The 70-640 Exam Practice Questions and Answers are ideal for the aspring candiates to grab exceptional grades in Microsoft 70-640 Exam! The 70-640 Questions and Answers are developed using the latest updated course content and all the answers are verified to ensure phenoment preparation for the actual 70-640 Exam!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,Microsoft 70-640 Exam Dumps,70-640 Questions and Answers,TS: Windows Server 2008 Active Directory, Configuring
QUESTION 331
Your network contains an Active Directory domain. All DNS servers are domain controllers.
You view the properties of the DNS zone as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that only domain members can register DNS records in the zone.
What should you do first?
A. Modify the zone type.
B. Create a trust anchor.
C. Modify the Advanced properties of the DNS server.
D. Modify the Dynamic updates setting.
Answer: A
QUESTION 332
Your company has a single Active Directory forest with a single domain.
Consultants in different departments of the company require access to different network resources.
The consultants belong to a global group named TempWorkers.
Three file servers are placed in a new organizational unit named SecureServers.
The file servers contain confidential data in shared folders.
You need to prevent the consultants from accessing the confidential data.
What should you do?
A. Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit.
Assign the Deny access to this computer from the network user right to the TempWorkers
global group.
B. Create a new Group Policy Object (GPO) and link it to the domain.
Assign the Deny access to this computer from the network user right to the TempWorkers
global group.
C. On the three file servers, create a share on the root of each hard disk.
Configure the Deny Full control permission for the TempWorkers global group on the share.
D. Create a new Group Policy Object (GPO) and link it to the domain.
Assign the Deny log on locally user right to the TempWorkers global group.
E. Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit.
Assign the Deny log on locally user right to the TempWorkers global group.
Answer: A
QUESTION 333
Your network contains two Active Directory forests named contoso.com and nwtraders.com.
The functional level of both forests is Windows Server 2003.
Contoso.com contains one domain.
Nwtraders.com contains two domains.
You need to ensure that users in contoso.com can access the resources in all domains.
The solution must require the minimum number of trusts.
Which type of trust should you create?
A. external
B. forest
C. realm
D. shortcut
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc771397.aspx
When to create a forest trust
You can create a forest trust between forest root domains if the forest functional level is Windows Server 2003 or higher. Creating a forest trust between two root domains with a forest functional level of Windows Server 2003 or higher provides a one-way or two-way, transitive trust relationship between every domain in each forest. Forest trusts are useful for application service providers, organizations undergoing mergers or acquisitions, collaborative business extranets, and organizations seeking a solution for administrative autonomy.
QUESTION 334
You install an Active Directory domain in a test environment.
You need to reset the passwords of all the user accounts in the domain from a domain controller.
Which two Windows PowerShell commands should you run? (Each correct answer presents part of the solution, choose two.)
A. $ newPassword = *
B. Import-Module ActiveDirectory
C. Import-Module WebAdministration
D. Get- AdUser -filter * | Set- ADAccountPossword – NewPassword $
newPassword – Reset
E. Set- ADAccountPossword – NewPassword – Reset
F. $ newPassword = (Read-Host – Prompt “New Password” – AsSecureString )
G. Import-Module ServerManager
Answer: DF
QUESTION 335
Your network contains two forests named adatum.com and litwareinc.com.
The functional level of all the domains is Windows Server 2003.
The functional level of both forests is Windows 2000.
You need to create a forest trust between adatum.com and litwareinc.com.
What should you do first?
A. Create an external trust.
B. Raise the functional level of both forests.
C. Configure SID filtering.
D. Raise the functional level of all the domains.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc771397.aspx
When to create a forest trust
You can create a forest trust between forest root domains if the forest functional level is Windows Server 2003 or higher.
QUESTION 336
Your network contains an Active Directory forest named adatum.com.
All client computers used by the marketing department are in an organizational unit (OU) named Marketing Computers.
All user accounts for the marketing department are in an OU named Marketing Users.
You purchase a new application.
You need to ensure that every user in the domain who logs on to a marketing department computer can use the application.
The application must only be available from the marketing department computers.
What should you do?
A. Create and link a Group Policy object (GPO) to the Marketing Users OU.
Copy the installation package to a shared folder on the network. Assign the application.
B. Create and link a Group Policy object (GPO) to the Marketing Computers OU.
Copy the installation package to a shared folder on the network. Assign the application.
C. Create and link a Group Policy object (GPO) to the Marketing Computers OU.
Copy the installation package to a local drive on each marketing department computer.
Publish the application.
D. Create and link a Group Policy object (GPO) to the Marketing Users OU.
Copy the installation package to a folder on each marketing department computer.
Publish the application.
Answer: B
Explanation:
The software must only be available on the marketing department computers, so we must link the GPO to the Marketing Computers OU. Next we need to assign the application to the Marketing Computers OU.
When you assign software to computers, it is available to all authenticated users of the computer, regardless of their group membership or privileges. The software package is installed when the computer is next restarted after the package has been assigned. For example, suppose that you have a design application that should be available on all computers in the Engineering OU but not to computers elsewhere on your network. You would assign this application to computers in a Group Policy object (GPO) linked to the Engineering OU.
QUESTION 337
Your network contains an Active Directory forest named adatum.com.
You need to create an Active Directory Rights Management Services (AD RMS) licensing-only cluster.
What should you install before you create the AD RMS root cluster?
A. The Failover Cluster feature
B. The Active Directory Certificate Services (AD CS) role
C. Microsoft Exchange Server 2010
D. Microsoft SharePoint Server 2010
E. Microsoft SQL Server 2008
Answer: E
QUESTION 338
Your network contains an Active Directory domain named contoso.com.
The contoso.com domain contains a domain controller named DC1.
You create an Active Directory-integrated GlobalNames zone.
You add an alias (CNAME) resource record named Server1 to the zone.
The target host of the record is server2.contoso.com.
When you ping Server1, you discover that the name fails to resolve.
You are able to successfully ping server2.contoso.com.
You need to ensure that you can resolve names by using the GlobalNames zone.
Which command should you run?
A. Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /domain
B. Dnscmd DCl.contoso.com /config /Enableglobalnamessupport forest
C. DnscmdDCl.contoso.com/config/Enableglobalnamessupport 1
D. Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /forest
Answer: C
QUESTION 339
Your network contains an Active Directory domain named contoso.com.
The network has a branch office site that contains a read-only domain controller (RODC) named R0DC1.
R0DC1 runs Windows Server 2008 R2.
A user logs on to a computer in the branch office site.
You discover that the user’s password is not stored on R0DC1.
You need to ensure that the user’s password is stored on RODC1 when he logs on to a branch office site computer.
What should you do?
A. Modify the RODC s password replication policy by removing the entry for the Allowed RODC
Password Replication Group.
B. Modify the RODC’s password replication policy by adding R0DC1’s computer account to the
list of allowed users, groups, and computers.
C. Add the user’s user account to the built-in Allowed RODC Password Replication Group on
R0DC1.
D. Add R0DC1’s computer account to the built-in Allowed RODC Password Replication Group
on R0DC1.
Answer: C
QUESTION 340
You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server named Server1.
You need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS.
Which protocol should you allow on Server1?
A. Kerberos
B. SSL
C. SMB
D. RPC
Answer: B
Braindump2go New Published Exam Dumps: Microsoft 70-640 Practice Tests Questions, 651 Latest Questions and Answers from Official Exam Centre Guarantee You a 100% Pass! Free Download Instantly!