[Pass Ensure VCE Dumps] New 70-640 Study Guide With Updated Exam Questions From PassLeader (421-440)

Need New 70-640 Exam Dumps? Download the valid PassLeader 651q 70-640 exam dumps! PassLeader offer the newest 70-640 pdf and vce dumps, which including all the new 70-640 exam questions and answers. We PassLeader ensure that our 651q 70-640 practice test is the most valid and you can get all real exam questions with our 70-640 study guide and pdf ebook materials. We share the 70-640 sample questions with vce and pdf for free download now!

keywords: 70-640 exam,651q 70-640 exam dumps,651q 70-640 exam questions,70-640 pdf dumps,70-640 practice test,70-640 vce dumps,70-640 study guide,70-640 braindumps,TS: Windows Server 2008 Active Directory, Configuring Exam

QUESTION 421
Your network consists of an Active Directory forest that contains one domain. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You have an Active Directory- integrated zone. You have two Active Directory sites. Each site contains five domain controllers. You add a new NS record to the zone. You need to ensure that all domain controllers immediately receive the new NS record. What should you do?

A.    From the DNS Manager console, reload the zone.
B.    From the DNS Manager console, increase the version number of the SOA record.
C.    From the command prompt, run repadmin /syncall.
D.    From the Services snap-in, restart the DNS Server service.

Answer: C

QUESTION 422
Your company has a single Active Directory domain named intranet.contoso.com. All domain controllers run Windows Server 2008 R2. The domain functional level is Windows 2000 native and the forest functional level is Windows 2000. You need to ensure the UPN suffix for contoso.com is available for user accounts. What should you do first?

A.    Raise the intranet.contoso.com forest functional level to Windows Server 2003 or higher.
B.    Raise the intranet.contoso.com domain functional level to Windows Server 2003 or higher.
C.    Add the new UPN suffix to the forest.
D.    Change the Primary DNS Suffix option in the Default Domain Controllers Group Policy Object (GPO) to contoso.com.

Answer: C

QUESTION 423
You have a Windows Server 2008 R2 Enterprise Root CA . Security policy prevents port 443 and port 80 from being opened on domain controllers and on the issuing CA. You need to allow users to request certificates from a Web interface. You install the Active Directory Certificate Services (AD CS) server role. What should you do next?

A.    Configure the Online Responder Role Service on a member server.
B.    Configure the Online Responder Role Service on a domain controller.
C.    Configure the Certificate Enrollment Web Service role service on a member server.
D.    Configure the Certificate Enrollment Web Service role service on a domain controller.

Answer: C

QUESTION 424
You need to relocate the existing user and computer objects in your company to different organizational units. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

A.    Run the move-item command in the Microsoft Windows PowerShell utility.
B.    Run the Active Directory Users and Computers utility.
C.    Run the Dsmove utility.
D.    Run the Active Directory Migration Tool (ADMT).

Answer: BC

QUESTION 425
Your network consists of an Active Directory forest named contoso.com. All servers run Windows Server 2008 R2. All domain controllers are configured as DNS servers. The contoso.com DNS zone is stored in the ForestDnsZones Active Directory application partition. You have a member server that contains a standard primary DNS zone for dev.contoso.com. You need to ensure that all domain controllers can resolve names for dev.contoso.com. What should you do?

A.    Modify the properties of the SOA record in the contoso.com zone.
B.    Create a NS record in the contoso.com zone.
C.    Create a delegation in the contoso.com zone.
D.    Create a standard secondary zone on a Global Catalog server.

Answer: C

QUESTION 426
Your company has a single Active Directory domain. All domain controllers run Windows Server 2003. You install Windows Server 2008 R2 on a server. You need to add the new server as a domain controller in your domain. What should you do first?

A.    On a domain controller run adprep /rodcprep.
B.    On the new server, run dcpromo /adv.
C.    On the new server, run dcpromo /createdcaccount.
D.    On a domain controller, run adprep /forestprep.

Answer: D

QUESTION 427
Your company has a main office and three branch offices. Each office is configured as a separate Active Directory site that has its own domain controller. You disable an account that has administrative rights. You need to immediately replicate the disabled account information to all sites. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

A.    From the Active Directory Sites and Services console, configure all domain controllers as global catalog servers.
B.    From the Active Directory Sites and Services console, select the existing connection objects and force replication.
C.    Use Repadmin.exe to force replication between the site connection objects.
D.    Use Dsmod.exe to configure all domain controllers as global catalog servers.

Answer: BC

QUESTION 428
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. You need to capture all replication errors from all domain controllers to a central location. What should you do?

A.    Start the Active Directory Diagnostics data collector set.
B.    Start the System Performance data collector set.
C.    Install Network Monitor and create a new a new capture.
D.    Configure event log subscriptions.

Answer: D

QUESTION 429
Your company has an Active Directory forest that contains client computers that run Windows Vista and Microsoft Windows XP. You need to ensure that users are able to install approved application updates on their computers. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Set up Automatic Updates through Control Panel on the client computers.
B.    Create a GPO and link it to the Domain Controllers organizational unit. Configure the GPO to automatically search for updates on the Microsoft Update site.
C.    Create a GPO and link it to the domain. Configure the GPO to direct the client computers to the Windows Server Update Services (WSUS) server for approved updates.
D.    Install the Windows Server Update Services (WSUS). Configure the server to search for new updates on the Internet. Approve all required updates.

Answer: CD

QUESTION 430
Your company has an Active Directory domain that has an organizational unit named Sales. The Sales organizational unit contains two global security groups named sales managers and sales executives. You need to apply desktop restrictions to the sales executives group. You must not apply these desktop restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the Sales organizational unit. What should you do next?

A.    Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
B.    Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown GPO.
C.    Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
D.    Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown GPO.

Answer: D


http://www.passleader.com/70-640.html

QUESTION 431
Your company network has an Active Directory forest that has one parent domain and one child domain. The child domain has two domain controllers that run Windows Server 2008. All user accounts from the child domain are migrated to the parent domain. The child domain is scheduled to be decommissioned. You need to remove the child domain from the Active Directory forest. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

A.    Run the Computer Management console to stop the Domain Controller service on both domain controllers in the child domain.
B.    Delete the computer accounts for each domain controller in the child domain. Remove the trust relationship between the parent domain and the child domain.
C.    Use Server Manager on both domain controllers in the child domain to uninstall the Active Directory domain services role.
D.    Run the Dcpromo tool that has individual answer files on each domain controller in the child domain.

Answer: CD

QUESTION 432
Your network consists of a single Active Directory domain. The domain contains 10 domain controllers. The domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You plan to create a new Active Directory-integrated zone. You need to ensure that the new zone is only replicated to four of your domain controllers. What should you do first?

A.    From the command prompt, run dnscmd and specify the /createdirectorypartition parameter.
B.    Create a new delegation in the ForestDnsZones application directory partition.
C.    From the command prompt, run dnscmd and specify the /enlistdirectorypartition parameter.
D.    Create a new delegation in the DomainDnsZones application directory partition.

Answer: A

QUESTION 433
Your company has an Active Directory domain and an organizational unit. The organizational unit is named Web. You configure and test new security settings for Internet Information Service (IIS) Servers on a server named IISServerA. You need to deploy the new security settings only on the IIS servers that are members of the Web organizational unit. What should you do?

A.    Run secedit /configure /db iis.inf from the command prompt on IISServerA, then run secedit /configure /db webou.inf from the comand prompt.
B.    Export the settings on IISServerA to create a security template. Import the security template into a GPO and link the GPO to the Web organizational unit.
C.    Export the settings on IISServerA to create a security template. Run secedit /configure /db webou.inf from the comand prompt.
D.    Import the hisecws.inf file template into a GPO and link the GPO to the Web organizational unit.

Answer: B

QUESTION 434
Your network consists of an Active Directory forest that contains two domains. All servers run Windows Server 2008 R2. All domain controllers are configured as DNS Servers. You have a standard primary zone for dev. contoso.com that is stored on a member server. You need to ensure that all domain controllers can resolve names from the dev.contoso.com zone. What should you do?

A.    On the member server, create a stub zone.
B.    On the member server, create a NS record for each domain controller.
C.    On one domain controller, create a conditional forwarder. Configure the conditional forwarder to replicate to all DNS servers in the forest.
D.    On one domain controller, create a conditional forwarder. Configure the conditional forwarder to replicate to all DNS servers in the domain.

Answer: C

QUESTION 435
Your company has an Active Directory domain. You install a new domain controller in the domain. Twenty users report that they are unable to log on to the domain. You need to register the SRV records. Which command should you run on the new domain controller?

A.    Run the netsh interface reset command.
B.    Run the ipconfig /flushdns command.
C.    Run the dnscmd /EnlistDirectoryPartition command.
D.    Run the sc stop netlogon command followed by the sc start netlogon command.

Answer: D

QUESTION 436
You have a Windows Server 2008 R2 that has the Active Directory Certificate Services server role installed. You need to minimize the amount of time it takes for client computers to download a certificate revocation list (CRL). What should you do?

A.    Install and configure an Online Responder.
B.    Import the Issuing CA certificate into the Trusted Root Certification Authorities store on all client workstations.
C.    Install and configure an additional domain controller.
D.    Import the Root CA certificate into the Trusted Root Certification Authorities store on all client workstations.

Answer: A

QUESTION 437
You want users to log on to Active Directory by using a new Principal Name (UPN). You need to modify the UPN suffix for all user accounts. Which tool should you use?

A.    Dsmod
B.    Netdom
C.    Redirusr
D.    Active Directory Domains and Trusts

Answer: A

QUESTION 438
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. Auditing is configured to log changes made to the Managed By attribute on group objects in an organizational unit named OU1. You need to log changes made to the Description attribute on all group objects in OU1 only. What should you do?

A.    Run auditpol.exe.
B.    Modify the auditing entry for OU1.
C.    Modify the auditing entry for the domain.
D.    Create a new Group Policy Object (GPO). Enable Audit account management policy setting. Link the GPO to OU1.

Answer: B

QUESTION 439
Your company uses shared folders. Users are granted access to the shared folders by using domain local groups. One of the shared folders contains confidential data. You need to ensure that unauthorized users are not able to access the shared folder that contains confidential data. What should you do?

A.    Enable the Do not trust this computer for delegation property on all the computers of unauthorized users by using the Dsmod utility.
B.    Instruct the unauthorized users to log on by using the Guest account. Configure the Deny Full control permission on the shared folders that hold the confidential data for the Guest account.
C.    Create a Global Group named Deny DLG. Place the global group that contains the unauthorized users in to the Deny DLG group. Configure the Allow Full control permission on the shared folder that hold the confidential data for the Deny DLG group.
D.    Create a Domain Local Group named Deny DLG. Place the global group that contains the unauthorized users in to the Deny DLG group. Configure the Deny Full control permission on the shared folder that hold the confidential data for the Deny DLG group.

Answer: D

QUESTION 440
Your company has an Active Directory domain. You install an Enterprise Root certification authority (CA) on a member server named Server1. You need to ensure that only the Security Manager is authorized to revoke certificates that are supplied by Server1. What should you do?

A.    Remove the Request Certificates permission from the Domain Users group.
B.    Remove the Request Certificated permission from the Authenticated Users group.
C.    Assign the Allow – Manage CA permission toonly the Security Manager user Account.
D.    Assign the Allow – Issue and Manage Certificates permission to only the Security Manger user account.

Answer: D


http://www.passleader.com/70-640.html