The latest 70-640 exam was updated with a lot of new exam questions, old version 70-640 exam dumps are not valid at all, you should get the newest 651q 70-640 practice tests or braindumps to prepare it. Now, PassLeader just published the new 70-640 exam questions with PDF dumps and VCE test software, which have been corrected with many new questions and will help you passing 70-640 exam easily. Visit www.passleader.com now and get the premium 651q 70-640 exam dumps with new version VCE Player for free download.
keywords: 70-640 exam,651q 70-640 exam dumps,651q 70-640 exam questions,70-640 pdf dumps,70-640 practice test,70-640 vce dumps,70-640 study guide,70-640 braindumps,TS: Windows Server 2008 Active Directory, Configuring Exam
QUESTION 101
Your company has a main office and a branch office. The network contains an Active Directory domain. The main office contains a writable domain controller named DC1. The branch office contains a read- only domain controller (RODC) named DC2. You discover that the password of an administrator named Admin1 is cached on DC2. You need to prevent Admin1’s password from being cached on DC2. What should you do?
A. Modify the NTDS Site Settings.
B. Modify the properties of the domain.
C. Create a Password Setting object (PSO).
D. Modify the properties of DC2’s computer account.
QUESTION 102
Your network contains an Active Directory domain named contoso.com. The network has a branch office site that contains a read-only domain controller (RODC) named RODC1. RODC1 runs Windows Server 2008 R2. A user named User1 logs on to a computer in the branch office site. You discover that the password of User1 is not stored on RODC1. You need to ensure that User1’s password is stored on RODC1. What should you modify?
A. the Member Of properties of RODC1
B. the Member Of properties of User1
C. the Security properties of RODC1
D. the Security properties of User1
Answer: B
QUESTION 103
Your company has a main office and a branch office. The branch office has an Active Directory site that contains a read-only domain controller (RODC). A user from the branch office reports that his account is locked out. From a writable domain controller in the main office, you discover that the user’s account is not locked out. You need to ensure that the user can log on to the domain. What should you do?
A. Modify the Password Replication Policy.
B. Reset the password of the user account.
C. Run the Knowledge Consistency Checker (KCC) on the RODC.
D. Restore network communication between the branch office and the main office.
Answer: D
QUESTION 104
Your network contains a single Active Directory domain. The domain contains five read-only domain controllers (RODCs) and five writable domain controllers. All servers run Windows Server 2008. You plan to install a new RODC that runs Windows Server 2008 R2. You need to ensure that you can add the new RODC to the domain. You want to achieve this goal by using the minimum amount of administrative effort. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. At the command prompt, run adprep.exe /rodcprep.
B. At the command prompt, run adprep.exe /forestprep.
C. At the command prompt, run adprep.exe /domainprep.
D. From Active Directory Domains and Trusts, raise the functional level of the domain.
E. From Active Directory Users and Computers, pre-stage the RODC computer account.
Answer: BC
QUESTION 105
You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server named Server1. You need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS. Which inbound TCP port should you allow on Server1?
A. 88
B. 135
C. 443
D. 445
Answer: C
QUESTION 106
You deploy a new Active Directory Federation Services (AD FS) federation server. You request new certificates for the AD FS federation server. You need to ensure that the AD FS federation server can use the new certificates. To which certificate store should you import the certificates?
A. Computer
B. IIS Admin Service service account
C. Local Administrator
D. World Wide Web Publishing Service service account
Answer: A
QUESTION 107
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the Active Directory Federation Services (AD FS) role installed. You have an application named App1 that is configured to use Server1 for AD FS authentication. You deploy a new server named Server2. Server2 is configured as an AD FS 2.0 server. You need to ensure that App1 can use Server2 for authentication. What should you do on Server2?
A. Add an attribute store.
B. Create a relying party trust.
C. Create a claims provider trust.
D. Create a relaying provider trust.
Answer: B
QUESTION 108
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. The Active Directory Federation Services (AD FS) role is installed on Server1. Contoso.com is defined as an account store. A partner company has a Web-based application that uses AD FS authentication. The partner company plans to provide users from contoso.com access to the Web application. You need to configure AD FS on contoso.com to allow contoso.com users to be authenticated by the partner company. What should you create on Server1?
A. a new application
B. a resource partner
C. an account partner
D. an organization claim
Answer: B
QUESTION 109
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has the Active Directory Federation Services (AD FS) Federation Service role service installed. You plan to deploy AD FS 2.0 on Server2. You need to export the token-signing certificate from Server1, and then import the certificate to Server2. Which format should you use to export the certificate?
A. Base-64 encoded X.509 (.cer)
B. Cryptographic Message Syntax Standard PKCS #7 (.p7b)
C. DER encoded binary X.509 (.cer)
D. Personal Information Exchange PKCS #12 (.pfx)
Answer: D
QUESTION 110
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has Active Directory Federation Services (AD FS) 2.0 installed. Server1 is a member of an AD FS farm. The AD FS farm is configured to use a configuration database that is stored on a separate Microsoft SQL Server. You install AD FS 2.0 on Server2. You need to add Server2 to the existing AD FS farm. What should you do?
A. On Server1, run fsconfig.exe.
B. On Server1, run fsconfigwizard.exe.
C. On Server2, run fsconfig.exe.
D. On Server2, run fsconfigwizard.exe.
Answer: C
http://www.passleader.com/70-640.html
QUESTION 111
Your network contains an Active Directory forest. You set the Windows PowerShell execution policy to allow unsigned scripts on a domain controller in the network. You create a Windows PowerShell script named new-users.ps1 that contains the following lines:
new-aduser user1
new-aduser user2
new-aduser user3
new-aduser user4
new-aduser user5
On the domain controller, you double-click the script and the script runs. You discover that the script fails to create the user accounts. You need to ensure that the script creates the user accounts. Which cmdlet should you add to the script?
A. Import-Module
B. Register-ObjectEvent
C. Set-ADDomain
D. Set-ADUser
Answer: A
QUESTION 112
Your network contains an Active Directory forest. The forest schema contains a custom attribute for user objects. You need to modify the custom attribute value of 500 user accounts. Which tool should you use?
A. Csvde
B. Dsmod
C. Dsrm
D. Ldifde
Answer: D
QUESTION 113
Your network contains an Active Directory forest. The forest schema contains a custom attribute for user objects. You need to give the human resources department a file that contains the last logon time and the custom attribute values for each user in the forest. What should you use?
A. the Dsquery tool
B. the Export-CSV cmdlet
C. the Get-ADUser cmdlet
D. the Net.exe user command
Answer: C
QUESTION 114
You have a Windows PowerShell script that contains the following code:
import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword $_.password}
When you run the script, you receive an error message indicating that the format of the password is incorrect. The script fails. You need to run a script that successfully creates the user accounts by using the password contained in accounts.csv. Which script should you run?
A. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword
(ConvertTo-SecureString “Password” -AsPlainText -force)}
B. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword
(ConvertTo-SecureString $_.Password -AsPlainText -force)}
C. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword
(Read-Host -AsSecureString “Password”)}
D. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword
(Read-Host -AsSecureString $_.Password)}
Answer: B
QUESTION 115
Your network contains an Active Directory forest. The functional level of the forest is Windows Server 2008 R2. Your company’s corporate security policy states that the password for each user account must be changed at least every 45 days. You have a user account named Service1. Service1 is used by a network application named Application1. Every 45 days, Application1 fails. After resetting the password for Service1, Application1 runs properly. You need to resolve the issue that causes Application1 to fail. The solution must adhere to the corporate security policy. What should you do?
A. Run the Set-ADAccountControl cmdlet.
B. Run the Set-ADServiceAccount cmdlet.
C. Create a new password policy.
D. Create a new Password Settings object (PSO).
Answer: B
QUESTION 116
Your network contains an Active Directory forest. You add an additional user principal name (UPN) suffix to the forest. You need to modify the UPN suffix of all users. You want to achieve this goal by using the minimum amount of administrative effort. What should you use?
A. the Active Directory Domains and Trusts console
B. the Active Directory Users and Computers console
C. the Csvde tool
D. the Ldifde tool
Answer: D
QUESTION 117
Your network contains a single Active Directory domain. All client computers run Windows Vista Service Pack 2 (SP2). You need to prevent all users from running an application named App1.exe. Which Group Policy settings should you configure?
A. Application Compatibility
B. AppLocker
C. Software Installation
D. Software Restriction Policies
Answer: D
QUESTION 118
Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. Client computers run either Windows XP Service Pack 3 (SP3) or Windows Vista. You need to ensure that all client computers can apply Group Policy preferences. What should you do?
A. Upgrade all Windows XP client computers to Windows 7.
B. Create a central store that contains the Group Policy ADMX files.
C. Install the Group Policy client-side extensions (CSEs) on all client computers.
D. Upgrade all Windows Vista client computers to Windows Vista Service Pack 2 (SP2).
Answer: C
QUESTION 119
Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. Client computers run either Windows 7 or Windows Vista Service Pack 2 (SP2). You need to audit user access to the administrative shares on the client computers. What should you do?
A. Deploy a logon script that runs Icacls.exe.
B. Deploy a logon script that runs Auditpol.exe.
C. From the Default Domain Policy, modify the Advanced Audit Policy Configuration.
D. From the Default Domain Controllers Policy, modify the Advanced Audit Policy Configuration.
Answer: B
QUESTION 120
Your network contains an Active Directory domain named contoso.com. You need to create a central store for the Group Policy Administrative templates. What should you do?
A. Run dfsrmig.exe /createglobalobjects.
B. Run adprep.exe /domainprep /gpprep.
C. Copy the %SystemRoot%\PolicyDefinitions folder to the \\contoso.com\SYSVOL\contoso.com\Policies folder.
D. Copy the %SystemRoot%\System32\GroupPolicy folder to the \\contoso.com\SYSVOL\contoso.com\Policies folder.
Answer: C