New Released Braindump2go Microsoft 70-640 Dumps PDF – Questions and Answers Updated with Microsoft Official Exam Center! Visit Braindump2go and download our 70-640 Exam Questions Now, Pass 70-640 100% at your first time!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,70-640 VCE,70-640 Braindump,70-640 TS: Windows Server 2008 Active Directory, Configuring
QUESTION 451
Your network contains two Active Directory forests named contoso.com and adatum.com.
Active Directory Rights Management Services (AD RMS) is deployed in contoso.com.
An AD RMS trusted user domain (TUD) exists between contoso.com and adatum.com.
From the AD RMS logs, you discover that some clients that have IP addresses in the adatum.com forest are authenticating as users from contoso.com.
You need to prevent users from impersonating contoso.com users.
What should you do?
A. Configure trusted e-mail domains.
B. Enable lockbox exclusion in AD RMS.
C. Create a forest trust between adatum.com and contoso.com.
D. Add a certificate from a third-party trusted certification authority (CA).
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc753930.aspx
Add a Trusted User Domain
By default, Active Directory Rights Management Services (AD RMS) does not service requests from users whose rights account certificate (RAC) was issued by a different AD RMS installation. However, you can add user domains to the list of trusted user domains (TUDs), which allows AD RMS to process such requests.
For each trusted user domain (TUD), you can also add and remove specific users or groups of users. In addition, you can remove a TUD; however, you cannot remove the root cluster for this Active Directory forest from the list of TUDs. Every AD RMS server trusts the root cluster in its own forest.
You can add TUDs as follows:
To support external users in general, you can trust Windows Live ID. This allows an AD RMS cluster that is in your company to process licensing requests that include a RAC that was issued by Microsoft’s online RMS service. For more information about trusting Windows Live ID in your organization, see Use Windows Live ID to Establish RACs for Users.
To trust external users from another organization’s AD RMS installation, you can add the organization to the list of TUDs. This allows an AD RMS cluster to process a licensing request that includes a RAC that was issued by an AD RMS server that is in the other organization.
In the same manner, to process licensing requests from users within your own organization who reside in a different Active Directory forest, you can add the AD RMS installation in that forest to the list of TUDs. This allows an AD RMS cluster in the current forest to process a licensing request that includes a RAC that was issued by an AD RMS cluster in the other forest.
For each TUD, you can specify which e-mail domains are trusted. For trusted Windows Live ID sites and services, you can specify which e-mail users or domains are not trusted.
QUESTION 452
Your network contains an Active Directory domain named contoso.com.
The network contains client computers that run either Windows Vista or Windows 7.
Active Directory Rights Management Services (AD RMS) is deployed on the network.
You create a new AD RMS template that is distributed by using the AD RMS pipeline.
The template is updated every month.
You need to ensure that all the computers can use the most up-to-date version of the AD RMS template.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Upgrade all of the Windows Vista computers to Windows 7.
B. Upgrade all of the Windows Vista computers to Windows Vista Service Pack 2 (SP2).
C. Assign the Microsoft Windows Rights Management Services (RMS) Client Service Pack 2
(SP2) to all users by using a Software Installation extension of Group Policy.
D. Assign the Microsoft Windows Rights Management Services (RMS) Client Service Pack 2
(SP2) to all computers by using a Software Installation extension of Group Policy.
Answer: B
QUESTION 453
Active Directory Rights Management Services (AD RMS) is deployed on your network.
Users who have Windows Mobile 6 devices report that they cannot access documents that are protected by AD RMS.
You need to ensure that all users can access AD RMS protected content by using Windows Mobile 6 devices.
What should you do?
A. Modify the security of the ServerCertification.asmx file.
B. Modify the security of the MobileDeviceCertification.asmx file.
C. Enable anonymous authentication for the _wmcs virtual directory.
D. Enable anonymous authentication for the certification virtual directory.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/ff608252%28v=ws.10%29.aspx
QUESTION 454
Your network contains a server named Server1.
The Active Directory Rights Management Services (AD RMS) server role is installed on Server1.
An administrator changes the password of the user account that is used by AD RMS.
You need to update AD RMS to use the new password.
Which console should you use?
A. Active Directory Rights Management Services
B. Active Directory Users and Computers
C. Component Services
D. Services
Answer: A
Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/13034.ad-rms-how-to-change-the-rms-serviceaccount-password.aspx
QUESTION 455
Your network contains an Active Directory Rights Management Services (AD RMS) cluster.
You have several custom policy templates.
The custom policy templates are updated frequently.
Some users report that it takes as many as 30 days to receive the updated policy templates.
You need to ensure that users receive the updated custom policy templates within seven days.
What should you do?
A. Modify the registry on the AD RMS servers.
B. Modify the registry on the users’ computers.
C. Change the schedule of the AD RMS Rights Policy Template Management (Manual)
scheduled task.
D. Change the schedule of the AD RMS Rights Policy Template Management (Automated)
scheduled task.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc771971.aspx
QUESTION 456
Your network contains an Active Directory domain named adatum.com.
You need to ensure that IP addresses can be resolved to fully qualified domain names (FQDNs).
Under which node in the DNS snap-in should you add a zone?
A. Reverse Lookup Zones
B. adatum.com
C. Forward Lookup Zones
D. Conditional Forwarders
E. _msdcs.adatum.com
Answer: A
Explanation:
A forward lookup means the client provides a fully qualified domain name and the DNS server returns an IP address. A reverse lookup does the opposite: the client provides an IP address, and then the DNS server returns an FQDN.
QUESTION 457
Your network contains an Active Directory domain named adatum.com.
The domain contains a domain controller named DC1.
DC1 has an IP address of 192.168.200.100.
You need to identify the zone that contains the Pointer (PTR) record for 0C1.
Which zone should you identify?
A. adatum.com
B. _msdcs.adatum.com
C. 100.168.192.in-addr.arpa
D. 200.168.192.in-addr.arpa
Answer: D
QUESTION 458
Your network contains an Active Directory forest named adatum.com.
The DNS infrastructure fails.
You rebuild the DNS infrastructure.
You need to force the registration of the Active Directory Service Locator (SRV) records in DNS.
Which service should you restart on the domain controllers?
A. Netlogon
B. DNS Server
C. Network Location Awareness
D. Network Store Interface Service
E. Online Responder Service
Answer: A
Explanation:
The SRV resource records for a domain controller are important in enabling clients to locate the domain controller. The Netlogon service on domain controllers registers this resource record whenever a domain controller is restarted. You can also re-register a domain controller’s SRV resource records by restarting this service from the Services branch of Server Manager or by typing net start netlogon. An exam question might ask you how to troubleshoot the nonregistration of SRV resource records.
QUESTION 459
Your network contains an Active Directory domain named adatum.com.
The password policy of the domain requires that the passwords for all user accounts be changed every 50 days.
You need to create several user accounts that will be used by services.
The passwords for these accounts must be changed automatically every 50 days.
Which tool should you use to create the accounts?
A. Active Directory Administrative Center
B. Active Directory Users and Computers
C. Active Directory Module for Windows PowerShell
D. ADSI Edit
E. Active Directory Domains and Trusts
Answer: C
Explanation:
Use the New-ADServiceAccount cmdlet in PowerShell to create the new accounts as managed service accounts. Managed service accounts offer Automatic password management, making password management easier.
QUESTION 460
Your network contains an Active Directory domain.
The domain contains several domain controllers.
You need to modify the Password Replication Policy on a read-only domain controller (RODC).
Which tool should you use?
A. Group Policy Management
B. Active Directory Domains and Trusts
C. Active Directory Users and Computers
D. Computer Management
E. Security Configuration Wizard
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password-replication-policy.aspx
Braindump2go is one of the Leading 70-640 Exam Preparation Material Providers Around the World! We Offer 100% Money Back Guarantee on All Products! Feel Free In Downloading Our New Released 70-640 Real Exam Questions!