Braindump2go New Released 70-640 Exam Dumps Questions New Updated Today: Latest 651 Questions and Answers Explanation. Guarantee you 100% Success when you attend Microsoft MCM 70-640 Exam! We update 70-640 Exam Dumps Questions every day and you can come to download our latest 70-640 Practice Tests daily!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,Microsoft 70-640 Exam Dumps,70-640 Questions and Answers,TS: Windows Server 2008 Active Directory, Configuring
QUESTION 211
You have a client computer named Computer1 that runs Windows 7.
On Computer1, you configure a source-initiated subscription.
You configure the subscription to retrieve all events from the Windows logs of a domain controller named DC1.
The subscription is configured to use the HTTP protocol.
You discover that events from the Security log of DC1 are not collected on Computer1.
Events from the Application log of DC1 and the System log of DC1 are collected on Computer1.
You need to ensure that events from the Security log of DC1 are collected on Computer1.
What should you do?
A. Add the computer account of Computer1 to the Event Log Readers group on the domain
controller.
B. Add the Network Service security principal to the Event Log Readers group on the domain.
C. Configure the subscription to use custom Event Delivery Optimization settings.
D. Configure the subscription to use the HTTPS protocol.
Answer: B
QUESTION 212
Your network contains an Active Directory forest named contoso.com.
The forest contains six domains.
You need to ensure that the administrators of any of the domains can specify a user principal name (UPN) suffix oflitwareinc.com when they create user accounts by using Active Directory Users and Computers.
Which tool should you use?
A. Active Directory Administrative Center
B. Set-ADDomain
C. Active Directory Sites and Services
D. Set-ADForest
Answer: D
QUESTION 213
Your network contains an Active Directory domain named litwareinc.com.
The domain contains two sites named Sitel and Site2.
Site2 contains a read-only domain controller (RODC).
You need to identify which user accounts attempted to authenticate to the RODC.
Which tool should you use?
A. Active Directory Users and Computers
B. Ntdsutil
C. Get-ADAccountResultantPasswordReplicationPolicy
D. Adtest
Answer: A
QUESTION 214
Your network contains an Active Directory forest.
The forest schema contains a custom attribute for user objects.
You need to generate a file that contains the last logon time and the custom attribute values for each user in the forest.
What should you use?
A. the Get-ADUser cmdlet
B. the Export-CSV cmdlet
C. the Net User command
D. the Dsquery User tool
Answer: A
QUESTION 215
You have an Active Directory domain named contoso.com.
You need to view the account lockout threshold and duration for the domain.
Which tool should you use?
A. Net User
B. Active Directory Users and Computers
C. Group Policy Management Console (GPMC)
D. Computer Management
Answer: C
QUESTION 216
A domain controller named DC4 runs Windows Server 2008 R2.
DC4 is configured as a DNS server for fabrikam.com.
You install the DNS Server server role on a member server named DNS1 and then you create a standard secondary zone for fabrikam.com.
You configure DC4 as the master server for the zone.
You need to ensure that DNS1 receives zone updates from DC4.
What should you do?
A. Add the DNS1 computer account to the DNSUpdateProxy group.
B. On DC4, modify the permissions offabrikam.com zone.
C. On DNS1, add a conditional forwarder.
D. On DC4, modify the zone transfer settings for the fabrikam.com zone.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc771652.aspx
QUESTION 217
Your network contains an Active Directory domain named contoso.com.
The Active Directory sites are configured as shown in the Sites exhibit. (Click the Exhibit button.)
You need to ensure that DC1 and DC4 are the only servers that replicate Active Directory changes between the sites.
What should you do?
A. Configure DC1 as a preferred bridgehead server for IP transport.
B. Configure DC4 as a preferred bridgehead server for IP transport.
C. From the DC4 server object, create a Connection object for DC1.
D. From the DC1 server object, create a Connection object for DC4.
Answer: B
QUESTION 218
A company has an Active Directory forest.
You plan to install an offline Enterprise root certification authority (CA) on a server named CA1. CA1 is a member of the PerimeterNetwork workgroup and is attached to a hardware security module for private key storage.
You attempt to add the Active Directory Certificate Services (AD CS) server role to CA1.
The Enterprise CA option is not available.
You need to install the AD CS server role as an Enterprise CA on CA1.
What should you do first?
A. Add the DNS Server server role to CA1.
B. Add the Web Server (IIS) server role and the AD CS server role to CA1.
C. Add the Active Directory Lightweight Directory Services (AD LDS) server role to CA1.
D. Join CA1 to the domain.
Answer: D
QUESTION 219
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1.
DC1 has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com.
The no-refresh interval and the refresh interval are both set to three days.
The Advanced DNS settings of DC1 are shown in the Advanced DNS Settings exhibit. (Click the Exhibit button.)
You open the properties of a static record named Server1 as shown in the Server1 Record exhibit. (Click the Exhibit button.)
You discover that the scavenging process ran today, but the record for Server1 was not deleted.
You run dnscmd.exe and specify the ageallrecords parameter.
You need to identify when the record for Server1 will be deleted from the zone.
In how many days will the record be deleted?
A. 13
B. 10
C. 23
D. 7
Answer: D
Explanation:
The blank Record time stamp field indicates a static record. That’s the reason it wasn’t deleted. The timestamp has been set using dnscmd /ageallrecords. The Time to live setting means that the server will hold a cached record for 10 days, so it has nothing to do with this question. The record will become stale in six days (no-refresh interval + refresh interval, that’s 3 + 3 days), so now that the timestamp has been set it will be deleted when the next scavenging operation occurs, in seven days.
http://technet.microsoft.com/en-us/library/cc772069.aspx
dnscmd /ageallrecords Sets the current time on all time stamps in a zone or node. Record scavenging does not occur unless the records are time stamped. Name server (NS) resource records, start of authority (SOA) resource records, and Windows Internet Name Service (WINS) resource records are not included in the scavenging process, and they are not time stamped even when the ageallrecords command runs.
http://www.windowsitpro.com/article/dns/scavenging-stale-dns-records
When a record is older than the sum of the no-refresh interval and the refresh interval, the scavenging feature considers the record stale and deletes it. So, when you set No-refresh interval to 3 days and Refresh interval to 5 days, scavenging will delete records that are more than 8 days old.
QUESTION 220
Your network contains an Active Directory domain.
The domain is configured as shown in the exhibit. (Click the Exhibit button.)
Each organizational unit (OU) contains over 500 user accounts.
The Finance OU and the Human Resources OU contain several user accounts that are members of a universal group named Group1.
You have a Group Policy object (GPO) linked to the domain.
You need to prevent the GPO from being applied to the members of Group1 only.
What should you do?
A. Modify the Group Policy permissions.
B. Enable block inheritance.
C. Configure the link order.
D. Enable loopback processing in merge mode.
E. Enable loopback processing in replace mode.
F. Configure WMI filtering.
G. Configure Restricted Groups.
H. Configure Group Policy Preferences.
I. Link the GPO to the Finance OU.
J. Link the GPO to the Human Resources OU.
Answer: A
Braindump2go Guarantee:
Pass-Certification 70-640 offers absolute risk free investment opportunity, values your timr and money! Braindump2go latest 70-640 Real Exam Dumps – Your success in 70-640 Exam is certain! Your belief in our 70-640 Exam Dumps is further strengthened with 100% Money Back Promise from Braindump2go!