[Pass Ensure VCE Dumps] PassLeader New 651q 70-640 Exam Questions with Free PDF Study Guide Download (201-220)

Being worried about passing your 70-640 exam? Why not trying PassLeader’s 70-640 VCE or PDF dumps? We PassLeader now are offering the accurate 651q 70-640 exam questions and answers, you can get all the real exam questions from our 70-640 exam dumps. All our 651q 70-640 practice tests are the newest and same with the real test. We ensure that you can pass 70-640 exam easily with our premium 70-640 study guide! Now visit passleader.com to get the valid 70-640 braindumps with free version VCE Player!

keywords: 70-640 exam,651q 70-640 exam dumps,651q 70-640 exam questions,70-640 pdf dumps,70-640 practice test,70-640 vce dumps,70-640 study guide,70-640 braindumps,TS: Windows Server 2008 Active Directory, Configuring Exam

QUESTION 201
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. The DNS zone for contoso.com is Active Directory-integrated. You deploy a read-only domain controller (RODC) named R0DC1. You install the DNS Server server role on R0DC1. You discover that R0DC1 does not have any DNS application directory partitions. You need to ensure that R0DC1 has a copy of the DNS application directory partition of contoso.com. What should you do? (Each correct answer presents a complete solution. Choose two.)

A.    From DNS Manager, right-click RODC1 and click Create Default Application Directory Partitions.
B.    Run ntdsutil.exe. From the Partition Management context, run the create nc command.
C.    Run dnscmd.exe and specify the /createbuiltindirectorypartitions parameter.
D.    Run ntdsutil.exe. From the Partition Management context, run the add nc replica command.
E.    Run dnscmd.exe and specify the /enlistdirectorypartition parameter.

Answer: AC

QUESTION 202
A corporate network includes an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers. You add multiple DNS records to the zone. You need to ensure that the new records are available on all DNS servers as soon as possible. Which tool should you use?

A.    Ntdsutil
B.    Dnscmd
C.    Repadmin
D.    Nslookup

Answer: C

QUESTION 203
Your network contains three servers named ADFS1, ADFS2, and ADFS3 that run Windows Server 2008 R2. ADFS1 has the Active Directory Federation Services (AD FS) Federation Service role service installed. You plan to deploy AD FS 2.0 on ADFS2 and ADFS3. You need to export the token-signing certificate from ADFS1, and then import the certificate to ADFS2 and ADFS3.

A.    Personal Information Exchange PKCS #12 (.pfx)
B.    DER encoded binary X.509 (.cer)
C.    Cryptographic Message Syntax Standard PKCS #7 (.p7b)
D.    Base-64 encoded X.S09 (.cer)

Answer: A

QUESTION 204
You create a user account template for the marketing department. When you copy the user account template, you discover that the Web page attribute is not copied. You need to preserve the Web page attribute when you copy the user account template. What should you do?

A.    From Active Directory Administrative Center, modify the value of the wWWHomePage attribute for the user account template.
B.    From the Active Directory Schema snap-in, modify the properties of the user class.
C.    From Active Directory Users and Computers, modify the value of the wWWHomePage attribute for the user account template.
D.    From ADSI Edit, modify the properties of the wWWHomePage attribute.

Answer: B

QUESTION 205
Your network contains an Active Directory domain named contoso.com. The functional level of the forest is Windows Server 2008 R2. The Default Domain Controller Policy Group Policy object (GPO) contains audit policy settings. On a domain controller named DC1, an administrator configures the Advanced Audit Policy Configuration settings by using a local GPO. You need to identify what will be audited on DC1. Which tool should you use?

A.    Get-ADObject
B.    Secedit
C.    Security Configuration and Analysis
D.    Auditpol

Answer: D

QUESTION 206
A network contains an Active Directory forest. The forest schema contains a custom attribute for user objects. You need to view the custom attribute value of 500 user accounts in a Microsoft Excel table. Which tool should you use?

A.    Dsmod
B.    Csvde
C.    Ldifde
D.    Dsrm

Answer: B

QUESTION 207
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and child.contoso.com. All domain controllers run Windows Server 2008. All forest-wide operations master roles are in child.contoso.com. An administrator successfully runs adprep.exe /forestprep from the Windows Server 2008 R2 Service Pack 1 (SP1) installation media. You plan to run adprep.exe /domainprep in each domain. You need to ensure that you have the required user rights to run the command successfully in each domain. Of which groups should you be a member? (Each correct answer presents part of the solution. Choose two.)

A.    Administrators in child.contoso.com
B.    Enterprise Admins in contoso.com
C.    Domain Admins in child.contoso.com
D.    Domain Admins in contoso.com
E.    Administrators in contoso.com
F.    Schema Admins in contoso.com

Answer: CD

QUESTION 208
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain and 10 domain controllers. All of the domain controllers run Windows Server 2008 R2 Service Pack 1 (SP1). The forest contains an application directory partition named dc=app1, dc=contoso,dc=com. A domain controller named DC1 has a copy of the application directory partition. You need to configure a domain controller named DC2 to receive a copy of dc=app1, dc=contoso,dc=corn. Which tool should you use?

A.    Active Directory Sites and Services
B.    Dsmod
C.    Dcpromo
D.    Dsmgmt

Answer: B

QUESTION 209
A corporate environment includes a Windows Server 2008 R2 Active Directory Domain Services (AD DS) domain. You need to enable Universal Group Membership Caching on several domain controllers in the domain. Which tool should you use?

A.    Dsmod
B.    Dscmd
C.    Ntdsutil
D.    Active Directory Sites and Services console

Answer: D

QUESTION 210
Your network contains an Active Directory forest. The forest contains three domains. All domain controllers have the DNS Server server role installed. The forest contains three sites named Site1, Site2, and Site3. Each site contains the users, client computers, and domain controllers of each domain. Site1 contains the first domain controller deployed to the forest. The sites connect to each other by using unreliable WAN links. The users in Site2 and Site3 report that is takes a long time to log on to their client computer when they use their user principal name (UPN). The users in Site1 do not experience the same issue. You need to reduce the amount of time it takes for the Site2 users and the Site3 users to log on to their client computer by using their UPN. What should you do?

A.    Configure a global catalog server in Site2 and a global catalog server in Site3.
B.    Reduce the replication interval of the site links.
C.    Move a primary domain controller (PDC) emulator to Site2 and to Site3.
D.    Add additional domain controllers to Site2 and to Site3.
E.    Reduce the cost of the site links.
F.    Enable universal group membership caching in Site2 and in Site3.

Answer: A


http://www.passleader.com/70-640.html

QUESTION 211
You have a client computer named Computer1 that runs Windows 7. On Computer1, you configure a source-initiated subscription. You configure the subscription to retrieve all events from the Windows logs of a domain controller named DC1. The subscription is configured to use the HTTP protocol. You discover that events from the Security log of DC1 are not collected on Computer1. Events from the Application log of DC1 and the System log of DC1 are collected on Computer1. You need to ensure that events from the Security log of DC1 are collected on Computer1. What should you do?

A.    Add the computer account of Computer1 to the Event Log Readers group on the domain controller.
B.    Add the Network Service security principal to the Event Log Readers group on the domain.
C.    Configure the subscription to use custom Event Delivery Optimization settings.
D.    Configure the subscription to use the HTTPS protocol.

Answer: B

QUESTION 212
Your network contains an Active Directory forest named contoso.com. The forest contains six domains. You need to ensure that the administrators of any of the domains can specify a user principal name (UPN) suffix oflitwareinc.com when they create user accounts by using Active Directory Users and Computers. Which tool should you use?

A.    Active Directory Administrative Center
B.    Set-ADDomain
C.    Active Directory Sites and Services
D.    Set-ADForest

Answer: D

QUESTION 213
Your network contains an Active Directory domain named litwareinc.com. The domain contains two sites named Sitel and Site2. Site2 contains a read-only domain controller (RODC). You need to identify which user accounts attempted to authenticate to the RODC. Which tool should you use?

A.    Active Directory Users and Computers
B.    Ntdsutil
C.    Get-ADAccountResultantPasswordReplicationPolicy
D.    Adtest

Answer: C

QUESTION 214
Your network contains an Active Directory forest. The forest schema contains a custom attribute for user objects. You need to generate a file that contains the last logon time and the custom attribute values for each user in the forest. What should you use?

A.    the Get-ADUser cmdlet
B.    the Export-CSV cmdlet
C.    the Net User command
D.    the Dsquery User tool

Answer: A

QUESTION 215
You have an Active Directory domain named contoso.com. You need to view the account lockout threshold and duration for the domain. Which tool should you use?

A.    Net User
B.    Active Directory Users and Computers
C.    Group Policy Management Console (GPMC)
D.    Computer Management

Answer: C

QUESTION 216
A domain controller named DC4 runs Windows Server 2008 R2. DC4 is configured as a DNS server for fabrikam.com. You install the DNS Server server role on a member server named DNS1 and then you create a standard secondary zone for fabrikam.com. You configure DC4 as the master server for the zone. You need to ensure that DNS1 receives zone updates from DC4. What should you do?

A.    Add the DNS1 computer account to the DNSUpdateProxy group.
B.    On DC4, modify the permissions offabrikam.com zone.
C.    On DNS1, add a conditional forwarder.
D.    On DC4, modify the zone transfer settings for the fabrikam.com zone.

Answer: D

QUESTION 217
A company has an Active Directory forest. You plan to install an offline Enterprise root certification authority (CA) on a server named CA1. CA1 is a member of the PerimeterNetwork workgroup and is attached to a hardware security module for private key storage. You attempt to add the Active Directory Certificate Services (AD CS) server role to CA1. The Enterprise CA option is not available. You need to install the AD CS server role as an Enterprise CA on CA1. What should you do first?

A.    Add the DNS Server server role to CA1.
B.    Add the Web Server (IIS) server role and the AD CS server role to CA1.
C.    Add the Active Directory Lightweight Directory Services (AD LDS) server role to CA1.
D.    Join CA1 to the domain.

Answer: D

QUESTION 218
Your network contains an Active Directory domain named contoso.com. The Active Directory sites are configured as shown in the Sites exhibit. (Click the Exhibit button.) You need to ensure that DC1 and DC4 are the only servers that replicate Active Directory changes between the sites. What should you do?

A.    Configure DC1 as a preferred bridgehead server for IP transport.
B.    Configure DC4 as a preferred bridgehead server for IP transport.
C.    From the DC4 server object, create a Connection object for DC1.
D.    From the DC1 server object, create a Connection object for DC4.

Answer: C

QUESTION 219
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com. The no-refresh interval and the refresh interval are both set to three days. The Advanced DNS settings of DC1 are shown in the Advanced DNS Settings exhibit. (Click the Exhibit button.)

You open the properties of a static record named Server1 as shown in the Server1 Record exhibit. (Click the Exhibit button.)

You discover that the scavenging process ran today, but the record for Server1 was not deleted. You run dnscmd.exe and specify the ageallrecords parameter. You need to identify when the record for Server1 will be deleted from the zone. In how many days will the record be deleted?

A.    13
B.    10
C.    23
D.    7

Answer: D

QUESTION 220
Your company has an Active Directory forest. Each regional office has an organizational unit (OU) named Marketing. The Marketing OU contains all users and computers in the region’s Marketing department. You need to install a Microsoft Office 2007 application only on the computers in the Marketing OUs. You create a GPO named MarketingApps. What should you do next?

A.    Configure the GPO to assign the application to the computer account. Link the GPO to the domain.
B.    Configure the GPO to assign the application to the user account. Link the GPO to each Marketing OU.
C.    Configure the GPO to assign the application to the computer account. Link the GPO to each Marketing OU.
D.    Configure the GPO to publish the application to the user account. Link the GPO to each Marketing OU.

Answer: C


http://www.passleader.com/70-640.html