[Pass Ensure VCE Dumps] Exam 70-640 651q VCE and PDF Dumps Updated By PassLeader For Free (481-500)

PassLeader’s 651q 70-640 vce dumps and pdf dumps help passing 70-640 exam! PassLeader nowadays provide the new version 70-640 exam questions with vce and pdf for free download, the latest 70-640 study guide and practice test tell you all details about exam 70-640, you can acquire the 70-640 certification easily by learning PassLeader’s 651q 70-640 premium vce file and pdf dumps. Now visit passleader.com and download free 70-640 exam dumps and you will pass 70-640 exam the other day.

keywords: 70-640 exam,651q 70-640 exam dumps,651q 70-640 exam questions,70-640 pdf dumps,70-640 practice test,70-640 vce dumps,70-640 study guide,70-640 braindumps,TS: Windows Server 2008 Active Directory, Configuring Exam

QUESTION 481
You are the systems administrator for a medium-sized Active Directory domain. Currently, the environment supports many different domain controllers, some of which are running Windows NT 4 and others that are running Windows 2003 and Server 2008 R2. When you are running domain controllers in this type of environment, which of the following types of groups can you not use? (Choose Two)

A.    Universal security groups
B.    Global groups
C.    Domain local groups
D.    Computer groups

Answer: AD

QUESTION 482
You are the network administrator for an organization that has all Windows Server 2008 R2 domain controllers. You need to capture all replication errors that occur between all domain controllers. What should you do?

A.    Use System Performance data collector sets.
B.    Use ntdsutil.
C.    Configure event log subscriptions.
D.    Use the ADSI Edit tool.

Answer: C

QUESTION 483
You are one of two network administrators for your organization. Your IT partner does most of the work in Active Directory. While working in Active Directory, your partner accidently deleted a user from the Sales OU. You recover the user from tape backup but you want to help prevent this from happening again inthe future. What can you do?

A.    Enable the Active Directory Recycle Bin.
B.    Use ADSI Edit to restore the user.
C.    Take away all rights from the other administrator.
D.    Use the Directory Services Restore Mode Lockout command.

Answer: A

QUESTION 484
What is the maximum number of domains that a Windows Server 2008 R2 computer, configured as a domain controller, may participate in at one time?

A.    Zero
B.    One
C.    Two
D.    Any number of domains

Answer: B

QUESTION 485
You are the systems administrator of a large organization that has recently implemented Windows Server 2008 R2. You have a few remote sites that do not have very tight security. You have decided to implement read-only domain controllers (RODC). What forest functional levels does the network need for you to do the install? (Choose Three)

A.    Windows 2000 Mixed
B.    Windows 2008 R2
C.    Windows 2003
D.    Windows 2008

Answer: BCD

QUESTION 486
Your network contains an Active Directory domain. The domain contains 20 domain controllers. You need to identify which domain controllers are global catalog servers. Which tool should you use?

A.    dsquery
B.    netsh
C.    nltest
D.    Get-ADOptionalFeature

Answer: A

QUESTION 487
ABC.com has a network that consists of a single Active Directory domain.Windows Server 2008 is installed on all domain controllers in the network. You are instructed to capture all replication errors from all domain controllers to a central location. What should you do to achieve this task?

A.    Initiate the Active Directory Diagnostics data collector set
B.    Set event log subscriptions and configure it
C.    Initiate the System Performance data collector set
D.    Create a new capture in the Network Monitor

Answer: B

QUESTION 488
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and east.contoso.com. The contoso.com domain contains a domain controller named DC1. The east.contoso.com domain contains a domain controller named DC2. DC1 and DC2 have the DNS Server server role installed. You need to create a DNS zone that is available on DC1 and DC2. The solution must ensure that zone transfers are encrypted. What should you do?

A.    Create a primary zone on DC1 and store the zone in DC=Contoso, DC=com naming context.
Create a secondary zone on DC2 and select DC1 as the master.
B.    Create a primary zone on DC1 and store the zone in a zone file.
Configure Encrypting File System (EFS) encryption.
Create a secondary zone on DC2 and select DC1 as the master.
C.    Create a primary zone on DC1 and store the zone in a zone file.
Configure IPSec on DC1 and DC2.
Create a secondary zone on DC2 and select DC1 as the master.
D.    Create a primary zone on DC1 and store the zone in a zone file.
Configure DNSSEC for the zone.
Create a secondary zone on DC2 and select DC1 as the master.

Answer: C

QUESTION 489
You are hired as a consultant by ABC Corporation to implement a Windows Server 2008 R2 computer onto their Windows Server 2003 domain. All of the client machines are Windows 7. You install Windows Server 2008 R2 onto a new computer and join that computer to the Windows 2003 domain. You want to upgrade the Windows Server 2008 R2 to a domain controller. What should you do first?

A.    On the new server, run adprep /domainprep.
B.    On the new server, run adprep /forestprep.
C.    On a Windows Server 2003 domain controller, run adprep /domainprep.
D.    On a Windows Server 2003 domain controller, run adprep /forestprep.

Answer: D

QUESTION 490
You are the network administrator for your organization. Your company uses a Windows Server 2008 R2 Enterprise Root CA. The company has issued a new policy that prevents port 443 and port 80 from being opened on domain controllers and on issuing CAs. Your users need to request certificates from a web interface. You have already installed the AD CS role. What do you need to do next?

A.    Configure the Certificate Authority Web Enrollment Service on a member server.
B.    Configure the Certificate Authority Web Enrollment Service on a domain server.
C.    Configure AD FS on member server to allow secure web-based access.
D.    Configure AD FS on domain controller to allow secure web-based access.

Answer: A


http://www.passleader.com/70-640.html

QUESTION 491
Your network contains an Active Directory forest named contoso.com. You need to identify whether a fine-grained password policy is applied to a specific group. Which tool should you use?

A.    Active Directory Users and Computers
B.    Security Configuration Wizard (SCW)
C.    Group Policy Management Editor
D.    Active Directory Sites and Services

Answer: A

QUESTION 492
Your network contains an Active Directory forest. The forest contains one domain named contoso.com. You attempt to run adprep /forestprep and the operation fails. You discover that the first domain controller deployed to the forest failed. You need to run adprep /forestprep successfully. What should you do?

A.    Move the PDC emulator role.
B.    Move the RID master role.
C.    Move the infrastructure master role.
D.    Move the schema master role.
E.    Move the global catalog server.
F.    Move the bridgehead server.
G.    Install a read-only domain controller (RODC).
H.    Deploy an additional global catalog server.
I.    Restart the Active Directory Domain Services (AD DS) service.

Answer: D

QUESTION 493
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. The forest contains a single domain. You need to ensure that objects can be restored from the Active Directory Recycle Bin. Which tool should you use?

A.    Ntdsutil
B.    Dsamain
C.    Ldp
D.    Add-PSSnapin

Answer: C

QUESTION 494
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. You have four Active Directory sites. Each site has multiple Active Directory subnets. You need to identify all of the authentication requests that originate from client computers that are not associated to an Active Directory subnet. What should you use?

A.    The System log
B.    The %Systemroot%\Debug\Netsetup.log log file
C.    The Authentication User Interface operational log
D.    The %Systemroot%\Security\Logs\Winlogon.log log file

Answer: B

QUESTION 495
Your network contains an Active Directory domain named fabrikam.com. The domain has one Active Directory site. The domain contains an organizational unit (OU) named SalesOU. SalesOU contains all of the user accounts for the sales department. Some of the sales users are temporary employees. You apply a Group Policy object (GPO) named SalesGPO to SalesOU. You need to prevent SalesGPO from being applied to the temporary sales employees. All other sales employees must have SalesGPO applied to them. What should you do?

A.    Configure the permissions on the user accounts of the temporary sales employees.
B.    Configure the permissions of SalesGPO.
C.    Link SalesGPO to the site and remove the link for SalesGPO from SalesOU.
D.    Disable the computer configurations of SalesGPO.

Answer: B

QUESTION 496
A corporate network includes a single Active Directory Domain Services (AD D5) domain. The domain contains 10 domain controllers. The domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You plan to create an Active Directory-integrated zone. You need to ensure that the new zone is replicated to only four of the domain controllers. What should you do first?

A.    Use the dnscmd tool with the /enlistdirectorypartition parameter.
B.    Create a new delegation in the ForestDnsZones application directory partition.
C.    Use the dnscmd tool with the /createdirectorypartition parameter.
D.    Use the dnscmd tool with the /createbuiltindirectorypartitions parameter.

Answer: D

QUESTION 497
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 has the DNS Server server role installed and hosts the zone for contoso.com. All host (A) records are registered in DNS by using dynamic updates. You deploy a new server named dns.contoso.com. You install the DNS Server server role on dns.contoso.com. The Name Servers list is shown in the Name Server exhibit. (Click the Exhibit button.)

The Zone Transfers settings are shown in the Zone Transfers exhibit. (Click the Exhibit button.)

On dns.contoso.com, you create a secondary zone for contoso.com and you specify DC1 as the master server. You discover that the zone fails to transfer to dns.contoso.com. You open DNS Manager as shown in the DNS Manager exhibit. (Click the Exhibit button.)

You need to ensure that dns.contoso.com can transfer the contoso.com zone. What should you do?

A.    Modify the name servers list for the contoso.com zone.
B.    Change the A record for dns.contoso.com to use 10.0.0.2.
C.    Add an A record for contoso.com that has a value of 10.0.0.2.
D.    Allow zone transfers to the 10.0.0.2 IP address.
E.    Add a name server (NS) record for contoso.com that has a value of 10.0.0.2.

Answer: A

QUESTION 498
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain and 10 domain controllers. All of the domain controllers run Windows Server 2008 R2 Service Pack 1 (SP1). The forest contains an application directory partition named dc=app1/dc=contoso,dc=com. A domain controller named DC1 has a copy of the application directory partition. You need to configure a domain controller named DC2 to receive a copy of dc=app1,dc=contoso,dc=com. Which tool should you use?

A.    Dsdbutil
B.    smgmt
C.    Dsamain
D.    Dsmod

Answer: B

QUESTION 499
A corporate network includes a single Active Directory Domain Services (AD D5) domain and two AD DS sites. The AD DS sites are named Toronto and Montreal. Each site has multiple domain controllers. You need to determine which domain controller holds the Inter-Site Topology Generator role for the Toronto site. What should you do?

A.    Use the Ntdsutil tool with the roles parameter.
B.    Use the Ntdsutil tool with the local roles parameter.
C.    Use the LDP tool to view the NTDS Site Settings for the Toronto site.
D.    Use the LDP tool to view the properties of each domain controller in the Toronto site.

Answer: D

QUESTION 500
Your network contains an Active Directory forest named contoso.com. The forest contains six domains. You need to ensure that the administrators of any of the domains can specify a user principal name (UPN) suffix of litwareinc.com when they create user accounts by using Active Directory Users and Computers. Which tool should you use?

A.    Set-ADAccountControl
B.    Active Directory Domains and Trusts
C.    Set-ADDomain
D.    Active Directory Users and Computers

Answer: B


http://www.passleader.com/70-640.html