[Pass Ensure VCE Dumps] Download Free PassLeader Premium 651q 70-640 Exam Questions (501-520)

Preparing 70-640 exam with vaild 70-640 exam dumps, trying PassLeader’s 70-640 vce dumps or 70-640 pdf dumps, our 70-640 exam dumps coverd all the real exam questions, all new 70-640 exam questions are available in PassLeader’s 70-640 braindumps. Our 651q 70-640 premium vce file is the best study guide for preparing 70-640 exam, browsing PassLeader’s website and download 651q 70-640 exam questions.

keywords: 70-640 exam,651q 70-640 exam dumps,651q 70-640 exam questions,70-640 pdf dumps,70-640 practice test,70-640 vce dumps,70-640 study guide,70-640 braindumps,TS: Windows Server 2008 Active Directory, Configuring Exam

QUESTION 501
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. You have four Active Directory sites. Each site has multiple Active Directory subnets. You need to identify all of the authentication requests that originate from client computers that are not associated to an Active Directory subnet. What should you use?

A.    The %Systemroot%\System32\Network_llu.log log file
B.    The %Systemroot%\Debug\Netsetup.log log file
C.    The Authentication User Interface operational log
D.    The %Systemroot%\Debug\Netlogon.log log file

Answer: B

QUESTION 502
Your network contains an Active Directory domain. The domain contains five sites. One of the sites contains a read-only domain controller (RODC) named RODC1. You need to identify which user accounts can have their password cached on RODC1. Which tool should you use?

A.    Get-ADFineGrainedPasswordPolicy
B.    Dcdiag
C.    Get-ADDomamControllerPasswordReplicationPolicy
D.    Get-ADAccountResultantPasswordReplicationPolicy

Answer: C

QUESTION 503
Your network contains an Active Directory domain. The domain is configured as shown in the exhibit. (Click the Exhibit button.)

You have a Group Policy object (GPO) linked to the domain. The GPO is used to deploy a number of software packages. You need to ensure that the GPO is applied only to client computers that have sufficient free disk space. What should you do?

A.    Modify the Group Policy permissions.
B.    Enable block inheritance.
C.    Configure the link order.
D.    Enable loopback processing in merge mode.
E.    Enable loopback processing in replace mode.
F.    Modify the Group Policy permissions.
G.    Enable block inheritance.
H.    Configure the link order.
I.    Enable loopback processing in merge mode.
J.    Enable loopback processing in replace mode.

Answer: F

QUESTION 504
Your network contains an Active Directory domain named contoso.com. All servers are located in the same Active Directory site. The domain contains two domain controllers named DC1 and DC2. Both domain controllers host an Active Directory-integrated zone for contoso.com. The Start of Authority (SOA) record of the contoso.com zone is shown in the exhibit. (Click the Exhibit button.)

You have a member server named Server1. Server1 hosts a secondary zone of contoso.com. On DC1, you add a new record to the contoso.com zone. In the table below, identify the maximum amount of time required to replicate the record to each server. Make only one selection in each column.

Answer:

QUESTION 505
You have an Active Directory domain named contoso.com. You need to view the account lockout threshold and duration for the domain. Which tool should you use?

A.    Get-ItemProperty
B.    Active Directory Domains and Trusts
C.    Net User
D.    Gpresult

Answer: C

QUESTION 506
Your network contains an Active Directory domain named litwareinc.com. The domain contains two sites named Site1 and Site2. Site2 contains a read-only domain controller (RODC). You need to identify which user accounts attempted to authenticate to the RODC. Which tool should you use?

A.    Repadmin
B.    Dcdiag
C.    Get-ADAccountResultantPasswordReplicationPolicy
D.    Active Directory Sites and Services

Answer: A

QUESTION 507
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. The DNS zone for contoso.com is Active Directory-integrated. You deploy a read-only domain controller (RODC) named RODC1. You install the DNS Server server role on RODC1. You discover that RODC1 does not have any DNS application directory partitions. You need to ensure that RODC1 has a copy of the DNS application directory partition of contoso.com. What should you do?

A.    From DNS Manager, right-click RODC1 and click Create Default Application Directory Partitions.
B.    From DNS Manager, create primary zones.
C.    Run ntdsutil.exe. From the Partition Management context, run the create nc command.
D.    Run dnscmd.exe and specify the /enlistdirectorypartition parameter.

Answer: A

QUESTION 508
Your network contains an Active Directory domain named contoso.com. You have a comma separated value (CSV) file named Users.txt. Users.txt contains the information for 500 users and all of the attributes required to create user accounts. You plan to automate the creation of user accounts by using the Users.txt file. You need to identify which two cmdlets you must run. The solution must pipe the output from the first cmdlet to the second cmdlet. What should you run from Windows PowerShell? To answer, configure the appropriate PowerShell command in the answer area.

Answer:

QUESTION 509
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named Sales and an OU named Engineering. You have two Group Policy objects (GPOs) named GPO1 and GP02. GPO1 and GP02 are linked to the Sales OU and contain multiple settings. You discover that GP02 has a setting that conflicts with a setting in GPO1. When the policies are applied, the setting in GP02 takes effect. You need to ensure that the settings in GPO1 supersede the settings in GP02. The solution must ensure that all non-conflicting settings in both GPOs are applied. What should you do?

A.    Modify the Group Policy permissions.
B.    Enable block inheritance.
C.    Configure the link order.
D.    Enable loopback processing in merge mode.
E.    Enable loopback processing in replace mode.
F.    Configure WMI filtering.
G.    Configure Restricted Groups.
H.    Configure Group Policy Preferences.
I.    Link the GPO to the Sales OU.
J.    Link the GPO to the Engineering OU.

Answer: C

QUESTION 510
You have a standard primary zone named contoso.com. You need to configure how often the zone will be transferred to servers that host a secondary copy of the zone. Which tab should you use? To answer, select the appropriate tab in the answer area.

Answer:


http://www.passleader.com/70-640.html

QUESTION 511
Your network contains an Active Directory domain. The domain contains five sites. One of the sites contains a read-only domain controller (RODC) named RODC1. You need to identify which user accounts can have their password cached on RODC1. Which tool should you use?

A.    Ntdsutil
B.    Dcdiag
C.    Repadmin
D.    Get-ADAccountResultantPasswordReplicationPolicy

Answer: A

QUESTION 512
Your network contains four domain controllers. The domain controllers are configured as shown in the following table.

All of the domain controllers are configured to host an Active Directory-integrated zone for their respective domain. A GlobalNames zone is deployed in the fabrikam.com forest. You add a canonical (CNAME) record named Server1 to the GlobalNames zone. You discover that users in the contoso.com forest cannot resolve the name Server1. The users in fabrikam.com can resolve the name Server1. You need to ensure that the contoso.com users can resolve names in the GlobalNames zone. What should you do? (Each correct answer presents part of the solution. Choose two.)

A.    Run dnscmd.exe and specify the globalnamesqueryorder parameter on CONT-DC1 and CONT-DC2.
B.    Add service location (SRV) records named _globalnames to the _msdcs.contoso.com zone.
C.    Run dnscmd.exe and specify the enableglobalnamessupport parameter on CONT-DC1 and CONTDC2.
D.    Run dnscmd.exe and specify the globalnamesqueryorder parameter on FABR-DC1 and FABR-DC2.
E.    Run dnscmd.exe and specify the enableglobalnamessupport parameter on FABR-DC1 and FABRDC2.
F.    Add service location (SRV) records named _globalnames to the _msdcs.fabrikam.com zone.

Answer: AD

QUESTION 513
A corporate network includes an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers. You add multiple DNS records to the zone. You need to ensure that the new records are available on all DNS servers as soon as possible. Which tool should you use?

A.    Repadmin
B.    Ldp
C.    Dnscmd
D.    Ntdsutil

Answer: A

QUESTION 514
Your network contains an Active Directory domain. The domain contains two file servers. The file servers are configured as shown in the following table.

You create a Group Policy object (GPO) named GPO1 and you link GPO1 to OU1. You configure the advanced audit policy as shown in the exhibit. (Click the Exhibit button.)

You discover that the settings are not applied to Server1. The settings are applied to Server2. You need to ensure that access to the file shares on Server1 is audited. What should you do?

A.    On Server1, run secedit.exe and specify the /configure parameter.
B.    On Server1, run auditpol.exe and specify the /set parameter.
C.    From GPO1, configure the Security Options.
D.    From Active Directory Users and Computers, modify the permissions of the computer account for Server1.
E.    From Active Directory Users and Computers, add Server1 to the Event Log Readers group.

Answer: B

QUESTION 515
A corporate network includes a single Active Directory Domain Services (AD DS} domain. The HR department has a dedicated organization unit (OU) named HR. The HR OU has two sub-OUs: HR Users and HR Computers. User accounts for the HR department reside in the HR Users OU. Computer accounts for the HR department reside in the HR Computers OU. All HR department employees belong to a security group named HR Employees. All HR department computers belong to a security group named HR PCs. Company policy requires that passwords are a minimum of six characters. You need to ensure that, the next time HR department employees change their passwords, the passwords are required to have at least eight characters. The password length requirement should not change for employees of any other department. What should you do?

A.    Modify the local security policy on each computer in the HR PCs group.
B.    Create a fine-grained password policy and apply it to the HR Employees group.
C.    Create a new GPO, with the necessary password policy, and link it to the HR Computers OU.
D.    Create a fine-grained password policy and apply it to the HR Computers OU.

Answer: B

QUESTION 516
Your network contains an Active Directory domain. The domain contains a domain controller named DC1 that runs Windows Server 208 R2 Service Pack 1 (SP1). You need to implement a central store for domain policy templates. What should you do? To answer, select the source content that should be copied to the destination folder in the answer area.

Answer:

QUESTION 517
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. Server1 has a shared folder named Profiles. You plan to create a new user template named User_Template. You need to ensure that when you copy User_Temptate, the new user account has a unique profile folder created in the Profiles share. Which value should you specify for the profile path?

A.    %Userprofile%\Server1\profiles
B.    \\Server1\profiles\%username%
C.    \\Server1\%userprofile%\
D.    \\Server1\profiles\username

Answer: B

QUESTION 518
You deploy a certification authority (CA) named CA1. CA1 will be used to issue a large number of temporary certificates to provide users with access to public wireless access points (WAPs). You create a certificate template named Template1. You enable the Do not store certificates and requests in the CA database option. You need to configure CA1 to ensure that certificate requests and issued certificates for Template1 are not stored in the CA database. Which command should you run?

A.    certutil -setreg DBFlags +DBFLAGS_MAXCACHESIZEX100
B.    certutil -setreg DBFlags +DBFLAGS_CREATEIFNEEDED
C.    certutil -setreg DBFlags -DBFLAGS_LOGBUFFERSHUGE
D.    certutil -setreg DBFlags +DBFLAGS_ENABLEVOLATILEREQUESTS

Answer: D

QUESTION 519
A user attempts to join a computer to the domain, but the attempt fails. You need to ensure that the user can join fifty computer to the domain. You must ensure that the user is denied any additional rights beyond those required to complete the task. What should you do?

A.    Prestage each computer account in the Active Directory domain.
B.    Deploy a Group Policy Object (GPO) that modifies the user rights settings.
C.    Add the user to the Domain Administrators group for one day.
D.    Deploy a Group Policy object (GPO) that modifies the Restricted Groups settings.

Answer: C

QUESTION 520
A corporate network includes a single Active Directory Domain Services (AD D5) domain. All regular user accounts reside in an organizational unit (OU) named Employees. All administrator accounts reside in an OU named Admins. You need to ensure that any time an administrator modifies an employee’s name in AD DS, the change is audited. What should you do first?

A.    Use the Auditpol.exe command-line tool to enable the directory services access auditing subcategory.
B.    Enable the Audit directory service access setting in the Default Domain Controllers Policy Group Policy Object.
C.    Create a Group Policy Object with the Audit directory service access setting enabled and link it to the Employees OU.
D.    Enable the Audit directory service access setting in the Default Domain Policy Group Policy Object.

Answer: A
Explanation:
Before we can use the Directory Service Changes audit policy subcategory, we have to enable it first. We can do that by using auditpol.exe.
http://technet.microsoft.com/en-us/library/cc731607.aspx


http://www.passleader.com/70-640.html