web analytics

Braindump2go Free Microsoft Dumps Questions Collection

Latest Real Exam Questions and Answers to help you pass Microsoft and other Hot exam 100%!

70-640 New Released Exam Questions from Braindump2go 100% Same With Real Microsoft 70-640 Exam (161-170)

Microsoft Official Exam Center New Released 70-640 Dumps Questions, Many New Questions added into it! Braindump2go Offer Free Sample Questions and Answers for Download Now! Visit Our Webiste, get the new updated Questions then pass Microsoft 70-640 at the first try!

Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring

Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,Microsoft 70-640 Exam Dumps,70-640 Questions and Answers,TS: Windows Server 2008 Active Directory, Configuring

QUESTION 161
A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails.
You need to enable the user to join a single computer to the domain.
You must ensure that the user is denied any additional rights beyond those required to complete the task.
What should you do?

A.    Prestage the computer account in the Active Directory domain.
B.    Add the user to the Domain Administrators group for one day.
C.    Add the user to the Server Operators group in the Active Directory domain.
D.    Grant the user the right to log on locally by using a Group Policy Object (GPO).

Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc770832%28v=ws.10%29.aspx#BKMK_1

QUESTION 162
Your company has two Active Directory forests named Forest1 and Forest2,
The forest functional level and the domain functional level of Forest1 are set to Windows Server 2008.
The forest functional level of Forest2 is set to Windows 2000, and the domain functional levels in Forest2 are set to Windows Server 2003.
You need to set up a transitive forest trust between Forestl and Forest2,
What should you do first?

A.    Raise the forest functional level of Forest2 to Windows Server 2003 Interim mode.
B.    Raise the forest functional level of Forest2 to Windows Server 2003.
C.    Upgrade the domain controllers in Forest2 to Windows Server 2008.
D.    Upgrade the domain controllers in Forest2 to Windows Server 2003.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc816810.aspx
Creating Forest Trusts
You can link two disjoined Active Directory Domain Services (AD DS) forests together to form a one-way or two-way, transitive trust relationship.
The following are required to create forest trusts successfully:
You can create a forest trust between two Windows Server 2003 forests, between two Windows Server 2008 forests, between two Windows Server 2008 R2 forests, between a Windows Server 2003 forest and a Windows Server 2008 forest, between a Windows Server 2003 forest and a Windows Server 2008 R2 forest, or between a Windows Server 2008 forest and a Windows Server 2008 R2 forest. Forest trusts cannot be extended implicitly to a third forest.
To create a forest trust, the minimum forest functional level for the forests that are involved in the trust relationship is Windows Server 2003.

QUESTION 163
Your company has an Active Directory forest that contains two domains,
The forest has universal groups that contain members from each domain.
A branch office has a domain controller named DC1,
Users at the branch office report that the logon process takes too long,
You need to decrease the amount of time it takes for the branch office users to logon.
What should you do?

A.    Configure DC1 as a Global Catalog server.
B.    Configure DC1 as a bridgehead server for the branch office site.
C.    Decrease the replication interval on the site link that connects the branch office to the
corporate network.
D.    Increase the replication interval on the site link that connects the branch office to the
corporate network.

Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc728188.aspx
What Is the Global Catalog?
The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.
In addition to configuration and schema directory partition replicas, every domain controller in a forest stores a full, writable replica of a single domain directory partition. Therefore, a domain controller can locate only the objects in its domain. Locating an object in a different domain would require the user or application to provide the domain of the requested object. The global catalog provides the ability to locate objects from any domain without having to know the domain name.
A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest. The additional domain directory partitions are partial because only a limited set of attributes is included for each object. By including only the attributes that are most used for searching, every object in every domain in even the largest forest can be represented in the database of a single global catalog server.

QUESTION 164
Your company has an Active Directory domain.
The main office has a DNS server named DNS1 that is configured with Active Directory-integrated DNS.
The branch office has a DNS server named DNS2 that contains a secondary copy of the zone from DNS1.
The two offices are connected with an unreliable WAN link.
You add a new server to the main office.
Five minutes after adding the server, a user from the branch office reports that he is unable to connect to the new server.
You need to ensure that the user is able to connect to the new server.
What should you do?

A.    Clear the cache on DNS2.
B.    Reload the zone on DNS1.
C.    Refresh the zone on DNS2.
D.    Export the zone from DNS1 and import the zone to DNS2.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc794900%28v=ws.10%29.aspx

QUESTION 165
You need to validate whether Active Directory successfully replicated between two domain controllers.
What should you do?

A.    Run the DSget command.
B.    Run the Dsquery command.
C.    Run the RepAdmin command.
D.    Run the Windows System Resource Manager.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc794749.aspx
You can use the repadmin /showrepl command to verify successful replication to a specific domain controller.

QUESTION 166
You have a domain controller that runs Windows Server 2008 R2.
The Windows Server Backup feature is installed on the domain controller.
You need to perform a non-authoritative restore of the domain controller by using an existing backup file.
What should you do?

A.    Restart the domain controller in Directory Services Restore Mode.
Use the WBADMIN command to perform a critical volume restore.
B.    Restart the domain controller in Directory Services Restore Mode.
Use the Windows Server Backup snap-in to perform a critical volume restore.
C.    Restart the domain controller in safe mode.
Use the Windows Server Backup snap-in to perform a critical volume restore.
D.    Restart the domain controller in safe mode.
Use the WBADMIN command to perform a critical volume restore.

Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc816627%28v=ws.10%29.aspx

QUESTION 167
Your company has an Active Directory forest.
Not all domain controllers in the forest are configured as Global Catalog Servers.
Your domain structure contains one root domain and one child domain.
You modify the folder permissions on a file server that is in the child domain.
You discover that some Access Control entries start with S-1-5-21 and that no account name is listed.
You need to list the account names.
What should you do?

A.    Move the RID master role in the child domain to a domain controller that holds the Global
Catalog.
B.    Modify the schema to enable replication of the friendlynames attribute to the Global Catalog.
C.    Move the RID master role in the child domain to a domain controller that does not hold the
Global Catalog.
D.    Move the infrastructure master role in the child domain to a domain controller that does not
hold the Global Catalog.

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc780850%28v=ws.10%29.aspx

QUESTION 168
You are installing an application on a computer that runs Windows Server 2008 R2.
During installation, the application will need to install new attributes and classes to the Active Directory database.
You need to ensure that you can install the application.
What should you do?

A.    Change the functional level of the forest to Windows Server 2008 R2.
B.    Log on by using an account that has Server Operator rights.
C.    Log on by using an account that has Schema Administrator rights and the appropriate rights
to install the application.
D.    Log on by using an account that has the Enterprise Administrator rights and the appropriate
rights to install the application.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc756898%28v=ws.10%29.aspx
Default groups
Default groups, such as the Domain Admins group, are security groups that are created automatically when you create an Active Directory domain.
You can use these predefined groups to help control access to shared resources and delegate specific domain-wide administrative roles.
Groups in the Builtin container
The following table provides descriptions of the default groups located in the Builtin container and lists the assigned user rights for each group.
 clip_image002[6]_thumb
Groups in the Users container
The following table provides a description of the default groups located in the Users container and lists the assigned user rights for each group.
 clip_image002[8]_thumb

QUESTION 169
Your company security policy requires complex passwords.
You have a comma delimited file named import.csv that contains user account information.
You need to create user account in the domain by using the import.csv file.
You also need to ensure that the new user accounts are set to use default passwords and are disabled.
What shoulld you do?

A.    Modify the userAccountControl attribute to disabled.
Run the csvde ­i ­k ­f import.csv command.
Run the DSMOD utility to set default passwords for the user accounts.
B.    Modify the userAccountControl attribute to accounts disabled.
Run the csvde -f import.csv command.
Run the DSMOD utility to set default passwords for the user accounts.
C.    Modify the userAccountControl attribute to disabled.
Run the wscript import.csv command.
Run the DSADD utility to set default passwords for the imported user accounts.
D.    Modify the userAccountControl attribute to disabled.
Run ldifde -i -f import.csv command.
Run the DSADD utility to set passwords for the imported user accounts.

Answer: A

QUESTION 170
Your company has an Active Directory forest.
The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7.
The domain uses a set of GPO administrative templates that have been approved to support regulatory compliance requirements.
Your partner company has an Active Directory forest that contains a single domain.
The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7.
You need to configure your partner company’s domain to use the approved set of administrative templates.
What should you do?

A.    Use the Group Policy Management Console (GPMC) utility to back up the GPO to a file.
In each site, import the GPO to the default domain policy.
B.    Copy the ADMX files from your company’s PDC emulator to the PolicyDefinitions folder on
the partner company’s PDC emulator.
C.    Copy the ADML files from your company’s PDC emulator to the PolicyDefinitions folder on
the partner company’s PDC emulator.
D.    Download the conf.adm, system.adm, wuau.adm, and inetres.adm files from the Microsoft
Updates Web site.
Copy the ADM files to the PolicyDefinitions folder on thr partner company’s emulator.

Answer: B
Explanation:
http://support.microsoft.com/kb/929841


Braindump2go New Published Exam Dumps: Microsoft 70-640 Practice Tests Questions, 651 Latest Questions and Answers from Official Exam Centre Guarantee You a 100% Pass! Free Download Instantly!

 

http://www.braindump2go.com/70-640.html

, , , , , ,

Comments are currently closed.