What are the new 70-640 exam questions? And Where to download the latest 70-640 exam dumps? Now, PassLeader have been publised the new version of 70-640 braindumps with new added 70-640 exam questions. PassLeader offer the latest 70-640 PDF and VCE dumps with New Version VCE Player for free download, and PassLeader’s new 651q 70-640 practice tests ensure your exam 100 percent pass. Visit www.passleader.com to get the 100 percent pass ensure 651q 70-640 exam questions!
keywords: 70-640 exam,651q 70-640 exam dumps,651q 70-640 exam questions,70-640 pdf dumps,70-640 practice test,70-640 vce dumps,70-640 study guide,70-640 braindumps,TS: Windows Server 2008 Active Directory, Configuring Exam
Your company has two Active Directory forests named contoso.com and fabrikam.com. Both forests run only domain controllers that run Windows Server 2008. The domain functional level of contoso.com is Windows Server 2008. The domain functional level of fabrikam.com is Windows Server 2003 Native mode. You configure an external trust between contoso.com and fabrikam.com. You need to enable the Kerberos AES encryption option. What should you do?
A. Raise the forest functional level of fabrikam.com to Windows Server 2008.
B. Raise the domain functional level of fabrikam.com to Windows Server 2008.
C. Raise the forest functional level of contoso.com to Windows Server 2008.
D. Create a new forest trust and enable forest-wide authentication.
All consultants belong to a global group named TempWorkers. You place three file servers in a new organizational unit named SecureServers. The three file servers contain confidential data located in shared folders. You need to record any failed attempts made by the consultants to access the confidential data. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create and link a new GPO to the SecureServers organizational unit. Configure the Deny access to this computer from the network user rights setting for the TempWorkers global group.
B. Create and link a new GPO to the SecureServers organizational unit. Configure the Audit privilege use Failure audit policy setting.
C. Create and link a new GPO to the SecureServers organizational unit. Configure the Audit object access Failure audit policy setting.
D. On each shared folder on the three file servers, add the three servers to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.
E. On each shared folder on the three file servers, add the TempWorkers global group to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.
You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an Enterprise Root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server2 to issue certificate revocation lists (CRLs) for the enterprise root CA. Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Import the enterprise root CA certificate.
B. Import the OCSP Response Signing certificate.
C. Add the Server1 computer account to the CertPublishers group.
D. Set the Startup Type of the Certificate Propagation service to Automatic.
Your company has an Active Directory forest. The forest includes organizational units corresponding to the following four locations:
– New York
Each location has a child organizational unit named Sales. The Sales organizational unit contains all the users and computers from the sales department. The offices in London, Chicago, and New York are connected by T1 connections. The office in Madrid is connected by a 256-Kbps ISDN connection. You need to install an application on all the computers in the sales department. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create a Group Policy Object (GPO) named OfficeInstall that assigns the application to users. Link the GPO to each Sales organizational unit.
B. Disable the slow link detection setting in the Group Policy Object (GPO).
C. Configure the slow link detection threshold setting to 1,544 Kbps (T1) in the Group Policy Object (GPO).
D. Create a Group Policy Object (GPO) named OfficeInstall that assigns the application to the computers. Link the GPO to each Sales organizational unit.
Your company has a domain controller server that runs the Windows Server 2008 R2 operating system. The server is a backup server. The server has a single 500-GB hard disk that has three partitions for the operating system, applications, and data. You perform daily backups of the server. The hard disk fails. You replace the hard disk with a new hard disk of the same capacity. You restart the computer on the installation media. You select the Repair your computer option. You need to restore the operating system and all files. What should you do?
A. Select the System Image Recovery option.
B. Run the Imagex utility at the command prompt.
C. Run the Wbadmin utility at the command prompt.
D. Run the Rollback utility at the command prompt.
You need to remove the Active Directory Domain Services role from a domain controller named DC1. What should you do?
A. Run the netdom remove DC1 command.
B. Run the Dcpromo utility. Remove the Active Directory Domain Services role.
C. Run the nltest /remove_server: DC1 command.
D. Reset the Domain Controller computer account by using the Active Directory Users and Computers utility.
Your company has an Active Directory forest. The company has branch offices in three locations. Each location has an organizational unit. You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Run the Delegation of Control wizard and delegate the right to link GPOs for their branch organizational units to the branch office administrators.
B. Add the user accounts of the branch office administrators to the Group Policy Creator Owners Group.
C. Modify the Managed By tab in each organizational unit to add the branch office administrators to their respective organizational units.
D. Run the Delegation of Control wizard and delegate the right to link GPOs for the domain to the branch office administrators.
One of the remote branch offices is running a Windows Server 2008 read only domain controller (RODC). For security reasons you don’t want some critical credentials like (passwords, encryption keys) to be stored on RODC. What should you do so that these credentials are not replicated to any RODC’s in the forest? (Select 2)
A. Configure RODC filtered attribute set on the server.
B. Configure RODC filtered set on the server that holds Schema Operations Master role.
C. Delegate local administrative permissions for an RODC to any domain user without granting that user any user rights for the domain.
D. Configure forest functional level server for Windows server 2008 to configure filtered attribute set.
E. None of the above.
Company has a server with Active Directory Rights Management Services (AD RMS) server installed. Users have computers with Windows Vista installed on them with an Active Directory domain installed at Windows Server 2003 functional level. As an administrator at Company, you discover that the users are unable to benefit from AD RMS to protect their documents. You need to configure AD RMS to enable users to use it and protect their documents. What should you do to achieve this functionality?
A. Configure an email account in Active Directory Domain Services (AD DS) for each user.
B. Add and configure ADRMSADMIN account in local administrators group on the user computers.
C. Add and configure the ADRMSSRVC account in AD RMS server’s local administrator group.
D. Reinstall the Active Directory domain on user computers.
E. All of the above.
Company has an active directory forest on a single domain. Company needs a distributed application that employs a custom application. The application is directory partition software named PARDAT. You need to implement this application for data replication. Which two tools should you use to achieve this task? (Choose two answers. Each answer is a part of a complete solution)
E. All of the above
Company has an Active Directory forest with six domains. The company has 5 sites. The company requires a new distributed application that uses a custom application directory partition named ResData for data replication. The application is installed on one member server in five sites. You need to configure the five member servers to receive the ResData application directory partition for data replication. What should you do?
A. Run the Dcpromo utility on the five member servers.
B. Run the Regsvr32 command on the five member servers
C. Run the Webadmin command on the five member servers
D. Run the RacAgent utility on the five member servers
As an administrator at Company, you have installed an Active Directory forest that has a single domain. You have installed an Active Directory Federation services (AD FS) on the domain member server. What should you do to configure AD FS to make sure that AD FS token contains information from the active directory domain?
A. Add a new account store and configure it.
B. Add a new resource partner and configure it
C. Add a new resource store and configure it
D. Add a new administrator account on AD FS and configure it
E. None of the above
Company runs Window Server 2008 on all of its servers. It has a single Active Directory domain and it uses Enterprise Certificate Authority. The security policy at ABC.com makes it necessary to examine revoked certificate information. You need to make sure that the revoked certificate information is available at all times. What should you do to achieve that?
A. Add and configure a new GPO (Group Policy Object) that enables users to accept peer certificates and link the GPO to the domain.
B. Configure and use a GPO to publish a list of trusted certificate authorities to the domain.
C. Configure and publish an OCSP (Online certificate status protocol) responder through ISAS (Internet Security and Acceleration Server) array.
D. Use network load balancing and publish an OCSP responder.
E. None of the above.
As the Company administrator you had installed a read-only domain controller (RODC) server at remote location. The remote location doesn’t provide enough physical security for the server. What should you do to allow administrative accounts to replicate authentication information to Read-Only Domain Controllers?
A. Remove any administrative accounts from RODC’s group.
B. Add administrative accounts to the domain Allowed RODC Password Replication group.
C. Set the Deny on Receive as permission for administrative accounts on the RODC computer account Security tab for the Group Policy Object (GPO).
D. Configure a new Group Policy Object (GPO) with the Account Lockout settings enabled. Link the GPO to the remote location. Activate the Read Allow and the Apply group policy Allow permissions for the administrators on the Security tab for the GPO.
E. None of the above.
ABC.com boasts a two-node Network Load Balancing cluster which is called web.L2P.com. The purpose of this cluster is to provide load balancing and high availability of the intranet website only. With monitoring the cluster, you discover that the users can view the Network Load Balancing cluster in their Network Neighborhood and they can use it to connect to various services by using the name web.L2P.com. You also discover that there is only one port rule configured for Network Load Balancing cluster. You have to configure web.L2P.com NLB cluster to accept HTTP traffic only. Which two actions should you perform to achieve this objective? (Choose two answers. Each answer is part of the complete solution)
A. Create a new rule for TCP port 80 by using the Network Load Balancing Cluster console
B. Run the wlbs disable command on the cluster nodes
C. Assign a unique port rule for NLB cluster by using the NLB Cluster console
D. Delete the default port rules through Network Load Balancing Cluster console