70-640 Exam
The Secret of 70 640 pdf
Act now and download your Microsoft 70 640 pdf test today! Do not waste time for the worthless Microsoft microsoft 70 640 tutorials. Download Avant-garde Microsoft TS: Windows Server 2008 Active Directory. Configuring exam with real questions and answers and begin to learn Microsoft microsoft 70 640 with a classic professional.
Q41. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 hosts a standard primary zone for contoso.com.
You discover that non-domain member computers register records in the contoso.com zone.
You need to prevent the non-domain member computers from registering records in the contoso.com zone.
All domain member computers must be allowed to register records in the contoso.com zone.
What should you do first?
A. Configure a trust anchor.
B. Run the Security Configuration Wizard (SCW).
C. Change the contoso.com zone to an Active Directory-integrated zone.
D. Modify the security settings of the %SystemRoot%\System32\Dns folder.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc772746%28v=ws.10%29.aspx Active Directory-Integrated Zones DNS servers running on domain controllers can store their zones in Active Directory. In this way, it is not necessary to configure a separate DNS replication topology that uses ordinary DNS zone transfers, because all zone data is replicated automatically by means of Active Directory replication. This simplifies the process of deploying DNS and provides the following advantages: Multiple masters are created for DNS replication. Therefore: Any domain controller in the domain running the DNS server service can write updates to the Active Directory–integrated zones for the domain name for which they are authoritative. A separate DNS zone transfer topology is not needed. Secure dynamic updates are supported. Secure dynamic updates allow an administrator to control which computers update which names, and prevent unauthorized computers from overwriting existing names in DNS
Q42. Your network contains a single Active Directory domain. The functional level of the forest is Windows Server 2008 R2.
You need to enable the Active Directory Recycle Bin.
What should you use?
A. the Dsmod tool
B. the Enable-ADOptionalFeature cmdlet
C. the Ntdsutil tool
D. the Set-ADDomainMode cmdlet
Answer: B
Explanation:
Similar question to question L/Q5. Explanation:
http://technet.microsoft.com/en-us/library/dd379481.aspx
Enabling Active Directory Recycle Bin
After the forest functional level of your environment is set to Windows Server 2008 R2, you can enable Active
Directory Recycle Bin by using the following methods: Enable-ADOptionalFeature Active Directory module cmdlet (This is the recommended method.)
Ldp.exe
Q43. You have a DNS zone that is stored in a custom application directory partition. You install a new domain controller.
You need to ensure that the custom application directory partition replicates to the new domain controller.
What should you use?
A. the Active Directory Administrative Center console
B. the Active Directory Sites and Services console
C. the DNS Manager console
D. the Dnscmd tool
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc772069.aspx
dnscmd /enlistdirectorypartition Adds the DNS server to the specified directory partition's replica set.
Q44. Your company has an Active Directory domain. The company has purchased 100 new computers. You want to deploy the computers as members of the domain.
You need to create the computer accounts in an OU.
What should you do?
A. Run the csvde -f computers.csv command
B. Run the ldifde -f computers.ldf command
C. Run the dsadd computer <computerdn> command
D. Run the dsmod computer <computerdn> command
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc754539%28v=ws.10%29.aspx Dsadd computer Syntax: dsadd computer <ComputerDN> [-samid <SAMName>] [-desc <Description>] [-loc <Location>] [-memberof <GroupDN ...>] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [{-uc | -uco | -uci}] Personal comment: you use ldifde and csvde to import and export directory objects to Active Directory http://support.microsoft.com/kb/237677 http://technet.microsoft.com/en-us/library/cc732101%28v=ws.10%29.aspx
Q45. Your company has recently acquired a new subsidiary company in Quebec. The Active Directory administrators of the subsidiary company must use the French-language version of the administrative templates.
You create a folder on the PDC emulator for the subsidiary domain in the path %systemroot%\SYSVOL\domain\Policies\PolicyDefinitions\FR.
You need to ensure that the French-language version of the templates is available.
What should you do?
A. Download the Conf.adm, System.adm, Wuau.adm, and Inetres.adm files from the Microsoft Web site. Copy the ADM files to the FR folder.
B. Copy the ADML files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.
C. Copy the Install.WIM file from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.
D. Copy the ADMX files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc772507%28v=ws.10%29.aspx admx and .adml File Structure In order to support the multilingual display of policy settings, the ADMX file structure must be broken into two types of files: A language-neutral file, .admx, describing the structure of the categories and Administrative template policy settings displayed in the Group Policy Management Console (GPMC) or Local Group Policy Editor.
A set of language-dependent files, .adml, providing the localized portions displayed in the GPMC or Local Group Policy Editor. Each .adml file represents a single language you wish to support. Language-neutral file (.admx) structure
Language resource file (.adml) structure The language resource files, .adml, provide the language specific information needed by the language neutral file. The language neutral file will then Explanation specific sections of the language resource file in order for the GPMC or Local Group Policy Editor to display a policy setting in the correct language.
Q46. Your network contains an Active Directory domain. The domain contains a group named Group1.
The minimum password length for the domain is set to six characters.
You need to ensure that the passwords for all users in Group1 are at least 10 characters long. All other users must be able to use passwords that are six characters long.
What should you do first?
A. Run the New-ADFineGrainedPasswordPolicy cmdlet.
B. Run the Add-ADFineGrainedPasswordPolicySubject cmdlet.
C. From the Default Domain Policy, modify the password policy.
D. From the Default Domain Controller Policy, modify the password policy.
Answer: A
Explanation:
First we need to create a new Active Directory fine grained password policy, using New-
ADFineGrainedPasswordPolicy.
Then we can apply the new policy to Group1, using Add-
ADFineGrainedPasswordPolicySubject.
Explanation:
http://technet.microsoft.com/en-us/library/ee617238.aspx
New-ADFineGrainedPasswordPolicy
Creates a new Active Directory fine grained password policy.
Q47. Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7.
You need to forward the logon events of all the domain controllers in contoso.com to Computer1.
All new domain controllers must be dynamically added to the subscription.
What should you do?
A. From Computer1, configure source-initiated event subscriptions. From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.
B. From Computer1, configure collector-initiated event subscriptions. From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.
C. From Computer1, configure source-initiated event subscriptions. Install a server authentication certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).
D. From Computer1, configure collector-initiated event subscriptions. Install a server authentication certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).
Answer: A
Explanation:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb870973(v=vs.85).aspx
Setting up a Source Initiated Subscription
Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer. This differs from a collector initiated subscription because in the collector initiated subscription model, the event collector must define all the event sources in the event subscription.
Q48. Your company has a main office and four branch offices. An Active Directory site exists for each office. Each site contains one domain controller. Each branch office site has a site link to the main office site.
You discover that the domain controllers in the branch offices sometimes replicate directly to each other.
You need to ensure that the domain controllers in the branch offices only replicate to the domain controller in the main office.
What should you do?
A. Modify the firewall settings for the main office site.
B. Disable the Knowledge Consistency Checker (KCC) for each branch office site.
C. Disable site link bridging.
D. Modify the security settings for the main office site.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc757117.aspx
Configuring site link bridges
By default, all site links are bridged, or transitive. This allows any two sites that are not connected by an explicit site link to communicate directly, through a chain of intermediary site links and sites. One advantage to bridging all site links is that your network is easier to maintain because you do not need to create a site link to describe every possible path between pairs of sites.
Generally, you can leave automatic site link bridging enabled. However, you might want to disable automatic site link bridging and create site link bridges manually just for specific site links, in the following cases:
You have a network routing or security policy in place that prevents every domain controller from being able to directly communicate with every other domain controller.
Q49. Your network contains a domain controller that is configured as a DNS server. The server hosts an Active Directory-integrated zone for the domain.
You need to reduce how long it takes until stale records are deleted from the zone.
What should you do?
A. From the configuration directory partition of the forest, modify the tombstone lifetime.
B. From the configuration directory partition of the forest, modify the garbage collection interval.
C. From the aging properties of the zone, modify the no-refresh interval and the refresh interval.
D. From the start of authority (SOA) record of the zone, modify the refresh interval and the expire interval.
Answer: C
Explanation:
C:\Documents and Settings\usernwz1\Desktop\1.PNG
http://technet.microsoft.com/en-us/library/cc816625%28v=ws.10%29.aspx Set Aging and Scavenging Properties for a Zone The DNS Server service supports aging and scavenging features. These features are provided as a mechanism for performing cleanup and removal of stale resource records, which can accumulate in zone data over time. You can use this procedure to set the aging and scavenging properties for a specific zone using either the DNS Manager snap-in or the dnscmd command-line tool. To set aging and scavenging properties for a zone using the Windows interface
1. Open DNS Manager. To open DNS Manager, click Start, point to Administrative Tools,
and then click DNS.
2. In the console tree, right-click the applicable zone, and then click Properties.
3. On the General tab, click Aging.
4. Select the Scavenge stale resource records check box.
5. Modify other aging and scavenging properties as needed.
To set aging and scavenging properties for a zone using a command line
1. Open a command prompt. To open an elevated Command Prompt window, click Start,
point to All
Programs, click Accessories, right-click Command Prompt, and then click Run as
administrator.
2. At the command prompt, type the following command, and then press ENTER:
dnscmd <ServerName> /Config <ZoneName> {/Aging <Value>|/RefreshInterval <Value>|/
NoRefreshInterval <Value>}
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Q50. Your company has an Active Directory domain. A user attempts to log on to the domain from a client computer and receives the following message: "This user account has expired. Ask your administrator to reactivate the account."
You need to ensure that the user is able to log on to the domain.
What should you do?
A. Modify the properties of the user account to set the account to never expire.
B. Modify the properties of the user account to extend the Logon Hours setting.
C. Modify the default domain policy to decrease the account lockout duration.
D. Modify the properties of the user account to set the password to never expire.
Answer: A
Explanation:
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Further information: http://technet.microsoft.com/en-us/library/dd145547.aspx User Properties - Account Tab Account expires Sets the account expiration policy for this user. You can select between the following options: Use Never to specify that the selected account will never expire. This option is the default for new users. Select End of and then select a date if you want to have the user's account expire on a specified date.