Exam 70-640 study material Made available by bibekthapa.com.

np

Free 70-640 Exam Preparation Questions
Exam 70-640: TS: Windows Server 2008 Active Directory. Configuring

What should you do? A. Answer: A.com. C. Configure conditional forwarding on DNS1 and DNS2 to forward fabrikam. All domain controllers run Windows Server 2003. Answer: B Question:2 Your network consists of a single Active Directory domain. D. Run the Computer Management console to stop the Domain Controller service on both domain controllers in the child domain. You upgrade all domain controllers to Windows Server 2008. You need to remove the child domain from the Active Directory forest. From the command prompt.com and fabrikam.com and fabrikam. D. All computers that belong to the fabrikam. B Question:5 Your company has two Active Directory forests named contoso. DNS2. Choose two. B.) A. run dfsutil /addroot:sysvol. Both forests run only domain controllers that run Windows Server 2008.Question:1 Your company has two Active Directory forests named contoso. Delete the computer accounts for each domain controller in the child domain. Each office has one domain controller. Users from the fabrikam.com zone on the DNS3 server. C.com queries to DNS3. Run the Dcpromo tool that has individual answer files on each domain controller in the child domain. B. D. B. You need to ensure that the Sysvol share replicates by using DFS Replication (DFS-R). D. You configure an external trust between contoso. C. The child domain has two domain controllers that run Windows Server 2008. What should you do? A. From the command prompt. Remove the trust relationship between the parent domain and the child domain. Decrease the cost between the connection objects. The domain functional level of fabrikam. Configure conditional forwarding on DNS3 to forward contoso. What should you do? A. . run netdom /reset. The company has an Active Directory forest that has a single domain. You need to ensure users in the fabrikam. The domain functional level of contoso.com domain. From the command prompt. and DNS3.xml. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution.com is Windows Server 2008. All other computers use DNS1 as the preferred DNS server.com domain are unable to connect to the servers that belong to the contoso.com queries to DNS1. B. C. What should you do? A. Decrease the replication schedule for the DEFAULTIPSITELINK object. The child domain is scheduled to be decommissioned. The DNS servers are configured as shown in the following table.com domain have DNS3 configured as the preferred DNS server.com.com zone on the DNS1 server and the DNS2 server.com queries. Answer: D Question:3 Your company has a main office and three branch offices. Answer: C Question:4 Your company network has an Active Directory forest that has one parent domain and one child domain.com is Windows Server 2003 Native mode.com. Create a copy of the fabrikam. All user accounts from the child domain are migrated to the parent domain.com domain are able to resolve all contoso. Create a copy of the _msdcs. All sites are connected with the DEFAULTIPSITELINK object.com and fabrikam. Each office is configured as an Active Directory site. The company network has three DNS servers named DNS1. Raise the functional level of the domain to Windows Server 2008. Create a new forest trust and enable forest-wide authentication.contoso. Use Server Manager on both domain controllers in the child domain to uninstall the Active Directory domain services role. You need to enable the Kerberos AES encryption option. Decrease the replication interval for all connection objects. You need to decrease the replication latency between the domain controllers. Decrease the replication interval for the DEFAULTIPSITELINK object. run dcpromo /unattend:unattendfile.

Answer: D Question:6 Your company has a single-domain Active Directory forest. The functional level of the domain isWindows Server 2008. You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units. The forest includes organizational units corresponding to the following four locations: London Chicago New York Madrid Each location has a child organizational unit named Sales. Create a GPO and link it to the domain. D. Which two actions should you perform? (Each correct answer presents part of the solution. You need to ensure that the users have access to the shared folder. Answer: A Question:9 Your company has an Active Directory forest that contains client computers that run Windows Vista and Microsoft Windows XP. Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO. Answer: A. Configure the server to search for new updates on the Internet.com to Windows Server 2008. Raise the forest functional level of contoso. D. C. C.com to Windows Server 2008. Each location has an organizational unit. D Question:8 Your company has an Active Directory domain that has an organizational unit named Sales. You create a GPO named DesktopLockdown and link it to the Sales organizational unit. The offices in London. What should you do next? A. . Answer: C. Raise the domain functional level of fabrikam. You need to apply desktop restrictions to the sales executives group. and New York are connected by T1 connections. C. Choose two. D. You perform the following activities: Create a global distribution group.com to Windows Server 2008. C.) A. Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown GPO.Place the global distribution group in a domain local group that has access to the shared folder. Raise the forest functional level to Windows Server 2008. Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO. B. Install the Microsoft WSUS application on a server in the environment. The Sales organizational unit contains two global security groups named sales managers and sales executives. Create a GPO and link it to the Domain Controllers organizational unit. D. The Sales organizational unit contains all the users and computers from the sales department. You must not apply these desktop restrictions to the sales managers group. Create a shared folder on a Windows Server 2008 member server. C. Run the Delegation of Control wizard and delegate the right to link GPOs for the domain to the branch office administrators. Chicago. You need to ensure that users are able to install approved application updates on their computers.B. B. The company has branch offices in three locations. Add the user accounts of the branch office administrators to the Group Policy Creator Owners Group. Run the Delegation of Control wizard and delegate the right to link GPOs for their branch organizational units to the branch office administrators. Add the global distribution group to the Domain Administrators group. Approve all required updates. Raise the forest functional level of fabrikam. D. B. Configure the GPO to direct the client computers to the Microsoft WSUS server for approved updates. Modify the Managed By tab in each organizational unit to add the branch office administrators to their respective organizational units. Change the group type of the global distribution group to a security group. Configure the GPO to automatically search for updates on the Microsoft Update site. Which two actions should you perform? (Each correct answer presents part of the solution. Set up Automatic Updates through Control Panel on the client computers. Add users to the global distribution group. B. Choose two.) A. D Question:10 Your company has an Active Directory forest. Change the scope of the global distribution group to a Universal distribution group. What should you do? A. Answer: C Question:7 Your company has an Active Directory forest. Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown GPO.

Answer: A. C.adm file to the startup folder of each target computer.) A. Run the Active Directory Users and Computers utility. Run the REDIRCmp CONTAINER-DN command on each target computer. B. Run the move-item command in the Microsoft Windows PowerShell utility. configure Auditing for the Everyone group in the Payroll folder. Choose two. What should you do? A. Configure the slow link detection threshold setting to 1. Answer: D Question:15 You have two servers named Server1 and Server2. On the file servers. Link the GPO to the domain. D. Import the . configure Auditing for the Authenticated Users group in the Payroll folder. You need to . B. You need to prepare the target computers for the application. You upgrade all domain controllers to Windows Server 2008. Disable the slow link detection setting in the Group Policy Object (GPO). Enable the Audit object access option.adm file to each computer. Edit the GPO and link it to an organizational unit that contains the target computers. Answer: A Question:12 You need to relocate the existing user and computer objects in your company to different organizational units. You need to configure the Active Directory environment to support the application of multiple password policies. What should you do? A. configure Auditing for the Everyone group in the Payroll folder. B. Both servers run Windows Server 2008. C. D. Create a Microsoft Windows PowerShell script to copy the . All domain controllers run Windows Server 2003. You create a GPO. Enable the Audit process tracking option. C Question:13 Your company purchases a new application to deploy on 200 computers. What should you do? A. Answer: A Question:14 Your network consists of a single Active Directory domain. On all domain controllers. D. The registry modifications are in a file that has an . configure Auditing for the Authenticated Users group in the Payroll folder.544 Kbps (T1) in the Group Policy Object (GPO). Choose two. Link the GPO to the Domain Controllers organizational unit.adm extension. C. Raise the functional level of the domain to Windows Server 2008. On the domain controllers. The application requires that you modify the registry on each target computer before you install the application. Server1 is configured as an enterprise root certification authority (CA). run dcpromo /adv. Create a Group Policy Object (GPO) named OfficeInstall that assigns the application to the computers. On the file servers. Link the GPO to each Sales organizational unit. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution.The office in Madrid is connected by a 256-Kbps ISDN connection. You need to track which employees access the Payroll files on the file servers. Enable the Audit object access option. Create multiple Active Directory sites. Which two actions should you perform? (Each correct answer presents part of the solution. D Question:11 Your company has file servers located in an organizational unit named Payroll. Run the Active Directory Migration Tool (ADMT). D. B. Create a Microsoft Windows PowerShell script to copy the . Create a Microsoft Windows PowerShell script to copy the . On one domain controller. Enable the Audit process tracking option. run dcpromo /adv.adm file into a new Group Policy Object (GPO). D. Link the GPO to the Payroll organizational unit. On the file servers. C.adm file to each computer. Create a Group Policy Object (GPO) named OfficeInstall that assigns the application to users. You need to install an application on all the computers in the sales department. Link the GPO to the Payroll organizational unit.) A. Answer: A. B. You install the Online Responder role service on Server2. Run the Dsmod utility. The file servers contain payroll files located in a folder named Payroll. C. Run the REDIRUsr CONTAINERDN command on each target computer. Link the GPO to each Sales organizational unit.

As an administrator in the network. Configure the Authority Information Access (AIA) extension. Which two tasks should you perform? (Each correct answer presents part of the solution. Answer: B Question:19 There is a server with an instance of Microsoft Active Directory Lightweight Directory Service (AD LDS) in a company. The domain controllers configured as DNS servers run Windows Server 2008. Which two tasks should you perform? (Each correct answer presents part of the solution. C. D. Create the organizational units by using the dnscommand. B. B Question:17 Your company has an Active Directory domain. Add the Web server (IIS) role and the AD CS role. D. Run dnscmd /enlistdirectorypartition command. You plan to install an Enterprise certification authority (CA) on a dedicated stand-alone server. C. Import the enterprise root CA certificate. When you attempt to add the Active Directory Certificate Services (AD CS) role. Answer: A.) A. Join the server to the domain. Choose two. Both servers run Windows Server 2008. B. you find that the Enterprise CA option is not available. Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers. Answer: B Question:20 You are a network administrator of your company. Create the organizational units by use the dsmod command. You need to configure Server2 to issue certificate revocation lists (CRL) for the enterprise root CA. D. So what is your solution? A. Answer: A. Microsoft Active Directory Lightweight Directory Services (AD LDS) is an independent mode of Active Directory that provides dedicated directory services for applications.) A. Add the Server2 computer account to the CertPublishers group. D Question:18 Your company has an Active Directory forest. Add the Server1 computer account to the CertPublishers group. Import the enterprise root CA certificate. Answer: C Question:16 You have two servers named Server1 and Server2. Create the organizational units on the AD LDS application directory partition by using the ADSI Edit snap-in in the network. B. you want to make sure that the new zone is only replicated to half of your domain controllers. A new Active Directoryintegrated zone is created in your network. a solution is needed for you to create new organizational units in the AD LDS application directory partition. Set the Startup Type of the Certificate Propagation service to Automatic. Choose two. .configure Server1 to support the Online Responder. D. C. What should you do? A. Import the OCSP Response Signing certificate. B. Now. Create the organizational units on the AD LDS application directory partition by using the Active Directory Users and Computers snap-in in the network. What should you do first? A. You need to ensure that only administrators can sign code. You install the Online Responder role service on Server2. Server1 is configured as an Enterprise Root certification authority (CA). Configure the Certificate Revocation List Distribution Point extension. Add the DNS Server role. C. All servers run Windows Server 2008. C. Your company has a single Active Directory domain which contains 12 domain controllers. Your company runs an Enterprise Root certification authority (CA). Modify the security settings on the template to allow only administrators to request code signing certificates. Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and allow only administrators to apply the policy. D. What is the first step? A. Publish the code signing template. You need to install the AD CS role as an Enterprise CA. Add the Active Directory Lightweight Directory Service (AD LDS) role. B.

com zone. You want to examine information regarding Group Policy processing on her system. A DNS server Answer: A. Group Policy Modeling Wizard B. create a standard secondary zone.) A. Gpresult.com. The Active Directory Federation . what should you do? A.com n your company. In the DomainDnsZones application directory partition.exe /Target:User. On a Global Catalog server.exe E. create a new delegation. Run Gpresult. DNS records are dynamically registered by all computers including non-domain members. create a NS record. Msconfig. your company buys a new server which contains a standard primary DNS zone for dev. create a new delegation. Run Gpresult. Some users report that the screen saver is not launching after 10 minutes as expected. To make sure that all domain controllers can resolve names for dev.com. Run Gpresult -scope computer. You need to delete the Authenticated Users group. Run dnscmd /createdirectorypartition command. create a child zone.exe Answer: B. B. Answer: B Question:24 You are the administrator at Contoso.com zone? A. Your company constructs a regional network that consists of an Active Directory forest named nosuchhost. You need to turn off Create All Child Objects permission. In the nosuchhost. Answer: A Question:25 Which of the following are required to create a domain controller successfully? (Choose all that apply.com and all the domain controllers in the domain are configured as DNS Servers. D Question:22 There is a single Active Directory domain named intranet. But you do not want all the computers register DNS records and only allow domain members to dynamically register DNS records. Group Policy Results Wizard C. A valid NetBIOS name C.nosuchost. Now. C. D. create a delegation.exe -computer. one of which configures the password-protected screen saver and screen saver timeout required by corporate policy. In the ForestDnsZones application directory partition.com DNS zone is stored. C. Answer: Pending Question:23 You are a network administrator of your company.B. Gpupdate. An Active Directory Federation Services (AD FS) role has been installed on the domain member server. A DHCP server to assign an IP address to the domain controller D. the nosuchhost. B. which has a single domain in the network.com zone. You need to enable zone transfers to Name Servers.exe D. A valid DNS domain name B. The contoso. Now.com domain has five GPOs linked to the domain. Run Gpupdate. D.nosuchhost. Windows Server 2008 is installed on all servers. B Question:26 There is an Active Directory forest in an company. B. Which tools can you use to gather this nformation remotely? (Choose all that apply. What should you do to configure the intranet. The domain controllers run Windows Server 2008 and the DNS server role. Answer: A Question:21 A user calls the help desk at your organization and reports problems that you suspect might be related to changes that were recently made to Group Policy. You need to allow only secure dynamic updates.nosuchhost.exe for the users. In the ForestDnsZones Active Directory application partition. In the nosuchhost. C. In the contoso. D. How do you know when the GPO was applied? A. C. D.nosuchhost.) A.com zone. Ltd.

Remote Desktop Users Answer: A. Answer: Pending Question:27 The contoso. Domain Admins C. Two domain controllers that run Windows Server 2008 are in the child domain. Help Desk E. and configure it. C. In the solution. Because your company decides not to use the child domain any more. The Sydney Support GPO includes a restricted groups policy for the Administrators group that specifies the Members Of This Group setting to be CONTOSO\Sydney Support. The Corporate Help Desk GPO includes a restricted groups policy for the Administrators group that specifies the Members Of This Group setting to be CONTOSO\Help Desk. Which of the following accounts will be a member of the Administrators group on DESKTOP234? (Choose all that apply. uninstall the Active Directory domain services role by using Server Manager. and configure it. what is your solution? A. On both domain controllers in the child domain. An Active Directory forest with a single domain is deployed in your company and an Active Directory site is deployed in each office. Answer: B. The domain has four domain controllers which are deployed in each branch offices. D.) A. A computer named DESKTOP234 joins the domain in the Sydney OU. Sydney Support D. Reduce latency by decreasing the replication interval for all connection objects. and a GPO named Sydney Support linked to the Sydney OU within the Clients OU. D. The DEFAULTIPSITELINK object connects the sites. so you need reduce the latency. Reduce latency by decreasing the replication schedule for the DEFAULTIPSITELINK objects. Remote Desktop Users Answer: A. C. linked to the Clients OU. linked to the Clients OU.) A. Reduce latency by decreasing the replication interval for the DEFAULTIPSITELINK object. D Question: 28 The contoso. In the solution. In the solution. Answer: C Question:30 You are working in a company whose network has an Active Directory forest. Sydney Support D. and configure it. C Question:29 You are the network administrator of your company which has a main office and four branch offices. B. Administrator B. Reduce latency by decreasing the cost between the connection objects. run the Dcpromo tool. D. and configure it. Which of the following accounts will be a member of the Administrators group on DESKTOP234? (Choose all that apply. Help Desk E. In the solution. C.com domain contains a GPO named Corporate Help Desk. C. The replication latency between the domain controllers is too much.) A. On both domain controllers of the child domain. On both domain controllers of the child domain. So. A computer named DESKTOP234 joins the domain in the Sydney OU. In order to ensure that AD FS tokens contain information from the Active Directory domain. Which are the two possible ways to achieve this goal? (Choose two. B.C . Administrator B. B. B. The Sydney Support GPO includes a restricted groups policy for the CONTOSO\Sydney Support group that specifies This Group Is A Member Of Administrators.Services makes RADIUS authentication obsolete. Firstly delete the computer accounts that belong to the child domain and then remove the trust relationship between the two domains. The Corporate Help Desk GPO includes a restricted groups policy for the Administrators group that specifies the Members Of This Group setting to be CONTOSO\Help Desk. stop the Domain Controller service. you should add a new account store. and a GPO named Sydney Support linked to the Sydney OU within the Clients OU. you need to work out a solution to configure AD FS. you should add a Claims-aware application. you should add a new resource partner. Domain Admins C. The forest has one root domain and one child domain. What should you do? A. you should add a new account partner.com domain contains a GPO named Corporate Help Desk. you need to remove the child domain from the forest and migrate the user accounts from the child domain to the parent domain.

Sign up to vote on this title
UsefulNot useful