New Released Braindump2go Microsoft 70-640 Dumps PDF – Questions and Answers Updated with Microsoft Official Exam Center! Visit Braindump2go and download our 70-640 Exam Questions Now, Pass 70-640 100% at your first time!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,70-640 VCE,70-640 Braindump,70-640 TS: Windows Server 2008 Active Directory, Configuring
QUESTION 481
You are the systems administrator for a medium-sized Active Directory domain.
Currently, the environment supports many different domain controllers, some of which are running Windows NT 4 and others that are running Windows 2003 and Server 2008 R2.
When you are running domain controllers in this type of environment, which of the following types of groups can you not use? (Choose Two)
A. Universal security groups
B. Global groups
C. Domain local groups
D. Computer groups
Answer: AD
Explanation:
http://support.microsoft.com/kb/231273
Group Type and Scope Usage in Windows
Windows 2000 and later extends the Microsoft Windows NT 4.0 concept of user groups by adding Universal and Distribution groups. In Windows NT 4.0, there are only Global and Local groups, and both are considered Security groups.
QUESTION 482
You are the network administrator for an organization that has all Windows Server 2008 R2 domain controllers.
You need to capture all replication errors that occur between all domain controllers.
What should you do?
A. Use System Performance data collector sets.
B. Use ntdsutil.
C. Configure event log subscriptions.
D. Use the ADSI Edit tool.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc748890.aspx
Configure Computers to Forward and Collect Events
Before you can create a subscription to collect events on a computer, you must configure both the collecting computer (collector) and each computer from which events will be collected (source).
http://technet.microsoft.com/en-us/library/cc749183.aspx
Event Subscriptions
Event Viewer enables you to view events on a single remote computer. However, troubleshooting an issue might require you to examine a set of events stored in multiple logs on multiple computers.
Windows Vista includes the ability to collect copies of events from multiple remote computers and store them locally. To specify which events to collect, you create an event subscription. Among other details, the subscription specifies exactly which events will be collected and in which log they will be stored locally. Once a subscription is active and events are being collected, you can view and manipulate these forwarded events as you would any other locally stored events.
Using the event collecting feature requires that you configure both the forwarding and the collecting computers.
The functionality depends on the Windows Remote Management (WinRM) service and the Windows Event Collector (Wecsvc) service. Both of these services must be running on computers participating in the forwarding and collecting process.
http://technet.microsoft.com/en-us/library/cc961808.aspx
QUESTION 483
You are one of two network administrators for your organization.
Your IT partner does most of the work in Active Directory.
While working in Active Directory, your partner accidently deleted a user from the Sales OU.
You recover the user from tape backup but you want to help prevent this from happening again inthe future.
What can you do?
A. Enable the Active Directory Recycle Bin.
B. Use ADSI Edit to restore the user.
C. Take away all rights from the other administrator.
D. Use the Directory Services Restore Mode Lockout command.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/dd392261%28v=ws.10%29.aspx
QUESTION 484
What is the maximum number of domains that a Windows Server 2008 R2 computer, configured as a domain controller, may participate in at one time?
A. Zero
B. One
C. Two
D. Any number of domains
Answer: B
QUESTION 485
You are the systems administrator of a large organization that has recently implemented Windows Server 2008 R2.
You have a few remote sites that do not have very tight security.
You have decided to implement read-only domain controllers (RODC).
What forest functional levels does the network need for you to do the install? (Choose Three)
A. Windows 2000 Mixed
B. Windows 2008 R2
C. Windows 2003
D. Windows 2008
Answer: BCD
Explanation:
http://technet.microsoft.com/en-us/library/cc731243%28v=ws.10%29.aspx
Prerequisites for Deploying an RODC
Ensure that the forest functional level is Windows Server 2003 or higher.
Deploy at least one writable domain controller running Windows Server 2008 or Windows Server 2008 R2 in the same domain as the RODC and ensure that the writable domain controller is also a DNS server that has registered a name server (NS) resource record for the relevant DNS zone. An RODC must replicate domain updates from a writable domain controller running Windows Server 2008 or Windows Server 2008 R2.
QUESTION 486
Your network contains an Active Directory domain.
The domain contains 20 domain controllers.
You need to identify which domain controllers are global catalog servers.
Which tool should you use?
A. dsquery
B. netsh
C. nltest
D. Get-ADOptionalFeature
Answer: B
QUESTION 487
ABC.com has a network that consists of a single Active Directory domain.Windows Server 2008 is installed on all domain controllers in the network.
You are instructed to capture all replication errors from all domain controllers to a central location.
What should you do to achieve this task?
A. Initiate the Active Directory Diagnostics data collector set
B. Set event log subscriptions and configure it
C. Initiate the System Performance data collector set
D. Create a new capture in the Network Monitor
Answer: B
QUESTION 488
Your network contains an Active Directory forest.
The forest contains two domains named contoso.com and east.contoso.com.
The contoso.com domain contains a domain controller named DC1.
The east.contoso.com domain contains a domain controller named DC2.
DC1 and DC2 have the DNS Server server role installed.
You need to create a DNS zone that is available on DC1 and DC2.
The solution must ensure that zone transfers are encrypted.
What should you do?
A. Create a primary zone on DC1 and store the zone in DC=Contoso, DC=com naming context.
Create a secondary zone on DC2 and select DC1 as the master.
B. Create a primary zone on DC1 and store the zone in a zone file.
Configure Encrypting File System (EFS) encryption.
Create a secondary zone on DC2 and select DC1 as the master.
C. Create a primary zone on DC1 and store the zone in a zone file.
Configure IPSec on DC1 and DC2.
Create a secondary zone on DC2 and select DC1 as the master.
D. Create a primary zone on DC1 and store the zone in a zone file.
Configure DNSSEC for the zone.
Create a secondary zone on DC2 and select DC1 as the master.
Answer: C
QUESTION 489
You are hired as a consultant by ABC Corporation to implement a Windows Server 2008 R2 computer onto their Windows Server 2003 domain.
All of the client machines are Windows 7.
You install Windows Server 2008 R2 onto a new computer and join that computer to the Windows 2003 domain.
You want to upgrade the Windows Server 2008 R2 to a domain controller.
What should you do first
A. On the new server, run adprep /domainprep.
B. On the new server, run adprep /forestprep.
C. On a Windows Server 2003 domain controller, run adprep /domainprep.
D. On a Windows Server 2003 domain controller, run adprep /forestprep.
Answer: D
QUESTION 490
You are the network administrator for your organization.
Your company uses a Windows Server 2008 R2 Enterprise Root CA.
The company has issued a new policy that prevents port 443 and port 80 from being opened on domain controllers and on issuing CAs.
Your users need to request certificates from a web interface.
You have already installed the AD CS role.
What do you need to do next?
A. Configure the Certificate Authority Web Enrollment Service on a member server.
B. Configure the Certificate Authority Web Enrollment Service on a domain server.
C. Configure AD FS on member server to allow secure web-based access.
D. Configure AD FS on domain controller to allow secure web-based access.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/dd759209.aspx
Certificate Enrollment Web Service Overview
The Certificate Enrollment Web Service is an Active Directory Certificate Services (AD CS) role service that enables users and computers to perform certificate enrollment by using the HTTPS protocol. Together with the Certificate Enrollment Policy Web Service, this enables policy-based certificate enrollment when the client computer is not a member of a domain or when a domain member is not connected to the domain.
Personal note:
Since domain controllers are off-limits (regarding open ports), you are left to install the Certificate Enrollment Web Service role service on a plain member server
Braindump2go is one of the Leading 70-640 Exam Preparation Material Providers Around the World! We Offer 100% Money Back Guarantee on All Products! Feel Free In Downloading Our New Released 70-640 Real Exam Questions!