Braindump2go New Released Microsoft 70-640 Practice Tests Sample Questions Free Download! 100% Same Questions with Actual 70-640 Exam! Guaranteed 100% Pass!

Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring

Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,Microsoft 70-640 Exam Dumps,70-640 Questions and Answers,TS: Windows Server 2008 Active Directory, Configuring

QUESTION 181
Your network contains two Active Directory forests named contoso.com and fabrikam.com.
Each forest contains a single domain.
A two-way forest trust exists between the forests.
Selective authentication is enabled on the trust.
Contoso.com contains a group named Group 1.
Fabrikam.com contains a server named Server1.
You need to ensure that users in Group1 can access resources on Server1.
What should you modify?

A.    the permissions of the Group1 group
B.    the UPN suffixes of the contoso.com forest
C.    the UPN suffixes of the fabrikam.com forest
D.    the permissions of the Server1 computer account

Answer: A

QUESTION 182
Your network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named Sales and an OU named Engineering.
Users in the Sates OU frequently log on to client computers in the Engineering OU.
You need to meet the following requirements:
– All of the user settings in the Group Policy objects (GPOs) linked to both the Sales OU and the Engineering OU must be applied to sales users when they log on to client computers in the Engineering OU.
– Only the policy settings in the GPOs linked to the Sales OU must be applied to sales users when they log on to client computers in the Sales OU.
– Policy settings in the GPOs linked to the Sales OU must not be applied to users in the Engineering OU.
What should you do?

A.    Modify the Group Policy permissions.
B.    Enable block inheritance.
C.    Configure the link order.
D.    Enable loopback processing in merge mode.
E.    Enable loopback processing in replace mode.
F.    Configure WMI filtering.
G.    Configure Restricted Groups.
H.    Configure Group Policy Preferences.
I.    Link the GPO to the Sales OU.
J.    Link the GPO to the Engineering OU.

Answer: D

QUESTION 183
You have an Active Directory domain named contoso.com.
You need to view the account lockout threshold and duration for the domain.
Which tool should you use?

A.    Computer Management
B.    Net Config
C.    Active Directory Users and Computers
D.    Gpresult

Answer: C

QUESTION 184
Your network contains an Active Directory forest.
The forest contains two domains named contoso.com and east.contoso.com.
The contoso.com domain contains a domain controller named DC1.
The east.contoso.com domain contains a domain controller named DC2.
DC1 and DC2 have the DNS Server server role installed.
You need to create a DNS zone that is available on DC1 and DC2.
The solution must ensure that zone transfers are encrypted.
What should you do?

A.    Create a primary zone on DC1 and store the zone in a zone file.
On DC1 and DC2, configure inbound rules and outbound rules by using Windows Firewall
with Advanced Security.
Create a secondary zone on DC2 and select DC1 as the master.
B.    Create a primary zone on DC1 and store the zone in a DC=ForestDNSZones, DC=Contoso,
DC=com naming context.
C.    Create a primary zone on DC2 and store the zone in a DC= DC=East, DC=Contoso/DC=com
naming context.
Create a secondary zone on DC1 and select DC2 as the master.
D.    Create a primary zone on DC1 and store the zone in a zone file.
Configure DNSSEC for the zone.
Create a secondary zone on DC2 and select DC1 as the master.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc781101.aspx

QUESTION 185
Your network contains an Active Directory domain named adatum.com.
All servers run Windows Server 2008 R2.
The network contains an enterprise certification authority (CA).
You need to ensure that all of the members of a group named Managers can view the event log entries for Certificate Services.
Which snap-in should you use?

A.    Active Directory Administrative Center
B.    Authorization Manager
C.    Certificate Templates
D.    Certificates
E.    Certification Authority
F.    Enterprise PKI
G.    Group Policy Management
H.    Security Configuration Wizard
I.    Share and Storage Management

Answer: G
Explanation:
We can make the Group1 group a member of the Event Log Readers Group, giving them read access to all event logs, thus including the Certificate Services events.
We can do that by using Group Policy Management.

QUESTION 186
Your network contains an Active Directory domain named adatum.com.
All servers run Windows Server 2008 R2 Enterprise.
All client computers run Windows 7 Professional.
The network contains an enterprise certification authority (CA).
You need to approve a pending certificate request.
Which snap-in should you use?

A.    Active Directory Administrative Center
B.    Authorization Manager
C.    Certificate Templates
D.    Certificates
E.    Certification Authority
F.    Enterprise PKI
G.    Group Policy Management
H.    Security Configuration Wizard
I.    Share and Storage Management

Answer: E
Explanation:
http://technet.microsoft.com/de-de/library/ff849263.aspx

QUESTION 187
Your network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named Sales and an OU named Engineering.
You have a Group Policy object (GPO) linked to the domain.
You need to ensure that the settings in the GPO are not processed by user accounts or computer accounts in the Sales OU.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do?

A.    Modify the Group Policy permissions.
B.    Enable block inheritance.
C.    Configure the link order.
D.    Enable loopback processing in merge mode.
E.    Enable loopback processing in replace mode.
F.    Configure WMI filtering.
G.    Configure Restricted Groups.
H.    Configure Group Policy Preferences.
I.    Link the GPO to the Sales OU.
J.    Link the GPO to the Engineering OU.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc731076.aspx
Block Inheritance You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.

QUESTION 188
A corporate network includes a single Active Directory Domain Services (AD DS) domain.
The domain contains 10 domain controllers.
The domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
You plan to create an Active Directory-integrated zone.
You need to ensure that the new zone is replicated to only four of the domain controllers.
What should you do first?

A.    Use the ntdsutil tool to modify the DS behavior for the domain.
B.    Use the ntdsutil tool to add a naming context.
C.    Create a new delegation in the ForestDnsZones application directory partition.
D.    Use the dnscmd tool with the /zoneadd parameter.

Answer: B

QUESTION 189
Your network contains an Active Directory forest named fabrikam.com.
The forest contains the following domains:
– Fabrikam.com
– Eu.fabrikam.com
– Na.fabrikam.com
– Eu.contoso.com
– Na.contoso.com
You need to configure the forest to ensure that the administrators of any of the domains can specify a user principal name (UPN) suffix of contoso.com when they create user accounts from Active Directory Users and Computers.
Which tool should you use?

A.    Active Directory Sites and Services
B.    Set-ADDomain
C.    Set-ADForest
D.    Active Directory Administrative Center

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/dd391925.aspx

QUESTION 190
A corporate network includes a single Active Directory Domain Services (AD DS) domain and two AD DS sites.
The AD DS sites are named Toronto and Montreal.
Each site has multiple domain controllers.
You need to determine which domain controller holds the Inter-Site Topology Generator role for the Toronto site.
What should you do?

A.    Use the Active Directory Sites and Services console to view the NTDS Site Settings for the
Toronto site.
B.    Use the Ntdsutil tool with the roles parameter.
C.    Use the Ntdsutil tool with the LDAP policies parameter.
D.    Use the Active Directory Sites and Services console to view the properties of each domain
controller in the Toronto site.

Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc794776.aspx


Braindump2go New Released 70-640 Dumps PDF are Now For Free Download, 651 Latest Questions, Download It Right Now and Pass Your Exam 100%:

 

http://www.braindump2go.com/70-640.html