The latest 70-640 exam was updated with a lot of new exam questions, old version 70-640 exam dumps are not valid at all, you should get the newest 651q 70-640 practice tests or braindumps to prepare it. Now, PassLeader just published the new 70-640 exam questions with PDF dumps and VCE test software, which have been corrected with many new questions and will help you passing 70-640 exam easily. Visit www.passleader.com now and get the premium 651q 70-640 exam dumps with new version VCE Player for free download.
keywords: 70-640 exam,651q 70-640 exam dumps,651q 70-640 exam questions,70-640 pdf dumps,70-640 practice test,70-640 vce dumps,70-640 study guide,70-640 braindumps,TS: Windows Server 2008 Active Directory, Configuring Exam
QUESTION 121
You configure and deploy a Group Policy object (GPO) that contains AppLocker settings. You need to identify whether a specific application file is allowed to run on a computer. Which Windows PowerShell cmdlet should you use?
A. Get-AppLockerFileInformation
B. Get-GPOReport
C. Get-GPPermissions
D. Test-AppLockerPolicy
QUESTION 122
You create a Password Settings object (PSO). You need to apply the PSO to a domain user named User1. What should you do?
A. Modify the properties of the PSO.
B. Modify the account options of the User1 account.
C. Modify the security settings of the User1 account.
D. Modify the password policy of the Default Domain Policy Group Policy object (GPO).
Answer: A
QUESTION 123
You need to create a Password Settings object (PSO). Which tool should you use?
A. Active Directory Users and Computers
B. ADSI Edit
C. Group Policy Management Console
D. Ntdsutil
Answer: B
QUESTION 124
Your network contains an Active Directory domain. All servers run Windows Server 2008 R2. You need to audit the deletion of registry keys on each server. What should you do?
A. From Audit Policy, modify the Object Access settings and the Process Tracking settings.
B. From Audit Policy, modify the System Events settings and the Privilege Use settings.
C. From Advanced Audit Policy Configuration, modify the System settings and the Detailed Tracking settings.
D. From Advanced Audit Policy Configuration, modify the Object Access settings and the Global Object Access Auditing settings.
Answer: D
QUESTION 125
Your network contains a single Active Directory domain. The functional level of the forest is Windows Server 2008 R2. You need to enable the Active Directory Recycle Bin. What should you use?
A. the Dsmod tool
B. the Enable-ADOptionalFeature cmdlet
C. the Ntdsutil tool
D. the Set-ADDomainMode cmdlet
Answer: B
QUESTION 126
Your network contains a single Active Directory domain. You need to create an Active Directory Domain Services snapshot. What should you do?
A. Use the Ldp tool.
B. Use the NTDSUtil tool.
C. Use the Wbadmin tool.
D. From Windows Server Backup, perform a full backup.
Answer: B
QUESTION 127
Your network contains a single Active Directory domain. A domain controller named DC2 fails. You need to remove DC2 from Active Directory. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. At the command prompt, run dcdiag.exe /fix.
B. At the command prompt, run netdom.exe remove dc2.
C. From Active Directory Sites and Services, delete DC2.
D. From Active Directory Users and Computers, delete DC2.
Answer: CD
QUESTION 128
Your company has an Active Directory domain named contoso.com. The company network has two DNS servers named DNS1 and DNS2. The DNS servers are configured as shown in the following table.
Domain users, who are configured to use DNS2 as the preferred DNS server, are unable to connect to Internet Web sites. You need to enable Internet name resolution for all client computers. What should you do?
A. Update the list of root hints servers on DNS2.
B. Create a copy of the .(root) zone on DNS1.
C. Delete the .(root) zone from DNS2. Configure conditional forwarding on DNS2.
D. Update the Cache.dns file on DNS2. Configure conditional forwarding on DNS1.
Answer: C
QUESTION 129
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. You upgrade all domain controllers to Windows Server 2008. You need to configure the Active Directory environment to support the application of multiple password policies. What should you do?
A. Raise the functional level of the domain to Windows Server 2008.
B. On one domain controller, run dcpromo /adv.
C. Create multiple Active Directory sites.
D. On all domain controllers, run dcpromo /adv.
Answer: A
QUESTION 130
Your company has two Active Directory forests named contoso.com and fabrikam.com. The company network has three DNS servers named DNS1, DNS2, and DNS3. The DNS servers are configured as shown in the following table.
All computers that belong to the fabrikam.com domain have DNS3 configured as the preferred DNS server. All other computers use DNS1 as the preferred DNS server. Users from the fabrikam.com domain are unable to connect to the servers that belong to the contoso.com domain. You need to ensure users in the fabrikam.com domain are able to resolve all contoso.com queries. What should you do?
A. Configure conditional forwarding on DNS1 and DNS2 to forward fabrikam.com queries to DNS3.
B. Create a copy of the _msdcs.contoso.com zone on the DNS3 server.
C. Create a copy of the fabrikam.com zone on the DNS1 server and the DNS2 server.
D. Configure conditional forwarding on DNS3 to forward contoso.com queries to DNS1.
Answer: D
http://www.passleader.com/70-640.html
QUESTION 131
Your company, Contoso Ltd, has offices in North America and Europe. Contoso has an Active Directory forest that has three domains. You need to reduce the time required to authenticate users from the labs.eu.contoso.com domain when they access resources in the eng.na.contoso.com domain. What should you do?
A. Decrease the replication interval for all Connection objects.
B. Decrease the replication interval for the DEFAULTIPSITELINK site link.
C. Set up a one-way shortcut trust from eng.na.contoso.com to labs.eu.contoso.com.
D. Set up a one-way shortcut trust from labs.eu.contoso.com to eng.na.contoso.com.
Answer: C
QUESTION 132
Your company purchases a new application to deploy on 200 computers. The application requires that you modify the registry on each target computer before you install the application. The registry modifications are in a file that has an .adm extension. You need to prepare the target computers for the application. What should you do?
A. Import the .adm file into a new Group Policy Object (GPO). Edit the GPO and link it to an organizational unit that contains the target computers.
B. Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRUsr CONTAINER-DN command on each target computer.
C. Create a Microsoft Windows PowerShell script to copy the .adm file to the startup folder of each target computer.
D. Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRCmp CONTAINER-DN command on each target computer.
Answer: A
QUESTION 133
Your company has an Active Directory forest that contains eight linked Group Policy Objects (GPOs). One of these GPOs publishes applications to user objects. A user reports that the application is not available for installation. You need to identify whether the GPO has been applied. What should you do?
A. Run the Group Policy Results utility for the user.
B. Run the GPRESULT /S <system name> /Z command at the command prompt.
C. Run the GPRESULT /SCOPE COMPUTER command at the command prompt.
D. Run the Group Policy Results utility for the computer.
Answer: A
QUESTION 134
Your company has an Active Directory domain. You plan to install the Active Directory Certificate Services (AD CS) server role on a member server that runs Windows Server 2008 R2. You need to ensure that members of the Account Operators group are able to issue smartcard credentials. They should not be able to revoke certificates. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. Create an Enrollment Agent certificate.
B. Create a Smartcard logon certificate.
C. Restrict enrollment agents for the Smartcard logon certificate to the Account Operator group.
D. Install the AD CS role and configure it as an Enterprise Root CA.
E. Install the AD CS role and configure it as a Standalone CA.
F. Restrict certificate managers for the Smartcard logon certificate to the Account Operator group.
Answer: BCD
QUESTION 135
You create 200 new user accounts. The users are located in six different sites. New users report that they receive the following error message when they try to log on: “The username or password is incorrect.” You confirm that the user accounts exist and are enabled. You also confirm that the user name and password information supplied are correct. You need to identify the cause of the failure. You also need to ensure that the new users are able to log on. Which utility should you run?
A. Active Directory Domains and Trusts
B. Repadmin
C. Rstools
D. Rsdiag
Answer: B
QUESTION 136
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You have an Active Directory-integrated zone for contoso.com. You have a Unix-based DNS server. You need to configure your Windows Server 2008 R2 environment to allow zone transfers of the contoso.com zone to the Unix-based DNS server. What should you do in the DNS Manager console?
A. Enable BIND secondaries
B. Create a stub zone
C. Disable recursion
D. Create a secondary zone
Answer: A
QUESTION 137
Your company has an Active Directory domain. You log on to the domain controller. The Active Directory Schema snap-in is not available in the Microsoft Management Console (MMC). You need to access the Active Directory Schema snap-in. What should you do?
A. Add the Active Directory Lightweight Directory Services (AD LDS) role to the domain controller by using Server Manager.
B. Log off and log on again by using an account that is a member of the Schema Administrators group.
C. Use the Ntdsutil.exe command to connect to the Schema Master operations master and open the schema for writing.
D. Register Schmmgmt.dll.
Answer: D
QUESTION 138
Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services (AD CS) is configured as a standalone Certification Authority (CA) on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure auditing in the Certification Authority snap-in.
B. Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32%\CertSrv directory.
C. Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%\CertLog directory.
D. Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate Services (AD CS) server.
Answer: AD
QUESTION 139
Your company has a single-domain Active Directory forest. The functional level of the domain is Windows Server 2008. You perform the following activities:
– Create a global distribution group.
– Add users to the global distribution group.
– Create a shared folder on a Windows Server 2008 member server.
– Place the global distribution group in a domain local group that has access to the shared folder.
You need to ensure that the users have access to the shared folder. What should you do?
A. Add the global distribution group to the Domain Administrators group.
B. Change the group type of the global distribution group to a security group.
C. Change the scope of the global distribution group to a Universal distribution group.
D. Raise the forest functional level to Windows Server 2008.
Answer: B
QUESTION 140
Your company hires 10 new employees. You want the new employees to connect to the main office through a VPN connection. You create new user accounts and grant the new employees they Allow Read and Allow Execute permissions to shared resources in the main office. The new employees are unable to access shared resources in the main office. You need to ensure that users are able to establish a VPN connection to the main office. What should you do?
A. Grant the new employees the Allow Access Dial-in permission.
B. Grant the new employees the Allow Full control permission.
C. Add the new employees to the Remote Desktop Users security group.
D. Add the new employees to the Windows Authorization Access security group.
Answer: A