
ABC.com has a software evaluation lab. There is a server in the evaluation lab named as CKT. CKT runs Windows Server 2008 and Microsoft Virtual Server 2005 R2. CKT has 200 virtual servers running on an isolated virtual segment to evaluate software. To connect to the internet, it uses physical network interface card. ABC.com requires every server in the company to access Internet. ABC.com security policy dictates that the IP address space used by software evaluation lab must not be used by other networks. Similarly, it states the IP address space used by other networks should not be used by the evaluation lab network. As an administrator you find you that the applications tested in the software evaluation lab need to access normal network to connect to the vendors update servers on the internet. You need to configure all virtual servers on the CKT server to access the internet. You also need to comply with company’s security policy. Which two actions should you perform to achieve this task? (Choose two answers. Each answer is a part of the complete solution)

A.    Trigger the Virtual DHCP server for the external virtual network and run ipconfig/renew command on each virtual server.
B.    On CKT’s physical network interface, activate the Internet Connection Sharing (ICS).
C.    Use ABC.com intranet IP addresses on all virtual servers on CKT.
D.    Add and install a Microsoft Loopback Adapter network interface on CKT. Use a new network interface and create a new virtual network.
E.    None of the above.

Answer: AD

http://www.passleader.com/70-640.html

QUESTION 41
You are an administrator at ABC.com. Company has a network of 5 member servers acting as file servers. It has an Active Directory domain. You have installed a software application on the servers. As soon as the application is installed, one of the member servers shuts down itself. To trace and rectify the problem, you create a Group Policy Object (GPO). You need to change the domain security settings to trace the shutdowns and identify the cause of it. What should you do to perform this task?

A.    Link the GPO to the domain and enable System Events option
B.    Link the GPO to the domain and enable Audit Object Access option
C.    Link the GPO to the Domain Controllers and enable Audit Object Access option
D.    Link the GPO to the Domain Controllers and enable Audit Process tracking option
E.    Perform all of the above actions

Answer: A

QUESTION 42
ABC.com has a network that consists of a single Active Directory domain. A technician has accidently deleted an Organizational unit (OU) on the domain controller. As an administrator of ABC.com, you are in process of restoring the OU. You need to execute a non-authoritative restore before an authoritative restore of the OU. Which backup should you use to perform non- authoritative restore of Active Directory Domain Services (AD DS) without disturbing other data stored on domain controller?

A.    Critical volume backup
B.    Backup of all the volumes
C.    Backup of the volume that hosts Operating system
D.    Backup of AD DS folders
E.    all of the above

Answer: A

QUESTION 43
ABC.com has a network that consists of a single Active Directory domain.Windows Server 2008 is installed on all domain controllers in the network. You are instructed to capture all replication errors from all domain controllers to a central location. What should you do to achieve this task?

A.    Initiate the Active Directory Diagnostics data collector set
B.    Set event log subscriptions and configure it
C.    Initiate the System Performance data collector set
D.    Create a new capture in the Network Monitor

Answer: B

QUESTION 44
Company has a single domain network with Windows 2000, Windows 2003, and Windows 2008 servers. Client computers running Windows XP and Windows Vista. All domain controllers are running Windows server 2008.

You need to deploy Active Directory Rights Management System (AD RMS) to secure all documents, spreadsheets and to provide user authentication. What do you need to configure, in order to complete the deployment of AD RMS?

A.    Upgrade all client computers to Windows Vista. Install AD RMS on domain controller Company _DC1
B.    Ensure that all Windows XP computers have the latest service pack and install the RMS client on all systems. Install AD RMS on domain controller Company _DC1
C.    Upgrade all client computers to Windows Vista. Install AD RMS on Company _SRV5
D.    Ensure that all Windows XP computers have the latest service pack and install the RMS client on all systems. Install AD RMS on domain controller Company _SRV5
E.    None of the above

Answer: D

QUESTION 45
You are formulating the backup strategy for Active Directory Lightweight Directory Services (AD LDS) to ensure that data and log files are backed up regularly. This will also ensure the continued availability of data to applications and users in the event of a system failure. Because you have limited media resources, you decided to backup only specific ADLDS instance instead of taking backup of the entire volume. What should you do to accomplish this task?

A.    Use Windows Server backup utility and enable checkbox to take only backup of database and log files of AD LDS
B.    Use Dsdbutil.exe tool to create installation media that corresponds only to the ADLDS instance
C.    Move AD LDS database and log files on a separate volume and use windows server backup utility
D.    None of the above

Answer: B

QUESTION 46
You had installed Windows Server 2008 on a computer and configured it as a file server, named FileSrv1. The FileSrv1 computer contains four hard disks, which are configured as basic disks. For fault tolerance and performance you want to configure Redundant Array of Independent Disks (RAID) 0 +1 on FileSrv1. Which utility you will use to convert basic disks to dynamic disks on FileSrv1?

A.    Diskpart.exe
B.    Chkdsk.exe
C.    Fsutil.exe
D.    Fdisk.exe
E.    None of the above

Answer: A

QUESTION 47
ABC.com has a domain controller that runs Windows Server 2008. The ABC.com network boasts 40 Windows Vista client machines. As an administrator at ABC.com, you want to deploy Active Directory Certificate service (AD CS) to authorize the network users by issuing digital certificates. What should you do to manage certificate settings on all machines in a domain from one main location?

A.    Configure Enterprise CA certificate settings
B.    Configure Enterprise trust certificate settings
C.    Configure Advance CA certificate settings
D.    Configure Group Policy certificate settings
E.    All of the above

Answer: D

QUESTION 48
A domain controller named DC12 runs critical services. Restructuring of the organizational unit hierarchy for the domain has been completed and unnecessary objects have been deleted. You need to perform an offline defragmentation of the Active Directory database on DC12. You also need to ensure that the critical services remain online. What should you do?

A.    Start the domain controller in the Directory Services restore mode. Run the Defrag utility.
B.    Start the domain controller in the Directory Services restore mode. Run the Ntdsutil utility.
C.    Stop the Domain Controller service in the Services (local) Microsoft Management Console (MMC). Run the Defrag utility.
D.    Stop the Domain Controller service in the Services (local) Microsoft Management Console (MMC). Run the Ntdsutil utility.

Answer: D

QUESTION 49
Your company has a server that runs Windows Server 2008 R2. The server runs an instance of Active Directory Lightweight Directory Services (AD LDS). You need to replicate the AD LDS instance on a test computer that is located on the network. What should you do?

A.    Run the repadmin /kcc <servername> command on the test computer.
B.    Create a naming context by running the Dsmgmt command on the test computer.
C.    Create a new directory partition by running the Dsmgmt command on the test computer.
D.    Create and install a replica by running the AD LDS Setup wizard on the test computer.

Answer: D

QUESTION 50
Your network contains an Active Directory domain. The relevant servers in the domain are configured as shown in the following table.

You need to ensure that all device certificate requests use the MD5 hash algorithm. What should you do?

A.    On Server2, run the Certutil tool.
B.    On Server1, update the CEP Encryption certificate template.
C.    On Server1, update the Exchange Enrollment Agent (Offline Request) template.
D.    On Server3, set the value of the HKLM\Software\Microsoft\Cryptography\MSCEP\HashAlgorithm\HashAlgorithm registry key.

Answer: D

http://www.passleader.com/70-640.html

How to pass 70-640 exam at the first time? PassLeader now is offering the free new version of 70-640 exam dumps. The new 651q 70-640 exam questions cover all the new added questions, which will help you to get well prepared for the exam 70-640, our premium 70-640 PDF dumps and VCE dumps are the best study materials for preparing the 70-640 exam. Come to passleader.com to get the valid 651q 70-640 braindumps with free version VCE Player, you will get success in the real 70-640 exam for your first try.

QUESTION 51
Your network contains an Active Directory domain. You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority (CA). You have a client computer named Computer1 that runs Windows 7. You enable automatic certificate enrollment for all client computers that run Windows 7. You need to verify that the Windows 7 client computers can automatically enroll for certificates. Which command should you run on Computer1?

A.    certreq.exe retrieve
B.    certreq.exe submit
C.    certutil.exe getkey
D.    certutil.exe pulse

Answer: D

QUESTION 52
Your network contains two Active Directory forests named contoso.com and adatum.com. The functional level of both forests is Windows Server 2008 R2. Each forest contains one domain. Active Directory Certificate Services (AD CS) is configured in the contoso.com forest to allow users from both forests to automatically enroll user certificates. You need to ensure that all users in the adatum.com forest have a user certificate from the contoso.com certification authority (CA). What should you configure in the adatum.com domain?

A.    From the Default Domain Controllers Policy, modify the Enterprise Trust settings.
B.    From the Default Domain Controllers Policy, modify the Trusted Publishers settings.
C.    From the Default Domain Policy, modify the Certificate Enrollment policy.
D.    From the Default Domain Policy, modify the Trusted Root Certification Authority settings.

Answer: C

QUESTION 53
You have a server named Server1 that has the following Active Directory Certificate Services (AD CS) role services installed:
– Enterprise root certification authority (CA)
– Certificate Enrollment Web Service
– Certificate Enrollment Policy Web Service
You create a new certificate template. External users report that the new template is unavailable when they request a new certificate. You verify that all other templates are available to the external users. You need to ensure that the external users can request certificates by using the new template. What should you do on Server1?

A.    Run iisreset.exe /restart.
B.    Run gpupdate.exe /force.
C.    Run certutil.exe dspublish.
D.    Restart the Active Directory Certificate Services service.

Answer: A

QUESTION 54
Your network contains an enterprise root certification authority (CA). You need to ensure that a certificate issued by the CA is valid. What should you do?

A.    Run syskey.exe and use the Update option.
B.    Run sigverif.exe and use the Advanced option.
C.    Run certutil.exe and specify the -verify parameter.
D.    Run certreq.exe and specify the -retrieve parameter.

Answer: C

QUESTION 55
You have an enterprise subordinate certification authority (CA). The CA issues smart card logon certificates. Users are required to log on to the domain by using a smart card. Your company’s corporate security policy states that when an employee resigns, his ability to log on to the network must be immediately revoked. An employee resigns. You need to immediately prevent the employee from logging on to the domain. What should you do?

A.    Revoke the employee’s smart card certificate.
B.    Disable the employee’s Active Directory account.
C.    Publish a new delta certificate revocation list (CRL).
D.    Reset the password for the employee’s Active Directory account.

Answer: B

QUESTION 56
You add an Online Responder to an Online Responder Array. You need to ensure that the new Online Responder resolves synchronization conflicts for all members of the Array. What should you do?

A.    From Network Load Balancing Manager, set the priority ID of the new Online Responder to 1.
B.    From Network Load Balancing Manager, set the priority ID of the new Online Responder to 32.
C.    From the Online Responder Management Console, select the new Online Responder, and then select Set as Array Controller.
D.    From the Online Responder Management Console, select the new Online Responder, and then select Synchronize Members with Array Controller.

Answer: C

QUESTION 57
Your network contains a server that runs Windows Server 2008 R2. The server is configured as an enterprise root certification authority (CA). You have a Web site that uses x.509 certificates for authentication. The Web site is configured to use a many-to-one mapping. You revoke a certificate issued to an external partner. You need to prevent the external partner from accessing the Web site. What should you do?

A.    Run certutil.exe -crl.
B.    Run certutil.exe -delkey.
C.    From Active Directory Users and Computers, modify the membership of the IIS_IUSRS group.
D.    From Active Directory Users and Computers, modify the Contact object for the external partner.

Answer: A

QUESTION 58
Your company has a main office and five branch offices that are connected by WAN links. The company has an Active Directory domain named contoso.com. Each branch office has a member server configured as a DNS server. All branch office DNS servers host a secondary zone for contoso.com. You need to configure the contoso.com zone to resolve client queries for at least four days in the event that a WAN link fails. What should you do?

A.    Configure the Expires after option for the contoso.com zone to 4 days.
B.    Configure the Retry interval option for the contoso.com zone to 4 days.
C.    Configure the Refresh interval option for the contoso.com zone to 4 days.
D.    Configure the Minimum (default) TTL option for the contoso.com zone to 4 days.

Answer: A

QUESTION 59
Your company has an Active Directory domain named contoso.com. FS1 is a member server in contoso.com. You add a second network interface card, NIC2, to FS1 and connect NIC2 to a subnet that contains computers in a DNS domain named fabrikam.com. Fabrikam.com has a DHCP server and a DNS server. Users in fabrikam.com are unable to resolve FS1 by using DNS. You need to ensure that FS1 has an A record in the fabrikam.com DNS zone. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

A.    Configure the DHCP server in fabrikam.com with the scope option 044 WINS/NBNS Servers.
B.    Configure the DHCP server in fabrikam.com by setting the scope option 015 DNS Domain Name to the domain name fabrikam.com.
C.    Configure NIC2 by configuring the Append these DNS suffixes (in order): option.
D.    Configure NIC2 by configuring the Use this connection’s DNS suffix in DNS registration option.
E.    Configure the DHCP server in contoso.com by setting the scope option 015 DNS Domain Name to the domain name fabrikam.com.

Answer: BD

QUESTION 60
Your company Datum Corporation, has a single Active Directory domain named intranet.adatum.com. The domain has two domain controllers that run Windows Server 2008 R2 operating system. The domain controllers also run DNS servers. The intranet.adatum.com DNS zone is configured as an Active Directory-integrated zone with the Dynamic updates setting configured to Secure only. A new corporate security policy requires that the intranet.adatum.com DNS zone must be updated only by domain controllers or member servers. You need to configure the intranet.adatum.com zone to meet the new security policy requirement. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Remove the Authenticated Users account from the Security tab of the intranet.adatum.com DNS zone properties.
B.    Assign the SELF Account Deny on Write permission on the Security tab of the intranet.adatum.com DNS zone properties.
C.    Assign the server computer accounts the Allow on Write All Properties permission on the Security tab of the intranet.adatum.com DNS zone properties.
D.    Assign the server computer accounts the Allow on Create All Child Objects permission on the Security tab of the intranet.adatum.com DNS zone properties.

Answer: AD

http://www.passleader.com/70-640.html

QUESTION 61
Your company has two Active Directory forests as shown in the following table.

The forests are connected by using a two-way forest trust. Each trust direction is configured with forest-wide authentication. The new security policy of the company prohibits users from the eng.fabrikam.com domain to access resources in the contoso.com domain. You need to configure the forest trust to meet the new security policy requirement. What should you do?

A.    Delete the outgoing forest trust in the contoso.com domain.
B.    Delete the incoming forest trust in the contoso.com domain.
C.    Change the properties of the existing incoming forest trust in the contoso.com domain from Forest-wide authentication to Selective authentication.
D.    Change the properties of the existing outgoing forest trust in the contoso.com domain to exclude *.eng.fabrikam.com from the Name Suffix Routing trust properties.

Answer: D

QUESTION 62
Your company has an Active Directory Rights Management Services (AD RMS) server. Users have Windows Vista computers. An Active Directory domain is configured at the Windows Server 2003 functional level. You need to configure AD RMS so that users are able to protect their documents. What should you do?

A.    Install the AD RMS client 2.0 on each client computer.
B.    Add the RMS service account to the local administrators group on the AD RMS server.
C.    Establish an e-mail account in Active Directory Domain Services (AD DS) for each RMS user.
D.    Upgrade the Active Directory domain to the functional level of Windows Server 2008.

Answer: C

QUESTION 63
Your company has an Active Directory domain. All consultants belong to a global group named TempWorkers. The TempWorkers group is not nested in any other groups. You move the computer objects of three file servers to a new organizational unit named SecureServers. These file servers contain only confidential data in shared folders. You need to prevent members of the TempWorkers group from accessing the confidential data on the file servers. You must achieve this goal without affecting access to other domain resources. What should you do?

A.    Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group.
B.    Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group.
C.    Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group.
D.    Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locally user right to the TempWorkers global group.

Answer: A

QUESTION 64
Your network consists of a single Active Directory domain. User accounts for engineering department are located in an OU named Engineering. You need to create a password policy for the engineering department that is different from your domain password policy. What should you do?

A.    Create a new GPO. Link the GPO to the Engineering OU.
B.    Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the Engineering OU.
C.    Create a global security group and add all the user accounts for the engineering department to the group. Create a new Password Policy Object (PSO) and apply it to the group.
D.    Create a domain local security group and add all the user accounts for the engineering department to the group. From the Active Directory Users and Computer console, select the group and run the Delegation of Control Wizard.

Answer: C

QUESTION 65
Your network contains an Active Directory domain. The domain contains two domain controllers named DC1 and DC2. DC1 hosts a standard primary DNS zone for the domain. Dynamic updates are enabled on the zone. DC2 hosts a standard secondary DNS zone for the domain. You need to configure DNS to allow only secure dynamic updates. What should you do first?

A.    On DC1 and DC2, configure a trust anchor.
B.    On DC1 and DC2, configure a connection security rule.
C.    On DC1, configure the zone transfer settings.
D.    On DC1, configure the zone to be stored in Active Directory.

Answer: D

QUESTION 66
Your network contains a domain controller that has two network connections named Internal and Private. Internal has an IP address of 192.168.0.20. Private has an IP address of 10.10.10.5. You need to prevent the domain controller from registering Host (A) records for the 10.10.10.5 IP address. What should you do?

A.    Modify the netlogon.dns file on the domain controller.
B.    Modify the Name Server settings of the DNS zone for the domain.
C.    Modify the properties of the Private network connection on the domain controller.
D.    Disable netmask ordering on the DNS server that hosts the DNS zone for the domain.

Answer: C

QUESTION 67
Your network contains an Active Directory forest named contoso.com. You plan to add a new domain named nwtraders.com to the forest. All DNS servers are domain controllers. You need to ensure that the computers in nwtraders.com can update their Host (A) records on any of the DNS servers in the forest. What should you do?

A.    Add the computer accounts of all the domain controllers to the DnsAdmins group.
B.    Add the computer accounts of all the domain controllers to the DnsUpdateProxy group.
C.    Create a standard primary zone on a domain controller in the forest root domain.
D.    Create an Active Directory-integrated zone on a domain controller in the forest root domain.

Answer: D

QUESTION 68
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 hosts a standard primary zone for contoso.com. You discover that non-domain member computers register records in the contoso.com zone. You need to prevent the non-domain member computers from registering records in the contoso.com zone. All domain member computers must be allowed to register records in the contoso.com zone. What should you do first?

A.    Configure a trust anchor.
B.    Run the Security Configuration Wizard (SCW).
C.    Change the contoso.com zone to an Active Directory-integrated zone.
D.    Modify the security settings of the %SystemRoot%\System32\Dns folder.

Answer: C

QUESTION 69
Your network contains an Active Directory domain named contoso.com. You create a GlobalNames zone. You add an alias (CNAME) resource record named Server1 to the zone. The target host of the record is server2. contoso.com. When you ping Server1, you discover that the name fails to resolve. You successfully resolve server2.contoso.com. You need to ensure that you can resolve names by using the GlobalNames zone. What should you do?

A.    From the command prompt, use the netsh tool.
B.    From the command prompt, use the dnscmd tool.
C.    From DNS Manager, modify the properties of the GlobalNames zone.
D.    From DNS Manager, modify the advanced settings of the DNS server.

Answer: B

QUESTION 70
Your company has a main office and a branch office. The network contains an Active Directory domain named contoso.com. The DNS zone for contoso.com is configured as an Active Directory-integrated zone and is replicated to all domain controllers in the domain. The main office contains a writable domain controller named DC1. The branch office contains a read- only domain controller (RODC) named RODC1. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You uninstall the DNS server role from RODC1. You need to prevent DNS records from replicating to RODC1. What should you do?

A.    Modify the replication scope for the contoso.com zone.
B.    Flush the DNS cache and enable cache locking on RODC1.
C.    Configure conditional forwarding for the contoso.com zone.
D.    Modify the zone transfer settings for the contoso.com zone.

Answer: A

http://www.passleader.com/70-640.html

QUESTION 71
Your network contains an Active Directory domain named contoso.com. The domain contains the servers shown in the following table.

The functional level of the forest is Windows Server 2003. The functional level of the domain is Windows Server 2003. DNS1 and DNS2 host the contoso.com zone. All client computers run Windows 7 Enterprise. You need to ensure that all of the names in the contoso.com zone are secured by using DNSSEC. What should you do first?

A.    Change the functional level of the forest.
B.    Change the functional level of the domain.
C.    Upgrade DC1 to Windows Server 2008 R2.
D.    Upgrade DNS1 to Windows Server 2008 R2.

Answer: D

QUESTION 72
You have an Active Directory domain named contoso.com. You have a domain controller named Server1 that is configured as a DNS server. Server1 hosts a standard primary zone for contoso.com. The DNS configuration of Server1 is shown in the exhibit. (Click the Exhibit button.)

You discover that stale resource records are not automatically removed from the contoso.com zone. You need to ensure that the stale resource records are automatically removed from the contoso.com zone. What should you do?

A.    Set the scavenging period of Server1 to 0 days.
B.    Modify the Server Aging/Scavenging properties.
C.    Configure the aging properties for the contoso.com zone.
D.    Convert the contoso.com zone to an Active Directory-integrated zone.

Answer: C

QUESTION 73
Your network contains a domain controller that is configured as a DNS server. The server hosts an Active Directory-integrated zone for the domain. You need to reduce how long it takes until stale records are deleted from the zone. What should you do?

A.    From the configuration directory partition of the forest, modify the tombstone lifetime.
B.    From the configuration directory partition of the forest, modify the garbage collection interval.
C.    From the aging properties of the zone, modify the no-refresh interval and the refresh interval.
D.    From the start of authority (SOA) record of the zone, modify the refresh interval and the expire interval.

Answer: C

QUESTION 74
Your network contains an Active Directory domain named contoso.com. You remove several computers from the network. You need to ensure that the host (A) records for the removed computers are automatically deleted from the contoso.com DNS zone. What should you do?

A.    Configure dynamic updates.
B.    Configure aging and scavenging.
C.    Create a scheduled task that runs the Dnscmd /ClearCache command.
D.    Create a scheduled task that runs the Dnscmd /ZoneReload contoso.com command.

Answer: B

QUESTION 75
You need to force a domain controller to register all service location (SRV) resource records in DNS. Which command should you run?

A.    ipconfig.exe /registerdns
B.    net.exe stop dnscache & net.exe start dnscache
C.    net.exe stop netlogon & net.exe start netlogon
D.    regsvr32.exe dnsrslvr.dll

Answer: C

QUESTION 76
Your network contains an Active Directory domain named contoso.com. You plan to deploy a child domain named sales.contoso.com. The domain controllers in sales.contoso.com will be DNS servers for sales.contoso.com. You need to ensure that users in contoso.com can connect to servers in sales.contoso.com by using fully qualified domain names (FQDNs). What should you do?

A.    Create a DNS forwarder.
B.    Create a DNS delegation.
C.    Configure root hint servers.
D.    Configure an alternate DNS server on all client computers.

Answer: B

QUESTION 77
Your network contains a single Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2008 R2. DC1 hosts a primary zone for contoso.com. DC2 hosts a secondary zone for contosto.com. On DC1, you change the zone to an Active Directory-integrated zone and configure the zone to accept secure dynamic updates only. You need to ensure that DC2 can accept secure dynamic updates to the contoso.com zone. Which command should you run?

A.    dnscmd.exe dc2.contoso.com /createdirectorypartition dns.contoso.com
B.    dnscmd.exe dc2.contoso.com /zoneresettype contoso.com /dsprimary
C.    dnslint.exe /ql
D.    repadmin.exe /syncall /force

Answer: B

QUESTION 78
Your network contains an Active Directory domain named contoso.com. You run nslookup.exe as shown in the following Command Prompt window.

You need to ensure that you can use Nslookup to list all of the service location (SRV) resource records for contoso.com. What should you modify?

A.    the root hints of the DNS server
B.    the security settings of the zone
C.    the Windows Firewall settings on the DNS server
D.    the zone transfer settings of the zone

Answer: D

QUESTION 79
Your network contains an Active Directory domain named contoso.com. The contoso.com DNS zone is stored in Active Directory. All domain controllers run Windows Server 2008 R2. You need to identify if all of the DNS records used for Active Directory replication are correctly registered. What should you do?

A.    From the command prompt, use netsh.exe.
B.    From the command prompt, use dnslint.exe.
C.    From the Active Directory Module for Windows PowerShell, run the Get-ADRootDSE cmdlet.
D.    From the Active Directory Module for Windows PowerShell, run the Get-ADDomainController cmdlet.

Answer: B

QUESTION 80
Your network contains an Active Directory forest. The forest contains one domain and three sites. Each site contains two domain controllers. All domain controllers are DNS servers. You create a new Active Directory-integrated zone. You need to ensure that the new zone is replicated to the domain controllers in only one of the sites. What should you do first?

A.    Modify the NTDS Site Settings object for the site.
B.    Modify the replication settings of the default site link.
C.    Create an Active Directory connection object.
D.    Create an Active Directory application directory partition.

Answer: D

http://www.passleader.com/70-640.html

QUESTION 81
Your network contains a single Active Directory forest. The forest contains two domains named contoso.com and sales.contoso.com. The domain controllers are configured as shown in the following table.

All domain controllers run Windows Server 2008 R2. All zones are configured as Active Directory- integrated zones. You need to ensure that contoso.com records are available on DC3. Which command should you run?

A.    dnscmd.exe DC1.contoso.com /ZoneChangeDirectoryPartition contoso.com /domain
B.    dnscmd.exe DC1.contoso.com /ZoneChangeDirectoryPartition contoso.com /forest
C.    dnscmd.exe DC3.contoso.com /ZoneChangeDirectoryPartition contoso.com /domain
D.    dnscmd.exe DC3.contoso.com /ZoneChangeDirectoryPartition contoso.com /forest

Answer: B

QUESTION 82
You have a DNS zone that is stored in a custom application directory partition. You install a new domain controller. You need to ensure that the custom application directory partition replicates to the new domain controller. What should you use?

A.    the Active Directory Administrative Center console
B.    the Active Directory Sites and Services console
C.    the DNS Manager console
D.    the Dnscmd tool

Answer: D

QUESTION 83
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. The functional level of the domain is Windows Server 2008 R2. The functional level of the forest is Windows Server 2008. You have a member server named Server1 that runs Windows Server 2008. You need to ensure that you can add Server1 to contoso.com as a domain controller. What should you run before you promote Server1?

A.    dcpromo.exe /CreateDCAccount
B.    dcpromo.exe /ReplicaOrNewDomain:replica
C.    Set-ADDomainMode -Identity contoso.com -DomainMode Windows2008Domain
D.    Set-ADForestMode -Identity contoso.com -ForestMode Windows2008R2Forest

Answer: C

QUESTION 84
Your network contains an Active Directory forest. The forest contains a single domain. You want to access resources in a domain that is located in another forest. You need to configure a trust between the domain in your forest and the domain in the other forest. What should you create?

A.    an incoming external trust
B.    an incoming realm trust
C.    an outgoing external trust
D.    an outgoing realm trust

Answer: A

QUESTION 85
Your network contains two Active Directory forests. One forest contains two domains named contoso.com and na.contoso.com. The other forest contains a domain named nwtraders.com. A forest trust is configured between the two forests. You have a user named User1 in the na.contoso.com domain. User1 reports that he fails to log on to a computer in the nwtraders.com domain by using the user name NA\User1. Other users from na.contoso.com report that they can log on to the computers in the nwtraders.com domain. You need to ensure that User1 can log on to the computer in the nwtraders.com domain. What should you do?

A.    Enable selective authentication over the forest trust.
B.    Create an external one-way trust from na.contoso.com to nwtraders.com.
C.    Instruct User1 to log on to the computer by using his user principal name (UPN).
D.    Instruct User1 to log on to the computer by using the user name nwtraders\User1.

Answer: C

QUESTION 86
Your company has a main office and a branch office. The main office contains two domain controllers. You create an Active Directory site named BranchOfficeSite. You deploy a domain controller in the branch office, and then add the domain controller to the BranchOfficeSite site. You discover that users in the branch office are randomly authenticated by either the domain controller in the branch office or the domain controllers in the main office. You need to ensure that the users in the branch office always attempt to authenticate to the domain controller in the branch office first. What should you do?

A.    Create organizational units (OUs).
B.    Create Active Directory subnet objects.
C.    Modify the slow link detection threshold.
D.    Modify the Location attribute of the computer objects.

Answer: B

QUESTION 87
Your company has a main office and 50 branch offices. Each office contains multiple subnets. You need to automate the creation of Active Directory subnet objects. What should you use?

A.    the Dsadd tool
B.    the Netsh tool
C.    the New-ADObject cmdlet
D.    the New-Object cmdlet

Answer: C

QUESTION 88
Your network contains an Active Directory forest. The forest contains multiple sites. You need to enable universal group membership caching for a site. What should you do?

A.    From Active Directory Sites and Services, modify the NTDS Settings.
B.    From Active Directory Sites and Services, modify the NTDS Site Settings.
C.    From Active Directory Users and Computers, modify the properties of all universal groups used in the site.
D.    From Active Directory Users and Computers, modify the computer objects for the domain controllers in the site.

Answer: B

QUESTION 89
You need to ensure that domain controllers only replicate between domain controllers in adjacent sites. What should you configure from Active Directory Sites and Services?

A.    From the IP properties, select Ignore all schedules.
B.    From the IP properties, select Disable site link bridging.
C.    From the NTDS Settings object, manually configure the Active Directory Domain Services connection objects.
D.    From the properties of the NTDS Site Settings object, configure the Inter-Site Topology Generator for each site.

Answer: B

QUESTION 90
Your company has a main office and a branch office. You discover that when you disable IPv4 on a computer in the branch office, the computer authenticates by using a domain controller in the main office. You need to ensure that IPv6-only computers authenticate to domain controllers in the same site. What should you do?

A.    Configure the NTDS Site Settings object.
B.    Create Active Directory subnet objects.
C.    Create Active Directory Domain Services connection objects.
D.    Install an Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) router.

Answer: B

http://www.passleader.com/70-640.html

QUESTION 91
Your network contains an Active Directory domain. The domain is configured as shown in the following table.

Users in Branch2 sometimes authenticate to a domain controller in Branch1. You need to ensure that users in Branch2 only authenticate to the domain controllers in Main. What should you do?

A.    On DC3, set the AutoSiteCoverage value to 0.
B.    On DC3, set the AutoSiteCoverage value to 1.
C.    On DC1 and DC2, set the AutoSiteCoverage value to 0.
D.    On DC1 and DC2, set the AutoSiteCoverage value to 1.

Answer: A

QUESTION 92
Your network contains a single Active Directory domain that has two sites named Site1 and Site2. Site1 has two domain controllers named DC1 and DC2. Site2 has two domain controllers named DC3 and DC4. DC3 fails. You discover that replication no longer occurs between the sites. You verify the connectivity between DC4 and the domain controllers in Site1. On DC4, you run repadmin.exe /kcc. Replication between the sites continues to fail. You need to ensure that Active Directory data replicates between the sites. What should you do?

A.    From Active Directory Sites and Services, modify the properties of DC3.
B.    From Active Directory Sites and Services, modify the NTDS Site Settings of Site2.
C.    From Active Directory Users and Computers, modify the location settings of DC4.
D.    From Active Directory Users and Computers, modify the delegation settings of DC4.

Answer: A

QUESTION 93
Your network contains an Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains five domain controllers that run Windows Server 2008 and five domain controllers that run Windows Server 2008 R2. You need to ensure that SYSVOL is replicated by using Distributed File System Replication (DFSR). What should you do first?

A.    Run dfsrdiag.exe PollAD.
B.    Run dfsrmig.exe /SetGlobalState 0.
C.    Upgrade all domain controllers to Windows Server 2008 R2.
D.    Raise the functional level of the domain to Windows Server 2008.

Answer: D

QUESTION 94
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and woodgrovebank.com. You have a custom attribute named Attibute1 in Active Directory. Attribute1 is associated to User objects. You need to ensure that Attribute1 is replicated to the global catalog. What should you do?

A.    In Active Directory Sites and Services, configure the NTDS Settings.
B.    In Active Directory Sites and Services, configure the universal group membership caching.
C.    From the Active Directory Schema snap-in, modify the properties of the User class schema object.
D.    From the Active Directory Schema snap-in, modify the properties of the Attibute1 class schema attribute.

Answer: D

QUESTION 95
Your network contains an Active Directory domain. The domain contains three domain controllers. One of the domain controllers fails. Seven days later, the help desk reports that it can no longer create user accounts. You need to ensure that the help desk can create new user accounts. Which operations master role should you seize?

A.    domain naming master
B.    infrastructure master
C.    primary domain controller (PDC) emulator
D.    RID master
E.    schema master

Answer: D

QUESTION 96
Your network contains two standalone servers named Server1 and Server2 that have Active Directory Lightweight Directory Services (AD LDS) installed. Server1 has an AD LDS instance. You need to ensure that you can replicate the instance from Server1 to Server2. What should you do on both servers?

A.    Obtain a server certificate.
B.    Import the MS-User.ldf file.
C.    Create a service user account for AD LDS.
D.    Register the service location (SRV) resource records.

Answer: C

QUESTION 97
Your network contains a server named Server1 that runs Windows Server 2008 R2. You create an Active Directory Lightweight Directory Services (AD LDS) instance on Server1. You need to create an additional AD LDS application directory partition in the existing instance. Which tool should you use?

A.    Adaminstall
B.    Dsadd
C.    Dsmod
D.    Ldp

Answer: D

QUESTION 98
Your company has a main office and a branch office. The branch office contains a read-only domain controller named RODC1. You need to ensure that a user named Admin1 can install updates on RODC1. The solution must prevent Admin1 from logging on to other domain controllers. What should you do?

A.    Run ntdsutil.exe and use the Roles option.
B.    Run dsmgmt.exe and use the Local Roles option.
C.    From Active Directory Sites and Services, modify the NTDS Site Settings.
D.    From Active Directory Users and Computers, add the user to the Server Operators group.

Answer: B

QUESTION 99
You install a read-only domain controller (RODC) named RODC1. You need to ensure that a user named User1 can administer RODC1. The solution must minimize the number of permissions assigned to User1. Which tool should you use?

A.    Active Directory Administrative Center
B.    Active Directory Users and Computers
C.    Dsadd
D.    Dsmgmt

Answer: D

QUESTION 100
Your network contains an Active Directory domain. The domain contains two sites named Site1 and Site2. Site1 contains four domain controllers. Site2 contains a read-only domain controller (RODC). You add a user named User1 to the Allowed RODC Password Replication Group. The WAN link between Site1 and Site2 fails. User1 restarts his computer and reports that he is unable to log on to the domain. The WAN link is restored and User1 reports that he is able to log on to the domain. You need to prevent the problem from reoccurring if the WAN link fails. What should you do?

A.    Create a Password Settings object (PSO) and link the PSO to User1’s user account.
B.    Create a Password Settings object (PSO) and link the PSO to the Domain Users group.
C.    Add the computer account of the RODC to the Allowed RODC Password Replication Group.
D.    Add the computer account of User1’s computer to the Allowed RODC Password Replication Group.

Answer: D

http://www.passleader.com/70-640.html

The latest 70-640 exam was updated with a lot of new exam questions, old version 70-640 exam dumps are not valid at all, you should get the newest 651q 70-640 practice tests or braindumps to prepare it. Now, PassLeader just published the new 70-640 exam questions with PDF dumps and VCE test software, which have been corrected with many new questions and will help you passing 70-640 exam easily. Visit www.passleader.com now and get the premium 651q 70-640 exam dumps with new version VCE Player for free download.

QUESTION 101
Your company has a main office and a branch office. The network contains an Active Directory domain. The main office contains a writable domain controller named DC1. The branch office contains a read- only domain controller (RODC) named DC2. You discover that the password of an administrator named Admin1 is cached on DC2. You need to prevent Admin1’s password from being cached on DC2. What should you do?

A.    Modify the NTDS Site Settings.
B.    Modify the properties of the domain.
C.    Create a Password Setting object (PSO).
D.    Modify the properties of DC2’s computer account.

Answer: D

QUESTION 102
Your network contains an Active Directory domain named contoso.com. The network has a branch office site that contains a read-only domain controller (RODC) named RODC1. RODC1 runs Windows Server 2008 R2. A user named User1 logs on to a computer in the branch office site. You discover that the password of User1 is not stored on RODC1. You need to ensure that User1’s password is stored on RODC1. What should you modify?

A.    the Member Of properties of RODC1
B.    the Member Of properties of User1
C.    the Security properties of RODC1
D.    the Security properties of User1

Answer: B

QUESTION 103
Your company has a main office and a branch office. The branch office has an Active Directory site that contains a read-only domain controller (RODC). A user from the branch office reports that his account is locked out. From a writable domain controller in the main office, you discover that the user’s account is not locked out. You need to ensure that the user can log on to the domain. What should you do?

A.    Modify the Password Replication Policy.
B.    Reset the password of the user account.
C.    Run the Knowledge Consistency Checker (KCC) on the RODC.
D.    Restore network communication between the branch office and the main office.

Answer: D

QUESTION 104
Your network contains a single Active Directory domain. The domain contains five read-only domain controllers (RODCs) and five writable domain controllers. All servers run Windows Server 2008. You plan to install a new RODC that runs Windows Server 2008 R2. You need to ensure that you can add the new RODC to the domain. You want to achieve this goal by using the minimum amount of administrative effort. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    At the command prompt, run adprep.exe /rodcprep.
B.    At the command prompt, run adprep.exe /forestprep.
C.    At the command prompt, run adprep.exe /domainprep.
D.    From Active Directory Domains and Trusts, raise the functional level of the domain.
E.    From Active Directory Users and Computers, pre-stage the RODC computer account.

Answer: BC

QUESTION 105
You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server named Server1. You need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS. Which inbound TCP port should you allow on Server1?

A.    88
B.    135
C.    443
D.    445

Answer: C

QUESTION 106
You deploy a new Active Directory Federation Services (AD FS) federation server. You request new certificates for the AD FS federation server. You need to ensure that the AD FS federation server can use the new certificates. To which certificate store should you import the certificates?

A.    Computer
B.    IIS Admin Service service account
C.    Local Administrator
D.    World Wide Web Publishing Service service account

Answer: A

QUESTION 107
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the Active Directory Federation Services (AD FS) role installed. You have an application named App1 that is configured to use Server1 for AD FS authentication. You deploy a new server named Server2. Server2 is configured as an AD FS 2.0 server. You need to ensure that App1 can use Server2 for authentication. What should you do on Server2?

A.    Add an attribute store.
B.    Create a relying party trust.
C.    Create a claims provider trust.
D.    Create a relaying provider trust.

Answer: B

QUESTION 108
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. The Active Directory Federation Services (AD FS) role is installed on Server1. Contoso.com is defined as an account store. A partner company has a Web-based application that uses AD FS authentication. The partner company plans to provide users from contoso.com access to the Web application. You need to configure AD FS on contoso.com to allow contoso.com users to be authenticated by the partner company. What should you create on Server1?

A.    a new application
B.    a resource partner
C.    an account partner
D.    an organization claim

Answer: B

QUESTION 109
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has the Active Directory Federation Services (AD FS) Federation Service role service installed. You plan to deploy AD FS 2.0 on Server2. You need to export the token-signing certificate from Server1, and then import the certificate to Server2. Which format should you use to export the certificate?

A.    Base-64 encoded X.509 (.cer)
B.    Cryptographic Message Syntax Standard PKCS #7 (.p7b)
C.    DER encoded binary X.509 (.cer)
D.    Personal Information Exchange PKCS #12 (.pfx)

Answer: D

QUESTION 110
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has Active Directory Federation Services (AD FS) 2.0 installed. Server1 is a member of an AD FS farm. The AD FS farm is configured to use a configuration database that is stored on a separate Microsoft SQL Server. You install AD FS 2.0 on Server2. You need to add Server2 to the existing AD FS farm. What should you do?

A.    On Server1, run fsconfig.exe.
B.    On Server1, run fsconfigwizard.exe.
C.    On Server2, run fsconfig.exe.
D.    On Server2, run fsconfigwizard.exe.

Answer: C

http://www.passleader.com/70-640.html

QUESTION 111
Your network contains an Active Directory forest. You set the Windows PowerShell execution policy to allow unsigned scripts on a domain controller in the network. You create a Windows PowerShell script named new-users.ps1 that contains the following lines:
new-aduser user1
new-aduser user2
new-aduser user3
new-aduser user4
new-aduser user5
On the domain controller, you double-click the script and the script runs. You discover that the script fails to create the user accounts. You need to ensure that the script creates the user accounts. Which cmdlet should you add to the script?

A.    Import-Module
B.    Register-ObjectEvent
C.    Set-ADDomain
D.    Set-ADUser

Answer: A

QUESTION 112
Your network contains an Active Directory forest. The forest schema contains a custom attribute for user objects. You need to modify the custom attribute value of 500 user accounts. Which tool should you use?

A.    Csvde
B.    Dsmod
C.    Dsrm
D.    Ldifde

Answer: D

QUESTION 113
Your network contains an Active Directory forest. The forest schema contains a custom attribute for user objects. You need to give the human resources department a file that contains the last logon time and the custom attribute values for each user in the forest. What should you use?

A.    the Dsquery tool
B.    the Export-CSV cmdlet
C.    the Get-ADUser cmdlet
D.    the Net.exe user command

Answer: C

QUESTION 114
You have a Windows PowerShell script that contains the following code:
import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword $_.password}
When you run the script, you receive an error message indicating that the format of the password is incorrect. The script fails. You need to run a script that successfully creates the user accounts by using the password contained in accounts.csv. Which script should you run?

A.    import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword
(ConvertTo-SecureString “Password” -AsPlainText -force)}
B.    import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword
(ConvertTo-SecureString $_.Password -AsPlainText -force)}
C.    import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword
(Read-Host -AsSecureString “Password”)}
D.    import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword
(Read-Host -AsSecureString $_.Password)}

Answer: B

QUESTION 115
Your network contains an Active Directory forest. The functional level of the forest is Windows Server 2008 R2. Your company’s corporate security policy states that the password for each user account must be changed at least every 45 days. You have a user account named Service1. Service1 is used by a network application named Application1. Every 45 days, Application1 fails. After resetting the password for Service1, Application1 runs properly. You need to resolve the issue that causes Application1 to fail. The solution must adhere to the corporate security policy. What should you do?

A.    Run the Set-ADAccountControl cmdlet.
B.    Run the Set-ADServiceAccount cmdlet.
C.    Create a new password policy.
D.    Create a new Password Settings object (PSO).

Answer: B

QUESTION 116
Your network contains an Active Directory forest. You add an additional user principal name (UPN) suffix to the forest. You need to modify the UPN suffix of all users. You want to achieve this goal by using the minimum amount of administrative effort. What should you use?

A.    the Active Directory Domains and Trusts console
B.    the Active Directory Users and Computers console
C.    the Csvde tool
D.    the Ldifde tool

Answer: D

QUESTION 117
Your network contains a single Active Directory domain. All client computers run Windows Vista Service Pack 2 (SP2). You need to prevent all users from running an application named App1.exe. Which Group Policy settings should you configure?

A.    Application Compatibility
B.    AppLocker
C.    Software Installation
D.    Software Restriction Policies

Answer: D

QUESTION 118
Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. Client computers run either Windows XP Service Pack 3 (SP3) or Windows Vista. You need to ensure that all client computers can apply Group Policy preferences. What should you do?

A.    Upgrade all Windows XP client computers to Windows 7.
B.    Create a central store that contains the Group Policy ADMX files.
C.    Install the Group Policy client-side extensions (CSEs) on all client computers.
D.    Upgrade all Windows Vista client computers to Windows Vista Service Pack 2 (SP2).

Answer: C

QUESTION 119
Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. Client computers run either Windows 7 or Windows Vista Service Pack 2 (SP2). You need to audit user access to the administrative shares on the client computers. What should you do?

A.    Deploy a logon script that runs Icacls.exe.
B.    Deploy a logon script that runs Auditpol.exe.
C.    From the Default Domain Policy, modify the Advanced Audit Policy Configuration.
D.    From the Default Domain Controllers Policy, modify the Advanced Audit Policy Configuration.

Answer: B

QUESTION 120
Your network contains an Active Directory domain named contoso.com. You need to create a central store for the Group Policy Administrative templates. What should you do?

A.    Run dfsrmig.exe /createglobalobjects.
B.    Run adprep.exe /domainprep /gpprep.
C.    Copy the %SystemRoot%\PolicyDefinitions folder to the \\contoso.com\SYSVOL\contoso.com\Policies folder.
D.    Copy the %SystemRoot%\System32\GroupPolicy folder to the \\contoso.com\SYSVOL\contoso.com\Policies folder.

Answer: C

http://www.passleader.com/70-640.html

New Updated 70-247 Exam Questions from PassLeader 70-247 PDF dumps! Welcome to download the newest PassLeader 70-247 VCE dumps: http://www.passleader.com/70-247.html (220 Q&As)

Keywords: 70-247 exam dumps, 70-247 exam questions, 70-247 VCE dumps, 70-247 PDF dumps, 70-247 practice tests, 70-247 study guide, 70-247 braindumps, Configuring and Deploying a Private Cloud with System Center 2012 Exam

Case Study 7 – Woodgrove Bank (New Question 207 – New Question 211)
Exist Environment
Active Directory Environment
The network contains a single Active Directory production forest named woodgrovebank.com. Currently, there is no trust relationship between the Active Directory forests of Woodgrove Bank and Contoso.
Network Environment
Woodgrove Bank has a perimeter network that hosts Internet-facing servers. Woodgrove Bank uses Hyper-V Network Virtualization to isolate its production, development, and test environments. Woodgrove Bank has a Microsoft Azure subscription.
System Center Environment
Woodgrove Bank deploys infrastructure servers that host the following System Center 2012 R2 components:
– Operations Manager
– Data Protection Manager (DPM)
– Virtual Machine Manager (VMM)

NEW QUESTION 207

NEW QUESTION 208
……

Download the newest PassLeader 70-247 dumps from passleader.com now! 100% Pass Guarantee! — http://www.passleader.com/70-247.html

NEW QUESTION 209

Case Study 8 – Datum corporation (New Question 212 – New Question 216)
Overview
A. Datum Corporation is a consulting company that has two offices. The offices are located in Seattle and Los Angeles.
Existing Environment
Active Directory
The network contains a single-domain Active Directory forest named adatum.com. All of the users in the research department are members of a group named Research.
Server Infrastructure
Each office has one data center. All of the servers in both of the data centers run Windows Server 2012 R2. Each office contains a private network and a perimeter network. The private network and the perimeter network are separated by a firewall. A. Datum has a pilot implementation of a private cloud in the Seattle office. The relevant servers in the Seattle office are configured as shown in the following table.

NEW QUESTION 212
……

Download the newest PassLeader 70-247 dumps from passleader.com now! 100% Pass Guarantee! — http://www.passleader.com/70-247.html

NEW QUESTION 213

NEW QUESTION 214
……

Download the newest PassLeader 70-247 dumps from passleader.com now! 100% Pass Guarantee! — http://www.passleader.com/70-247.html

NEW QUESTION 215

NEW QUESTION 216
……

Download the newest PassLeader 70-247 dumps from passleader.com now! 100% Pass Guarantee!

70-247 pdf dumps & 70-247 vce dumps: http://www.passleader.com/70-247.html (220 Q&As)

New Updated 70-346 Exam Questions from PassLeader 70-346 PDF dumps! Welcome to download the newest PassLeader 70-346 VCE dumps: http://www.passleader.com/70-346.html (140 Q&As)

Keywords: 70-346 exam dumps, 70-346 exam questions, 70-346 VCE dumps, 70-346 PDF dumps, 70-346 practice tests, 70-346 study guide, 70-346 braindumps, Managing Office 365 Identities and Requirements Exam

NEW QUESTION 126

Answer: A

NEW QUESTION 127

Answer:

NEW QUESTION 128

Answer: AB

NEW QUESTION 129

Answer: Can’t see the entire Service Health Dashboard — just learn what the different icons mean.
https://support.office.com/en-au/article/View-the-status-of-your-services-932ad3ad-533c-418a-b938-6e44e8bc33b0#__translate_a_service_1

NEW QUESTION 130

Answer: D

NEW QUESTION 131
……

Download the newest PassLeader 70-346 dumps from passleader.com now! 100% Pass Guarantee!

70-346 PDF dumps & 70-346 VCE dumps: http://www.passleader.com/70-346.html (140 Q&As)

New Updated 70-347 Exam Questions from PassLeader 70-347 PDF dumps! Welcome to download the newest PassLeader 70-347 VCE dumps: http://www.passleader.com/70-347.html (146 Q&As)

Keywords: 70-347 exam dumps, 70-347 exam questions, 70-347 VCE dumps, 70-347 PDF dumps, 70-347 practice tests, 70-347 study guide, 70-347 braindumps, Enabling Office 365 Services Exam

NEW QUESTION 124

Answer:
Engineering: Project Online
Customer Service: Yammer
Finance: SharePoint Online
All Users: OneDrive for Business

NEW QUESTION 125

Answer: C
Explanation:
https://technet.microsoft.com/en-us/library/fp161394.aspx

NEW QUESTION 126

Answer: A
Explanation:
Assuming that ‘Office 365 Small Business subscription’ = ‘O365 Business essentials’
https://products.office.com/en-us/business/compare-office-365-for-business-plans

NEW QUESTION 127

Answer: G
Explanation:
https://technet.microsoft.com/en-us/library/jj215689(v=exchg.160).aspx

NEW QUESTION 128

Answer: D
Explanation:
https://technet.microsoft.com/en-us/library/gg398510.aspx

NEW QUESTION 129
……

Download the newest PassLeader 70-347 dumps from passleader.com now! 100% Pass Guarantee! — http://www.passleader.com/70-347.html

NEW QUESTION 146
You have purchased Office 365 E1 Licenses for your 9000 users. You have 5TB of data to place in Sharepoint Storage. How much additional data is required to be purchased from Microsoft?

A.    purchase 10TB
B.    purchase 500GB
C.    purchase 5TB
D.    do nothing

Answer: B
Explanation:
500MB is allowed per user plus an initial allocation of 10GB for the organization with an E1 license. With 9000 users that means 4.6TB is available. Therefore another 400GB would be required to meet this requirement, with option B as the nearest answer.
https://support.office.com/en-us/article/SharePoint-Online-and-OneDrive-for-Business-software-boundaries-and-limits-8f34ff47-b749-408b-abc0-b605e1f6d498?ui=en-US&rs=en-US&ad=US

Download the newest PassLeader 70-347 dumps from passleader.com now! 100% Pass Guarantee!

70-347 PDF dumps & 70-347 VCE dumps: http://www.passleader.com/70-347.html (146 Q&As)

QUESTION 121
You configure and deploy a Group Policy object (GPO) that contains AppLocker settings. You need to identify whether a specific application file is allowed to run on a computer. Which Windows PowerShell cmdlet should you use?

A.    Get-AppLockerFileInformation
B.    Get-GPOReport
C.    Get-GPPermissions
D.    Test-AppLockerPolicy

Answer: D

QUESTION 122
You create a Password Settings object (PSO). You need to apply the PSO to a domain user named User1. What should you do?

A.    Modify the properties of the PSO.
B.    Modify the account options of the User1 account.
C.    Modify the security settings of the User1 account.
D.    Modify the password policy of the Default Domain Policy Group Policy object (GPO).

Answer: A

QUESTION 123
You need to create a Password Settings object (PSO). Which tool should you use?

A.    Active Directory Users and Computers
B.    ADSI Edit
C.    Group Policy Management Console
D.    Ntdsutil

Answer: B

QUESTION 124
Your network contains an Active Directory domain. All servers run Windows Server 2008 R2. You need to audit the deletion of registry keys on each server. What should you do?

A.    From Audit Policy, modify the Object Access settings and the Process Tracking settings.
B.    From Audit Policy, modify the System Events settings and the Privilege Use settings.
C.    From Advanced Audit Policy Configuration, modify the System settings and the Detailed Tracking settings.
D.    From Advanced Audit Policy Configuration, modify the Object Access settings and the Global Object Access Auditing settings.

Answer: D

QUESTION 125
Your network contains a single Active Directory domain. The functional level of the forest is Windows Server 2008 R2. You need to enable the Active Directory Recycle Bin. What should you use?

A.    the Dsmod tool
B.    the Enable-ADOptionalFeature cmdlet
C.    the Ntdsutil tool
D.    the Set-ADDomainMode cmdlet

Answer: B

QUESTION 126
Your network contains a single Active Directory domain. You need to create an Active Directory Domain Services snapshot. What should you do?

A.    Use the Ldp tool.
B.    Use the NTDSUtil tool.
C.    Use the Wbadmin tool.
D.    From Windows Server Backup, perform a full backup.

Answer: B

QUESTION 127
Your network contains a single Active Directory domain. A domain controller named DC2 fails. You need to remove DC2 from Active Directory. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    At the command prompt, run dcdiag.exe /fix.
B.    At the command prompt, run netdom.exe remove dc2.
C.    From Active Directory Sites and Services, delete DC2.
D.    From Active Directory Users and Computers, delete DC2.

Answer: CD

QUESTION 128
Your company has an Active Directory domain named contoso.com. The company network has two DNS servers named DNS1 and DNS2. The DNS servers are configured as shown in the following table.

Domain users, who are configured to use DNS2 as the preferred DNS server, are unable to connect to Internet Web sites. You need to enable Internet name resolution for all client computers. What should you do?

A.    Update the list of root hints servers on DNS2.
B.    Create a copy of the .(root) zone on DNS1.
C.    Delete the .(root) zone from DNS2. Configure conditional forwarding on DNS2.
D.    Update the Cache.dns file on DNS2. Configure conditional forwarding on DNS1.

Answer: C

QUESTION 129
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. You upgrade all domain controllers to Windows Server 2008. You need to configure the Active Directory environment to support the application of multiple password policies. What should you do?

A.    Raise the functional level of the domain to Windows Server 2008.
B.    On one domain controller, run dcpromo /adv.
C.    Create multiple Active Directory sites.
D.    On all domain controllers, run dcpromo /adv.

Answer: A

QUESTION 130
Your company has two Active Directory forests named contoso.com and fabrikam.com. The company network has three DNS servers named DNS1, DNS2, and DNS3. The DNS servers are configured as shown in the following table.

All computers that belong to the fabrikam.com domain have DNS3 configured as the preferred DNS server. All other computers use DNS1 as the preferred DNS server. Users from the fabrikam.com domain are unable to connect to the servers that belong to the contoso.com domain. You need to ensure users in the fabrikam.com domain are able to resolve all contoso.com queries. What should you do?

A.    Configure conditional forwarding on DNS1 and DNS2 to forward fabrikam.com queries to DNS3.
B.    Create a copy of the _msdcs.contoso.com zone on the DNS3 server.
C.    Create a copy of the fabrikam.com zone on the DNS1 server and the DNS2 server.
D.    Configure conditional forwarding on DNS3 to forward contoso.com queries to DNS1.

Answer: D

http://www.passleader.com/70-640.html

QUESTION 131
Your company, Contoso Ltd, has offices in North America and Europe. Contoso has an Active Directory forest that has three domains. You need to reduce the time required to authenticate users from the labs.eu.contoso.com domain when they access resources in the eng.na.contoso.com domain. What should you do?

A.    Decrease the replication interval for all Connection objects.
B.    Decrease the replication interval for the DEFAULTIPSITELINK site link.
C.    Set up a one-way shortcut trust from eng.na.contoso.com to labs.eu.contoso.com.
D.    Set up a one-way shortcut trust from labs.eu.contoso.com to eng.na.contoso.com.

Answer: C

QUESTION 132
Your company purchases a new application to deploy on 200 computers. The application requires that you modify the registry on each target computer before you install the application. The registry modifications are in a file that has an .adm extension. You need to prepare the target computers for the application. What should you do?

A.    Import the .adm file into a new Group Policy Object (GPO). Edit the GPO and link it to an organizational unit that contains the target computers.
B.    Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRUsr CONTAINER-DN command on each target computer.
C.    Create a Microsoft Windows PowerShell script to copy the .adm file to the startup folder of each target computer.
D.    Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRCmp CONTAINER-DN command on each target computer.

Answer: A

QUESTION 133
Your company has an Active Directory forest that contains eight linked Group Policy Objects (GPOs). One of these GPOs publishes applications to user objects. A user reports that the application is not available for installation. You need to identify whether the GPO has been applied. What should you do?

A.    Run the Group Policy Results utility for the user.
B.    Run the GPRESULT /S <system name> /Z command at the command prompt.
C.    Run the GPRESULT /SCOPE COMPUTER command at the command prompt.
D.    Run the Group Policy Results utility for the computer.

Answer: A

QUESTION 134
Your company has an Active Directory domain. You plan to install the Active Directory Certificate Services (AD CS) server role on a member server that runs Windows Server 2008 R2. You need to ensure that members of the Account Operators group are able to issue smartcard credentials. They should not be able to revoke certificates. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.    Create an Enrollment Agent certificate.
B.    Create a Smartcard logon certificate.
C.    Restrict enrollment agents for the Smartcard logon certificate to the Account Operator group.
D.    Install the AD CS role and configure it as an Enterprise Root CA.
E.    Install the AD CS role and configure it as a Standalone CA.
F.    Restrict certificate managers for the Smartcard logon certificate to the Account Operator group.

Answer: BCD

QUESTION 135
You create 200 new user accounts. The users are located in six different sites. New users report that they receive the following error message when they try to log on: “The username or password is incorrect.” You confirm that the user accounts exist and are enabled. You also confirm that the user name and password information supplied are correct. You need to identify the cause of the failure. You also need to ensure that the new users are able to log on. Which utility should you run?

A.    Active Directory Domains and Trusts
B.    Repadmin
C.    Rstools
D.    Rsdiag

Answer: B

QUESTION 136
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You have an Active Directory-integrated zone for contoso.com. You have a Unix-based DNS server. You need to configure your Windows Server 2008 R2 environment to allow zone transfers of the contoso.com zone to the Unix-based DNS server. What should you do in the DNS Manager console?

A.    Enable BIND secondaries
B.    Create a stub zone
C.    Disable recursion
D.    Create a secondary zone

Answer: A

QUESTION 137
Your company has an Active Directory domain. You log on to the domain controller. The Active Directory Schema snap-in is not available in the Microsoft Management Console (MMC). You need to access the Active Directory Schema snap-in. What should you do?

A.    Add the Active Directory Lightweight Directory Services (AD LDS) role to the domain controller by using Server Manager.
B.    Log off and log on again by using an account that is a member of the Schema Administrators group.
C.    Use the Ntdsutil.exe command to connect to the Schema Master operations master and open the schema for writing.
D.    Register Schmmgmt.dll.

Answer: D

QUESTION 138
Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services (AD CS) is configured as a standalone Certification Authority (CA) on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Configure auditing in the Certification Authority snap-in.
B.    Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32%\CertSrv directory.
C.    Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%\CertLog directory.
D.    Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate Services (AD CS) server.

Answer: AD

QUESTION 139
Your company has a single-domain Active Directory forest. The functional level of the domain is Windows Server 2008. You perform the following activities:
– Create a global distribution group.
– Add users to the global distribution group.
– Create a shared folder on a Windows Server 2008 member server.
– Place the global distribution group in a domain local group that has access to the shared folder.
You need to ensure that the users have access to the shared folder. What should you do?

A.    Add the global distribution group to the Domain Administrators group.
B.    Change the group type of the global distribution group to a security group.
C.    Change the scope of the global distribution group to a Universal distribution group.
D.    Raise the forest functional level to Windows Server 2008.

Answer: B

QUESTION 140
Your company hires 10 new employees. You want the new employees to connect to the main office through a VPN connection. You create new user accounts and grant the new employees they Allow Read and Allow Execute permissions to shared resources in the main office. The new employees are unable to access shared resources in the main office. You need to ensure that users are able to establish a VPN connection to the main office. What should you do?

A.    Grant the new employees the Allow Access Dial-in permission.
B.    Grant the new employees the Allow Full control permission.
C.    Add the new employees to the Remote Desktop Users security group.
D.    Add the new employees to the Windows Authorization Access security group.

Answer: A

http://www.passleader.com/70-640.html

Passed 70-640 exam with the best PassLeader 70-640 exam dumps now! PassLeader are supplying the latest 651q 70-640 vce and pdf exam dumps covering all the new questions and answers, it is 100 percent pass ensure for 70-640 exam. PassLeader offer PDF and VCE format 70-640 exam dumps, and free version VCE player is also available. Visit passleader.com now and download the 100 percent passing guarantee 651q 70-640 braindumps to achieve your new 70-640 certification easily!

QUESTION 141
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. You need to identify the Lightweight Directory Access Protocol (LDAP) clients that are using the largest amount of available CPU resources on a domain controller. What should you do?

A.    Review performance data in Resource Monitor.
B.    Review the Hardware Events log in the Event Viewer.
C.    Run the Active Directory Diagnostics Data Collector Set. Review the Active Directory Diagnostics report.
D.    Run the LAN Diagnostics Data Collector Set. Review the LAN Diagnostics report.

Answer: C

QUESTION 142
Your company has an Active Directory forest that contains only Windows Server 2008 domain controllers. You need to prepare the Active Directory domain to install Windows Server 2008 R2 domain controllers. Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Run the adprep /domainprep command.
B.    Raise the forest functional level to Windows Server 2008.
C.    Raise the domain functional level to Windows Server 2008.
D.    Run the adprep /forestprep command.

Answer: AD

QUESTION 143
You need to identify all failed logon attempts on the domain controllers. What should you do?

A.    View the Netlogon.log file.
B.    View the Security tab on the domain controller computer object.
C.    Run Event Viewer.
D.    Run the Security and Configuration Wizard.

Answer: C

QUESTION 144
Your company has a DNS server that has 10 Active Directory integrated zones. You need to provide copies of the zone files of the DNS server to the security department. What should you do?

A.    Run the dnscmd /ZoneInfo command.
B.    Run the ipconfig /registerdns command.
C.    Run the dnscmd /ZoneExport command.
D.    Run the ntdsutil > Partition Management > List commands.

Answer: C

QUESTION 145
Your company has an Active Directory forest. The company has three locations. Each location has an organizational unit and a child organizational unit named Sales. The Sales organizational unit contains all users and computers of the sales department. The company plans to deploy a Microsoft Office 2007 application on all computers within the three Sales organizational units. You need to ensure that the Office 2007 application is installed only on the computers in the Sales organizational units. What should you do?

A.    Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the domain.
B.    Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.
C.    Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the Sales organizational unit in each location.
D.    Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to publish the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location.

Answer: C

QUESTION 146
Your company has a main office and 10 branch offices. Each branch office has an Active Directory site that contains one domain controller. Only domain controllers in the main office are configured as Global Catalog servers. You need to deactivate the Universal Group Membership Caching (UGMC) option on the domain controllers in the branch offices. At which level should you deactivate UGMC?

A.    Server
B.    Connection object
C.    Domain
D.    Site

Answer: D

QUESTION 147
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. You upgrade all domain controllers to Windows Server 2008 R2. You need to ensure that the Sysvol share replicates by using DFS Replication (DFS-R). What should you do?

A.    From the command prompt, run dfsutil /addroot:sysvol.
B.    From the command prompt, run netdom /reset.
C.    From the command prompt, run dcpromo /unattend:unattendfile.xml.
D.    Raise the functional level of the domain to Windows Server 2008 R2.

Answer: D

QUESTION 148
Your company has a main office and a branch office that are configured as a single Active Directory forest. The functional level of the Active Directory forest is Windows Server 2003. There are four Windows Server 2003 domain controllers in the main office. You need to ensure that you are able to deploy a read-only domain controller (RODC) at the branch office. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Raise the functional level of the forest to Windows Server 2008.
B.    Deploy a Windows Server 2008 domain controller at the main office.
C.    Raise the functional level of the domain to Windows Server 2008.
D.    Run the adprep/rodcprep command.

Answer: BD

QUESTION 149
Your company has an Active Directory forest that contains Windows Server 2008 R2 domain controllers and DNS servers. All client computers run Windows XP SP3. You need to use your client computers to edit domainbased GPOs by using the ADMX files that are stored in the ADMX central store. What should you do?

A.    Add your account to the Domain Admins group.
B.    Upgrade your client computers to Windows 7.
C.    Install .NET Framework 3.0 on your client computers.
D.    Create a folder on PDC emulator for the domain in the PolicyDefinitions path. Copy the ADMX files to the PolicyDefinitions folder.

Answer: B

QUESTION 150
Your company has a domain controller that runs Windows Server 2008. The domain controller has the backup features installed. You need to perform a non-authoritative restore of the doman controller using an existing backup file. What should you do?

A.    Restart the domain controller in Directory Services Restore Mode and use wbadmin to restore critical volume
B.    Restart the domain controller in Directory Services Restore Mode and use the backup snap-in to restore critical volume
C.    Restart the domain controller in Safe Mode and use wbadmin to restore critical volume
D.    Restart the domain controller in Safe Mode and use the backup snap-in to restore critical volume

Answer: A

http://www.passleader.com/70-640.html

QUESTION 151
Your company has an Active Directory domain. All servers run Windows Server. You deploy a Certification Authority (CA) server. You create a new global security group named CertIssuers. You need to ensure that members of the CertIssuers group can issue, approve, and revoke certificates. What should you do?

A.    Assign the Certificate Manager role to the CertIssuers group
B.    Place CertIssuers group in the Certificate Publisher group
C.    Run the certsrv -add CertIssuers command promt of the certificate server
D.    Run the add -member-membertype memberset CertIssuers command by using Microsoft Windows Powershell

Answer: A

QUESTION 152
Your company has an Active Directory domain. The company has purchased 100 new computers. You want to deploy the computers as members of the domain. You need to create the computer accounts in an OU. What should you do?

A.    Run the csvde -f computers.csv command
B.    Run the ldifde -f computers.ldf command
C.    Run the dsadd computer <computerdn> command
D.    Run the dsmod computer <computerdn> command

Answer: C

QUESTION 153
Your network consists of a single Active Directory domain. You have a domain controller and a member server that run Windows Server 2008 R2. Both servers are configured as DNS servers. Client computers run either Windows XP Service Pack 3 or Windows 7. You have a standard primary zone on the domain controller. The member server hosts a secondary copy of the zone. You need to ensure that only authenticated users are allowed to update host (A) records in the DNS zone. What should you do first?

A.    On the member server, add a conditional forwarder.
B.    On the member server, install Active Directory Domain Services.
C.    Add all computer accounts to the DNS UpdateProxy group.
D.    Convert the standard primary zone to an Active Directory-integrated zone.

Answer: D

QUESTION 154
Your company has two domain controllers that are configured as internal DNS servers. All zones on the DNS servers are Active Directory-integrated zones. The zones allow all dynamic updates. You discover that the contoso.com zone has multiple entries for the host names of computers that do not exist. You need to configure the contoso.com zone to automatically remove expired records. What should you do?

A.    Enable only secure updates on the contoso.com zone.
B.    Enable scavenging and configure the refresh interval on the contoso.com zone.
C.    From the Start of Authority tab, decrease the default refresh interval on the contoso.com zone.
D.    From the Start of Authority tab, increase the default expiration interval on the contoso.com zone.

Answer: B

QUESTION 155
You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement a certification authority (CA) server that meets the following requirements:
– Allows the certification authority to automatically issue certificates
– Integrates with Active Directory Domain Services
What should you do?

A.    Install and configure the Active Directory Certificate Services server role as a Standalone Root CA.
B.    Install and configure the Active Directory Certificate Services server role as an Enterprise Root CA.
C.    Purchase a certificate from a third-party certification authority, Install and configure the Active Directory Certificate Services server role as a Standalone Subordinate CA.
D.    Purchase a certificate from a third-party certification authority, Import the certificate into the computer store of the schema master.

Answer: B

QUESTION 156
You have a Windows Server 2008 R2 Enterprise Root certification authority (CA). You need to grant members of the Account Operators group the ability to only manage Basic EFS certificates. You grant the Account Operators group the Issue and Manage Certificates permission on the CA. Which three tasks should you perform next? (Each correct answer presents part of the solution. Choose three.)

A.    Enable the Restrict Enrollment Agents option on the CA.
B.    Enable the Restrict Certificate Managers option on the CA.
C.    Add the Basic EFS certificate template for the Account Operators group.
D.    Grant the Account Operators group the Manage CA permission on the CA.
E.    Remove all unnecessary certificate templates that are assigned to the Account Operators group.

Answer: BCE

QUESTION 157
Your company has an Active Directory domain. You have a two-tier PKI infrastructure that contains an offline root CA and an online issuing CA. The Enterprise certification authority is running Windows Server 2008 R2. You need to ensure users are able to enroll new certificates. What should you do?

A.    Renew the Certificate Revocation List (CRL) on the root CA. Copy the CRL to the CertEnroll folder on the issuing CA.
B.    Renew the Certificate Revocation List (CRL) on the issuing CA, Copy the CRL to the SysternCertificates folder in the users’ profile.
C.    Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
D.    Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.

Answer: A

QUESTION 158
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA. The Enterprise Intermediate CA certificate expires. You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do?

A.    Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
B.    Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.
C.    Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy object.
D.    Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.

Answer: B

QUESTION 159
Your company has recently acquired a new subsidiary company in Quebec. The Active Directory administrators of the subsidiary company must use the French-language version of the administrative templates. You create a folder on the PDC emulator for the subsidiary domain in the path %systemroot%\SYSVOL\domain\Policies\PolicyDefinitions\FR. You need to ensure that the French-language version of the templates is available. What should you do?

A.    Download the Conf.adm, System.adm, Wuau.adm, and Inetres.adm files from the Microsoft Web site. Copy the ADM files to the FR folder.
B.    Copy the ADML files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.
C.    Copy the Install.WIM file from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.
D.    Copy the ADMX files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.

Answer: B

QUESTION 160
A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails. You need to enable the user to join a single computer to the domain. You must ensure that the user is denied any additional rights beyond those required to complete the task. What should you do?

A.    Prestage the computer account in the Active Directory domain.
B.    Add the user to the Domain Administrators group for one day.
C.    Add the user to the Server Operators group in the Active Directory domain.
D.    Grant the user the right to log on locally by using a Group Policy Object (GPO).

Answer: A

http://www.passleader.com/70-640.html

New Updated 70-486 Exam Questions from PassLeader 70-486 PDF dumps! Welcome to download the newest PassLeader 70-486 VCE dumps: http://www.passleader.com/70-486.html (192 Q&As)

Keywords: 70-486 exam dumps, 70-486 exam questions, 70-486 VCE dumps, 70-486 PDF dumps, 70-486 practice tests, 70-486 study guide, 70-486 braindumps, Developing ASP.NET MVC 4 Web Applications Exam

NEW QUESTION 183
You developing website that needs to be responsive and used in all types of devices with the least amount of effort what should you consider.

A.    In css style each HTML tag by setting width to 100%
B.    Use meta viewport and set device-width.
C.    Use displaymodeprovider.
D.    In css use Mediaattribute.

Answer: B

NEW QUESTION 184
You are developing an ASP.NET MVC application. The application uses a SQL Server database and a SQL Server login and password. You need to ensure that the password for the SQL Server login is not stored in plain text. Which two actions should you perform? Each correct answer presents part of the solution.

A.    Ensure that there is a valid machineKey element in the web.config file.
B.    Encrypt the connection string by using aspnet_regiis.exe.
C.    Ensure that there is a valid encryptionKey element in the web.config file.
D.    Encrypt the connection string by using aspnet_wp.exe5.

Answer: AB

NEW QUESTION 185
You are building an ASP.NET application. You must test in multiple browsers at the same tune. You need to refresh all of the browsers automatically each time you make a change to the code. Which three actions should you perform in sequence? To answer, move the appropnate actions from the list of actions to the answer area and arrange them In the correct order.

A.    Rebuild the solution.
B.    Enable Browser link.
C.    Run the solution.
D.    Refresh linked browsers.
E.    Choose the browsers.

Answer: BDE

NEW QUESTION 186
You develop an ASP.NET MVC application. The application includes a web application configuration file that contains sensitive information. You need to encrypt the sensitNe information. Which tool should you use?

A.    caspol.exe
B.    aspnet_wp.exe
C.    ngen.exe 4%
D.    aspnet_regiis.exe
E.    regasm.exe

Answer: D

NEW QUESTION 187
You develop a new ASP.NET MVC application. You use local storage to maintain state. The localstorage object’s setitem method is failing to store a value. Which two scenarios will cause the failure? Each correct answer presents a complete solution.

A.    The user has disabled local storage in the browser.
B.    The newValue property was used prior to calling the setitem method.
C.    The value being stored is a JavaScript array.
D.    The value being stored exceeds I0MB in size.

Answer: AD

NEW QUESTION 188
You are maintaining an ASP.NET MVC application that runs on Azure. Remote debugging Is enabled for this role, but the input endpoints for remote debugging have been removed for security reasons. You do not have permission to view the Azure Portal for this deployment. You can log on by using Remote Desktop Protocol (RDP). You must attach a remote debugger to the application. You need to add the input endpoints to enable remote debugging. Which file should you modify?

A.    E:\.csman
B.    C:\Config\ .ccf
C.    C:\Config\ WebRole.1.xml
D.    E:\entrypoint.txt

Answer: A

NEW QUESTION 189
……

Download the newest PassLeader 70-486 dumps from passleader.com now! 100% Pass Guarantee!

70-486 PDF dumps & 70-486 VCE dumps: http://www.passleader.com/70-486.html (192 Q&As)

QUESTION 161
The default domain GPO in your company is configured by using the following account policy settings:
– Minimum password length: 8 characters
– Maximum password age: 30 days
– Enforce password history: 12 passwords remembered
– Account lockout threshold: 3 invalid logon attempts
– Account lockout duration: 30 minutes
You install Microsoft SQL Server on a computer named Server1 that runs Windows Server 2008 R2. The SQL Server application uses a service account named SQLSrv. The SQLSrv account has domain user rights. The SQL Server computer fails after running successfully for several weeks. The SQLSrv user account is not locked out. You need to resolve the server failure and prevent recurrence of the failure. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Reset the password of the SQLSrv user account.
B.    Configure the local security policy on Serverl to grant the Logon as a service right on the SQLSrv user account.
C.    Configure the properties of the SQLSrv account to Password never expires.
D.    Configure the properties of the SQLSrv account to User cannot change password.
E.    Configure the local security policy on Serverl to explicitly grant the SQLSrv user account the Allow logon locally user right.

Answer: AC

QUESTION 162
Your company has two Active Directory forests named Forest1 and Forest2, The forest functional level and the domain functional level of Forest1 are set to Windows Server 2008. The forest functional level of Forest2 is set to Windows 2000, and the domain functional levels in Forest2 are set to Windows Server 2003. You need to set up a transitive forest trust between Forestl and Forest2. What should you do first?

A.    Raise the forest functional level of Forest2 to Windows Server 2003 Interim mode.
B.    Raise the forest functional level of Forest2 to Windows Server 2003.
C.    Upgrade the domain controllers in Forest2 to Windows Server 2008.
D.    Upgrade the domain controllers in Forest2 to Windows Server 2003.

Answer: B

QUESTION 163
Your company has an Active Directory forest that contains two domains, The forest has universal groups that contain members from each domain. A branch office has a domain controller named DC1, Users at the branch office report that the logon process takes too long. You need to decrease the amount of time it takes for the branch office users to logon. What should you do?

A.    Configure DC1 as a Global Catalog server.
B.    Configure DC1 as a bridgehead server for the branch office site.
C.    Decrease the replication interval on the site link that connects the branch office to the corporate network.
D.    Increase the replication interval on the site link that connects the branch office to the corporate network.

Answer: A

QUESTION 164
Your company has an Active Directory domain. The main office has a DNS server named DNS1 that is configured with Active Directory-integrated DNS. The branch office has a DNS server named DNS2 that contains a secondary copy of the zone from DNS1. The two offices are connected with an unreliable WAN link. You add a new server to the main office. Five minutes after adding the server, a user from the branch office reports that he is unable to connect to the new server. You need to ensure that the user is able to connect to the new server. What should you do?

A.    Clear the cache on DNS2.
B.    Reload the zone on DNS1.
C.    Refresh the zone on DNS2.
D.    Export the zone from DNS1 and import the zone to DNS2.

Answer: C

QUESTION 165
You need to validate whether Active Directory successfully replicated between two domain controllers. What should you do?

A.    Run the DSget command.
B.    Run the Dsquery command.
C.    Run the RepAdmin command.
D.    Run the Windows System Resource Manager.

Answer: C

QUESTION 166
You have a domain controller that runs Windows Server 2008 R2. The Windows Server Backup feature is installed on the domain controller. You need to perform a non-authoritative restore of the domain controller by using an existing backup file. What should you do?

A.    Restart the domain controller in Directory Services Restore Mode. Use the WBADMIN command to perform a critical volume restore.
B.    Restart the domain controller in Directory Services Restore Mode. Use the Windows Server Backup snap-in to perform a critical volume restore.
C.    Restart the domain controller in safe mode. Use the Windows Server Backup snap-in to perform a critical volume restore.
D.    Restart the domain controller in safe mode. Use the WBADMIN command to perform a critical volume restore.

Answer: A

QUESTION 167
Your company has an Active Directory forest. Not all domain controllers in the forest are configured as Global Catalog Servers. Your domain structure contains one root domain and one child domain. You modify the folder permissions on a file server that is in the child domain. You discover that some Access Control entries start with S-1-5-21 and that no account name is listed. You need to list the account names. What should you do?

A.    Move the RID master role in the child domain to a domain controller that holds the Global Catalog.
B.    Modify the schema to enable replication of the friendlynames attribute to the Global Catalog.
C.    Move the RID master role in the child domain to a domain controller that does not hold the Global Catalog.
D.    Move the infrastructure master role in the child domain to a domain controller that does not hold the Global Catalog.

Answer: D

QUESTION 168
Your company security policy requires complex passwords. You have a comma delimited file named import.csv that contains user account information. You need to create user account in the domain by using the import.csv file. You also need to ensure that the new user accounts are set to use default passwords and are disabled. What shoulld you do?

A.    Modify the userAccountControl attribute to disabled. Run the csvde i k f import.csv command.
Run the DSMOD utility to set default passwords for the user accounts.
B.    Modify the userAccountControl attribute to accounts disabled. Run the csvde -f import.csv command.
Run the DSMOD utility to set default passwords for the user accounts.
C.    Modify the userAccountControl attribute to disabled. Run the wscript import.csv command.
Run the DSADD utility to set default passwords for the imported user accounts.
D.    Modify the userAccountControl attribute to disabled. Run ldifde -i -f import.csv command.
Run the DSADD utility to set passwords for the imported user accounts.

Answer: A

QUESTION 169
You are installing an application on a computer that runs Windows Server 2008 R2. During installation, the application will need to install new attributes and classes to the Active Directory database. You need to ensure that you can install the application. What should you do?

A.    Change the functional level of the forest to Windows Server 2008 R2.
B.    Log on by using an account that has Server Operator rights.
C.    Log on by using an account that has Schema Administrator rights and the appropriate rights to install the application.
D.    Log on by using an account that has the Enterprise Administrator rights and the appropriate rights to install the application.

Answer: C

QUESTION 170
Your company has an Active Directory forest. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7. The domain uses a set of GPO administrative templates that have been approved to support regulatory compliance requirements. Your partner company has an Active Directory forest that contains a single domain. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7. You need to configure your partner company’s domain to use the approved set of administrative templates. What should you do?

A.    Use the Group Policy Management Console (GPMC) utility to back up the GPO to a file. In each site, import the GPO to the default domain policy.
B.    Copy the ADMX files from your company’s PDC emulator to the PolicyDefinitions folder on the partner company’s PDC emulator.
C.    Copy the ADML files from your company’s PDC emulator to the PolicyDefinitions folder on the partner company’s PDC emulator.
D.    Download the conf.adm, system.adm, wuau.adm, and inetres.adm files from the Microsoft Updates Web site. Copy the ADM files to the PolicyDefinitions folder on thr partner company’s emulator.

Answer: B

http://www.passleader.com/70-640.html

QUESTION 171
You need to ensure that users who enter three successive invalid passwords within 5 minutes are locked out for 5 minutes. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.    Set the Minimum password age setting to one day.
B.    Set the Maximum password age setting to one day.
C.    Set the Account lockout duration setting to 5 minutes.
D.    Set the Reset account lockout counter after setting to 5 minutes.
E.    Set the Account lockout threshold setting to 3 invalid logon attempts.
F.    Set the Enforce password history setting to 3 passswords remembered.

Answer: CDE

QUESTION 172
Your network contains an Active Directory domain named contoso.com. The Administrator deletes an OU named OU1 accidentally. You need to restore OU1. Which cmdlet should you use?

A.    Set-ADObject cmdlet.
B.    Set-ADOrganizationalUnit cmdlet.
C.    Set-ADUser cmdlet.
D.    Set-ADGroup cmdlet.

Answer: A

QUESTION 173
Your network contains an Active Directory domain. The domain is configured as shown in the exhibit. You have a Group Policy Object (GPO) linked to the domain. You need to ensure that the settings in the GPO are not processed by user accounts or computer accounts in the Finance organizational unit (OU). You must achieve this goal by using the minimum amount of administrative effort. What should you do?

A.    Modify the Group Policy Permission.
B.    Configure WMI filtering.
C.    Enable block inheritance.
D.    Enable loopback processing in replace mode.
E.    Configure the link order.
F.    Configure Group Policy Preferences.
G.    Link the GPO to the Human Resources OU.
H.    Configure Restricted Groups.
I.    Enable loopback processing in merge mode.
J.    Link the GPO to the Finance OU.

Answer: C

QUESTION 174
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named Sales and an OU named Engineering. You have two Group Policy objects (GPOs) named GP01 and GPO2. GP01 and GP02 are linked to the Sales OU and contain multiple settings. You discover that GPO2 has a setting that conflicts with a setting in GP01. When the policies are applied, the setting in GPO2 takes effect. You need to ensure that the settings in GP01 supersede the settings in GP02. The solution must ensure that all non-conflicting settings in both GPOs are applied.

A.    Configure Restricted Groups.
B.    Configure the link order.
C.    Link the GPO to the Sales OU.
D.    Link the GPO to the Engineering OU.
E.    Enable loopback processing in merge mode.
F.    Modify the Group Policy permissions.
G.    Configure WMI Filtering.
H.    Configure Group Policy Preferences.
I.    Enable loopback processing in replace mode.
J.    Enable block inheritance.

Answer: B

QUESTION 175
Your network contains an Active Directory forest. All users have a value set for the Department attribute. From Active Directory Users and Computers, you search a domain for all users who have a Department attribute value of Marketing. The search returns 50 users. From Active Directory Users and Computers, you search the entire directory for all users who have a Department attribute value of Marketing. The search does not return any users. You need to ensure that a search of the entire directory for users in the marketing department returns all of the users who have the Marketing Department attribute. What should you do?

A.    Install the Windows Search Service role service on a global catalog server.
B.    From the Active Directory Schema snap-in modify the properties of the Department attribute.
C.    Install the Indexing Service role service on a global catalog server.
D.    From the Active Directory Schema snap-in modify the properties of the user class.

Answer: B

QUESTION 176
Your network contains an Active Directory forest. The forest contains one domain named contoso.com. You discover the following event in the Event log of domain controllers:
“The request for a new account-identifier pool failed. The operation will be retried until the request succeeds. The error is ” %1 “”
You need to ensure that the domain controllers can acquire new account-identifier pools successfully. What should you do?

A.    Move the PDC emulator role.
B.    Move the schema master role.
C.    Move the global catalog server.
D.    Move the domain naming master role.
E.    Move the infrastructure master role.
F.    Move the RID master role.
G.    Restart the Active Directory Domain Services (AD DS) service.
H.    Deploy an additional global catalog server.
I.    Move the bridgehead server.
J.    Install a read-only domain controller (RODC).

Answer: F

QUESTION 177
Your network contains an Active Directory domain named contoso.com. You need to create one password policy for administrators and another password policy for all other users. Which tool should you use?

A.    Ntdsutil
B.    Active Directory Users and Computers
C.    ADSI Edit
D.    Group Policy Management Console (GPMC)

Answer: C

QUESTION 178
Your network contains an Active Directory forest named contoso.com. You need to identify whether a fine-grained password policy is applied to a specific group. Which tool should you use?

A.    Active Directory Sites and Services
B.    Authorization Manager
C.    Local Security Policy
D.    ADSI Edit

Answer: D

QUESTION 179
A corporate network includes an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers. You add multiple DNS records to the zone. You need to ensure that the new records are available on all DNS servers as soon as possible. Which tool should you use?

A.    Repadmin
B.    Active Directory Domains and Trusts console
C.    Ldp
D.    Ntdsutil

Answer: A

QUESTION 180
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and child.contoso.com. The forest contains two sites named Seattle and Denver. Both sites contain users, client computers, and domain controllers from both domains. The Seattle site contains the first domain controller deployed to the forest. The Seattle site also contains the primary domain controller (PDC) emulator for both domains. All of the domain controllers are configured as DNS servers. All DNS zones are replicated to all of the domain controllers in the forest. The users in the Denver site report that is takes a long time to log on to their client computer when they use their user principal name (UPN). The users in the Seattle site do not experience the same issue. You need to reduce the amount of time it takes for the Denver users to log on to their client computer by using their UPN. What should you do?

A.    Reduce the cost of the site link between the Denver site and the Seattle site.
B.    Enable the global catalog on a domain controller in the Denver site.
C.    Enable universal group membership caching in the Denver site.
D.    Move a PDC emulator to the Denver site.
E.    Reduce the replication interval of the site link between the Denver site and the Seattle site.
F.    Add an additional domain controller to the Denver site.

Answer: B

http://www.passleader.com/70-640.html

Being worried about passing your 70-640 exam? Why not trying PassLeader’s 70-640 VCE or PDF dumps? We PassLeader now are offering the accurate 651q 70-640 exam questions and answers, you can get all the real exam questions from our 70-640 exam dumps. All our 651q 70-640 practice tests are the newest and same with the real test. We ensure that you can pass 70-640 exam easily with our premium 70-640 study guide! Now visit passleader.com to get the valid 70-640 braindumps with free version VCE Player!

QUESTION 181
Your network contains two Active Directory forests named contoso.com and fabrikam.com. Each forest contains a single domain. A two-way forest trust exists between the forests. Selective authentication is enabled on the trust. Contoso.com contains a group named Group 1. Fabrikam.com contains a server named Server1. You need to ensure that users in Group1 can access resources on Server1. What should you modify?

A.    the permissions of the Group1 group
B.    the UPN suffixes of the contoso.com forest
C.    the UPN suffixes of the fabrikam.com forest
D.    the permissions of the Server1 computer account

Answer: A

QUESTION 182
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named Sales and an OU named Engineering. Users in the Sates OU frequently log on to client computers in the Engineering OU. You need to meet the following requirements:
– All of the user settings in the Group Policy objects (GPOs) linked to both the Sales OU and the Engineering OU must be applied to sales users when they log on to client computers in the Engineering OU.
– Only the policy settings in the GPOs linked to the Sales OU must be applied to sales users when they log on to client computers in the Sales OU.
– Policy settings in the GPOs linked to the Sales OU must not be applied to users in the Engineering OU.
What should you do?

A.    Modify the Group Policy permissions.
B.    Enable block inheritance.
C.    Configure the link order.
D.    Enable loopback processing in merge mode.
E.    Enable loopback processing in replace mode.
F.    Configure WMI filtering.
G.    Configure Restricted Groups.
H.    Configure Group Policy Preferences.
I.    Link the GPO to the Sales OU.
J.    Link the GPO to the Engineering OU.

Answer: D

QUESTION 183
You have an Active Directory domain named contoso.com. You need to view the account lockout threshold and duration for the domain. Which tool should you use?

A.    Computer Management
B.    Net Config
C.    Active Directory Users and Computers
D.    Gpresult

Answer: C

QUESTION 184
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and east.contoso.com. The contoso.com domain contains a domain controller named DC1. The east.contoso.com domain contains a domain controller named DC2. DC1 and DC2 have the DNS Server server role installed. You need to create a DNS zone that is available on DC1 and DC2. The solution must ensure that zone transfers are encrypted. What should you do?

A.    Create a primary zone on DC1 and store the zone in a zone file. On DC1 and DC2, configure inbound rules and outbound rules by using Windows Firewall with Advanced Security. Create a secondary zone on DC2 and select DC1 as the master.
B.    Create a primary zone on DC1 and store the zone in a DC=ForestDNSZones, DC=Contoso, DC=com naming context.
C.    Create a primary zone on DC2 and store the zone in a DC= DC=East, DC=Contoso/DC=com naming context. Create a secondary zone on DC1 and select DC2 as the master.
D.    Create a primary zone on DC1 and store the zone in a zone file. Configure DNSSEC for the zone. Create a secondary zone on DC2 and select DC1 as the master.

Answer: D

QUESTION 185
Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2008 R2. The network contains an enterprise certification authority (CA). You need to ensure that all of the members of a group named Managers can view the event log entries for Certificate Services. Which snap-in should you use?

A.    Active Directory Administrative Center
B.    Authorization Manager
C.    Certificate Templates
D.    Certificates
E.    Certification Authority
F.    Enterprise PKI
G.    Group Policy Management
H.    Security Configuration Wizard
I.    Share and Storage Management

Answer: G

QUESTION 186
Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2008 R2 Enterprise. All client computers run Windows 7 Professional. The network contains an enterprise certification authority (CA). You need to approve a pending certificate request. Which snap-in should you use?

Answer: E

QUESTION 187
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named Sales and an OU named Engineering. You have a Group Policy object (GPO) linked to the domain. You need to ensure that the settings in the GPO are not processed by user accounts or computer accounts in the Sales OU. You must achieve this goal by using the minimum amount of administrative effort. What should you do?

Answer: B

QUESTION 188
A corporate network includes a single Active Directory Domain Services (AD DS) domain. The domain contains 10 domain controllers. The domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You plan to create an Active Directory-integrated zone. You need to ensure that the new zone is replicated to only four of the domain controllers. What should you do first?

A.    Use the ntdsutil tool to modify the DS behavior for the domain.
B.    Use the ntdsutil tool to add a naming context.
C.    Create a new delegation in the ForestDnsZones application directory partition.
D.    Use the dnscmd tool with the /zoneadd parameter.

Answer: D

QUESTION 189
Your network contains an Active Directory forest named fabrikam.com. The forest contains the following domains:
– Fabrikam.com
– Eu.fabrikam.com
– Na.fabrikam.com
– Eu.contoso.com
– Na.contoso.com
You need to configure the forest to ensure that the administrators of any of the domains can specify a user principal name (UPN) suffix of contoso.com when they create user accounts from Active Directory Users and Computers. Which tool should you use?

A.    Active Directory Sites and Services
B.    Set-ADDomain
C.    Set-ADForest
D.    Active Directory Administrative Center

Answer: C

QUESTION 190
A corporate network includes a single Active Directory Domain Services (AD DS) domain and two AD DS sites. The AD DS sites are named Toronto and Montreal. Each site has multiple domain controllers. You need to determine which domain controller holds the Inter-Site Topology Generator role for the Toronto site. What should you do?

A.    Use the Active Directory Sites and Services console to view the NTDS Site Settings for the Toronto site.
B.    Use the Ntdsutil tool with the roles parameter.
C.    Use the Ntdsutil tool with the LDAP policies parameter.
D.    Use the Active Directory Sites and Services console to view the properties of each domain controller in the Toronto site.

Answer: A

http://www.passleader.com/70-640.html

QUESTION 191
Your network contains an Active Directory domain. The domain contains five sites. One of the sites contains a read-only domain controller (RODC) named RODC1. You need to identify which user accounts can have their password cached on RODC1. Which tool should you use?

A.    Repadmin
B.    Dcdiag
C.    Get-ADDomainControllerPasswordReplicationPolicyUsage
D.    Adtest

Answer: C

QUESTION 192
A network contains an Active Directory forest. The forest contains three domains and two sites. You remove the global catalog from a domain controller named DC2. DC2 is located in Site1. You need to reduce the size of the Active Directory database on DC2. The solution must minimize the impact on all users in Site1. What should you do first?

A.    On DC2, start the Protected Storage service.
B.    On DC2, stop the Active Directory Domain Services service.
C.    Start DC2 in Safe Mode.
D.    Start DC2 in Directory Services Restore Mode.

Answer: B

QUESTION 193
Your network contains an Active Directory domain named adatum.com. The functional level of the domain is Windows Server 2008. All domain controllers run Windows Server 2008 R2. All client computers run Windows 7 Enterprise. You need to receive a notification when more than 50 Active Directory objects are deleted per second. What should you do?

A.    Run the Get-ADDomain cmdlet.
B.    Run the dsget.exe command.
C.    Run the ntdsutil.exe command.
D.    Run the ocsetup.exe command.
E.    Run the dsamain.exe command.
F.    Run the eventcreate.exe command.
G.    Create a Data Collector Set (DCS).
H.    Create custom views from Event Viewer.
I.    Configure subscriptions from Event Viewer.
J.    Import the Active Directory module for Windows PowerShell.

Answer: G

QUESTION 194
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use?

A.    Group Policy Management MMC Snap-In
B.    Certificates MMC Snap-In on the Certificate Authority
C.    Certificate Templates MMC Snap-In
D.    Certification Authority MMC Snap-In

Answer: C

QUESTION 195
Your network contains an Active Directory forest. The forest contains one domain named contoso.com. You attempt to create a new child domain and you receive the following error message: “An LDAP read of operational attributes failed.” You need to ensure that you can add a new child domain to the forest. What should you do?

A.    Move the PDC emulator role.
B.    Move the RID master role.
C.    Move the infrastructure master role.
D.    Move the schema master role.
E.    Move the domain naming master role.
F.    Move the global catalog server.
G.    Move the bridgehead server.
H.    Install a read-only domain controller (RODC).
I.    Deploy an additional global catalog server.
J.    Restart the Active Directory Domain Services (AD DS) service.

Answer: E

QUESTION 196
Your network contains an Active Directory domain named adatum.com. The functional level of the domain is Windows Server 2003. All domain controllers run Windows Server 2008 R2. You mount an Active Directory snapshot. You need to ensure that you can connect to the snapshot by using LDAP. What should you do?

Answer: E

QUESTION 197
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named Sales and an OU named Engineering. You need to ensure that when users log on to client computers, they are added automatically to the local Administrators group. The users must be removed from the group when they log off of the client computers. What should you do?

A.    Modify the Group Policy permissions.
B.    Enable block inheritance.
C.    Configure the link order.
D.    Enable loopback processing in merge mode.
E.    Enable loopback processing in replace mode.
F.    Configure WMI filtering.
G.    Configure Restricted Groups.
H.    Configure Group Policy Preferences.
I.    Link the Group Policy object (GPO) to the Sales OU.
J.    Link the Group Policy object (GPO) to the Engineering OU.

Answer: H

QUESTION 198
Your network contains an Active Directory forest named contoso.com. The forest contains two member servers named Server1 and Server2. Server1 and Server2 have the DNS Server server role installed. Server1 hosts a standard primary zone for contoso.com. Server2 is configured as a secondary name server for contoso.com. You experience issues with the copy of the zone on Server2. You verify that both copies of the zone have the same serial number. You need to transfer a complete copy of the zone from Server1 to Server2. What should you do on Server2?

A.    From DNS Manager, right-click contoso.com and click Transfer from Master.
B.    From Services, right-click DNS Server and click Refresh.
C.    From Services, right-click DNS Server and click Restart.
D.    From DNS Manager, right-click contoso.com and click Reload.
E.    From DNS Manager, right-click contoso.com and click Transfer a new copy of zone from Master.

Answer: E

QUESTION 199
Your network contains an Active Directory domain. The domain contains two Active Directory sites named Site1 and Site2. Site1 contains two domain controllers named DC1 and DC2. Site2 contains two domain controller named DC3 and DC4. The functional level of the domain is Windows Server 2008 R2. The functional level of the forest is Windows Server 2003. Active Directory replication between Site1 and Site2 occurs from 20:00 to 01:00 every day. At 07:00, an administrator deletes a user account while he is logged on to DC1. You need to restore the deleted user account. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A.    On DC3, stop Active Directory Domain Services, perform an authoritative restore, and then start Active Directory Domain Services.
B.    On DC3, run the Restore-ADObject cmdlet.
C.    On DC1, run the Restore-ADObject cmdlet.
D.    On DC1, stop Active Directory Domain Services, restore the SystemState, and then start Active Directory Domain Services.

Answer: A

QUESTION 200
You create a standard primary zone for contoso.com. You need to specify a user named Admin1 as the person responsible for managing the zone. What should you do? (Each correct answer presents a complete solution. Choose two.)

A.    Open the %Systemroot\System32\DNS\Contoso.com.dns file by using Notepad and change all instances of “hostmaster.contoso.com” to “admin1.contoso.com”.
B.    From DNS Manager, open the properties of the Start of Authority (SOA) record ofcontoso.com, Specify admin1.contoso.com as the responsible person.
C.    Open the %Systemroot\System32\DNS\Contoso.com.dns file by using Notepad and change all instances of “hostmaster@contoso.com” to “adminl@contoso.com”.
D.    From DNS Manager, open the properties of the Start of Authority (SOA) record ofcontoso.com. Specify admin1@contoso.com as the responsible person.

Answer: BC

http://www.passleader.com/70-640.html

QUESTION 201
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. The DNS zone for contoso.com is Active Directory-integrated. You deploy a read-only domain controller (RODC) named R0DC1. You install the DNS Server server role on R0DC1. You discover that R0DC1 does not have any DNS application directory partitions. You need to ensure that R0DC1 has a copy of the DNS application directory partition of contoso.com. What should you do? (Each correct answer presents a complete solution. Choose two.)

A.    From DNS Manager, right-click RODC1 and click Create Default Application Directory Partitions.
B.    Run ntdsutil.exe. From the Partition Management context, run the create nc command.
C.    Run dnscmd.exe and specify the /createbuiltindirectorypartitions parameter.
D.    Run ntdsutil.exe. From the Partition Management context, run the add nc replica command.
E.    Run dnscmd.exe and specify the /enlistdirectorypartition parameter.

Answer: AC

QUESTION 202
A corporate network includes an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers. You add multiple DNS records to the zone. You need to ensure that the new records are available on all DNS servers as soon as possible. Which tool should you use?

A.    Ntdsutil
B.    Dnscmd
C.    Repadmin
D.    Nslookup

Answer: C

QUESTION 203
Your network contains three servers named ADFS1, ADFS2, and ADFS3 that run Windows Server 2008 R2. ADFS1 has the Active Directory Federation Services (AD FS) Federation Service role service installed. You plan to deploy AD FS 2.0 on ADFS2 and ADFS3. You need to export the token-signing certificate from ADFS1, and then import the certificate to ADFS2 and ADFS3.

A.    Personal Information Exchange PKCS #12 (.pfx)
B.    DER encoded binary X.509 (.cer)
C.    Cryptographic Message Syntax Standard PKCS #7 (.p7b)
D.    Base-64 encoded X.S09 (.cer)

Answer: A

QUESTION 204
You create a user account template for the marketing department. When you copy the user account template, you discover that the Web page attribute is not copied. You need to preserve the Web page attribute when you copy the user account template. What should you do?

A.    From Active Directory Administrative Center, modify the value of the wWWHomePage attribute for the user account template.
B.    From the Active Directory Schema snap-in, modify the properties of the user class.
C.    From Active Directory Users and Computers, modify the value of the wWWHomePage attribute for the user account template.
D.    From ADSI Edit, modify the properties of the wWWHomePage attribute.

Answer: B

QUESTION 205
Your network contains an Active Directory domain named contoso.com. The functional level of the forest is Windows Server 2008 R2. The Default Domain Controller Policy Group Policy object (GPO) contains audit policy settings. On a domain controller named DC1, an administrator configures the Advanced Audit Policy Configuration settings by using a local GPO. You need to identify what will be audited on DC1. Which tool should you use?

A.    Get-ADObject
B.    Secedit
C.    Security Configuration and Analysis
D.    Auditpol

Answer: D

QUESTION 206
A network contains an Active Directory forest. The forest schema contains a custom attribute for user objects. You need to view the custom attribute value of 500 user accounts in a Microsoft Excel table. Which tool should you use?

A.    Dsmod
B.    Csvde
C.    Ldifde
D.    Dsrm

Answer: B

QUESTION 207
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and child.contoso.com. All domain controllers run Windows Server 2008. All forest-wide operations master roles are in child.contoso.com. An administrator successfully runs adprep.exe /forestprep from the Windows Server 2008 R2 Service Pack 1 (SP1) installation media. You plan to run adprep.exe /domainprep in each domain. You need to ensure that you have the required user rights to run the command successfully in each domain. Of which groups should you be a member? (Each correct answer presents part of the solution. Choose two.)

A.    Administrators in child.contoso.com
B.    Enterprise Admins in contoso.com
C.    Domain Admins in child.contoso.com
D.    Domain Admins in contoso.com
E.    Administrators in contoso.com
F.    Schema Admins in contoso.com

Answer: CD

QUESTION 208
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain and 10 domain controllers. All of the domain controllers run Windows Server 2008 R2 Service Pack 1 (SP1). The forest contains an application directory partition named dc=app1, dc=contoso,dc=com. A domain controller named DC1 has a copy of the application directory partition. You need to configure a domain controller named DC2 to receive a copy of dc=app1, dc=contoso,dc=corn. Which tool should you use?

A.    Active Directory Sites and Services
B.    Dsmod
C.    Dcpromo
D.    Dsmgmt

Answer: B

QUESTION 209
A corporate environment includes a Windows Server 2008 R2 Active Directory Domain Services (AD DS) domain. You need to enable Universal Group Membership Caching on several domain controllers in the domain. Which tool should you use?

A.    Dsmod
B.    Dscmd
C.    Ntdsutil
D.    Active Directory Sites and Services console

Answer: D

QUESTION 210
Your network contains an Active Directory forest. The forest contains three domains. All domain controllers have the DNS Server server role installed. The forest contains three sites named Site1, Site2, and Site3. Each site contains the users, client computers, and domain controllers of each domain. Site1 contains the first domain controller deployed to the forest. The sites connect to each other by using unreliable WAN links. The users in Site2 and Site3 report that is takes a long time to log on to their client computer when they use their user principal name (UPN). The users in Site1 do not experience the same issue. You need to reduce the amount of time it takes for the Site2 users and the Site3 users to log on to their client computer by using their UPN. What should you do?

A.    Configure a global catalog server in Site2 and a global catalog server in Site3.
B.    Reduce the replication interval of the site links.
C.    Move a primary domain controller (PDC) emulator to Site2 and to Site3.
D.    Add additional domain controllers to Site2 and to Site3.
E.    Reduce the cost of the site links.
F.    Enable universal group membership caching in Site2 and in Site3.

Answer: A

http://www.passleader.com/70-640.html

QUESTION 211
You have a client computer named Computer1 that runs Windows 7. On Computer1, you configure a source-initiated subscription. You configure the subscription to retrieve all events from the Windows logs of a domain controller named DC1. The subscription is configured to use the HTTP protocol. You discover that events from the Security log of DC1 are not collected on Computer1. Events from the Application log of DC1 and the System log of DC1 are collected on Computer1. You need to ensure that events from the Security log of DC1 are collected on Computer1. What should you do?

A.    Add the computer account of Computer1 to the Event Log Readers group on the domain controller.
B.    Add the Network Service security principal to the Event Log Readers group on the domain.
C.    Configure the subscription to use custom Event Delivery Optimization settings.
D.    Configure the subscription to use the HTTPS protocol.

Answer: B

QUESTION 212
Your network contains an Active Directory forest named contoso.com. The forest contains six domains. You need to ensure that the administrators of any of the domains can specify a user principal name (UPN) suffix oflitwareinc.com when they create user accounts by using Active Directory Users and Computers. Which tool should you use?

A.    Active Directory Administrative Center
B.    Set-ADDomain
C.    Active Directory Sites and Services
D.    Set-ADForest

Answer: D

QUESTION 213
Your network contains an Active Directory domain named litwareinc.com. The domain contains two sites named Sitel and Site2. Site2 contains a read-only domain controller (RODC). You need to identify which user accounts attempted to authenticate to the RODC. Which tool should you use?

A.    Active Directory Users and Computers
B.    Ntdsutil
C.    Get-ADAccountResultantPasswordReplicationPolicy
D.    Adtest

Answer: C

QUESTION 214
Your network contains an Active Directory forest. The forest schema contains a custom attribute for user objects. You need to generate a file that contains the last logon time and the custom attribute values for each user in the forest. What should you use?

A.    the Get-ADUser cmdlet
B.    the Export-CSV cmdlet
C.    the Net User command
D.    the Dsquery User tool

Answer: A

QUESTION 215
You have an Active Directory domain named contoso.com. You need to view the account lockout threshold and duration for the domain. Which tool should you use?

A.    Net User
B.    Active Directory Users and Computers
C.    Group Policy Management Console (GPMC)
D.    Computer Management

Answer: C

QUESTION 216
A domain controller named DC4 runs Windows Server 2008 R2. DC4 is configured as a DNS server for fabrikam.com. You install the DNS Server server role on a member server named DNS1 and then you create a standard secondary zone for fabrikam.com. You configure DC4 as the master server for the zone. You need to ensure that DNS1 receives zone updates from DC4. What should you do?

A.    Add the DNS1 computer account to the DNSUpdateProxy group.
B.    On DC4, modify the permissions offabrikam.com zone.
C.    On DNS1, add a conditional forwarder.
D.    On DC4, modify the zone transfer settings for the fabrikam.com zone.

Answer: D

QUESTION 217
A company has an Active Directory forest. You plan to install an offline Enterprise root certification authority (CA) on a server named CA1. CA1 is a member of the PerimeterNetwork workgroup and is attached to a hardware security module for private key storage. You attempt to add the Active Directory Certificate Services (AD CS) server role to CA1. The Enterprise CA option is not available. You need to install the AD CS server role as an Enterprise CA on CA1. What should you do first?

A.    Add the DNS Server server role to CA1.
B.    Add the Web Server (IIS) server role and the AD CS server role to CA1.
C.    Add the Active Directory Lightweight Directory Services (AD LDS) server role to CA1.
D.    Join CA1 to the domain.

Answer: D

QUESTION 218
Your network contains an Active Directory domain named contoso.com. The Active Directory sites are configured as shown in the Sites exhibit. (Click the Exhibit button.) You need to ensure that DC1 and DC4 are the only servers that replicate Active Directory changes between the sites. What should you do?

A.    Configure DC1 as a preferred bridgehead server for IP transport.
B.    Configure DC4 as a preferred bridgehead server for IP transport.
C.    From the DC4 server object, create a Connection object for DC1.
D.    From the DC1 server object, create a Connection object for DC4.

Answer: C

QUESTION 219
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com. The no-refresh interval and the refresh interval are both set to three days. The Advanced DNS settings of DC1 are shown in the Advanced DNS Settings exhibit. (Click the Exhibit button.)

You open the properties of a static record named Server1 as shown in the Server1 Record exhibit. (Click the Exhibit button.)

You discover that the scavenging process ran today, but the record for Server1 was not deleted. You run dnscmd.exe and specify the ageallrecords parameter. You need to identify when the record for Server1 will be deleted from the zone. In how many days will the record be deleted?

A.    13
B.    10
C.    23
D.    7

Answer: D

QUESTION 220
Your company has an Active Directory forest. Each regional office has an organizational unit (OU) named Marketing. The Marketing OU contains all users and computers in the region’s Marketing department. You need to install a Microsoft Office 2007 application only on the computers in the Marketing OUs. You create a GPO named MarketingApps. What should you do next?

A.    Configure the GPO to assign the application to the computer account. Link the GPO to the domain.
B.    Configure the GPO to assign the application to the user account. Link the GPO to each Marketing OU.
C.    Configure the GPO to assign the application to the computer account. Link the GPO to each Marketing OU.
D.    Configure the GPO to publish the application to the user account. Link the GPO to each Marketing OU.

Answer: C

http://www.passleader.com/70-640.html

PassLeader helps you to get well prepared for the 70-640 exam! Try PassLeader’s new 651q 70-640 exam dumps with VCE test software or PDF braindumps now and you will get your 70-640 certification quickly. PassLeader’s 651q 70-640 exam questions with all new 70-640 exam questions is the best study materials for preparing exam, we ensure that our full version 70-640 VCE dumps and PDF dumps will help you 100 percent passing 70-640 exam. First try the PassLeader valid 70-640 braindumps and first pass exam!

QUESTION 221
Your network contains an Active Directory domain. The domain is configured as shown in the exhibit. (Click the Exhibit button.) Each organizational unit (OU) contains over 500 user accounts. The Finance OU and the Human Resources OU contain several user accounts that are members of a universal group named Group1. You have a Group Policy object (GPO) linked to the domain. You need to prevent the GPO from being applied to the members of Group1 only. What should you do?

A.    Modify the Group Policy permissions.
B.    Enable block inheritance.
C.    Configure the link order.
D.    Enable loopback processing in merge mode.
E.    Enable loopback processing in replace mode.
F.    Configure WMI filtering.
G.    Configure Restricted Groups.
H.    Configure Group Policy Preferences.
I.    Link the GPO to the Finance OU.
J.    Link the GPO to the Human Resources OU.

Answer: A

QUESTION 222
You create a new Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains five domain controllers that run Windows Server 2008 R2. You need to monitor the replication of the group policy template files. Which tool should you use?

A.    Dfsrdiag
B.    Fsutil
C.    Ntdsutil
D.    Ntfrsutl

Answer: D

QUESTION 223
You have a domain controller named Server1 that runs Windows Server 2008 R2. You need to determine the size of the Active Directory database on Server1. What should you do?

A.    Run the Active Directory Sizer tool.
B.    Run the Active Directory Diagnostics data collector set.
C.    From Windows Explorer, view the properties of the %systemroot%\ntds\ntds.dit file.
D.    From Windows Explorer, view the properties of the %systemroot%\sysvol\domain folder.

Answer: C

QUESTION 224
You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use?

A.    Active Directory Administrative Center
B.    Event Viewer
C.    Resource Monitor
D.    Security Configuration Wizard

Answer: B

QUESTION 225
Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7. You need to forward the logon events of all the domain controllers in contoso.com to Computer1. All new domain controllers must be dynamically added to the subscription. What should you do?

A.    From Computer1, configure source-initiated event subscriptions. From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.
B.    From Computer1, configure collector-initiated event subscriptions. From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.
C.    From Computer1, configure source-initiated event subscriptions. Install a server authentication certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).
D.    From Computer1, configure collector-initiated event subscriptions. Install a server authentication certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).

Answer: A

QUESTION 226
Your network contains an Active Directory domain that has two sites. You need to identify whether logon scripts are replicated to all domain controllers. Which folder should you verify?

A.    GroupPolicy
B.    NTDS
C.    SoftwareDistribution
D.    SYSVOL

Answer: D

QUESTION 227
You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer’s Trusted Root Certification Authorities store. Which command should you run on Server1?

A.    certreq.exe and specify the -accept parameter
B.    certreq.exe and specify the -retrieve parameter
C.    certutil.exe and specify the -dspublish parameter
D.    certutil.exe and specify the -importcert parameter

Answer: C

QUESTION 228
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server?

A.    an account that is a member of the Certificate Publishers group in the child domain
B.    an account that is a member of the Certificate Publishers group in the forest root domain
C.    an account that is a member of the Schema Admins group in the forest root domain
D.    an account that is a member of the Enterprise Admins group in the forest root domain

Answer: D

QUESTION 229
You have an enterprise subordinate certification authority (CA). You have a group named Group1. You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates. What should you do?

A.    Add Group1 to the local Administrators group.
B.    Add Group1 to the Certificate Publishers group.
C.    Assign the Manage CA permission to Group1.
D.    Assign the Issue and Manage Certificates permission to Group1.

Answer: C

QUESTION 230
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do?

A.    Add a data recovery agent to the Default Domain Policy.
B.    Modify the value in the Number of recovery agents to use box.
C.    Revoke the current key recovery agent certificates and issue three new key recovery agent certificates.
D.    Assign the Issue and Manage Certificates permission to users who have the key recovery agent certificates.

Answer: B

http://www.passleader.com/70-640.html

QUESTION 231
You have an enterprise subordinate certification authority (CA). The CA is configured to use a hardware security module. You need to back up Active Directory Certificate Services on the CA. Which command should you run?

A.    certutil.exe backup
B.    certutil.exe backupdb
C.    certutil.exe backupkey
D.    certutil.exe store

Answer: A

QUESTION 232
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    In a Group Policy object (GPO), configure the autoenrollment settings.
B.    In a Group Policy object (GPO), configure the Automatic Certificate Request Settings.
C.    On the certificate template, assign the Read and Autoenroll permission to the Authenticated Users group.
D.    On the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain Users group.

Answer: AD

QUESTION 233
You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do?

A.    Run certutil.exe pulse.
B.    Run certutil.exe installcert.
C.    Change the certificate template to a Version 2 certificate template.
D.    On the certificate template, assign the Autoenroll permission to the users.

Answer: C

QUESTION 234
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use?

A.    Active Directory Administrative Center
B.    Certification Authority
C.    Certificate Templates
D.    Group Policy Management

Answer: C

QUESTION 235
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown below:

You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do?

A.    Upgrade Server1 to Windows Server 2008 R2.
B.    Upgrade Server2 to Windows Server 2008 R2.
C.    Raise the functional level of the domain to Windows Server 2008.
D.    Install the Windows Server 2008 R2 Active Directory Schema updates.

Answer: D

QUESTION 236
You have a domain controller that runs the DHCP service. You need to perform an offline defragmentation of the Active Directory database on the domain controller. You must achieve this goal without affecting the availability of the DHCP service. What should you do?

A.    Restart the domain controller in Directory Services Restore Mode. Run the Disk Defragmenter utility.
B.    Restart the domain controller in Directory Services Restore Mode. Run the Ntdsutil utility.
C.    Stop the Active Directory Domain Services service. Run the Ntdsutil utility.
D.    Stop the Active Directory Domain Services service. Run the Disk Defragmenter utility.

Answer: C

QUESTION 237
Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is configured to use selective authentication. Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify NTFS permission for the Marketing folder are assigned to the G_Marketing group. Members of G_Marketing report that they cannot access the Marketing folder. You need to ensure that the G_Marketing members can access the folder from the network. What should you do?

A.    From Windows Explorer, modify the NTFS permissions of the folder.
B.    From Windows Explorer, modify the share permissions of the folder.
C.    From Active Directory Users and Computers, modify the computer object for Server1.
D.    From Active Directory Users and Computers, modify the group object for G_Marketing.

Answer: C

QUESTION 238
Your network contains an Active Directory forest. You need to add a new user principal name (UPN) suffix to the forest. Which tool should you use?

A.    Active Directory Administrative Center
B.    Active Directory Domains and Trusts
C.    Active Directory Sites and Services
D.    Active Directory Users and Computers

Answer: B

QUESTION 239
Your network contains an Active Directory domain. The domain contains two sites named Site1 and Site2. Site 1 contains five domain controllers. Site2 contains one read-only domain controller (RODC). Site1 and Site2 connect to each other by using a slow WAN link. You discover that the cached password for a user named User1 is compromised on the RODC. On a domain controller in Site1, you change the password for User1. You need to replicate the new password for User1 to the RODC immediately. The solution must not replicate other objects to the RODC. Which tool should you use?

A.    Active Directory Sites and Services
B.    Active Directory Users and Computers
C.    Repadmin
D.    Replmon

Answer: A

QUESTION 240
Your network contains an Active Directory domain named contoso.com. The properties of the contoso.com DNS zone are configured as shown in the exhibit. (Click the Exhibit button.)

You need to update all service location (SRV) records for a domain controller in the domain. What should you do?

A.    Restart the Netlogon service.
B.    Restart the DNS Client service.
C.    Run sc.exe and specify the triggerinfo parameter.
D.    Run ipconfig.exe and specify the /registerdns parameter.

Answer: A

http://www.passleader.com/70-640.html

QUESTION 241
Your network contains an Active Directory domain. A user named User1 takes a leave of absence for one year. You need to restrict access to the User1 user account while User1 is away. What should you do?

A.    From the Default Domain Policy, modify the account lockout settings.
B.    From the Default Domain Controller Policy, modify the account lockout settings.
C.    From the properties of the user account, modify the Account options.
D.    From the properties of the user account, modify the Session settings.

Answer: C

QUESTION 242
Your network contains an Active Directory domain. The domain contains 1,000 user accounts. You have a list that contains the mobile phone number of each user. You need to add the mobile number of each user to Active Directory. What should you do?

A.    Create a file that contains the mobile phone numbers, and then run ldifde.exe.
B.    Create a file that contains the mobile phone numbers, and then run csvde.exe.
C.    From Adsiedit, select the CN=Users container, and then modify the properties of the container.
D.    From Active Directory Users and Computers, select all of the users, and then modify the properties of the users.

Answer: A

QUESTION 243
Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computers run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO). You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers. You need to ensure that the audit policy is applied to all member servers and all client computers. What should you do?

A.    Add a WMI filter to the Default Domain Policy GPO.
B.    Modify the security settings of the Default Domain Policy GPO.
C.    Configure a startup script that runs auditpol.exe on the member servers.
D.    Configure a startup script that runs auditpol.exe on the domain controllers.

Answer: C

QUESTION 244
Your network contains an Active Directory domain. The domain contains a group named Group1. The minimum password length for the domain is set to six characters. You need to ensure that the passwords for all users in Group1 are at least 10 characters long. All other users must be able to use passwords that are six characters long. What should you do first?

A.    Run the New-ADFineGrainedPasswordPolicy cmdlet.
B.    Run the Add-ADFineGrainedPasswordPolicySubject cmdlet.
C.    From the Default Domain Policy, modify the password policy.
D.    From the Default Domain Controller Policy, modify the password policy.

Answer: A

QUESTION 245
Your company uses an application that stores data in an Active Directory Lightweight Directory Services (AD LDS) instance named Instance1. You attempt to create a snapshot of Instance1 as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that you can take a snapshot of Instance1. What should you do?

A.    At the command prompt, run net start VSS.
B.    At the command prompt, run net start Instance1.
C.    Set the Startup Type for the Instance1 service to Disabled.
D.    Set the Startup Type for the Volume Shadow Copy Service (VSS) to Manual.

Answer: A

QUESTION 246
Your network contains 10 domain controllers that run Windows Server 2008 R2. The network contains a member server that is configured to collect all of the events that occur on the domain controllers. You need to ensure that administrators are notified when a specific event occurs on any of the domain controllers. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A.    From Event Viewer on the member server, create a subscription.
B.    From Event Viewer on each domain controller, create a subscription.
C.    From Event Viewer on the member server, run the Create Basic Task Wizard.
D.    From Event Viewer on each domain controller, run the Create Basic Task Wizard.

Answer: C

QUESTION 247
Your network contains an Active Directory domain controller named DC1. DC1 runs Windows Server 2008 R2. You need to defragment the Active Directory database on DC1. The solution must minimize downtime on DC1. What should you do first?

A.    At the command prompt, run net stop ntds.
B.    At the command prompt, run net stop netlogon.
C.    Restart DC1 in Safe Mode.
D.    Restart DC1 in Directory Services Restore Mode (DSRM).

Answer: A

QUESTION 248
Your network contains a single Active Directory domain named contoso.com. An administrator accidentally deletes the _msdsc.contoso.com zone. You recreate the _msdsc.contoso.com zone. You need to ensure that the _msdsc.contoso.com zone contains all of the required DNS records. What should you do on each domain controller?

A.    Restart the Netlogon service.
B.    Restart the DNS Server service.
C.    Run dcdiag.exe /fix.
D.    Run ipconfig.exe /registerdns.

Answer: A

QUESTION 249
Your network contains an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers. You add multiple DNS records to the zone. You need to ensure that the records are replicated to all DNS servers. Which tool should you use?

A.    Dnslint
B.    Ldp
C.    Nslookup
D.    Repadmin

Answer: D

QUESTION 250
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and eu.contoso.com. All domain controllers are DNS servers. The domain controllers in contoso.com host the zone for contoso.com. The domain controllers in eu.contoso.com host the zone for eu.contoso.com. The DNS zone for contoso.com is configured as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that all domain controllers in the forest host a writable copy of _msdsc.contoso.com. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Create a zone delegation record in the contoso.com zone.
B.    Create a zone delegation record in the eu.contoso.com zone.
C.    Create an Active Directory-integrated zone for _msdsc.contoso.com.
D.    Create a secondary zone named _msdsc.contoso.com in eu.contoso.com.

Answer: AC

http://www.passleader.com/70-640.html

QUESTION 251
You need to compact an Active Directory database on a domain controller that runs Windows Server 2008 R2. What should you do?

A.    Run defrag.exe /a /c.
B.    Run defrag.exe /c /u.
C.    From Ntdsutil, use the Files option.
D.    From Ntdsutil, use the Metadata cleanup option.

Answer: C

QUESTION 252
Your network contains an Active Directory domain named contoso.com. Contoso.com contains three servers. The servers are configured as shown in the following table.

You need to ensure that users can manually enroll and renew their certificates by using the Certificate Enrollment Web Service. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Configure the policy module settings.
B.    Configure the issuance requirements for the certificate templates.
C.    Configure the Certificate Services Client – Certificate Enrollment Policy Group Policy setting.
D.    Configure the delegation settings for the Certificate Enrollment Web Service application pool account.

Answer: BC

QUESTION 253
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Server 2008 Standard. You need to install an enterprise subordinate certification authority (CA) that supports private key archival. You must achieve this goal by using the minimum amount of administrative effort. What should you do first?

A.    Initialize the Trusted Platform Module (TPM).
B.    Upgrade the member server to Windows Server 2008 R2 Standard.
C.    Install the Certificate Enrollment Policy Web Service role service on the member server.
D.    Run the Security Configuration Wizard (SCW) and select the Active Directory Certificate Services – Certification Authority server role template check box.

Answer: B

QUESTION 254
You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do?

A.    Run certutil.exe Cpulse.
B.    Run certutil.exe Cinstallcert.
C.    Change the certificate template to a Version 2 certificate template.
D.    On the certificate template, assign the Autoenroll permission to the users.

Answer: C

QUESTION 255
Your network contains an Active Directory domain. The domain contains a member server named Server1 that runs Windows Server 2008 R2. You need to configure Server1 as a global catalog server. What should you do?

A.    Modify the Active Directory schema.
B.    From Ntdsutil, use the Roles option.
C.    Run the Active Directory Domain Services Installation Wizard on Server1.
D.    Move the Server1 computer object to the Domain Controllers organizational unit (OU).

Answer: C

QUESTION 256
Your network contains three Active Directory forests named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 and Forest3. You need to configure the forests to meet the following requirements:
– Users in Forest3 must be able to access resources in Forest1
– Users in Forest1 must be able to access resources in Forest3.
– The number of trusts must be minimized.
What should you do?

A.    In Forest2, modify the name suffix routing settings.
B.    In Forest1 and Forest3, configure selective authentication.
C.    In Forest1 and Forest3, modify the name suffix routing settings.
D.    Create a two-way forest trust between Forest1 and Forest3.
E.    Create a shortcut trust in Forest1 and a shortcut trust in Forest3.

Answer: D

QUESTION 257
Your network contains an Active Directory domain. All domain controller run Windows Server 2003. You replace all domain controllers with domain controllers that run Windows Server 2008 R2. You raise the functional level of the domain to Windows Server 2008 R2. You need to minimize the amount of SYSVOL replication traffic on the network. What should you do?

A.    Raise the functional level of the forest to Windows Server 2008 R2.
B.    Modify the path of the SYSVOL folder on all of the domain controllers.
C.    On a global catalog server, run repadmin.exe and specify the KCC parameter.
D.    On the domain controller that holds the primary domain controller (PDC) emulator FSMO role, run dfsrmig.exe.

Answer: C

QUESTION 258
Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table.

All client computers run Windows 7. You need to ensure that all client computers in the domain keep the same time as an external time server. What should you do?

A.    From DC1, run the time command.
B.    From DC2, run the time command.
C.    From DC1, run the w32tm.exe command.
D.    From DC2, run the w32tm.exe command.

Answer: D

QUESTION 259
Your network contains an Active Directory domain named contoso.com. Contoso.com contains two domain controllers. The domain controllers are configured as shown in the following table.

All client computers have IP addresses in the 10.1.2.1 to 10.1.2.240 range. You need to minimize the number of client authentication requests sent to DC2. What should you do?

A.    Create a new site named Site1. Create a new subnet object that has the 10.1.1.0/24 prefix and assign the subnet to Site1. Move DC1 to Site1.
B.    Create a new site named Site1. Create a new subnet object that has the 10.1.1.1/32 prefix and assign the subnet to Site1. Move DC1 to Site1.
C.    Create a new site named Site1. Create a new subnet object that has the 10.1.1.2/32 prefix and assign the subnet to Site1. Move DC2 to Site1.
D.    Create a new site named Site1. Create a new subnet object that has the 10.1.2.0/24 prefix and assign the subnet to Site1. Move DC2 to Site1.

Answer: C

QUESTION 260
Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Register a service principal name (SPN) for AD RMS.
B.    Register a service connection point (SCP) for AD RMS.
C.    Configure the identity setting of the _DRMSAppPool1 application pool.
D.    Configure the useAppPoolCredentials attribute in the Internet Information Services (IIS).

Answer: AD

http://www.passleader.com/70-640.html

[Pass Ensure VCE Dumps] Pass 70-642 Exam By Training PassLeader Free 70-642 Braindump (321-340)

[Pass Ensure VCE Dumps] Free Download PassLeader 70-642 New Practice Test With New VCE Files (341-360)

[Pass Ensure VCE Dumps] Free 70-642 448q Exam Dumps With New Update Exam Questions And Answers (361-380)

[Pass Ensure VCE Dumps] New PassLeader 448q 70-642 Exam Questions With Free VCE Download (381-400)

[Pass Ensure VCE Dumps] PassLeader Premium 651q 70-640 Exam Questions For Free Download (16-30)

[Pass Ensure VCE Dumps] Testing PassLeader 70-640 Exam Questions and Answers To 100% Pass 70-640 Exam (31-50)

[Pass Ensure VCE Dumps] Real PassLeader 70-640 Braindumps And VCE Dumps Ensure 100 Percent Exam Passing (51-70)

[Pass Ensure VCE Dumps] Exam 70-640 651q VCE and PDF Dumps Updated By PassLeader For Free (71-100)

[Pass Ensure VCE Dumps] New 70-640 Study Guide With Updated Exam Questions From PassLeader (101-120)

[New Exam Dumps] PassLeader Premium 220q 70-247 Braindump For Free Share

[New Exam Dumps] Newest 70-346 Exam Questions Ensure 100% Exam Passing From PassLeader

[New Exam Dumps] Free Valid PassLeader 146q 70-347 Exam Questions Ensure 100% Exam Passing

[Pass Ensure VCE Dumps] The Best PassLeader 70-640 Exam Questions With Free VCE Download (121-140)

[Pass Ensure VCE Dumps] PassLeader Best Valid 70-640 Braindump in VCE and PDF Help Passing Exam (141-160)

[New Exam Dumps] PassLeader Quality New 192q 70-486 Exam Questions For Free

[Pass Ensure VCE Dumps] Passing 70-640 Exam By Learning PassLeader Free 70-640 Exam Dumps (161-180)

[Pass Ensure VCE Dumps] PassLeader 651q 70-640 PDF Study Guide with Free VCE Dumps Collection (181-200)

[Pass Ensure VCE Dumps] Download Free PassLeader Premium 651q 70-640 Exam Questions (201-220)

[Pass Ensure VCE Dumps] Latest PassLeader 651q 70-640 Exam Questions and Answers For Free Download (221-240)

[Pass Ensure VCE Dumps] PassLeader Supply Free Real 70-640 Exam Braindump Ensure 100 Percent Pass (241-260)