100% Pass 70-640 Real Test is not a dream! Braindump2go Latest Released 70-640 Exam Practice Exam Dumps will help you pass 70-640 Exam one time easiluy! Free Sample Exam QAuestions and Answers are offered for free download now! Quickly having a try today! Never loose this valuable chance!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,Microsoft 70-640 Exam Dumps,70-640 Questions and Answers,TS: Windows Server 2008 Active Directory, Configuring
QUESTION 291
Your network contains an Active Directory domain.
The domain contains two file servers.
The file servers are configured as shown in the following table.
You create a Group Policy object (GPO) named GPO1 and you link GPO1 to OU1.
You configure the advanced audit policy.
You discover that the settings are not applied to Server1.
The settings are applied to Server2.
You need to ensure that access to the file shares on Server1 is audited.
What should you do?
A. From Active Directory Users and Computers, modify the permissions of the computer account
for Server1.
B. From GPO1, configure the Security Options.
C. From Active Directory Users and Computers, add Server1 to the Event Log Readers group.
D. On Server1, run seceditexe and specify the /configure parameter.
E. On Server1, run auditpol.exe and specify the /set parameter.
Answer: E
Explanation:
http://technet.microsoft.com/en-us/library/ff182311.aspx
What are the differences in auditing functionality between versions of Windows?
Basic audit policy settings are available in all versions of Windows since Windows 2000 and can be applied locally or by using Group Policy. Advanced audit policy settings were introduced in Windows Vista and Windows Server 2008, but the settings can only be applied by using logon scripts. In Windows 7 and Windows Server 2008 R2, advanced audit policy settings can be configured and applied by using local and domain Group Policy settings.
http://technet.microsoft.com/en-us/library/cc755264.aspx
QUESTION 292
Your network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named Sales and an OU named Engineering.
Each OU contains over 200 user accounts.
The Sales OU and the Engineering OU contain several user accounts that are members of a universal group named Group1.
You have a Group Policy object (GPO) linked to the domain.
You need to prevent the GPO from being applied to the members of Group1 only.
What should you do?
A. Modify the Group Policy permissions.
B. Configure Restricted Groups.
C. Configure WMI filtering.
D. Configure the link order.
E. Enable loopback processing in merge mode.
F. Link the GPO to the Sales OU.
G. Configure Group Policy Preferences.
H. Link the GPO to the Engineering OU.
I. Enable block inheritance.
J. Enable loopback processing in replace mode.
Answer: A
QUESTION 293
Your network contains an Active Directory domain.
You have two Group Policy objects (GPOS) named GPO1 and GPO2.
GPO1 and GPO2 are linked to the Finance organizational unit (OU) and contain multiple settings. You discover that GPO2 has a setting that conflicts with a setting in GPO1.
When the policies are applied, the setting in GPO2 takes effect.
You need to ensure that the settings in GPO1 supersede the settings in GPO2.
The solution must ensure that all non-conflicting settings in both GPOs are applied.
What should you do?
A. Configure the link order.
B. Configure Restricted Groups.
C. Enable block inheritance.
D. Link the GPO to the Finance OU.
E. Enable Ioopback processing in merge mode.
F. Enable Ioopback processing in replace mode.
G. Link the GPO to the Human Resources OU.
H. Configure Group Policy Preferences.
I. Configure WMI filtering.
J. Modify the Group Policy permissions.
Answer: A
QUESTION 294
You have a domain controller named DC1 that runs Windows Server 2008 R2.
DC1 is configured as a DNS server for contoso.com.
You install the DNS server server role on a member server named server1 and then you create a standard secondary zone for contoso.com.
You configure DC1 as the master server for the zone.
You need to ensure that Server1 receives zone updates from DC1.
What should you do
A. On DC1, modify the permissions of contoso.com zone.
B. On Server1, add a conditional forwarder.
C. Add the Server1 computer account to the DNsUpdateProxy group.
D. On DC1, modify the zone transfer settings for the contoso.com zone.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc771652.aspx
QUESTION 295
A corporate network includes an Active Directory-integrated zone.
AIl DNS servers that host the zone are domain controllers.
You add multiple DNS records to the zone.
You need to ensure that the new records are available on all DNS servers as soon as possible.
Which tool should you use?
A. Active Directory Sites And Services console
B. Ntdsutil
C. Dnslint
D. Nslookup
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc794809.aspx
QUESTION 296
Your network contains an Active Directory domain named contoso.com.
Contoso.com contains two domain controllers named DC1 and DC2.
DC1 and DC2 are configured as DNS servers and host the Active Directory-integrated zone for contoso.com.
From DNS Manager on DC1, you enable scavenging for the contoso.com zone.
You discover stale DNS records in the zone.
You need to ensure that the stale DNS records are deleted from contoso.com.
What should you do?
A. From DNS Manager, enable scavenging on DC1.
B. From DNS Manager, reload the zone.
C. Run dnscmd.exe and specify the ageallrecords parameter.
D. Run dnscmd.exe and specify the startscavenging parameter.
Answer: A
Explanation:
According to Technet the answer should be A (“From DNS Manager, enable scavenging on DC1”). Scavenging has been enabled for the zone, but it also needs te be enabled on the server.
http://technet.microsoft.com/en-us/library/cc771677.aspx
QUESTION 297
Your network contains an Active Directory forest.
The forest contains one domain named contoso.com.
You discover the following event in the Event log of domain controllers:
‘The request for a new account-identifier pool failed. The operation will be retried until the request succeeds. The error is ” %1 “”
You need to ensure that the domain controllers can acquire new account-identifier pools successfully.
What should you do?
A. Move the domain naming master role.
B. Move the global catalog server.
C. Restart the Active Directory Domain Services (AD DS) service.
D. Deploy an additional global catalog server.
E. Move the infrastructure master role.
F. Move the PDC emulator role.
G. Install a read-only domain controller (RODC).
H. Move the RID master role.
I. Move the bridgehead server.
J. Move the schema master role.
Answer: H
Explanation:
http://technet.microsoft.com/en-us/library/cc756699.aspx
QUESTION 298
Your network contains an Active Directory domain named adatum.com.
All servers run Windows Server 2008 R2 Enterprise.
All client computers run Windows 7 Professional.
The network contains an enterprise certification authority (CA).
You enable key archival on the CA.
The CA is configured to use custom certificate templates for Encrypted File System (EFS) certificates.
All users plan to encrypt files by using EFS.
You need to ensure that the private keys for all new EFS certificates are archived.
Which snap-in should you use?
A. Share and Storage Management
B. Security Configuration wizard
C. Enterprise PKI
D. Active Directory Administrative Center
E. Certification Authority
F. Group Policy Management
G. Certificate Templates
H. Authorization Manager
I. Certificates
Answer: G
Explanation:
http://technet.microsoft.com/en-us/library/cc753826.aspx
QUESTION 299
Your network contains an Active Directory domain named adatum.com.
All servers run Windows Server 2008 R2 Enterprise.
All client computers run Windows 7 Professional.
The network contains an enterprise certification authority (CA).
You have a custom certificate template named Sales_Temp.
Sales_Temp is published to the CA.
You need to ensure that all of the members of a group named Sales can enroll for certificates that use Sales_Temp.
Which snap-in should you use?
A. Enterprise PKI
B. Certification Authority
C. Share and storage Management
D. Certificate Templates
E. Security Configuration Wizard
F. Authorization Manager
G. Group Policy Management
H. Certificates
I. Active Directory Administrative Center
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc770794.aspx
QUESTION 300
Your network contains an Active Directory forest named adatum.com.
All domain controllers currently run Windows Server 2003 Service Pack 2 (SP2).
The functional level of the forest and the domain is Windows Server 2003.
You need to deploy a read-only domain controller (RODC) that runs Windows Server 2008 R2.
What should you do first?
A. Deploy a writable domain controller that runs Windows Server 2008 R2.
B. Raise the functional level of the forest to Windows Server 2008.
C. Run adprep.exe.
D. Raise the functional level of the domain to Windows Server 2003.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc731243.aspx
All 651 Microsoft 70-640 Exam Dumps Questions are the New Checked and Updated! In recent years, the 70-640 certification has become a global standard for many successful IT companies. Looking to become a certified Microsoft professional? Download Braindump2go 2015 Latest Released 70-640 Exam Dumps Full Version and Pass 70-640 100%!