Try 2015 Latet Updated 70-640 Practice Exam Questions and Answers, Pass 70-640 Actual Test 100% in 2015 New Year! Braindump2go Latest released Free Sample 70-640 Exam Questions are shared for instant download! Braindump2go holds the confidence of 70-640 exam candiates with Microsoft Official Guaranteed 70-640 Exa Dumps Products! 651 New Updated Questions and Answers! 2015 Microsoft 70-640 100% Success!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,Microsoft 70-640 Exam Dumps,70-640 Questions and Answers,TS: Windows Server 2008 Active Directory, Configuring
QUESTION 151
Your company has an Active Directory domain.
All servers run Windows Server.
You deploy a Certification Authority (CA) server.
You create a new global security group named CertIssuers.
You need to ensure that members of the CertIssuers group can issue, approve, and revoke certificates.
What should you do?
A. Assign the Certificate Manager role to the CertIssuers group
B. Place CertIssuers group in the Certificate Publisher group
C. Run the certsrv -add CertIssuers command promt of the certificate server
D. Run the add-member-membertype memberset CertIssuers command by using Microsoft
Windows Powershell
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc779954%28v=ws.10%29.aspx
QUESTION 152
Your company has an Active Directory domain.
The company has purchased 100 new computers.
You want to deploy the computers as members of the domain.
You need to create the computer accounts in an OU.
What should you do?
A. Run the csvde -f computers.csv command
B. Run the ldifde -f computers.ldf command
C. Run the dsadd computer <computerdn> command
D. Run the dsmod computer <computerdn> command
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc754539%28v=ws.10%29.aspx
QUESTION 153
Your network consists of a single Active Directory domain.
You have a domain controller and a member server that run Windows Server 2008 R2.
Both servers are configured as DNS servers.
Client computers run either Windows XP Service Pack 3 or Windows 7.
You have a standard primary zone on the domain controller.
The member server hosts a secondary copy of the zone.
You need to ensure that only authenticated users are allowed to update host (A) records in the DNS zone.
What should you do first?
A. On the member server, add a conditional forwarder.
B. On the member server, install Active Directory Domain Services.
C. Add all computer accounts to the DNS UpdateProxy group.
D. Convert the standard primary zone to an Active Directory-integrated zone.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc726034.aspx
QUESTION 154
Your company has two domain controllers that are configured as internal DNS servers.
All zones on the DNS servers are Active Directory-integrated zones.
The zones allow all dynamic updates.
You discover that the contoso.com zone has multiple entries for the host names of computers that do not exist.
You need to configure the contoso.com zone to automatically remove expired records.
What should you do?
A. Enable only secure updates on the contoso.com zone,
B. Enable scavenging and configure the refresh interval on the contoso.com zone.
C. From the Start of Authority tab, decrease the default refresh interval on the contoso.com
zone.
D. From the Start of Authority tab, increase the default expiration interval on the contoso.com
zone
Answer: B
Explanation:
http://www.it-support.com.au/configure-aging-and-scavenging-of-a-dns-server/2012/12/
QUESTION 155
You have an Active Directory domain that runs Windows Server 2008 R2.
You need to implement a certification authority (CA) server that meets the following requirements:
– Allows the certification authority to automatically issue
certificates
– Integrates with Active Directory Domain Services
What should you do?
A. Install and configure the Active Directory Certificate Services server role as a Standalone
Root CA.
B. Install and configure the Active Directory Certificate Services server role as an Enterprise
Root CA.
C. Purchase a certificate from a third-party certification authority, Install and configure the Active
Directory Certificate Services server role as a Standalone Subordinate CA.
D. Purchase a certificate from a third-party certification authority, Import the certificate into the
computer store of the schema master.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc776874%28v=ws.10%29.aspx
QUESTION 156
You have a Windows Server 2008 R2 Enterprise Root certification authority (CA).
You need to grant members of the Account Operators group the ability to only manage Basic EFS certificates.
You grant the Account Operators group the Issue and Manage Certificates permission on the CA.
Which three tasks should you perform next? (Each correct answer presents part of the solution. Choose three.)
A. Enable the Restrict Enrollment Agents option on the CA.
B. Enable the Restrict Certificate Managers option on the CA.
C. Add the Basic EFS certificate template for the Account Operators group.
D. Grant the Account Operators group the Manage CA permission on the CA.
E. Remove all unnecessary certificate templates that are assigned to the Account Operators
group.
Answer: BCE
Explanation:
http://technet.microsoft.com/en-us/library/cc779954%28v=ws.10%29.aspx
QUESTION 157
Your company has an Active Directory domain.
You have a two-tier PKI infrastructure that contains an offline root CA and an online issuing CA. The Enterprise certification authority is running Windows Server 2008 R2.
You need to ensure users are able to enroll new certificates.
What should you do?
A. Renew the Certificate Revocation List (CRL) on the root CA.
Copy the CRL to the CertEnroll folder on the issuing CA.
B. Renew the Certificate Revocation List (CRL) on the issuing CA,
Copy the CRL to the SysternCertificates folder in the users’ profile.
C. Import the root CA certificate into the Trusted Root Certification Authorities store on all
client workstations.
D. Import the issuing CA certificate into the Intermediate Certification Authorities store on all
client workstations,
Answer: A
Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/2900.offline-root-certification-authority-ca.aspx
QUESTION 158
Your company has an Active Directory domain.
All servers run Windows Server 2008 R2.
Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA.
The Enterprise Intermediate CA certificate expires.
You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain.
What should you do?
A. Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA
server.
B. Import the new certificate into the Intermediate Certification Store on the Enterprise
Intermediate CA server.
C. Import the new certificate into the Intermediate Certification Store in the Default Domain
Controllers group policy object.
D. Import the new certificate into the Intermediate Certification Store in the Default Domain
group policy object.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc772507%28v=ws.10%29.aspx
QUESTION 159
Your company has recently acquired a new subsidiary company in Quebec.
The Active Directory administrators of the subsidiary company must use the French-language version of the administrative templates.
You create a folder on the PDC emulator for the subsidiary domain in the path %systemroot%\SYSVOL\domain\Policies\PolicyDefinitions\FR .
You need to ensure that the French-language version of the templates is available.
What should you do?
A. Download the Conf.adm, System.adm, Wuau.adm, and Inetres.adm files from the Microsoft
Web site. Copy the ADM files to the FR folder.
B. Copy the ADML files from the French local installation media for Windows Server 2008 R2
to the FR folder on the subsidiary PDC emulator.
C. Copy the Install.WIM file from the French local installation media for Windows Server 2008
R2 to the FR folder on the subsidiary PDC emulator.
D. Copy the ADMX files from the French local installation media for Windows Server 2008 R2
to the FR folder on the subsidiary PDC emulator.
Answer: B
QUESTION 160
The default domain GPO in your company is configured by using the following account policy settings:
– Minimum password length: 8 characters
– Maximum password age: 30 days
– Enforce password history: 12 passwords remembered
– Account lockout threshold: 3 invalid logon attempts
– Account lockout duration: 30 minutes
You install Microsoft SQL Server on a computer named Server1 that runs Windows Server 2008 R2.
The SQL Server application uses a service account named SQLSrv.
The SQLSrv account has domain user rights.
The SQL Server computer fails after running successfully for several weeks.
The SQLSrv user account is not locked out.
You need to resolve the server failure and prevent recurrence of the failure.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Reset the password of the SQLSrv user account.
B. Configure the local security policy on Serverl to grant the Logon as a service right on the
SQLSrv user account.
C. Configure the properties of the SQLSrv account to Password never expires.
D. Configure the properties of the SQLSrv account to User cannot change password.
E. Configure the local security policy on Serverl to explicitly grant the SQLSrv user account the
Allow logon locally user right.
Answer: AC
Explanation:
Maximum password age: 30 days
The most probable cause for the malfunction is that the password has expired.
You need to reset the password and set it to never expire.
Braindump2go Regular Updates of Microsoft 70-640 Preparation Materials Exam Dumps, with Accurate Answers, Keeps the Members One Step Ahead in the Real 70-640 Exam. Field Experts with more than 10 Years Experience in Certification Field work with us.