Braindump2go New Updated Exam 70-640 Questions Are the Same With The Microsoft 70-640 Actual Test (311-320)
Real Latest 70-640 Exam Questions Updated By Official Microsoft Exam Center! Braindump2go Offers 70-640 Dumps sample questions for free download now! You also can visit our website, download our premium Microsoft 70-640 Exam Real Answers, 100% Exam Pass Guaranteed!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,Microsoft 70-640 Exam Dumps,70-640 Questions and Answers,TS: Windows Server 2008 Active Directory, Configuring
QUESTION 311
Your network contains an Active Directory forest.
All client computers run Windows 7.
The network contains a high-volume enterprise certification authority (CA).
You need to minimize the amount of network bandwidth required to validate a certificate.
What should you do?
A. Configure an LDAP publishing point for the certificate revocation list (CRL).
B. Configure an Online Certification Status Protocol (OCSP) responder.
C. Modify the settings of the delta certificate revocation list (CRL).
D. Replicate the certificate revocation list (CRL) by using Distributed File System (DFS).
Answer: B
QUESTION 312
Your network contains an Active Directory domain.
You have five organizational units (OUs) named Finance, HR, Marketing, Sales, and Dev.
You link a Group Policy object named GPO1 to the domain as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that GPO1 is applied to users in the Finance, HR, Marketing, and Sales OUs. The solution must prevent GPO1 from being applied to users in the Dev OU.
What should you do?
A. Enforce GPO1.
B. Modify the security settings of the Dev OU.
C. Link GPO1 to the Finance OU.
D. Modify the security settings of the Finance OU.
Answer: C
Explanation:
The OUs that are indicated by a blue exclamation mark in the console tree have blocked inheritance. This means that GPO1 will not be applied to those OUs. For the Dev OU that’s ok, but not for the Finance OU. So we have to link GPO1 to the Finance OU.
http://technet.microsoft.com/en-us/library/cc731076.aspx
Block Inheritance
You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.
If a domain or OU is set to block inheritance, it will appear with a blue exclamation mark in the console tree.
QUESTION 313
Your network contains an Active Directory domain.
The domain contains an organizational unit (OU) named OU1.
OU1 contains all managed service accounts in the domain.
You need to prevent the managed service accounts from being deleted accidentally from OU1.
Which cmdlet should you use?
A. Set-ADUser
B. Set-ADOrganizationalUnit
C. Set-ADServiceAccount
D. Set-ADObject
Answer: D
Explanation:
You can use Set-ADOrganizationalUnit and the -ProtectedFromAccidentalDeletion $true parameter to prevent OU1 from being deleted accidentally, but you would still be able to delete the accounts inside it. Use Set-ADObject to protect the accounts.
http://technet.microsoft.com/en-us/library/hh852326.aspx
QUESTION 314
Your network contains an Active Directory domain named contoso.com.
Contoso.com contains a writable domain controller named DC1 and a read-only domain controller (RODC) named DC2.
All domain controllers run Windows Server 2008 R2.
You need to install a new writable domain controller named DC3 in a remote site.
The solution must minimize the amount of replication traffic that occurs during the installation of Active Directory Domain Services (AD DS) on DC3.
What should you do first?
A. Run dcpromo.exe /createdcaccount on DC3.
B. Run ntdsutil.exe on DC2.
C. Run dcpromo.exe /adv on DC3.
D. Run ntdsutil.exe on DC1.
Answer: D
QUESTION 315
Your network contains an Active Directory forest.
The forest contains 10 domains.
All domain controllers are configured as global catalog servers.
You remove the global catalog role from a domain controller named DC5.
You need to reclaim the hard disk space used by the global catalog on DC5.
What should you do?
A. From Active Directory Sites and Services, run the Knowledge Consistency Checker (KCC).
B. From Active Directory Sites and Services, modify the general properties of DC5.
C. From Ntdsutil, use the Semantic database analysis option.
D. From Ntdsutil, use the Files option.
Answer: D
QUESTION 316
A corporate network includes an Active Directory-integrated zone.
All DNS servers that host the zone are domain controllers.
You add multiple DNS records to the zone.
You need to ensure that the new records are available on all DNS servers as soon as possible.
Which tool should you use?
A. Ldp
B. Repadmin
C. Ntdsutil
D. Nslookup
E. Active Directory Sites And Services console
F. Active Directory Domains And Trusts console
G. Dnslint
H. Dnscmd
Answer: B
QUESTION 317
You have a DNS zone that is stored in a custom application partition.
You need to add a domain controller to the replication scope of the custom application partition. Which tool should you use?
A. DNScmd
B. DNS Manager
C. Server Manager
D. Dsmod
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc753801.aspx
QUESTION 318
Your network contains a server named Server1 that runs Windows Server 2008 R2 Standard. Server1 has the Active Directory Certificate Services (AD CS) role installed.
You configure a certificate template named Template1 for autoenrollment.
You discover that certificates are not being issued to any client computers.
The event logs on the client computers do not contain any autoenrollment errors.
You need to ensure that all of the client computers automatically receive certificates based on Template1.
What should you do?
A. Modify the Default Domain Policy Group Policy object (GPO).
B. Modify the Default Domain Controllers Policy Group Policy object (GPO).
C. Upgrade Server1 to Windows Server 2008 R2 Enterprise.
D. Restart Certificate Services on Server1.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc731522.aspx
QUESTION 319
Your network contains a server that has the Active Directory Lightweight Directory Services (AD LDS) role installed.
You need to perform an automated installation of an AD LDS instance.
Which tool should you use?
A. Dism.exe
B. Servermanagercmd.exe
C. Adaminstall.exe
D. Ocsetup.exe
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc816774.aspx
QUESTION 320
Your network contains an Active Directory domain named contoso.com.
A partner company has an Active Directory domain named nwtraders.com.
The networks for contoso.com and nwtraders.com connect to each other by using a WAN link.
You need to ensure that users in contoso.com can access resources in nwtraders.com and resources on the Internet.
What should you do first?
A. Modify the Trusted Root Certification Authorities store.
B. Modify the Intermediate Certification Authorities store.
C. Create conditional forwarders.
D. Add a root hint to the DNS server.
Answer: C
Braindump2go New Released Premium 70-640 Exam Dumps Guarantee You a 100% Exam Success Or We Promise Full Money Back! Download Microsoft 70-640 Exam Dumps Full Version From Braindump2go Instantly!