Exam 70-640 study material Made available by Testkingprep.com
Free 70-640 Exam Preparation Questions Exam 70-640: TS: Windows Server 2008 Active Directory. Configuring
For Latest 70-640 Exam Questions and study guides- visit- http://www.testkingprep.com/70-640.html
Question:1 There is a main office and 10 sub offices in an company. And each office is configured as a separate Active Directory site. Each separate Active Directory site has its own domain controller. An account that has administrative rights has been disabled. A solution is needed to immediately replicate the disabled account information to all sites. The information may be used as a backup data. Then what are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) A. First, run the Dsmod.exe process. Second configure all domain controllers. B. You should use Repadmin.exe process to force replication between the site connection objects. C. First, run the IIS service process. Second, configure all domain controllers as global catalog servers. D. Select the existing connection objects and force replication from the Active Directory Sites and Services console. Answer: B, D Question:2 There is an Active Directory domain in a company which has three domaincontrollers named TEST1 and TEST2 and TEST3. TEST1 holds the Schema Master role. TEST1 fails. TEST3 is just the backup of TEST1.You use the administrator account to log on to Active Directory. Now the problem is that you are not able to transfer the Schema Master Operations role from TEST1 to TEST2. So a solution is needed for you to ensure that TEST2 holds the Schema Master role. You may use TEST3 or not. So what should you do? A. You should seize the Schema Master role on TEST2. B. First, transfer the configured schema to TEST3, and then copy it to TEST2. C. You should use the administrator account to log off and log on again to Active Directory. D. In the Access Management System, you just register the Schmmgmt.dll. And then start the Active Directory Schema snap-in. Answer: Pending Question:3 You want to set the Office property of ten users in two different OUs. The users currently have the Office property configured as Miammi. You recently discovered the typographic error and want to change it to Miami. What can you do to make the change? (Choose all that apply.) A. Select all ten users by holding the Ctrl key and opening the Properties dialog box. B. Use Dsget and Dsmod. C. Use Dsquery and Dsmod D. Use Get-Item and Move-Item. Answer: B Question:4 You are logged on as Administrator to SERVER02, one of four domain controllers in the contoso.com domain that run Server Core. You want to demote the domain controller. Which of the following is required? A. The local Administrator password B. The credentials for a user in the Domain Admins group C. The credentials for a user in the Domain Controllers group D. The address of a DNS server Answer: A Question:5 There is an Active Directory site named Test1 in a company. Now a task needs to be completed quickly. So a new Active Directory site named it Test2 should be added. As an administrator you configure Active Directory replication between Test1 and Test2. First, you install a new domain
For Latest 70-640 Exam Questions and study guides- visit- http://www.testkingprep.com/70-640.html
controller for the management. Second, you create the site link between Test1 and Test2 for the connection. Then what should you do next? A. Configure a new site link bridge object. B. Just configure the new domain controller on Test1. C. Decrease the site link cost between Test1 and Test2. D. First, assign a new IP subnet to Test2 by using the Active Directory Sites and Services console. Second, move the new domain controller object to Test2. Answer: C Question:6 You're working in the companyTest, Ltd., which has offices in Asia and Europe and Afric 1 a. There is an Active Directory forest which has three domains in the company. Some users from remote access want to access resources. But it takes a long time to require it. A solution is needed to solve the problem. So, what should you do? 2 A. As an administrator, you should set up a one-way shortcut trust from client to server. 3 B. As an administrator, you should set up a one-way shortcut trust from server to client. 4 C. Just as the FTP connection, you should decrease the replication interval for all Connection. 5 D. Just as the FTP connection, you should decrease the replication interval for the DEFAULTIPSITELINK site link. Answer: Pending Question:7 You want to move a user from the Paris OU to the Moscow OU. Which tools can you use? (Choose all that apply.) A. Move-Item B. The MoveHere method of the Moscow OU C. Dsmove D. Redirusr.exe E. Active Directory Migration Tool Answer: B, C Question:8 There is an Active Directory domain in a company. The Active Directory domain contains a domain controller. You log on to the domain controller. The Active Directory Schema snap-in is not available in the Microsoft Management Console (MMC). As you know, The Microsoft Management Console (MMC) is a component of Windows 2000 and later Windows NT-based operating systems that provides system administrators and advanced users with a flexible interface through which they may configure and monitor the system. The task is that you need to access the Active Directory Schema snap-in. Then what should you do? A. You should register Schmmgmt.dll for the MMC. B. In order to connect to the Schema Master operations, you should use the Ntdsutil.exe command. C. Using the account that is a member of the Schema Administrators group to log off and log on again. D. Just using Server Manager to add the Active Directory Lightweight Directory Services (AD LDS) role to the domain controller. Answer: Pending Question:9 There is an Active Directory domain named test.com in your company. A network has been deployed on the company. Also, there are two DNS servers named DNS1 and DNS2 in the network. All the DNS servers are ongoing. The following table shows the details of the two DNS servers. Some domain users use DNS2 as the preferred DNS server. But they are unable to connect to Internet Web sites. A solution is needed to enable Internet name resolution for all
For Latest 70-640 Exam Questions and study guides- visit- http://www.testkingprep.com/70-640.html
A. You should change the domain name on DNS1 with contoso.com. B. You should upgrade the list of name servers on DNS2. C. First, you should delete the .(root) zone from DNS2. Second, configure conditional forwarding on DNS2. D. First, you should update the configuration.ini file on DNS2. Second, configure conditional forwarding on DNS1. Answer: B Question:10 A user reports that she is receiving a logon message that states, Your account is configured to prevent you from using the computer. Please try another computer. What should you do to enable her to log on to the computer? A. Click the Log On To button on the Account tab of her user account B. Click the Allowed To Join Domain button in the New Computer dialog box. C. Use the Dsmove command D. Give her the right to log on locally, using the local security policy of the computer. Answer: A Question:11 You manage the network of your company. There is a single Active Directory domain in your company. The network of your company is built a few years ago, and all domain controllers are running Windows Server 2003. Now, you get a new computer running Windows Server 2008. What will you do first to add the server as a domain controller? A. Run dcpromo /adv on the new server. B. Run adprep /rodcprep on a domain controller. C. Run adprep /forestprep on a domain controller. D. Run dcpromo /createdcaccount on the new server. Answer: B Question:12 A certificate authority (CA) issues digital certificates which contain a public key and the identity of the owner. The CA also attests that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate. There is an Active Directory domain in your company with all servers running Windows Server 2008. An Enterprise Root CA is used in your company. What should you do to make revoked certificate information highly available? A. You should use Network Load Balancing to implement an Online Certificate Status Protocol (OCSP) responder. B. You should use a Group Policy Object (GPO) to publish the trusted certificate authorities list to the domain. C. You should use a new Group Policy Object (GPO) to allow users to trust peer certificates and link it to the domain. D. You should use an Internet Security and Acceleration Server array to implement an Online Certificate Status Protocol (OCSP) responder. Answer: Pending Question:13 A new project requires that users in your domain and in the domain of a partner organization have
For Latest 70-640 Exam Questions and study guides- visit- http://www.testkingprep.com/70-640.html
access to a shared folder on your file server. Which type of group should you create to manage the access to the shared folder? A. Universal security group B. Domain local security group C. Global security group D. Domain local distribution group Answer: B Question:14 SERVER02 is running Server Core. It is already configured with the AD DS role. You want to add Active Directory Certificate Services (AD CS) to the server. What must you do? A. Install the Active Directory Certificate Services role. B. Install the Active Directory Federated Services role. C. Install the AD RMS role. D. Reinstall the server as Windows Server 2008 (Full Installation). Answer: D Question:15 Your company has a server which deploys a Terminal Service Gateway, and it needs to issue certificates to the users. So to issue certificates, a Windows 2008 Enterprise certificate authority (CA) is installed. What should you do to configure key archival? A. On the server, archive the private key. B. For the domain controllers, use the Hisecdc security template. C. For the computers storing encrypted files, configure the certificates for automatic enrollment. D. Deploy an Enterprise Subordinate CA that issues certificates to users of the encrypted files. Answer: Pending Question:16 Your domain includes a global distribution group named Company Update. It has been used to send company news by e-mail to its members. You have decided to allow all members to contribute to the newsletter by creating a shared folder on a file server. What must you do to allow group members access to the shared folder? A. Change the group scope to domain local. B. Change the group scope to universal. C. Add the group to the Domain Users group. D. Use Dsmod with the -secgrp yes switch. Answer: D Question:17 You have created a global security group in the certways.com domain named Corporate Managers. Which members can be added to the group? (Choose all that apply.) A. Sales Managers, a global group in the fabrikam.com domain, a trusted domain of a partner company B. Sales Managers, a global group in the tailspintoys.com domain, a domain in the certways.com forest C. Linda Mitchell, a user in the tailspintoys.com domain, a domain in the certways.com forest D. Jeff Ford, a user in the fabrikam.com domain, a trusted domain of a partner company E. Mike Danseglio, a user in the certways.com domain F. Sales Executives, a global group in the certways.com domain G. Sales Directors, a domain local group in the certways.com domain H. European Sales Managers, a universal group in the certways.com forest Answer: B, C, D, E Question:18 Which of the following can be used to remove members from a group? (Choose all that apply.)
For Latest 70-640 Exam Questions and study guides- visit- http://www.testkingprep.com/70-640.html
A. Remove-Item B. Dsrm C. Dsmod D. LDIFDE E. CSVDE Answer: A, B, C Question:19 Suppose you are an administrator of your company which has single Active Directory domain. A member server in the domain that runs Windows Server 2008 acts as the Active Directory Certificate Service (AD CS) role. You need to design a solution that members of the IT group can issue smartcard credentials while they're not able to revoke certificates. Which three actions should you do? (Each correct answer presents part of the solution. Choose three.) A. Configure the AD CS role as a Standalone CA. B. Configure the AD CS role as an Enterprise Root CA. C. For IT group, create a Smartcard logon certificate. D. For IT group, create an Enrollment Agent certificate. E. For the Smartcard logon, restrict enrollment agents to the IT group. F. For the Smartcard logon, restrict certificate managers certificate to the IT group. Answer: B, C, D Question:20 Suppose you are an administrator of your company which has a server that runs Windows Server 2008. On the server, the stand-alone Certification Authority (CA) is configured. Which two actions should you to audit the CA configuration and security settings changes? (Choose two.) A. In the Local Security Policy, enable Audit account management. B. In the Local Security Policy, enable Audit directory service access. C. You should configure auditing in the Certification Services snap-in. D. In the Local Security Policy, enable the Audit object access setting. Answer: B, C Question:21 You are using Dsmod to add a domain local group named GroupA to a global group named GroupB. You are receiving errors. Which command will solve the problem so that you can then add GroupA to GroupB? (Choose all that apply.) A. Dsrm.exe B. Dsmod.exe C. Dsquery.exe D. Dsget.exe Answer: B Question:22 Suppose you are an administrator of your company that has several domain controllers which run Windows Server 2008. An orgainzational unit (OU) and its child objects are removed by an accident operation. So you need to restore the OU and its child objects. What should you do? (To answer, move the right actions from t he left list to the right list and make them in the correct order.) Explanations To restore the OU and its child object, you should do the following tasks: Restart the domain controller in Directory Services Restore Mode(DSRM) Restore the system state data to date before the OU was deleted. Use the Ntdsutil utility to mark the OU as authoritative. Restart the domain controller.
For Latest 70-640 Exam Questions and study guides- visit- http://www.testkingprep.com/70-640.html
Answer: Pending Question:23 There is a single Active Directory domain in which all domain controllers run Windows Server 2008. As an administrator of your company, you find there are some replication errors from all domain controllers to a central location. So you need to capture all replication errors, and what should you do? A. You should run the System Performance data collector set. B. You should create a new a new capture by using Network Monitor. C. You should run the Active Directory Diagnostics data collector set. D. You should configure event log subscriptions that deliver the event when a replication error occurs. Answer: C Question:24 Your management has asked you to produce a list of all users who belong to the Special Project group, including those users belonging to groups nested into Special Project.hich of the following can you use? A. Get-Members B. Dsquery.exe C. LDIFDE D. Dsget.ex Answer: D
For Latest 70-640 Exam Questions and study guides- visit- http://www.testkingprep.com/70-640.html
For complete Exam 70-640 Training kits and Self-Paced Study Material Visit: http://www.testkingprep.com/70-640.html
http://www.testkingprep.com/
For Latest 70-640 Exam Questions and study guides- visit- http://www.testkingprep.com/70-640.html