Instant Download 70-640 PDF Files! New Updated 651 Exam Questions and Answers help 100% Exam Pass! 70-640 Certification Get Quickly!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,70-640 VCE,70-640 Braindump,70-640 TS: Windows Server 2008 Active Directory, Configuring
QUESTION 531
Your network consists of an Active Directory forest that contains one domain named contoso.com.
All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
You have two Active Directory-integrated zones: contoso.com and nwtraders.com.
You need to ensure a user is able to modify records in the nwtraders.com zone.
The solution must prevent the user from modifying the SOA record in the contoso.com zone.
What should you do?
A. From the DNS Manager console, modify the permissions of the nwtraders.com zone.
B. From the DNS Manager console, modify the permissions of the contoso.com zone.
C. From the Active Directory Users and Computers console, run the Delegation of Control
Wizard.
D. From the Active Directory Users and Computers console, modify the permissions of the
Domain Controllers organizational unit (OU).
Answer: A
QUESTION 532
Your network contains 50 domain controllers that runs Windows Server 2008 R2.
You need to create a script that resets the Directory Services Restore Mode (DSRM) password on all of the domain controllers.
The solution must NOT maintain passwords in the script.
Which two tools should you use? (Each correct answer presents part of the solution. Choose two.)
A. Active Directory Users and Computers
B. Ntdsutil
C. Dsamain
D. Local Users and Groups
Answer: BD
Explanation:
B: You can also NTDSUTIL command tool to reset DSRM password. In an elevated CMD prompt where you have logged on as a Domain Admin, run: NTDSUTIL SET DSRM PASSWORD SYNC FROM DOMAIN ACCOUNT <your user here> Q Q
D (not A): There comes a day in nearly every administrator’s life where they will need to boot a domain controller into DS Restore Mode.
Whether it’s to perform an authoritative restore or fix database issues, you will need the local administrator password.
QUESTION 533
Your network contains an Active Directory domain.
The domain contains four domain controllers.
You modify the Active Directory schema.
You need to verify that all the domain controllers received the schema modification.
Which command should you run?
A. netdom.exe query fsmo
B. repadmin.exe /showrepl *
C. dcdiag.exe /e /test:Topology
D. dcdiag.exe /a
Answer: C
QUESTION 534
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1.
You install Active Directory Lightweight Directory Services (AD LDS) on a member server named Server2.
On Server2, you create a directory partition named fabrikam.com.
You need to configure the MS-AdamSyncConfig.xml file to synchronize data from contoso.com to fabrikam.com.
What should you do? (To answer, select the appropriate options in the answer area.)
Answer:
QUESTION 535
Your network contains an Active Directory domain named contoso.com.
The domain has a branch site that contains a read-only domain controller (RODC) named R0DC1.
A user named User1 is a member of the Allowed RODC Password Replication Group.
User1 frequently logs on to a computer in the branchsite.
You remove User1 from the Allowed RODC Password Replication Group.
You need to ensure that the password of User1 is no longer cached on RODC1.
What should you do?
A. Add User1 to the Denied RODC Password Replication Group, and then force Active Directory
replication.
B. Run repadmin /rodcpwdrepl rodc2.contoso.com dc.contoso.com cn = User1,cn-users,dc =
contoso,dccom.
C. Run repadmin /prp delete rodcl.contoso.com allow cn = User1, cn = users, dc = contoso,
dc = com.
D. Reset the password of User1, and then force Active Directory replication.
Answer: D
QUESTION 536
Your network contains an Active Directory forest.
The forest contains a single domain named contoso.com.
The domain contains domain controllers that run either Windows Server 2003 or Windows Server 2008 R2.
The functional level of the domain and the forest is Windows Server 2003.
You need to add a read-only domain controller (RODC) to the forest.
What should you do first?
A. Upgrade the domain controllers that run Windows Server 2003.
B. Raise the domain functional level.
C. Run the adprep command.
D. Raise the forest functional level.
Answer: C
QUESTION 537
Your company has two offices.
The offices are located in Miami and London.
The network contains an Active Directory forest named contoso.com.
The forest contains two child domains named miami.contoso.com and london.contoso.com.
Each domain contains 50 domain controllers that run Windows Server 2008 R2.
Each office is configured as an Active Directory site.
The office in London recently hired several thousand new employees.
You need to move 10 domain controllers from miami.contoso.com to london.contoso.com.
What should you do?
A. Run the dsadd.exe command
B. Run the nltest.exe command.
C. Run the Set-AdDomain cmdlet.
D. Run the dsmove.exe command.
E. Run the dcpromo.exe command.
F. Run the Move-AdDirectoryServer cmdlet.
G. Use the Active Directory Schema snap-in.
H. Use the Active Directory Users and Computers console.
Answer: E
QUESTION 538
Your network contains an Active Directory forest named contoso.com.
The forest contains a single domain.
The domain contains 50 domain controllers that run Windows Server 2008 R2.
The domain contains a group named Computer_Location.
You plan to create 1,000 computer accounts in the domain in several organizational units (OUs). You need to ensure that the members of the Computer_Location group can modify the description of each computer account as soon as the account is created.
The solution must use permissions that are applied explicitly to the new computer accounts.
What should you do?
A. Run the dsadd.exe command
B. Run the nltest.exe command.
C. Run the Set-AdDomain cmdlet.
D. Run the dsmove.exe command.
E. Run the dcpromo.exe command.
F. Run the Move-AdDirectoryServer cmdlet.
G. Use the Active Directory Schema snap-in.
H. Use the Active Directory Users and Computers console.
Answer: G
QUESTION 539
Your company has two offices.
The offices are located in Miami and London.
The network contains an Active Directory forest named contoso.com.
The forest contains two child domains named miami.contoso.com and london.contoso.com.
The domain contains 50 domain controllers that run Windows Server 2008 R2.
Each office is configured as an Active Directory site.
The forest contains a custom attribute named SecurityAccessCode.
You recently configured a domain controller named DC22 as a global catalog server.
You need to verify that SecurityAccessCode is configured to replicate to DC22.
What should you do?
A. Run the dsadd.exe command
B. Run the nltest.exe command.
C. Run the Set-AdDomain cmdlet.
D. Run the dsmove.exe command.
E. Run the dcpromo.exe command.
F. Run the Move-AdDirectoryServer cmdlet.
G. Use the Active Directory Schema snap-in.
H. Use the Active Directory Users and Computers console.
Answer: G
QUESTION 540
Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1.
DC1 hosts an Active Directory-integrated zone for contoso.com.
The research department maintains its own DNS servers and hosts a zone named research.contoso.com on a UNIXbased server named Server1.
The perimeter network contains a DNS server named Server2.
Server2 is a standalone server that runs Windows Server 2008 R2.
You need to configure the DNS settings of Server2 to meet the following requirements:
– Server2 must maintain a copy of all the records in research.contoso.com.
– DC1 must query Server2 to resolve the names of Internet hosts.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create a secondary zone.
B. Create a conditional forwarder.
C. Create a stub zone.
D. Create a primary zone.
E. Create a Forwarder.
Answer: AE
Explanation:
A: When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone. This DNS server must have network access to the remote DNS server that supplies this server with updated information about the zone. Because a secondary zone is merely a copy of a primary zone that is hosted on another server, it cannot be stored in AD DS.
E: * A forwarder is a Domain Name System (DNS) server on a network that is used to forward DNS queries for external DNS names to DNS servers outside that network.
Incorrect:
Not B: You can configure your server to forward queries according to specific domain names using conditional forwarders.
Braindump2go Offers 100% money back guarantee on all products! Our products remain valid for a lifetime! Recently we update our 70-640 Exam Questions since the Microsoft Official Exam Center adds some new questions in 70-640 Exam Dumps. Braindump2go checks all Exam Dumps every day and guarantee all the exam questions are the latest and correct!