Microsoft Official Exam Center New Released 70-640 Dumps Questions, Many New Questions added into it! Braindump2go Offer Free Sample Questions and Answers for Download Now! Visit Our Webiste, get the new updated Questions then pass Microsoft 70-640 at the first try!

Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring

QUESTION 31 has a main office and a branch office.’s network consists of a single Active Directory forest.
Some of the servers in the network run Windows Server 2008 and the rest run Windows server 2003.
You are the administrator at
You have installed Active Directory Domain Services (AD DS) on a computer that runs Windows Server 2008.
The branch office is located in a physically insecure place.
It has no IT personnel onsite and there are no administrators over there.
You need to setup a Read-Only Domain Controller (RODC) on the Server Core installation computer in the branch office.
What should you do to setup RODC on the computer in branch office?

A.    Execute an attended installation of AD DS
B.    Execute an unattended installation of AD DS
C.    Execute RODC through AD DS
D.    Execute AD DS by using deploying the image of AD DS
E.    none of the above

Answer: B
Install an RODC on a Server Core installation
To install an RODC on a Server Core installation of Windows Server 2008, you must perform an unattended installation of AD DS.

You had installed an Active Directory Federation Services (AD FS) role on a Windows server 2008 in your organization.
Now you need to test the connectivity of clients in the network to ensure that they can successfully reach the new Federation server and Federation server is operational.
What should you do? (Select all that apply)

A.    Go to Services tab, and check if Active Directory Federation Services is running
B.    In the event viewer, Applications, Event ID column look for event ID 674.
C.    Open a browser window, and then type the Federation Service URL for the new federation
D.    None of the above

Answer: BC
Verify that a specific event (ID 674) was generated on the federation server proxy computer. This event is generated when the federation server proxy is able to successfully communicate with the Federation Service.
To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

QUESTION 33 has purchased laptop computers that will be used to connect to a wireless network. You create a laptop organizational unit and create a Group Policy Object (GPO) and configure user profiles by utilizing the names of approved wireless networks.
You link the GPO to the laptop organizational unit.
The new laptop users complain to you that they cannot connect to a wireless network.
What should you do to enforce the group policy wireless settings to the laptop computers?

A.    Execute gpupdate/target:computer command at the command prompt on laptop computers
B.    Execute Add a network command and leave the SSID (service set identifier) blank
C.    Execute gpupdate/boot command at the command prompt on laptops computers
D.    Connect each laptop computer to a wired network and log off the laptop computer and then
login again.
E.    None of the above

Answer: D

The Company has a Windows 2008 domain controller server.
This server is routinely backed up over the network from a dedicated backup server that is running Windows 2003 OS.
You need to prepare the domain controller for disaster recovery apart from the routine backup procedures.
You are unable to launch the backup utility while attempting to back up the system state data for the data controller.
You need to backup system state data from the Windows Server 2008 domain controller server.
What should you do?

A.    Add your user account to the local Backup Operators group
B.    Install the Windows Server backup feature using the Server Manager feature.
C.    Install the Removable Storage Manager feature using the Server Manager feature
D.    Deactivating the backup job that is configured to backup Windows 2008 server domain
controller on the Windows 2003 server.
E.    None of the above

Answer: B

You are an administrator at
Company has a RODC (read-only domain controller) server at a remote location.
The remote location doesn’t have proper physical security.
You need to activate nonadministrative accounts passwords on that RODC server.
Which of the following action should be considered to populate the RODC server with non-administrative accounts passwords?

A.    Delete all administrative accounts from the RODC’s group
B.    Configure the permission to Deny on Receive for administrative accounts on the security tab
for Group Policy Object (GPO)
C.    Configure the administrative accounts to be added in the Domain RODC Password
Replication Denied group
D.    Add a new GPO and enable Account Lockout settings.
Link it to the remote RODC server and on the security tab on GPO, check the Read Allow
and the Apply group policy permissions for the administrators.
E.    None of the above

Answer: C

QUESTION 36 has a network that is comprise of a single Active Directory Domain.
As an administrator at, you install Active Directory Lightweight Directory Services (AD LDS) on a server that runs Windows Server 2008.
To enable Secure Sockets Layer (SSL) based connections to the AD LDS server, you install certificates from a trusted Certification Authority (CA) on the AD LDS server and client computers.
Which tool should you use to test the certificate with AD LDS?

A.    Ldp.exe
B.    Active Directory Domain services
C.    ntdsutil.exe
D.    Lds.exe
E.    wsamain.exe
F.    None of the above

Answer: A

QUESTION 37 boasts a main office and 20 branch offices.
Configured as a separate site, each branch office has a Read-Only Domain Controller (RODC) server installed.
Users in remote offices complain that they are unable to log on to their accounts.
What should you do to make sure that the cached credentials for user accounts are only stored in their local branch office RODC server?

A.    Open the RODC computer account security tab and set Allow on the Receive as permission
only for the users that are unable to log on to their accounts
B.    Add a password replication policy to the main Domain RODC and add user accounts in the
security group
C.    Configure a unique security group for each branch office and add user accounts to the
respective security group.
Add the security groups to the password replication allowed group on the main RODC server
D.    Configure and add a separate password replication policy on each RODC computer account

Answer: D

The corporate network of Company consists of a Windows Server 2008 single Active Directory domain.
The domain has two servers named Company 1 and Company 2.
To ensure central monitoring of events you decided to collect all the events on one server, to collect events from Company, and transfer them to Company 1.
You configure the required event subscriptions.
You selected the Normal option for the Event delivery optimization setting by using the HTTP protocol.
However, you discovered that none of the subscriptions work.
Which of the following actions would you perform to configure the event collection and event forwarding on the two servers? (Select three. Each answer is a part of the complete solution).

A.    Run window execute the winrm quickconfig command on Company 2.
B.    Run window execute the wecutil qc command on Company 2.
C.    Add the Company 1 account to the Administrators group on Company 2.
D.    Run window execute the winrm quickconfig command on Company 1.
E.    Add the Company 2 account to the Administrators group on Company 1.
F.    Run window execute the wecutil qc command on Company 1.

Answer: ADF

Your company has a main office and 40 branch offices.
Each branch office is configured as a separate Active Directory site that has a dedicated read-only domain controller (RODC).
An RODC server is stolen from one of the branch offices.
You need to identify the user accounts that were cached on the stolen RODC server.
Which utility should you use?

A.    Dsmod.exe
B.    Ntdsutil.exe
C.    Active Directory Sites and Services
D.    Active Directory Users and Computers

Answer: D
Securing Accounts After an RODC Is Stolen
If you become aware of a stolen or otherwise compromised read-only domain controller (RODC), you should act quickly to delete the RODC account from the domain and to reset the passwords of the accounts whose current passwords are stored on the RODC.
An efficient tool for removing the RODC computer account and resetting all the passwords for the accounts that were authenticated to it is the Active Directory Users and Computers snap-in.

QUESTION 40 has a software evaluation lab.
There is a server in the evaluation lab named as CKT. CKT runs Windows Server 2008 and Microsoft Virtual Server 2005 R2.
CKT has 200 virtual servers running on an isolated virtual segment to evaluate software.
To connect to the internet, it uses physical network interface card. requires every server in the company to access Internet. security policy dictates that the IP address space used by software evaluation lab must not be used by other networks.
Similarly, it states the IP address space used by other networks should not be used by the evaluation lab network.
As an administrator you find you that the applications tested in the software evaluation lab need to access normal network to connect to the vendors update servers on the internet.
You need to configure all virtual servers on the CKT server to access the internet.
You also need to comply with company’s security policy.
Which two actions should you perform to achieve this task? (Choose two answers. Each answer is a part of the complete solution)

A.    Trigger the Virtual DHCP server for the external virtual network and run ipconfig/renew
command on each virtual server
B.    On CKT’s physical network interface, activate the Internet Connection Sharing (ICS)
C.    Use intranet IP addresses on all virtual servers on CKT.
D.    Add and install a Microsoft Loopback Adapter network interface on CKT.
Use a new network interface and create a new virtual network.
E.    None of the above

Answer: AD

Want Pass 70-640 Exam At the first try? Come to Braindump2go! Download the Latest Microsoft 70-640 Real Exam Questions and Answers PDF & VCE from Braindump2go,100% Pass Guaranteed Or Full Money Back!