100 likes | 121 Views
70-640. Microsoft. TS: Windows Server 2008 Active Directory. Configuring. Thousands of IT Professionals before you have already passed their 70-640 certification. exams using the Microsoft 70-640 Practice Exam from ipass4sure.com. Once you start using.
E N D
70-640 Microsoft TS: Windows Server 2008 Active Directory. Configuring Thousands of IT Professionals before you have already passed their 70-640 certification exams using the Microsoft 70-640 Practice Exam from ipass4sure.com. Once you start using our 70-640 exam questions you simply can't stop! You are guaranteed to pass your Microsoft 70-640 test with ease and in your first attempt. Here's what you can expect from the ipass4sure Microsoft 70-640 course: * Up-to-Date Microsoft 70-640 questions designed to familiarize you with the real exam. * 100% correct Microsoft 70-640 answers you simply can't find in other 70-640 courses. * All of our tests are easy to download. Your file will be saved as a 70-640 PDF. * Microsoft 70-640 brain dump free content featuring the real 70-640 test questions. Microsoft 70-640 Certification Exam is of core importance both in your Professional life and Microsoft Certification Path. With Microsoft Certification you can get a good job easily in the market and get on your path for success. Professionals who passed Microsoft 70-640 Certification Exam are an absolute favorite in the industry. If you pass Microsoft 70-640 Certification Exam then career opportunities are open for you. Our 70-640 Questions & Answers provide you an easy solution to your Microsoft 70-640 Exam Preparation. Our 70-640 Q&As contains the most updated Microsoft 70-640 real tests. You can use our 70-640 Q&As on any PC with most versions of Acrobat Reader and prepare the exam easily.
Contents Topic 1, Exam Set 1 ( 46 Questions) 3 Topic 2, Exam Set 2 (50 Questions) 37 Total number of questions = 96
Topic 1, Exam Set 1 ( 46 Questions) QUESTION NO: 1 You work as the network administrator at Company.com . The Company.com network has a domain named Company.com . All servers on the Company.com network run Windows Server 2008. Only one Active-Directory integrated zone has been configured in the Company.com domain. Company.com has requested that you configure DNS zone to automatically remove DNS records that are outdated. What action should you consider? A. You should consider running the netsh /Reset DNS command from the Command prompt. B. You should consider enabling Scavenging in the DNS zone properties page. C. You should consider reducing the TTL of the SOA record in the DNS zone properties page. D. You should consider disabling updates in the DNS zone properties page. Answer: B Explanation: In the scenario you should enable scavenging through the zone properties because scavenging removes the outdated DNS records from the DNS zone automatically. You should additionally note that patience would be required when enabling scavenging as there are some safety valves built into scavenging which takes long to pop. Reference: http://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845-88d2-4091-8088-a6bbce0a4304&ID=211 QUESTION NO: 2 You work as the network administrator at Company.com . The Company.com network has a domain named Company.com . All servers on the Company.com network run Windows Server 2008. The Company.com network has a server named TESTKING-SR15. You install the Active Directory Lightweight Directory Services (AD LDS) on TESTKING-SR15.
Which of the following options can be used for the creation of new Organizational Units (OU's) in the application directory partition of the AD LDS? A. You should run the net start command on TESTKING-SR15. B. You should open the ADSI Edit Microsoft Management Console on TESTKING-SR15. C. You should run the repadmin /dsaguid command on TESTKING-SR15. D. You should open the Active Directory Users and Computers Console on TESTKING-SR15. Answer: B Explanation: You need to use the ADSI Edit snap-in to create new OUs in the AD LDS application directory partition. You also need to add the snap-in in the Microsoft Management Console (MMC). QUESTION NO: 3 You work as the network administrator at Company.com . The Company.com network has a domain named Company.com . All servers on the Company.com network run Windows Server 2008. The Company.com network has two domain controllers TESTKING-DC01 and TESTKING-DC02. TESTKING-DC01 suffers a catastrophic failure but it is causing problems because it was configured to have Schema Master Operations role. You log on to the Company.com domain as a domain administrator but your attempts to transfer the Schema Master Operations role to TESTKING-DC02 are unsuccessful. What action should you take to transfer the Schema Master Operations role to TESTKING-DC02? A. Your best option would be to have the dcpromo /adv command executed on TESTKING-DC02. B. Your best option would be to have the Schema Master role seized to TESTKING-DC02. C. Your best option would be to have Schmmgmt.dll registered on TESTKING-DC02. D. Your best option would be to add your user account to the Schema Administrators group. Answer: B
Explanation: To ensure that TESTKING-DC02 holds the Schema Master role you need to seize the Schema Master role on TESTKING-DC02. Seizing the schema master role is a drastic step that should be considered only if the current operations master will never be available again. So to transfer the schema master operations role, you have to seize it on TESTKING-DC02. Reference: http://technet2.microsoft.com/windowsserver/en/library/d4301a14-dd18-4b3c-a3cc-ec9a773f7ffb1033.mspx?mfr QUESTION NO: 4 You work as the network administrator at Company.com . The Company.com network has a single forest. The forest functional level is set at Windows Server 2008. The Company.com network has a Microsoft SQL Server 2005 database server named TESTKING-DB04 that hosts the Active Directory Rights Management Service (AD RMS). You try to access the Active Directory Rights Management Services administration website but received an error message stating: "SQL Server does not exist or access is denied." How can you access the AD RMS administration website? A. You need to restart the Internet Information Server (IIS) service and the MSSQLSVC service on TESTKING-DB04. B. You need to install the Active Directory Lightweight Directory Services (AD LDS) on TESTKING-DB04. C. You need to reinstall the AD RMS instance on TESTKING-DB04. D. You need to reinstall the SQL Server 2005 instance on TESTKING-DB04. E. You need to run the DCPRO command on TESTKING-SR04 Answer: A Explanation: You need to restart the internet information server (IIS) to correct the problem. The starting of the MSSQULSVC service will allow you to access the database from AD RMS administration website. QUESTION NO: 5
You work as an enterprise administrator at Company.com . The Company.com network has a domain named Company.com . The Company.com network has a Windows Server 2008 computer named TESTKING-SR03 that functions as an Enterprise Root certificate authority (CA). A new Company.com security policy requires that revoked certificate information should be available for examination at all times. What action should you take adhere to the new policy? A. This can be accomplished by having a list of trusted certificate authorities published to the Company.com domain. B. This can be accomplished by having the Online Certificate Status Protocol (OCSP) responder implemented. C. This can be accomplished by having the OCSP Response Signing certificate imported. D. This can be accomplished by having the Startup Type of the Certificate Propagation service set to Automatic. E. This can be accomplished by having the computer account of TESTKING-SR03 added to the TKCertificates group. Answer: B Explanation: You should use the network load balancing and publish an OCSP responder. This will ensure that the revoked certificate information will be available at all times. You do not need to download the entire CRL to check for revocation of a certificate; the OCSP is an online responder that can receive a request to check for revocation of a certificate. This will also speed up certificate revocation checking as well as reducing network bandwidth tremendously. QUESTION NO: 6 You work as the network administrator at Company.com . The Company.com network has a domain named Company.com . All servers on the Company.com network run Windows Server 2008. You are responsible for managing two servers TESTKING-SR01 and TESTKING-SR02. They are setup with the following configuration. TESTKING-SR01 running Enterprise Root certificate authority (CA) TESTKING-SR02 running Online Responder role service Which of the steps must you perform for configuring the Online Responder to be supported on TESTKING-SR01?
A. You should enable the Dual Certificate List extension on TESTKING-SR01. B. You should ensure that TESTKING-SR01 is a member of the CertPublishers group. C. You should import the OCSP Response Signing certificate to TESTKING-SR01. D. You should enable the Authority Information Access (AIA) extension on TESTKING-SR01. E. You should run the CERTSRV command on TESTKING-SR01. Answer: D Explanation: In order to configure the online responder role service on TESTKING-SR01 you need to configure the AIA extension. The authority information access extension will indicate how to access CA information and services for the issuer of the certificate in which the extension appears. Information and services may include on-line validation services and CA policy data. This extension may be included in subject or CA certificates, and it MUST be non-critical QUESTION NO: 7 You work as the network administrator at Company.com . The Company.com network has a domain named Company.com . All servers on the Company.com network run Windows Server 2008 and all client computers run Windows Vista. The Company.com network has a client computer named TESTKING-WS640 that was last used six months ago. During the course of the day you attempt to log on to TESTKING-WS640 but you are unable to authenticate during the logon process. What action should you consider in order to log on to TESTKING-WS640? A. You should consider opening the command prompt on TESTKING-WS640 and running the netsh set machine command. B. You should consider opening the command prompt on TESTKING-WS640 and running the repadmin command. C. You should consider removing TESTKING-WS640 from the domain and then rejoining it. D. You should consider deleting the computer account for TESTKING-WS640 in Active Directory Users and Computers, and then recreate the computer account. Answer: C
Explanation: In the scenario you should have the computer disjoined from the domain and rejoined to the domain whilst having the computer account reset as well. You should additionally note that the long inactivity caused the computer to stop responding to the authentication query using the Active Directory records. You should note by disjoining and rejoining with the account being reset would refresh the computer account passwords. QUESTION NO: 8 You work as an enterprise administrator at Company.com . The Company.com network has a forest with a domain named Company.com . The Company.com network has a Windows Server 2008 domain controller named TESTKING-DC01 that hosts the Directory Services Recovery Mode (DSRM) role. What would be the best option to take to have the DSRM password reset? A. The best option is to open the Active Directory Security for Computers snap-in. B. The best option is to run the ntdsutil command. C. The best option is to run the Netsh command. D. The best option is to open the Domain Controller security snap-in. Answer: B Explanation: You should use the ntdsutil utility to reset the DSRM password. You can use Ntdsutil.exe to reset this password for the server on which you are working, or for another domain controller in the domain. Type ntdsutil and at the ntdsutil command prompt, type set dsrm password. Reference: http://support.microsoft.com/kb/322672 QUESTION NO: 9 You work as an enterprise administrator at Company.com . The Company.com network has a domain named Company.com . All servers on the Company.com network run Windows Server 2008. Company.com has two offices Chicago and Dallas. The network has the following setup. Chicago Office - Domain Controller named TESTKING-DC01 Dallas Office - Read-Only Domain Controller named TESTKING-DC02 How can you make sure that Dallas Office users use only TESTKING-DC02 for authentication?
A. You should consider having TESTKING-DC02 configured as a bridehead server in the Dallas office. B. You should consider installing and configuring the Password Replication Policy on TESTKING-DC02. C. You should consider having TESTKING-DC01 configured as a bridehead server in the Chicago office. D. You should consider installing and configuring the Password Replication Policy on TESTKING-DC01. E. You should consider having the Global Catalog installed on TESTKING-DC01. Answer: B Explanation: You should use the Password Replication Policy on the RODC. This will allow the users at the Dallas office to log on to the domain with RODC. RODCs don't cache any user or machine passwords. QUESTION NO: 10 You work as the network administrator at Company.com . The Company.com network has a domain named intl.Company.com . All servers on the Company.com network run Windows Server 2008. The domain controllers on the Company.com domain are configured to function as DNS servers. What action should you take to ensure that computers that are not part of the intl.Company.com domain are not able to dynamically register their DNS registration information in the intl.Company.com zone? A. You should consider removing the .(root) zone from the intl.Company.com zone. B. You should consider running the dnscmd /AgeAllRecords command. C. You should consider configuring Secure Only dynamic updates. D. You should consider configuring the intl.Company.com zone as an Active Directory integrated zone. Answer: C Explanation: In order to ensure that only domain members are able to register their DNS records dynamically you need to set the option Secure only for Dynamic updates. This will only allow the domain members to register their DNS records dynamically. Reference: www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncf_imp_afpf.mspx
Pass4sure $89 Lifetime Membership Features; - Pass4sure $89 Lifetime Membership includes Over 2100 Exams in One Price. - All Pass4sure Questions and Answers are included in $89 package. - All Pass4sure audio exams are included free in $89 package (See List). - All Pass4sure study guides are included free in $89 package (See List). - Lifetime login access, no hidden fee, no login expiry. - Free updates for Lifetime. - Free Download Access to All new exams added in future. - Accurate answers with explanations (If applicable). - Verified answers researched by industry experts. - Study Material updated on regular basis. - Questions, Answers and Study Guides are downloadable in PDF format. - Audio Exams are downloadable in MP3 format. - No authorization code required to open exam. - Portable anywhere. - 100% success Guarantee. - Fast, helpful support 24x7. View list of All exams (Q&A) provided in $89 membership; http://www.ipass4sure.com/allexams.asp View list of All Study Guides (SG) provided FREE for members; http://www.ipass4sure.com/study-guides.asp View list of All Audio Exams (AE) provided FREE for members; http://www.ipass4sure.com/audio-exams.asp Download All Exams Sample QAs. http://www.ipass4sure.com/samples.asp To purchase $89 Lifetime Full Access Membership click here (One time fee) https://www.regnow.com/softsell/nph-softsell.cgi?item=30820-3 3COM CompTIA Filemaker IBM LPI OMG Sun ADOBE ComputerAssociatesFortinet IISFA McAfee Oracle Sybase APC CWNP Foundry Intel McData PMI Symantec Apple DELL Fujitsu ISACA Microsoft Polycom TeraData BEA ECCouncil GuidanceSoftware ISC2 Mile2 RedHat TIA BICSI EMC HDI ISEB NetworkAppliance Sair Tibco CheckPointEnterasys Hitachi ISM Network-General SASInstitute TruSecure Cisco ExamExpress HP Juniper Nokia SCP Veritas Citrix Exin Huawei Legato Nortel See-Beyond Vmware CIW ExtremeNetworks Hyperion Lotus Novell SNIA and many others.. See complete list Here