Instant Download 70-640 PDF Files! New Updated 651 Exam Questions and Answers help 100% Exam Pass! 70-640 Certification Get Quickly!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,70-640 VCE,70-640 Braindump,70-640 TS: Windows Server 2008 Active Directory, Configuring
QUESTION 591
Your network contains an Active Directory domain named adatum.com.
The domain contains an enterprise certification authority (CA).
When submitting a request for a certificate based on the EnrollmentAgent template, you receive the error message shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can enroll for the certificate successfully.
What should you modify?
A. the Security settings of the issuing CA
B. the Cryptography settings of the certificate template
C. the Security settings of the certificate template
D. the Enrollment Agents settings of the issuing CA
Answer: B
QUESTION 592
Your network contains an Active Directory domain named contoso.com.
The domain contains an enterprise certification authority (CA).
You plan to deploy certificates to all of the domain users.
The certificates will be based on a custom Smartcard Logon template.
You need to recommend a solution to ensure that the users can log on to the domain by using smart cards.
What should you include in the recommendation?
A. From Certificate Templates, set the minimum certificate key size to 512.
B. From Active Directory Users and Computers, select Use Kerberos DES encryption types for
this account.
C. From Certificate Templates, include the user principal name (UPN) in the subject alternate
name (SAN) of the template.
D. From Active Directory Users and Computers, configure Published Certificates for user
accounts.
Answer: C
Explanation:
Request a smart card certificate from the third-party CA.
Enroll for a certificate from the third-party CA that meets the stated requirements.
The method for enrollment varies by the CA vendor.
The smart card certificate has specific format requirements:
– Subject Alternative Name = Other Name: Principal Name= (UPN).
For example:
UPN = [email protected]
The UPN OtherName OID is : “1.3.6.1.4.1.311.20.2.3”
The UPN OtherName value: Must be ASN1-encoded UTF8 string
– Subject = Distinguished name of user.
– The CRL Distribution Point (CDP) location (where CRL is the Certification Revocation List) must be populated, online, and available.
– Key Usage = Digital Signature
– Basic Constraints [Subject Type=End Entity, Path Length Constraint=None] (Optional)
– Enhanced Key Usage
QUESTION 593
Hotspot Question
Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and fabrikam.com.
The relevant domain controllers are configured as shown in the following table.
You need to configure the zone storage settings for each zone.
The solution must meet the following requirements:
– The contoso.com zone must be replicated to all of the domain controllers in the domain.
– The fabrikam.com zone must be replicated to all of the domain controllers in the forest that have the DNS Server server role installed.
In the table below, identify in which partition each zone must be stored. Make only one selection in each column. Each correct selection is worth one point.
Answer:
QUESTION 594
Your network contains an Active Directory forest named fabrikam.com.
You perform a test installation of an enterprise certification authority (CA).
After the installation, you discover that the Issuer Statement option on every certificate issued by the CA is unavailable.
You need to ensure that the Issuer Statement option is available when you install the enterprise CA to the production environment.
What should you do?
A. Before you install the enterprise CA, install the Certification Authority Web Enrollment role
service.
B. After you install the enterprise CA, modify the Authority Information Access (AIA) extension
settings.
C. During the installation of the enterprise CA, click the Allow administrator interaction when the
private key is accessedby the CA cryptographic option.
D. Before you install the enterprise CA, create a custom CAPolicy.inf file and place the file in the
Windows directory.
Answer: D
QUESTION 595
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The network contains 10 subnets.
You install a Web server on three different subnets.
Each Web server hosts a web application accessed by using an FQDN of webl.contoso.com.
For webl.contoso.com, you create three host (A) records that each points to one of the Web servers.
You need to configure the DNS settings to meet the following requirements:
– Users who access webl.contoso.com from a subnet that contains one of the Web servers must connect to the server on their local subnet.
– When users connect from a subnet that does not contain a Web server hosting the web application, the connections must be balanced between the three Web servers.
Which two settings should you modify? (To answer, select the two appropriate settings in the answer area.)
Answer:
QUESTION 596
Your company, Contoso, Ltd., has a main office and a branch office.
The offices are connected by a WAN link.
Contoso has an Active Directory forest that contains a single domain named ad.contoso.com.
The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office.
DC1 is configured as a DNS server for the ad.contoso.com DNS zone.
This zone is configured as a standard primary zone.
You install a new domain controller named DC2 in the branch office.
You install DNS on DC2.
You need to ensure that DC2 can resolve DNS queries for ad.contoso.com in the event that a WAN link fails.
The solution must prevent DC2 from updating records in ad.contoso.com.
What should you do?
A. Configure the DNS server on DC2 to forward requests to DC1.
B. Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.
C. Create a new secondary zone named ad.contoso.com on DC2.
D. Create a new stub zone named ad.contoso.com on DC2.
Answer: B
QUESTION 597
Hotspot Question
Your network contains an Active Directory domain named contoso.com.
The domain contains two domain controllers named Serverl and Server2.
DNS Manager on Server2 is shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.
Answer:
QUESTION 598
Your company has three Active Directory domains in a single forest.
You install a new Active Directory enabled application.
The application ads new user attributes to the Active Directory schema.
You discover that the Active Directory replication traffic to the Global Catalogs has increased. You need to prevent the new attributes from being replicated to the Global Catalog.
You must achieve this goal without affecting application functionality.
What should you do?
A. Change the replication interval for the DEFAULTIPSITELINK object to 9990.
B. Change the cost for the DEFAULTIPSITELINK object to 9990.
C. Make the new attributes in the Active Directory as defunct.
D. Modify the properties in the Active Directory schema for the new attributes.
Answer: D
Explanation:
http://support.microsoft.com/kb/248717
QUESTION 599
You are decommissioning one of the domain controllers in a child domain.
You need to transfer all domain operations master roles within the child domain to a newly installed domain controller in the same child domain.
Which three domain operations master roles should you transfer? (Each correct answer presents part of the solution. Choose three.)
A. RID master
B. PDC emulator
C. Schema master
D. Infrastructure master
E. Domain naming master
Answer: ABD
Explanation:
http://technet.microsoft.com/en-us/library/cc781578%28v=ws.10%29.aspx
Transferring operations master roles
Transferring an operations master role means moving it from one domain controller to another with the cooperation of the original role holder. Depending upon the operations master role to be transferred, you perform the role transfer using one of the three Active Directory consoles in Microsoft Management Console (MMC).
QUESTION 600
Your network contains an Active Directory forest.
The forest contains a single domain.
You want to provide users from a domain that is located in another forest access to resources in your domain.
You need to configure a trust between the domain in your forest and the domain in the other forest.
What should you create?
A. an incoming realm trust
B. an incoming external trust
C. an outgoing external trust
D. an outgoing realm trust
Answer: C
Braindump2go Offers 100% money back guarantee on all products! Our products remain valid for a lifetime! Recently we update our 70-640 Exam Questions since the Microsoft Official Exam Center adds some new questions in 70-640 Exam Dumps. Braindump2go checks all Exam Dumps every day and guarantee all the exam questions are the latest and correct!