New Released Braindump2go Microsoft 70-640 Dumps PDF – Questions and Answers Updated with Microsoft Official Exam Center! Visit Braindump2go and download our 70-640 Exam Questions Now, Pass 70-640 100% at your first time!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,70-640 VCE,70-640 Braindump,70-640 TS: Windows Server 2008 Active Directory, Configuring
QUESTION 511
Your network contains an Active Directory domain.
The domain contains five sites.
One of the sites contains a read-only domain controller (RODC) named RODC1.
You need to identify which user accounts can have their password cached on RODC1.
Which tool should you use?
A. Ntdsutil
B. Dcdiag
C. Repadmin
D. Get-ADAccountResultantPasswordReplicationPolicy
Answer: A
QUESTION 512
Your network contains four domain controllers.
The domain controllers are configured as shown in the following table.
All of the domain controllers are configured to host an Active Directory-integrated zone for their respective domain.
A GlobalNames zone is deployed in the fabrikam.com forest.
You add a canonical (CNAME) record named Server1 to the GlobalNames zone.
You discover that users in the contoso.com forest cannot resolve the name Server1.
The users in fabrikam.com can resolve the name Server1.
You need to ensure that the contoso.com users can resolve names in the GlobalNames zone.
What should you do? (Each correct answer presents part of the solution. Choose two.)
A. Run dnscmd.exe and specify the globalnamesqueryorder parameter on CONT-DC1 and
CONT-DC2.
B. Add service location (SRV) records named _globalnames to the _msdcs.contoso.com zone.
C. Run dnscmd.exe and specify the enableglobalnamessupport parameter on CONT-DC1 and
CONTDC2.
D. Run dnscmd.exe and specify the globalnamesqueryorder parameter on FABR-DC1 and
FABR-DC2.
E. Run dnscmd.exe and specify the enableglobalnamessupport parameter on FABR-DC1 and
FABRDC2.
F. Add service location (SRV) records named _globalnames to the _msdcs.fabrikam.com zone.
Answer: BC
QUESTION 513
A corporate network includes an Active Directory-integrated zone.
All DNS servers that host the zone are domain controllers.
You add multiple DNS records to the zone.
You need to ensure that the new records are available on all DNS servers as soon as possible. Which tool should you use?
A. Repadmin
B. Ldp
C. Dnscmd
D. Ntdsutil
Answer: D
QUESTION 514
Your network contains an Active Directory domain.
The domain contains two file servers.
The file servers are configured as shown in the following table.
You create a Group Policy object (GPO) named GPO1 and you link GPO1 to OU1.
You configure the advanced audit policy as shown in the exhibit. (Click the Exhibit button.)
You discover that the settings are not applied to Server1.
The settings are applied to Server2.
You need to ensure that access to the file shares on Server1 is audited.
What should you do?
A. On Server1, run secedit.exe and specify the /configure parameter.
B. On Server1, run auditpol.exe and specify the /set parameter.
C. From GPO1, configure the Security Options.
D. From Active Directory Users and Computers, modify the permissions of the computer
account for Server1.
E. From Active Directory Users and Computers, add Server1 to the Event Log Readers group.
Answer: B
QUESTION 515
A corporate network includes a single Active Directory Domain Services (AD DS} domain.
The HR department has a dedicated organization unit (OU) named HR.
The HR OU has two sub-OUs: HR Users and HR Computers.
User accounts for the HR department reside in the HR Users OU.
Computer accounts for the HR department reside in the HR Computers OU.
All HR department employees belong to a security group named HR Employees.
All HR department computers belong to a security group named HR PCs.
Company policy requires that passwords are a minimum of six characters.
You need to ensure that, the next time HR department employees change their passwords, the passwords are required to have at least eight characters.
The password length requirement should not change for employees of any other department.
What should you do?
A. Modify the local security policy on each computer in the HR PCs group.
B. Create a fine-grained password policy and apply it to the HR Employees group.
C. Create a new GPO, with the necessary password policy, and link it to the HR Computers OU.
D. Create a fine-grained password policy and apply it to the HR Computers OU.
Answer: C
QUESTION 516
Hotspot Question
Your network contains an Active Directory domain.
The domain contains a domain controller named DC1 that runs Windows Server 208 R2 Service Pack 1 (SP1).
You need to implement a central store for domain policy templates.
What should you do? To answer, select the source content that should be copied to the destination folder in the answer area.
Answer:
QUESTION 517
Your network contains an Active Directory domain named contoso.com.
The domain contains a file server named Server1.
Server1 has a shared folder named Profiles.
You plan to create a new user template named User_Template.
You need to ensure that when you copy User_Temptate, the new user account has a unique profile folder created in the Profiles share.
Which value should you specify for the profile path?
A. %Userprofile%\Server1\profiles
B. \\Server1\profiles\%username%
C. \\Server1\%userprofile%\
D. \\Server1\profiles\username
Answer: B
QUESTION 518
You deploy a certification authority (CA) named CA1.
CA1 will be used to issue a large number of temporary certificates to provide users with access to public wireless access points (WAPs).
You create a certificate template named Template1.
You enable the Do not store certificates and requests in the CA database option.
You need to configure CA1 to ensure that certificate requests and issued certificates for Template1 are not stored in the CA database.
Which command should you run?
A. certutil -setreg DBFlags +DBFLAGS_MAXCACHESIZEX100
B. certutil -setreg DBFlags +DBFLAGS_CREATEIFNEEDED
C. certutil -setreg DBFlags -DBFLAGS_LOGBUFFERSHUGE
D. certutil -setreg DBFlags +DBFLAGS_ENABLEVOLATILEREQUESTS
Answer: D
QUESTION 519
A user attempts to join a computer to the domain, but the attempt fails.
You need to ensure that the user can join fifty computer to the domain.
You must ensure that the user is denied any additional rights beyond those required to complete the task.
What should you do?
A. Prestage each computer account in the Active Directory domain.
B. Deploy a Group Policy Object (GPO) that modifies the user rights settings.
C. Add the user to the Domain Administrators group for one day.
D. Deploy a Group Policy object (GPO) that modifies the Restricted Groups settings.
Answer: A
QUESTION 520
A corporate network includes a single Active Directory Domain Services (AD D5) domain.
All regular user accounts reside in an organizational unit (OU) named Employees.
All administrator accounts reside in an OU named Admins.
You need to ensure that any time an administrator modifies an employee’s name in AD DS, the change is audited.
What should you do first?
A. Use the Auditpol.exe command-line tool to enable the directory services access auditing
subcategory.
B. Enable the Audit directory service access setting in the Default Domain Controllers Policy
Group Policy Object.
C. Create a Group Policy Object with the Audit directory service access setting enabled and link
it to the Employees OU.
D. Enable the Audit directory service access setting in the Default Domain Policy Group Policy
Object.
Answer: A
Explanation:
Before we can use the Directory Service Changes audit policy subcategory, we have to enable it first. We can do that by using auditpol.exe.
http://technet.microsoft.com/en-us/library/cc731607.aspx
Braindump2go is one of the Leading 70-640 Exam Preparation Material Providers Around the World! We Offer 100% Money Back Guarantee on All Products! Feel Free In Downloading Our New Released 70-640 Real Exam Questions!