New Released Braindump2go Microsoft 70-640 Dumps PDF – Questions and Answers Updated with Microsoft Official Exam Center! Visit Braindump2go and download our 70-640 Exam Questions Now, Pass 70-640 100% at your first time!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,70-640 VCE,70-640 Braindump,70-640 TS: Windows Server 2008 Active Directory, Configuring
QUESTION 601
Your network contains an Active Directory forest named fabrikam.com.
The forest contains the following domains:
Fabrikam.com
Eu.fabrikam.com
Na.fabrikam.com
Eu.contoso.com
Na.contoso.com
You need to configure the forest to ensure that the administrators of any of the domains can specify a user principal name (UPN) suffix o contoso.com when they create user accounts from Active Directory Users and Computers.
Which tool should you use?
A. Active Directory Users and Computers
B. Active Directory Administrative Center
C. Active Directory Domains and Trusts
D. Set-ADAccountControl
Answer: C
QUESTION 602
Your network contains an Active Directory domain named contoso.com.
The domain contains an enterprise certification authority (CA).
You need to deploy certificates based on Version 1 templates to all of the computers in the domain.
The solution must minimize administrative effort.
You create a Group Policy object (GPO) named GPO1 and link the GPO to the domain.
What should you do next?
A. In GPO1, configure Certificate Services Client – Certificate Enrollment Policy.
B. In GPO1, configure Automatic Certificate Request Settings.
C. In GPO1, configure Software installation.
D. Duplicate the templates. In GPO1, configure Software installation.
Answer: B
Explanation:
Automatic certificate request settings
Certificate enrollment is the process of requesting, receiving, and installing a certificate. By using automatic certificate settings in public key policies, you can have computers that are associated with a Group Policy object (GPO) automatically enroll for certificates. This can save you the step of explicitly enrolling for computer-related certificates for each computer. After you establish an automatic certificate request, the actual certificate requests occur the next time the computers associated with the GPO log on to the network.
QUESTION 603
Drag and Drop Question
Your network contains an Active Directory domain named contoso.com.
A domain controller named DC1 runs Windows Server 2008 R2 Service Pack 1 (SP1).
You install Windows Server 2008 R2 SP1 on a server named Server1.
You need to perform an offline domain join of Serverl to the domain.
What should you do? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
QUESTION 604
Your network contains an Active Directory domain named contoso.com.
The domain has one Active Directory site.
The domain contains an organizational unit (OU) named OU1.
OU1 contains user accounts for 100 users and their managers.
You apply a Group Policy object (GPO) named GPO1 to OU1.
GPO1 restricts several desktop settings.
The managers request that the desktop settings not be applied to them.
You need to prevent the desktop settings in GPOl from being applied to the managers.
All other users in OU1 must have GPO1 applied to them.
What should you do?
A. Configure the permissions on OU1.
B. Configure the permissions on the user accounts of the managers.
C. Link GPO1 to a WMI filter.
D. Configure the permissions of GPOl.
Answer: D
Explanation:
Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.
In order for the GPO to apply to a given user or computer, that user or computer must have both Read and Apply Group Policy (AGP) permissions on the GPO, either explicitly, or effectively though group membership.
QUESTION 605
Your network contains an Active Directory domain.
The domain contains 20 domain controllers.
You need to identify which domain controllers are global catalog servers.
Which tool should you use?
A. Dcdiag
B. Get-ADComputer
C. Net computer
D. Netsh
Answer: D
Explanation:
The FSMO role holders can be easily found by use of the Netdom command. On any domain controller, click Start, click Run, type CMD in the Open box, and then click OK.
In the Command Prompt window, type netdom query /domain:<domain> fsmo (where <domain> is the name of YOUR domain).
Note: netsh is also known as the command prompt.
QUESTION 606
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains two domain controllers named DC1 and DC2.
Both domain controllers host an Active Directory-integrated zone for contoso.com.
Each domain controller is located in a different city.
You have a member server named Serverl. Serverl hosts a stub zone for contoso.com.
On DC1, you add a name server (NS) record to the contoso.com zone.
In the table below, identify which toot you must use to replicate the record to each server.
Make only one selection in each column. Each correct selection is worth one point.
Answer:
QUESTION 607
Your network contains an Active Directory forest named contoso.com.
The forest contains a single domain and 10 domain controllers.
All of the domain controllers run Windows Server 2008 R2 Service Pack 1 (SP1).
The forest contains an application directory partition named dc=app1,dc=contoso,dc=com.
A domain controller named DC1 has a copy of the application directory partition.
You need to configure a domain controller named DC2 to receive a copy of dc=app1,dc=contoso,dc=com.
Which tool should you use?
A. Dsamain
B. Ntdsutil
C. Active Directory Sites and Services
D. Dcpromo
Answer: C
Explanation:
Active DirectorySites and Services is a Microsoft Management Console (MMC) snap-in that you can use to administer the replication of directory data among all sites in an Active Directory Domain Services (AD DS) forest.
You can use the Active Directory Sites and Services snap-in to manage the site-specific objects that implement the intersite replication topology.
QUESTION 608
Your network contains an Active Directory forest named contoso.com.
The forest contains five domains.
You have a shortcut trust between two of the domains.
You need to validate that the trust is operating properly.
What should you use?
A. Dsmod
B. Set-ADForest
C. Netdom
D. Dsadd
E. Netsh
Answer: C
QUESTION 609
Your network contains an Active Directory domain named contoso.com.
The domain contains an enterprise certification authority (CA).
You need to deploy certificates based on Version 1 templates to all of the computers in the domain.
The solution must minimize administrative effort.
You create a Group Policy object (GPO) named GPOl and link the GPO to the domain.
What should you do next?
A. In GPOl, configure Certificate Services Client – Certificate Enrollment Policy.
B. Duplicate the templates. In GPOl, configure Certificate Services Client-Auto-Enrollment.
C. Duplicate the templates. In GPOl, configure Automatic Certificate Request Settings.
D. In GPOl, configure Certificate Services Client – Auto-Enrollment.
Answer: C
Explanation:
Automatic certificate request settings
Certificate enrollment is the process of requesting, receiving, and installing a certificate. By using automatic certificate settings in public key policies, you can have computers that are associated with a Group Policy object (GPO) automatically enroll for certificates. This can save you the step of explicitly enrolling for computer-related certificates for each computer. After you establish an automatic certificate request, the actual certificate requests occur the next time the computers associated with the GPO log on to the network.
Incorrect:
Not A: Certificate enrollment policy provides the locations of certification authorities (CAs) and the types of certificates that can be requested. Organizations that are using Active Directory Domain Services (AD DS) can use Group Policy to provide certificate enrollment policy to domain members by using the Group Policy Management Console to configure the certificate enrollment policy settings. The Certificates snap-in can be used to configure certificate enrollment policy settings for individual client computers unless the Group Policy setting is configured to disable user-configured enrollment policy.
QUESTION 610
You configure and deploy a Group Policy object (GPO) that contains AppLocker settings.
You need to identify whether a specific application file is allowed to run on a computer.
Which Windows PowerShell cmdlet should you use?
A. Get-AppLockerFileInformation
B. Get-GPOReport
C. Get-GPPermissions
D. Test-AppLockerPolicy
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/ee460960.aspx
Tests whether the input files are allowed to run for a given user based on the specified AppLocker policy.
Braindump2go is one of the Leading 70-640 Exam Preparation Material Providers Around the World! We Offer 100% Money Back Guarantee on All Products! Feel Free In Downloading Our New Released 70-640 Real Exam Questions!