70-640 Exam
Top Microsoft 70-640 testing bible Choices
Breathing of 70-640 download materials and braindump for Microsoft certification for IT learners, Real Success Guaranteed with Updated 70-640 pdf dumps vce Materials. 100% PASS TS: Windows Server 2008 Active Directory. Configuring exam Today!
Q51. Exhibit:
Company servers run Windows Server 2008. It has a single Active Directory domain. A server called S4 has file services role installed. You install some disk for additional storage. The disks are configured as shown in the exhibit.
To support data stripping with parity, you have to create a new drive volume.
What should you do to achieve this objective?
A. Build a new spanned volume by combining Disk0 and Disk1
B. Create a new Raid-5 volume by adding another disk.
C. Create a new virtual volume by combining Disk 1 and Disk 2
D. Build a new striped volume by combining Disk0 and Disk 2
Answer: B
Explanation:
https://sort.symantec.com/public/documents/sf/5.0/solaris/html/vxvm_admin/ag_ch_intro_v m17.html
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Q52. Your company has an Active Directory domain named contoso.com. FS1 is a member server in contoso.com.
You add a second network interface card, NIC2, to FS1 and connect NIC2 to a subnet that contains computers in a DNS domain named fabrikam.com. Fabrikam.com has a DHCP server and a DNS server.
Users in fabrikam.com are unable to resolve FS1 by using DNS.
You need to ensure that FS1 has an A record in the fabrikam.com DNS zone.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Configure the DHCP server in fabrikam.com with the scope option 044 WINS/NBNS Servers.
B. Configure the DHCP server in fabrikam.com by setting the scope option 015 DNS Domain Name to the domain name fabrikam.com.
C. Configure NIC2 by configuring the Append these DNS suffixes (in order): option.
D. Configure NIC2 by configuring the Use this connection's DNS suffix in DNS registration option.
E. Configure the DHCP server in contoso.com by setting the scope option 015 DNS Domain Name to the domain name fabrikam.com.
Answer: B,D
Q53. Your network contains an Active Directory domain. The domain contains several domain controllers.All domain controllers run Windows Server 2008 R2.
You need to restore the Default Domain Controllers Policy Group Policy object (GPO) to the Windows Server 2008 R2 default settings.
What should you do?
A. Run dcgpofix.exe /target:dc.
B. Run dcgpofix.exe /target:domain.
C. Delete the link for the Default Domain Controllers Policy, and then run gpupdate.exe /sync.
D. Delete the link for the Default Domain Controllers Policy, and then run gpupdate.exe /force.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/hh875588.aspx
Dcgpofix Recreates the default Group Policy Objects (GPOs) for a domain.
Syntax
DCGPOFix [/ignoreschema] [/target: {Domain | DC | Both}] [/?]
/ignoreschema Ignores the version of the Active Directory. schema when you run this command. Otherwise, the command only works on the same schema version as the Windows version in which the command was shipped.
/target {Domain | DC | Both} Specifies which GPO to restore. You can restore the Default Domain Policy GPO, the Default Domain Controllers GPO, or both.
Examples
Restore the Default Domain Controllers Policy GPO to its original state. You will lose any changes that you have made to this GPO. dcgpofix /ignoreschema /target:DC
Q54. Your network contains a single Active Directory domain. The domain contains five read-only domain controllers (RODCs) and five writable domain controllers. All servers run Windows Server 2008.
You plan to install a new read-only domain controllerRODC that runs Windows Server 2008 R2.
You need to ensure that you can add the new RODC to the domain.You want to achieve this goal by using the minimum amount of administrative effort.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. At the command prompt, run adprep.exe /rodcprep.
B. At the command prompt, run adprep.exe /forestprep.
C. At the command prompt, run adprep.exe /domainprep.
D. From Active Directory Domains and Trusts, raise the functional level of the domain.
E. From Active Directory Users and Computers, pre-stage the RODC computer account.
Answer: B,C
Q55. You want users to log on to Active Directory by using a new Principal Name (UPN).
You need to modify the UPN suffix for all user accounts.
Which tool should you use?
A. Dsmod
B. Netdom
C. Redirusr
D. Active Directory Domains and Trusts
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc732954%28v=ws.10%29.aspx
Dsmod user dsmod user -upn <UPN>
Specifies the user principal names (UPNs) of the users that you want to modify, for
example,
Linda@widgets.contoso.com.
Q56. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. The Active Directory Federation Services (AD FS) role is installed on Server1. Contoso.com is defined as an account store.
A partner company has a Web-based application that uses AD FS authentication. The partner company plans to provide users from contoso.com access to the Web application.
You need to configure AD FS on contoso.com to allow contoso.com users to be authenticated by the partner company.
What should you create on Server1?
A. a new application
B. a resource partner
C. an account partner
D. an organization claim
Answer: D
Explanation:
Since the account store has already been configured, what needs to be done is to use the account store to map an AD DS global security group to an organization claim (called group claim extraction). So that's what we need to create for authentication: an organization claim.
Creating a resource/account partner is part of setting up the Federation Trust.
Explanation 1: http://technet.microsoft.com/en-us/library/dd378957.aspx
Configuring the Federation Servers [All the steps for setting up an AD FS environment are listed in an extensive step-by-step guide, too long to post here.]
Explanation 2: http://technet.microsoft.com/en-us/library/cc732147.aspx
Add an AD DS Account Store If user and computer accounts that require access to a resource that is protected by Active Directory Federation Services (AD FS) are stored in Active Directory Domain Services (AD DS), you must add AD DS as anaccount storeon a federation server in the Federation Service that authenticates the accounts.
Explanation 3: http://technet.microsoft.com/en-us/library/cc731719.aspx
Map an Organization Group Claim to an AD DS Group (Group Claim Extraction) When you use Active Directory Domain Services (AD DS) as the Active Directory Federation Services (AD FS)account storefor an account Federation Service, you mapan organization group claimto a security group in AD DS. This mapping is called a group claim extraction.
Q57. HOTSPOT
Your network contains an Active Directory forest named contoso.com. The forest contains two Active Directory sites named Seattle and Montreal. The Montreal site is a branch office that contains only a single read-only domain controller (RODC).
You accidentally delete the site link between the two sites.
You recreate the site link while you are connected to a domain controller in Seattle.
You need to replicate the change to the RODC in Montreal.
Which node in Active Directory Sites and Services should you use?To answer, select the
appropriate node in the answer area.
Answer:
Q58. Your company has an Active Directory domain. All servers run Windows Server 2008 R2.
Your company uses an Enterprise Root certificate authority (CA).
You need to ensure that revoked certificate information is highly available.
What should you do?
A. Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.
B. Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).
C. Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
D. Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.
Answer: C
Explanation:
Answer: Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
http://technet.microsoft.com/en-us/library/cc731027%28v=ws.10%29.aspx AD CS: Online Certificate Status Protocol Support Certificate revocation is a necessary part of the process of managing certificates issued by certification authorities (CAs). The most common means of communicating certificate status is by distributing certificate revocation lists (CRLs). In the Windows Server. 2008 operating system, public key infrastructures (PKIs) where the use of conventional CRLs is not an optimal solution, an Online Responder based on the Online Certificate Status Protocol (OCSP) can be used to manage and distribute revocation status information. What does OCSP support do? The use of Online Responders that distribute OCSP responses, along with the use of CRLs, is one of two common methods for conveying information about the validity of certificates. Unlike CRLs, which are distributed periodically and contain information about all certificates that have been revoked or suspended, an Online Responder receives and responds only to requests from clients for information about the status of a single certificate. The amount of data retrieved per request remains constant no matter how many revoked certificates there might be. In many circumstances, Online Responders can process certificate status requests more efficiently than by using CRLs.
Adding one or more Online Responders can significantly enhance the flexibility and scalability of an organization's PKI.
Further information: http://blogs.technet.com/b/askds/archive/2009/08/20/implementing-an-ocsp-responder-part-v-highavailability.aspx Implementing an OCSP Responder: Part V High Availability There are two major pieces in implementing the High Availability Configuration. The first step is to add the OCSP Responders to what is called an Array. When OCSP Responders are configured in an Array, the configuration of the OCSP responders can be easily maintained, so that all Responders in the Array have the same configuration. The configuration of the Array Controller is used as the baseline configuration that is then applied to other members of the Array. The second piece is to load balance the OCSP Responders. Load balancing of the OCSP responders is what actually provides fault tolerance.
Q59. Your network contains an Active Directory domain. The domain contains 1,000 user accounts.
You have a list that contains the mobile phone number of each user. You need to add the mobile number of each user to Active Directory.
What should you do?
A. Create a file that contains the mobile phone numbers, and then run ldifde.exe.
B. Create a file that contains the mobile phone numbers, and then run csvde.exe.
C. From Adsiedit, select the CN=Users container, and then modify the properties of the container.
D. From Active Directory Users and Computers, select all of the users, and then modify the properties of the users.
Answer: A
Explanation:
CSVDE can only import and export data from AD DS.
http://technet.microsoft.com/en-us/library/cc732101.aspx Explanation: http://technet.microsoft.com/en-us/library/cc731033.aspx Ldifde Creates, modifies, and deletes directory objects.
Q60. Your network contains an Active Directory forest.
You need to add a new user principal name (UPN) suffix to the forest.
Which tool should you use?
A. Active Directory Administrative Center
B. Active Directory Domains and Trusts
C. Active Directory Sites and Services
D. Active Directory Users and Computers
Answer: B
Explanation:
http://www.kassapoglou.com/windows-server-2008-lesson-23-video-creating-a-user/
Demonstration adding a UPN Suffix
To add or modify a UPN suffix for your forest, open Active Directory Domains and Trusts from the start menu. Right click Active Directory Domains and Trusts at the top and open the properties. From here you can add and remove additional domain UPN suffixes for the forest.