Being tormented to get well prepared for your 70-640 exam? Don’t worry! PassLeader now offer the first-hand 70-640 exam dumps, you will pass 70-640 exam for your first try with PassLeader’s latest real 651q 70-640 exam questions. We offer you the newest 70-640 exam study guide with VCE test engine or PDF format braindumps, you can get the basic knowledge and all details about 70-640 exam. Do not hesitate to try our high quality 651q 70-640 practice tests!
keywords: 70-640 exam,651q 70-640 exam dumps,651q 70-640 exam questions,70-640 pdf dumps,70-640 practice test,70-640 vce dumps,70-640 study guide,70-640 braindumps,TS: Windows Server 2008 Active Directory, Configuring Exam
QUESTION 341
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Server 2008 R2 Standard. You need to create an enterprise subordinate certification authority (CA) that can issue certificates based on version 3 certificate templates. You must achieve this goal by using the minimum amount of administrative effort. What should you do first?
A. Run the certutil.exe – addenrollmentserver command.
B. Install the Active Directory Certificate Services (AD CS) role on the member server.
C. Upgrade the member server to Windows Server 2008 R2 Enterprise.
D. Run the certutil.exe – installdefaulttemplates command.
QUESTION 342
Your network contains a server named Server1. The Active Directory Rights Management Services (AD RMS) server role is installed on Server1. An administrator changes the password of the user account that is used by AD RMS. You need to update AD RMS to use the new password. Which console should you use?
A. Active Directory Rights Management Services
B. Active Directory Users and Computers
C. Local Users and Groups
D. Services
Answer: A
QUESTION 343
Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com. The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone. You install a new domain controller named DC2 in the branch office. You install DNS on DC2. You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails. What should you do?
A. Create a new secondary zone named ad.contoso.com on DC2.
B. Create a new stub zone named ad.contoso.com on DC2.
C. Configure the DNS server on DC2 to forward requests to DC1.
D. Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.
Answer: D
QUESTION 344
Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise. You enable key archival on the CA. The CA is configured to use custom certificate templates for Encrypted File System (EFS) certificates. You need to archive the private key for all new EFS certificates. Which snap-in should you use?
A. Active Directory Users and Computers
B. Authorization Manager
C. Group Policy Management
D. Enterprise PKI
E. Security Templates
F. TPM Management
G. Certificates
H. Certification Authority
I. Certificate Templates
Answer: H
QUESTION 345
Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise. You need to ensure that all of the members of a group named Group1 can view the event log entries for Certificate Services. Which snap-in should you use?
A. Certificate Templates
B. Certification Authority
C. Authorization Manager
D. Active Directory Users and Computers
E. TPM Management
F. Security Templates
G. Group Policy Management
H. Enterprise PKI
I. Certificates
Answer: D
QUESTION 346
Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise. You need to ensure that users can enroll for certificates that use the IPSEC (Offline request) certificate template. Which snap-in should you use?
A. Enterprise PKI
B. TPM Management
C. Certificates
D. Active Directory Users and Computers
E. Authorization Manager
F. Certification Authority
G. Group Policy Management
H. Security Templates
I. Certificate Templates
Answer: I
QUESTION 347
Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise. You have a custom certificate template named Template 1. Template1 is published to the CA. You need to ensure that all of the members of a group named Group1 can enroll for certificates that use Template1. Which snap-in should you use?
A. Security Templates
B. Enterprise PKI
C. Certification Authority
D. Certificate Templates
E. Certificates
F. TPM Management
G. Authorization Manager
H. Group Policy Management
I. Active Directory Users and Computers
Answer: D
QUESTION 348
Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise. You need to approve a pending certificate request. Which snap-in should you use?
A. Active Directory Users and Computers
B. Authorization Manager
C. Certification Authority
D. Group Policy Management
E. Certificate Templates
F. TPM Management
G. Certificates
H. Enterprise PKI
I. Security Templates
Answer: C
QUESTION 349
Your network contains an Active Directory domain. The domain contains a domain controller named DC1 that runs windows Server 2008 R2 Service Pack 1 (SP1). You need to implement a central store for domain policy templates. What should you do? To answer, select the source content that should be copied to the destination folder in the answer area.
Answer:
QUESTION 350
Your network contains an Active Directory forest named contoso.com. You plan to migrate all user accounts to a new forest named litwareinc.com. The functional level of the contoso.com forest is Windows Server 2003. Contoso.com contains four servers. The servers are configured as shown in the following table.
The functional level of the litwareinc.com forest is Windows Server 2008. Litwareinc.com contains four servers. The servers are configured as shown in the following table.
You need to identify on which server in the litwareinc.com forest you must install Active Directory Migration Tool version 3.2 (ADMT v3.2). Which server should you identify?
A. Litw_Srv4
B. Litw_Srv1
C. Litw_Srv2
D. Litw_Srv3
Answer: D
http://www.passleader.com/70-640.html
QUESTION 351
Your network contains an Active Directory domain. The password policy for the domain is configured as shown in the Current Policy exhibit, (Click the Exhibit button.)
You change the password policy for the domain as shown in the New Policy exhibit. (Click the Exhibit button.)
You need to provide users with examples of a valid password. Which password examples should you provide to the users? (Each correct answer presents a complete solution. Choose three.)
A. 123456!@#$%^
B. !@#$1234ABCD
C. passwordl234
D. 1-2-3-4-5-a-b-c-e
E. %%PASS1234%%
F. 111111aaaaaaa
Answer: BDE
QUESTION 352
Your network contains an Active Directory domain named contoso.com. The Active Directory sites are configured as shown in the Sites exhibit. (Click the Exhibit button.) You need to ensure that DC1 and DC4 are the only servers that replicate Active Directory changes between the sites. What should you do?
A. Configure DC1 as a preferred bridgehead server for IP transport.
B. Configure DC4 as a preferred bridgehead server for IP transport.
C. From the DC4 server object, create a Connection object for DC1.
D. From the DC1 server object, create a Connection object for DC4.
Answer: A
QUESTION 353
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. The forest contains a single domain. You need to ensure that objects can be restored from the Active Directory Recycle Bin. Which tool should you use?
A. Ntdsutil
B. Set-ADDomain
C. Dsamain
D. Enable-ADOptionalFeature
Answer: D
QUESTION 354
Your network contains an Active Directory domain. The domain is configured as shown in the exhibit. (Click the Exhibit button.) Users in the Finance organizational unit (OU) frequently log on to client computers in the Human Resources OU. You need to meet the following requirements:
– All of the user settings in the Group Policy objects (GPOs) linked to both the Finance OU and the Human Resources OU must be applied to finance users when they log on to client computers in the Engineering OU.
– Only the policy settings in the GPOs linked to the Finance OU must be applied to finance users when they log on to client computers in the Finance OU.
– Policy settings in the GPOs linked to the Finance OU must not be applied to users in the Human Resources OU.
What should you do?
A. Modify the Group Policy permissions.
B. Enable block inheritance.
C. Configure the link order.
D. Enable loopback processing in merge mode.
E. Enable loopback processing in replace mode.
F. Configure WMI filtering.
G. Configure Restricted Groups.
H. Configure Group Policy Preferences.
I. Link the GPO to the Finance OU.
J. Link the GPO to the Human Resources OU.
Answer: D
QUESTION 355
Your network contains an Active Directory domain. The domain is configured as shown in the exhibit, (Click the Exhibit button.) You need to ensure that when users log on to client computers, they are added automatically to the local Administrators group. The users must be removed from the group when they log off of the client computers. What should you do?
A. Modify the Group Policy permissions.
B. Enable block inheritance.
C. Configure the link order.
D. Enable loopback processing in merge mode.
E. Enable loopback processing in replace mode.
F. Configure WMI filtering.
G. Configure Restricted Groups.
H. Configure Group Policy Preferences.
I. Link the Group Policy object (GPO) to the Finance organizational unit (OU).
J. Link the Group Policy object (GPO) to the Human Resources organizational unit (OU).
Answer: H
QUESTION 356
Your company plans to open a new branch office. The new office will have a low-speed connection to the Internet. You plan to deploy a read-only domain controller (RODC) in the branch office. You need to create an offline copy of the Active Directory database that can be used to install the Active Directory on the new RODC. Which commands should you run from Ntdsutil? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 357
Your network contains an Active Directory forest named contoso.com. The forest contains four computers. The computers are configured as shown in the following table.
An administrator creates a script that contains the following commands:
You need to identity which computers can successfully run all of the commands in the script. Which two computers should you identify? (Each correct answer presents part of the solution. Choose two.)
A. Computer1
B. Server1
C. Computer2
D. Server2
Answer: BD
QUESTION 358
Your network contains an Active Directory forest named contoso.com. You need to use Group Policies to deploy the applications shown in the following table.
What should you do? To answer, drag the appropriate deployment method to the correct application in the answer area.
Answer:
QUESTION 359
Your network contains an Active Directory domain named contoso.com. You need to view which password setting object is applied to a user. Which filter option in Attribute Editor should you enable? To answer, select the appropriate filter option in the answer area.
Answer:
QUESTION 360
Your network contains an Active Directory forest named contoso.com. The forest contains two sites named Seattle and Montreal. The Seattle site contains two domain controllers. The domain controllers are configured as shown in the following table.
The Montreal site contains a domain controller named DC3. DC3 is the only global catalog server in the forest. You need to configure DC2 as a global catalog server. Which object’s properties should you modify? To answer, select the appropriate object in the answer area.
Answer:
Comments are closed, but trackbacks and pingbacks are open.