The 70-640 Exam Practice Questions and Answers are ideal for the aspring candiates to grab exceptional grades in Microsoft 70-640 Exam! The 70-640 Questions and Answers are developed using the latest updated course content and all the answers are verified to ensure phenoment preparation for the actual 70-640 Exam!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,Microsoft 70-640 Exam Dumps,70-640 Questions and Answers,TS: Windows Server 2008 Active Directory, Configuring
QUESTION 421
Your network consists of an Active Directory forest that contains one domain.
All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
You have an Active Directory- integrated zone.
You have two Active Directory sites.
Each site contains five domain controllers.
You add a new NS record to the zone.
You need to ensure that all domain controllers immediately receive the new NS record.
What should you do?
A. From the DNS Manager console, reload the zone.
B. From the DNS Manager console, increase the version number of the SOA record.
C. From the command prompt, run repadmin /syncall.
D. From the Services snap-in, restart the DNS Server service.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc835086%28v=ws.10%29.aspx
Repadmin /syncall Synchronizes a specified domain controller with all of its replication partners.
http://ivan.dretvic.com/2012/01/how-to-force-replication-of-domain-controllers/
How to force replication of Domain Controllers
From time to time its necessary to kick off AD replication to speed up a task you may be doing, or just a good too to check the status of replication between DC’s.
Below is a command to replicate from a specified DC to all other DC’s.
Repadmin /syncall DC_name /Aped By running a repadmin /syncall with the /A(ll partitions) P(ush) e(nterprise, cross sites) d(istinguished names) parameters, you have duplicated exactly what Replmon used to do in Windows 2003, except that you did it in one step, not many.And with the benefit of seeing immediate results on how the operations are proceeding.
If I am running it on the DC itself, I don’t even have to specify the server name.
QUESTION 422
Your company has a single Active Directory domain named intranet.contoso.com.
All domain controllers run Windows Server 2008 R2.
The domain functional level is Windows 2000 native and the forest functional level is Windows 2000.
You need to ensure the UPN suffix for contoso.com is available for user accounts.
What should you do first?
A. Raise the intranet.contoso.com forest functional level to Windows Server 2003 or higher.
B. Raise the intranet.contoso.com domain functional level to Windows Server 2003 or higher.
C. Add the new UPN suffix to the forest.
D. Change the Primary DNS Suffix option in the Default Domain Controllers Group Policy
Object (GPO) to contoso.com.
Answer: C
Explanation:
http://support.microsoft.com/kb/243629
HOW TO: Add UPN Suffixes to a Forest
Adding a UPN Suffix to a Forest
Open Active Directory Domains and Trusts.
Right-click Active Directory Domains and Trusts in the Tree window pane, and then click Properties.
On the UPN Suffixes tab, type the new UPN suffix that you would like to add to the forrest.
Click Add, and then click OK.
Now when you add users to the forest, you can select the new UPN suffix to complete the user’s logon name.
APPLIES TO
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
QUESTION 423
You have a Windows Server 2008 R2 Enterprise Root CA.
Security policy prevents port 443 and port 80 from being opened on domain controllers and on the issuing CA .
You need to allow users to request certificates from a Web interface.
You install the Active Directory Certificate Services (AD CS) server role.
What should you do next?
A. Configure the Online Responder Role Service on a member server.
B. Configure the Online Responder Role Service on a domain controller.
C. Configure the Certificate Enrollment Web Service role service on a member server.
D. Configure the Certificate Enrollment Web Service role service on a domain controller.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/dd759209.aspx
Certificate Enrollment Web Service Overview
The Certificate Enrollment Web Service is an Active Directory Certificate Services (AD CS) role service that enables users and computers to perform certificate enrollment by using the HTTPS protocol. Together with the Certificate Enrollment Policy Web Service, this enables policy-based certificate enrollment when the client computer is not a member of a domain or when a domain member is not connected to the domain.
Personal note:
Since domain controllers are off-limits (regarding open ports), you are left to install the Certificate Enrollment Web Service role service on a plain member server
QUESTION 424
You need to relocate the existing user and computer objects in your company to different organizational units.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Run the move-item command in the Microsoft Windows PowerShell utility.
B. Run the Active Directory Users and Computers utility.
C. Run the Dsmove utility.
D. Run the Active Directory Migration Tool (ADMT).
Answer: BC
Explanation:
You can simply drag and drop objects when using the Active Directory Users and Computers utility or use the dsmove command.
http://technet.microsoft.com/en-us/library/cc731094%28v=ws.10%29.aspx
Dsmove Moves a single object, within a domain, from its current location in the directory to a new location, or renames a single object without moving it in the directory tree.
QUESTION 425
Your network consists of an Active Directory forest named contoso.com.
All servers run Windows Server 2008 R2.
All domain controllers are configured as DNS servers.
The contoso.com DNS zone is stored in the ForestDnsZones Active Directory application partition.
You have a member server that contains a standard primary DNS zone for dev.contoso.com.
You need to ensure that all domain controllers can resolve names for dev.contoso.com.
What should you do?
A. Modify the properties of the SOA record in the contoso.com zone.
B. Create a NS record in the contoso.com zone.
C. Create a delegation in the contoso.com zone.
D. Create a standard secondary zone on a Global Catalog server.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc771640.aspx
QUESTION 426
Your company has a single Active Directory domain.
All domain controllers run Windows Server 2003.
You install Windows Server 2008 R2 on a server.
You need to add the new server as a domain controller in your domain.
What should you do first?
A. On a domain controller run adprep /rodcprep.
B. On the new server, run dcpromo /adv.
C. On the new server, run dcpromo /createdcaccount.
D. On a domain controller, run adprep /forestprep.
Answer: D
Explanation:
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9931e32f-6302-40f0-a7a1-2598a96cd0c1/
QUESTION 427
Your company has a main office and three branch offices.
Each office is configured as a separate Active Directory site that has its own domain controller.
You disable an account that has administrative rights.
You need to immediately replicate the disabled account information to all sites.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. From the Active Directory Sites and Services console, configure all domain controllers as
global catalog servers.
B. From the Active Directory Sites and Services console, select the existing connection objects
and force replication.
C. Use Repadmin.exe to force replication between the site connection objects.
D. Use Dsmod.exe to configure all domain controllers as global catalog servers.
Answer: BC
Explanation:
http://technet.microsoft.com/en-us/library/cc835086%28v=ws.10%29.aspx
QUESTION 428
Your network consists of a single Active Directory domain.
All domain controllers run Windows Server 2008 R2.
You need to capture all replication errors from all domain controllers to a central location.
What should you do?
A. Start the Active Directory Diagnostics data collector set.
B. Start the System Performance data collector set.
C. Install Network Monitor and create a new a new capture.
D. Configure event log subscriptions.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc748890.aspx
Configure Computers to Forward and Collect Events
Before you can create a subscription to collect events on a computer, you must configure both the collecting computer (collector) and each computer from which events will be collected (source).
http://technet.microsoft.com/en-us/library/cc749183.aspx
Event Subscriptions
Event Viewer enables you to view events on a single remote computer. However, troubleshooting an issue might require you to examine a set of events stored in multiple logs on multiple computers.
Windows Vista includes the ability to collect copies of events from multiple remote computers and store them locally. To specify which events to collect, you create an event subscription. Among other details, the subscription specifies exactly which events will be collected and in which log they will be stored locally. Once a subscription is active and events are being collected, you can view and manipulate these forwarded events as you would any other locally stored events.
Using the event collecting feature requires that you configure both the forwarding and the collecting computers.
The functionality depends on the Windows Remote Management (WinRM) service and the Windows Event Collector (Wecsvc) service. Both of these services must be running on computers participating in the forwarding and collecting process.
http://technet.microsoft.com/en-us/library/cc961808.aspx
Replication Issues
QUESTION 429
Your company has an Active Directory forest that contains client computers that run Windows Vista and Microsoft Windows XP.
You need to ensure that users are able to install approved application updates on their computers.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Set up Automatic Updates through Control Panel on the client computers.
B. Create a GPO and link it to the Domain Controllers organizational unit.
Configure the GPO to automatically search for updates on the Microsoft Update site.
C. Create a GPO and link it to the domain.
Configure the GPO to direct the client computers to the Windows Server Update Services
(WSUS) server for approved updates.
D. Install the Windows Server Update Services (WSUS).
Configure the server to search for new updates on the Internet.
Approve all required updates.
Answer: CD
Explanation:
http://technet.microsoft.com/en-us/library/cc720539%28v=ws.10%29.aspx
Configure Automatic Updates by Using Group Policy
When you configure the Group Policy settings for WSUS, use a Group Policy object (GPO) linked to an Active Directory container appropriate for your environment.
QUESTION 430
Your company has an Active Directory domain that has an organizational unit named Sales.
The Sales organizational unit contains two global security groups named sales managers and sales executives.
You need to apply desktop restrictions to the sales executives group.
You must not apply these desktop restrictions to the sales managers group.
You create a GPO named DesktopLockdown and link it to the Sales organizational unit.
What should you do next?
A. Configure the Deny Apply Group Policy permission for Authenticated Users on the
DesktopLockdown GPO.
B. Configure the Deny Apply Group Policy permission for the sales executives on the
DesktopLockdown GPO.
C. Configure the Allow Apply Group Policy permission for Authenticated Users on the
DesktopLockdown GPO.
D. Configure the Deny Apply Group Policy permission for the sales managers on the
DesktopLockdown GPO.
Answer: D
Explanation:
http://support.microsoft.com/kb/816100
Braindump2go New Published Exam Dumps: Microsoft 70-640 Practice Tests Questions, 651 Latest Questions and Answers from Official Exam Centre Guarantee You a 100% Pass! Free Download Instantly!