PassLeader helps you to get well prepared for the 70-640 exam! Try PassLeader’s new 651q 70-640 exam dumps with VCE test software or PDF braindumps now and you will get your 70-640 certification quickly. PassLeader’s 651q 70-640 exam questions with all new 70-640 exam questions is the best study materials for preparing exam, we ensure that our full version 70-640 VCE dumps and PDF dumps will help you 100 percent passing 70-640 exam. First try the PassLeader valid 70-640 braindumps and first pass exam!
keywords: 70-640 exam,651q 70-640 exam dumps,651q 70-640 exam questions,70-640 pdf dumps,70-640 practice test,70-640 vce dumps,70-640 study guide,70-640 braindumps,TS: Windows Server 2008 Active Directory, Configuring Exam
QUESTION 221
Your network contains an Active Directory domain. The domain is configured as shown in the exhibit. (Click the Exhibit button.) Each organizational unit (OU) contains over 500 user accounts. The Finance OU and the Human Resources OU contain several user accounts that are members of a universal group named Group1. You have a Group Policy object (GPO) linked to the domain. You need to prevent the GPO from being applied to the members of Group1 only. What should you do?
A. Modify the Group Policy permissions.
B. Enable block inheritance.
C. Configure the link order.
D. Enable loopback processing in merge mode.
E. Enable loopback processing in replace mode.
F. Configure WMI filtering.
G. Configure Restricted Groups.
H. Configure Group Policy Preferences.
I. Link the GPO to the Finance OU.
J. Link the GPO to the Human Resources OU.
QUESTION 222
You create a new Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains five domain controllers that run Windows Server 2008 R2. You need to monitor the replication of the group policy template files. Which tool should you use?
A. Dfsrdiag
B. Fsutil
C. Ntdsutil
D. Ntfrsutl
Answer: D
QUESTION 223
You have a domain controller named Server1 that runs Windows Server 2008 R2. You need to determine the size of the Active Directory database on Server1. What should you do?
A. Run the Active Directory Sizer tool.
B. Run the Active Directory Diagnostics data collector set.
C. From Windows Explorer, view the properties of the %systemroot%\ntds\ntds.dit file.
D. From Windows Explorer, view the properties of the %systemroot%\sysvol\domain folder.
Answer: C
QUESTION 224
You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use?
A. Active Directory Administrative Center
B. Event Viewer
C. Resource Monitor
D. Security Configuration Wizard
Answer: B
QUESTION 225
Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7. You need to forward the logon events of all the domain controllers in contoso.com to Computer1. All new domain controllers must be dynamically added to the subscription. What should you do?
A. From Computer1, configure source-initiated event subscriptions. From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.
B. From Computer1, configure collector-initiated event subscriptions. From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.
C. From Computer1, configure source-initiated event subscriptions. Install a server authentication certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).
D. From Computer1, configure collector-initiated event subscriptions. Install a server authentication certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).
Answer: A
QUESTION 226
Your network contains an Active Directory domain that has two sites. You need to identify whether logon scripts are replicated to all domain controllers. Which folder should you verify?
A. GroupPolicy
B. NTDS
C. SoftwareDistribution
D. SYSVOL
Answer: D
QUESTION 227
You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer’s Trusted Root Certification Authorities store. Which command should you run on Server1?
A. certreq.exe and specify the -accept parameter
B. certreq.exe and specify the -retrieve parameter
C. certutil.exe and specify the -dspublish parameter
D. certutil.exe and specify the -importcert parameter
Answer: C
QUESTION 228
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server?
A. an account that is a member of the Certificate Publishers group in the child domain
B. an account that is a member of the Certificate Publishers group in the forest root domain
C. an account that is a member of the Schema Admins group in the forest root domain
D. an account that is a member of the Enterprise Admins group in the forest root domain
Answer: D
QUESTION 229
You have an enterprise subordinate certification authority (CA). You have a group named Group1. You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates. What should you do?
A. Add Group1 to the local Administrators group.
B. Add Group1 to the Certificate Publishers group.
C. Assign the Manage CA permission to Group1.
D. Assign the Issue and Manage Certificates permission to Group1.
Answer: C
QUESTION 230
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do?
A. Add a data recovery agent to the Default Domain Policy.
B. Modify the value in the Number of recovery agents to use box.
C. Revoke the current key recovery agent certificates and issue three new key recovery agent certificates.
D. Assign the Issue and Manage Certificates permission to users who have the key recovery agent certificates.
Answer: B
http://www.passleader.com/70-640.html
QUESTION 231
You have an enterprise subordinate certification authority (CA). The CA is configured to use a hardware security module. You need to back up Active Directory Certificate Services on the CA. Which command should you run?
A. certutil.exe backup
B. certutil.exe backupdb
C. certutil.exe backupkey
D. certutil.exe store
Answer: A
QUESTION 232
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. In a Group Policy object (GPO), configure the autoenrollment settings.
B. In a Group Policy object (GPO), configure the Automatic Certificate Request Settings.
C. On the certificate template, assign the Read and Autoenroll permission to the Authenticated Users group.
D. On the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain Users group.
Answer: AD
QUESTION 233
You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do?
A. Run certutil.exe pulse.
B. Run certutil.exe installcert.
C. Change the certificate template to a Version 2 certificate template.
D. On the certificate template, assign the Autoenroll permission to the users.
Answer: C
QUESTION 234
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use?
A. Active Directory Administrative Center
B. Certification Authority
C. Certificate Templates
D. Group Policy Management
Answer: C
QUESTION 235
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown below:
You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do?
A. Upgrade Server1 to Windows Server 2008 R2.
B. Upgrade Server2 to Windows Server 2008 R2.
C. Raise the functional level of the domain to Windows Server 2008.
D. Install the Windows Server 2008 R2 Active Directory Schema updates.
Answer: D
QUESTION 236
You have a domain controller that runs the DHCP service. You need to perform an offline defragmentation of the Active Directory database on the domain controller. You must achieve this goal without affecting the availability of the DHCP service. What should you do?
A. Restart the domain controller in Directory Services Restore Mode. Run the Disk Defragmenter utility.
B. Restart the domain controller in Directory Services Restore Mode. Run the Ntdsutil utility.
C. Stop the Active Directory Domain Services service. Run the Ntdsutil utility.
D. Stop the Active Directory Domain Services service. Run the Disk Defragmenter utility.
Answer: C
QUESTION 237
Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is configured to use selective authentication. Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify NTFS permission for the Marketing folder are assigned to the G_Marketing group. Members of G_Marketing report that they cannot access the Marketing folder. You need to ensure that the G_Marketing members can access the folder from the network. What should you do?
A. From Windows Explorer, modify the NTFS permissions of the folder.
B. From Windows Explorer, modify the share permissions of the folder.
C. From Active Directory Users and Computers, modify the computer object for Server1.
D. From Active Directory Users and Computers, modify the group object for G_Marketing.
Answer: C
QUESTION 238
Your network contains an Active Directory forest. You need to add a new user principal name (UPN) suffix to the forest. Which tool should you use?
A. Active Directory Administrative Center
B. Active Directory Domains and Trusts
C. Active Directory Sites and Services
D. Active Directory Users and Computers
Answer: B
QUESTION 239
Your network contains an Active Directory domain. The domain contains two sites named Site1 and Site2. Site 1 contains five domain controllers. Site2 contains one read-only domain controller (RODC). Site1 and Site2 connect to each other by using a slow WAN link. You discover that the cached password for a user named User1 is compromised on the RODC. On a domain controller in Site1, you change the password for User1. You need to replicate the new password for User1 to the RODC immediately. The solution must not replicate other objects to the RODC. Which tool should you use?
A. Active Directory Sites and Services
B. Active Directory Users and Computers
C. Repadmin
D. Replmon
Answer: A
QUESTION 240
Your network contains an Active Directory domain named contoso.com. The properties of the contoso.com DNS zone are configured as shown in the exhibit. (Click the Exhibit button.)
You need to update all service location (SRV) records for a domain controller in the domain. What should you do?
A. Restart the Netlogon service.
B. Restart the DNS Client service.
C. Run sc.exe and specify the triggerinfo parameter.
D. Run ipconfig.exe and specify the /registerdns parameter.
Answer: A
Comments are closed, but trackbacks and pingbacks are open.