70 640b

Contents
Topic 1, Exam Set 1 ( 46 Questions) 3

Topic 2, Exam Set 2 (50 Questions) 37
Total number of questions = 96
Leading the way in IT testing and certification tools, www.Company.com

-3-
Topic 1, Exam Set 1 ( 46 Questions)
QUESTION NO: 1
You work as the network administrator at Company.com . The Company.com network has
a domain named Company.com . All servers on the Company.com network run Windows
Server 2008.
Only one Active-Directory integrated zone has been configured in the Company.com
domain. Company.com has requested that you configure DNS zone to automatically
remove DNS records that are outdated.
What action should you consider?
A. You should consider running the netsh /Reset DNS command from the Command
prompt.
B. You should consider enabling Scavenging in the DNS zone properties page.
C. You should consider reducing the TTL of the SOA record in the DNS zone properties
page.
D. You should consider disabling updates in the DNS zone properties page.
Answer: B
Explanation: In the scenario you should enable scavenging through the zone
properties because scavenging removes the outdated DNS records from the DNS
zone automatically. You should additionally note that patience would be required
when enabling scavenging as there are some safety valves built into scavenging
which takes long to pop.
Reference:
http://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845-88d2-4091-8088-a6bbce0a4304&ID=211
QUESTION NO: 2
Server 2008.
The Company.com network has a server named TESTKING-SR15. You install the Active
Directory Lightweight Directory Services (AD LDS) on TESTKING-SR15.

-4-
Which of the following options can be used for the creation of new Organizational Units
(OU's) in the application directory partition of the AD LDS?
A. You should run the net start command on TESTKING-SR15.

B. You should open the ADSI Edit Microsoft Management Console on
TESTKING-SR15.
C. You should run the repadmin /dsaguid command on TESTKING-SR15.
D. You should open the Active Directory Users and Computers Console on
TESTKING-SR15.
Answer: B
Explanation: You need to use the ADSI Edit snap-in to create new OUs in the AD
LDS application directory partition. You also need to add the snap-in in the
Microsoft Management Console (MMC).
QUESTION NO: 3
Server 2008.
The Company.com network has two domain controllers TESTKING-DC01 and

TESTKING-DC02. TESTKING-DC01 suffers a catastrophic failure but it is causing
problems because it was configured to have Schema Master Operations role. You log on
to the Company.com domain as a domain administrator but your attempts to transfer the
Schema Master Operations role to TESTKING-DC02 are unsuccessful.
What action should you take to transfer the Schema Master Operations role to
TESTKING-DC02?
A. Your best option would be to have the dcpromo /adv command executed on
TESTKING-DC02.
B. Your best option would be to have the Schema Master role seized to
TESTKING-DC02.
C. Your best option would be to have Schmmgmt.dll registered on TESTKING-DC02.
D. Your best option would be to add your user account to the Schema Administrators
group.
Answer: B

-5-
Explanation: To ensure that TESTKING-DC02 holds the Schema Master role you
need to seize the Schema Master role on TESTKING-DC02. Seizing the schema
master role is a drastic step that should be considered only if the current operations
master will never be available again. So to transfer the schema master operations
role, you have to seize it on TESTKING-DC02.
Reference:
http://technet2.microsoft.com/windowsserver/en/library/d4301a14-dd18-4b3c-a3cc-ec9a773f7ffb1033.mspx?mfr
QUESTION NO: 4
a single forest. The forest functional level is set at Windows Server 2008.
The Company.com network has a Microsoft SQL Server 2005 database server named
TESTKING-DB04 that hosts the Active Directory Rights Management Service (AD
RMS).
You try to access the Active Directory Rights Management Services administration
website but received an error message stating:
"SQL Server does not exist or access is denied."
How can you access the AD RMS administration website?
A. You need to restart the Internet Information Server (IIS) service and the MSSQLSVC
service on TESTKING-DB04.
B. You need to install the Active Directory Lightweight Directory Services (AD LDS) on
TESTKING-DB04.
C. You need to reinstall the AD RMS instance on TESTKING-DB04.
D. You need to reinstall the SQL Server 2005 instance on TESTKING-DB04.
E. You need to run the DCPRO command on TESTKING-SR04
Answer: A
Explanation: You need to restart the internet information server (IIS) to correct the
problem. The starting of the MSSQULSVC service will allow you to access the
database from AD RMS administration website.
QUESTION NO: 5

-6-
You work as an enterprise administrator at Company.com . The Company.com network
has a domain named Company.com . The Company.com network has a Windows Server
2008 computer named TESTKING-SR03 that functions as an Enterprise Root certificate
authority (CA).
A new Company.com security policy requires that revoked certificate information should
be available for examination at all times.
What action should you take adhere to the new policy?
A. This can be accomplished by having a list of trusted certificate authorities published to

the Company.com domain.
B. This can be accomplished by having the Online Certificate Status Protocol (OCSP)
responder implemented.
C. This can be accomplished by having the OCSP Response Signing certificate imported.
D. This can be accomplished by having the Startup Type of the Certificate Propagation
service set to Automatic.
E. This can be accomplished by having the computer account of TESTKING-SR03 added
to the TKCertificates group.
Answer: B
Explanation: You should use the network load balancing and publish an OCSP
responder. This will ensure that the revoked certificate information will be available
at all times. You do not need to download the entire CRL to check for revocation of
a certificate; the OCSP is an online responder that can receive a request to check
for revocation of a certificate. This will also speed up certificate revocation checking
as well as reducing network bandwidth tremendously.
QUESTION NO: 6
Server 2008.
You are responsible for managing two servers TESTKING-SR01 and TESTKING-SR02.
They are setup with the following configuration.
TESTKING-SR01 running Enterprise Root certificate authority (CA)

TESTKING-SR02 running Online Responder role service
Which of the steps must you perform for configuring the Online Responder to be
supported on TESTKING-SR01?

-7-
A. You should enable the Dual Certificate List extension on TESTKING-SR01.
B. You should ensure that TESTKING-SR01 is a member of the CertPublishers group.
C. You should import the OCSP Response Signing certificate to TESTKING-SR01.
D. You should enable the Authority Information Access (AIA) extension on
TESTKING-SR01.
E. You should run the CERTSRV command on TESTKING-SR01.
Answer: D
Explanation: In order to configure the online responder role service on
TESTKING-SR01 you need to configure the AIA extension. The authority
information access extension will indicate how to access CA information and
services for the issuer of the certificate in which the extension appears. Information
and services may include on-line validation services and CA policy data. This
extension may be included in subject or CA certificates, and it MUST be
non-critical
QUESTION NO: 7
Server 2008 and all client computers run Windows Vista.
The Company.com network has a client computer named TESTKING-WS640 that was
last used six months ago. During the course of the day you attempt to log on to
TESTKING-WS640 but you are unable to authenticate during the logon process.
What action should you consider in order to log on to TESTKING-WS640?
A. You should consider opening the command prompt on TESTKING-WS640 and

running the netsh set machine command.
B. You should consider opening the command prompt on TESTKING-WS640 and
running the repadmin command.
C. You should consider removing TESTKING-WS640 from the domain and then
rejoining it.
D. You should consider deleting the computer account for TESTKING-WS640 in Active
Directory Users and Computers, and then recreate the computer account.
Answer: C

-8-
Explanation: In the scenario you should have the computer disjoined from the
domain and rejoined to the domain whilst having the computer account reset as
well. You should additionally note that the long inactivity caused the computer to
stop responding to the authentication query using the Active Directory records. You
should note by disjoining and rejoining with the account being reset would refresh
the computer account passwords.
QUESTION NO: 8
has a forest with a domain named Company.com .
The Company.com network has a Windows Server 2008 domain controller named
TESTKING-DC01 that hosts the Directory Services Recovery Mode (DSRM) role.
What would be the best option to take to have the DSRM password reset?
A. The best option is to open the Active Directory Security for Computers snap-in.
B. The best option is to run the ntdsutil command.
C. The best option is to run the Netsh command.
D. The best option is to open the Domain Controller security snap-in.
Answer: B
Explanation: You should use the ntdsutil utility to reset the DSRM password. You
can use Ntdsutil.exe to reset this password for the server on which you are working,
or for another domain controller in the domain. Type ntdsutil and at the ntdsutil
command prompt, type set dsrm password.
Reference: http://support.microsoft.com/kb/322672
QUESTION NO: 9
has a domain named Company.com . All servers on the Company.com network run
Windows Server 2008. Company.com has two offices Chicago and Dallas.
The network has the following setup.

Chicago Office - Domain Controller named TESTKING-DC01
Dallas Office - Read-Only Domain Controller named TESTKING-DC02
How can you make sure that Dallas Office users use only TESTKING-DC02 for
authentication?

-9-
A. You should consider having TESTKING-DC02 configured as a bridehead server in
the Dallas office.
B. You should consider installing and configuring the Password Replication Policy on
TESTKING-DC02.
C. You should consider having TESTKING-DC01 configured as a bridehead server in
the Chicago office.
D. You should consider installing and configuring the Password Replication Policy on
TESTKING-DC01.
E. You should consider having the Global Catalog installed on TESTKING-DC01.
Answer: B
Explanation: You should use the Password Replication Policy on the RODC. This
will allow the users at the Dallas office to log on to the domain with RODC. RODCs
don't cache any user or machine passwords.
QUESTION NO: 10
a domain named intl.Company.com . All servers on the Company.com network run
Windows Server 2008. The domain controllers on the Company.com domain are
configured to function as DNS servers.
What action should you take to ensure that computers that are not part of the
intl.Company.com domain are not able to dynamically register their DNS registration
information in the intl.Company.com zone?
A. You should consider removing the .(root) zone from the intl.Company.com zone.
B. You should consider running the dnscmd /AgeAllRecords command.
C. You should consider configuring Secure Only dynamic updates.
D. You should consider configuring the intl.Company.com zone as an Active Directory
integrated zone.
Answer: C
Explanation: In order to ensure that only domain members are able to register their
DNS records dynamically you need to set the option Secure only for Dynamic
updates. This will only allow the domain members to register their DNS records
dynamically.
Reference:
www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncf_imp_afpf.mspx

- 10 -
QUESTION NO: 11
You work as a network administrator at Company.com . The Company.com network has a
domain named Company.com . All servers on the Company.com network run Windows
Server 2008.
The Company.com network has two servers named TESTKING-SR01 and

TESTKING-SR02 that are configured as domain controllers and as DNS servers. Both
servers have the following setup for the Company.com domain.
TESTKING-SR01 - Standard Primary zone

TESTKING-SR02 - Standard Secondary zone.
You have to perform the following tasks
- Perform the replication of Company.com Zone Data

- Make sure that Zone Data maintains encryption
- Prevent the loss of Zone Data
How can you accomplish the goals. (Each correct answer presents part of the solution.
(Choose TWO.)
A. You should consider having the zone transfer settings configured on

TESTKING-SR01 and TESTKING-SR02.
B. You should consider having the primary zone on TESTKING-SR02 converted to an
Active Directory-integrated stub zone.
C. You should consider having the primary zone on TESTKING-SR01 converted to an
Active Directory-integrated zone.
D. You should consider having the secondary zone on TESTKING-SR02 deleted.
E. You should consider having the primary zone on TESTKING-SR01 deleted.
Answer: C, D
Explanation: In the scenario you should have the Company.com primary zone
converted to an active directory-integrated zone and delete the secondary zone as
this would ensure replication of the Company.com zone is encrypted whilst
preventing data loss.
QUESTION NO: 12

- 11 -
Server 2008.
All master roles in the forest are maintained at a domain controller TESTKING-DC01.
You have another domain controller in the network named TESTKING-DC02 which
contains better hardware and can improve performance. TESTKING-DC01 is to be
removed from the network.
Which option can you select in order to ensure that proper roles are transferred to
TESTKING-DC02 without disrupting the forest wide operations?
A. You should consider transferring the RID Master role and the Schema master role.
B. You should consider transferring the Schema master role and the Domain naming
master role.
C. You should consider transferring the Infrastructure master role and the PDC emulator
role.
D. You should consider transferring the Infrastructure master role and the Domain
naming master role.
E. You should consider transferring the RID Master role and the PDC emulator role.
Answer: C
Explanation: In order to transfer all forest-wide operation master roles to another
domain you need to transfer Domain naming master as well as the Schema master.
Schema Master: The schema master domain controller controls all updates and
modifications to the schema. To update the schema of a forest, you must have access
to the schema master. There can be only one schema master in the whole forest.
Domain naming master: The domain naming master domain controller controls the
addition or removal of domains in the forest. There can be only one domain naming
master in the whole forest.
Reference: http://support.microsoft.com/kb/324801
QUESTION NO: 13
You work as the enterprise administrator at Company.com . The Company.com network
Windows Server 2008. The Company.com network has a domain controller named
TESTKING-DC01 that has a single hard drive named Drive C. Drive C hosts the ntds.dit
database. You have installed an additional hard drive named Drive D on
TESTKING-DC01.

- 12 -
What would be the best option to take to transfer the ntds.dit database to Drive D?
A. The best option is to run the Ntdsutil command with the Files option.
B. The best option is to open the Windows Power Shell and use the Copy and Paste
functions.
C. The best option is to run the xcopy command.
D. The best option is to open the Windows Explorer and use the Cut and Paste functions.
Answer: A
Explanation: The way you move the Active Directory database to a new volume, is
to move the ntds.dit file to the new volume by opening the Files option in the
ntdsutil utility. Use Ntdsutil.exe to move the database file, the log files, or both to a
larger existing partition.
Reference:
http://technet2.microsoft.com/windowsserver/en/library/af6646aa-2360-46e4-81ca-d51707bf01eb1033.mspx?mf
QUESTION NO: 14 DRAG DROP

domain named Company.com . All servers on the Company.com network run Windows
Server 2008.
The Company.com network has organizational units (OU's) named Sales, Marketing and
Admin. The Sales OU contains a file server named TESTKING-SR04 that hosts a shared
folder named SalesDocs that contains sensitive customer information.
What action should you take to track access to the SalesDocs folder? (To answer, drag
the appropriate action to the appropriate location in the work area.)

- 13 -
Answer:

- 14 -
QUESTION NO: 15
You work as the network administrator at Company.com . All servers on the
Company.com network run Windows Server 2008.
The Company.com network has a server named TESTKING-SR01 that functions as an

Enterprise Root certificate authority (CA).
What action should you take to configure TESTKING-SR01 to support key archival?
A. The Hisecdc security template should be applied to TESTKING-SR01.

B. The OCSP Response Signing certificate should be imported to TESTKING-SR01.
C. The private key on TESTKING-SR01 should be archived.

- 15 -
D. The Startup Type of the Certificate Propagation service on TESTKING-SR01 should
be set to Automatic.
Answer: C
QUESTION NO: 16
has a domain named Company.com that operates at the Windows Server 2008.
How can you configure the network so that it allows the users of Company.com to have
multiple password policies?
A. You should consider creating multiple class schema objects in the Schema console.
B. You should consider creating multiple Group Policy objects in the Group Policy
Management console.
C. You should consider creating multiple Password Setting objects in the ADSI Edit
console.
D. You should consider creating multiple passwords in Active Directory Users and
Computers.
Answer: C
QUESTION NO: 17
Server 2008.
The Company.com Network contains a server which is configured as:

- Domain Controller
- DNS Server
What option can you sure to ensure tracking of all DNS queries received by
TESTKING-SR01?
A. You should consider having automatic logging for recursive queries enabled in the
DNS Manager Console on TESTKING-SR01.
B. You should consider having debug logging enabled in the DNS Manager Console on
TESTKING-SR01.
C. You should consider having event logging configured in the DNS Manager Console
on TESTKING-SR01.

- 16 -
D. You should consider having system event logging configured in the Even Viewer on
TESTKING-SR01.
Answer: B
QUESTION NO: 18
You work as an enterprise administrator at Company.com . All servers on the
Company.com network run Windows Server 2008. Company.com has its headquarters in
Chicago and a branch office in Miami. The two offices are configured as separate sites.
The Miami site contains a domain controller named TESTKING-DC06. You receive an
instruction from the CIO to install a new application at the Miami office. In order for the
application to run a Global Catalog server is required.
What action should you consider to add a Global Catalog server to the Miami site?
A. You should consider running the DCPROMO command on TESTKING-DC06 to

install the Global Catalog.
B. You should consider using the Server Manager console to configure
TESTKING-DC06 as a Global Catalog server.
C. You should consider using the Active Directory Domains and Trusts console to
configure TESTKING-DC06 as a Global Catalog server.
D. You should consider using the Active Directory Sites and Services console to
configure the TESTKING-DC06 as a Global Catalog server.
Answer: D
QUESTION NO: 19
Server 2008.
The network contains two sites London and Paris. The following configuration applies to
each location.
London
- Single Domain Controller named TESTKING-DC01
- Separate Active Directory Site.
Paris

- 17 -
- Single Domain Controller named TESTKING-DC02
- Separate Active Directory Site.
Network Setup
- Both Active Directory Sites are using DEFAULTIPSITELINK object for connectivity.
What action should you take to reduce the delay it takes during replication between
TESTKING-DC01 and TESTKING-DC02?
A. You should consider having the replication interval for the DEFAULTIPSITELINK
object decreased.
B. You should consider having the replication schedule for the DEFAULTIPSITELINK
object increased.
C. You should consider having the cost for the DEFAULTIPSITELINK object decreased.
D. You should consider having a site link bridge installed between TESTKING-DC01
and TESTKING-DC02.
Answer: A

Server 2008.
The Company.com network has four file servers named TESTKING-SR01,

TESTKING-SR02, TESTKING-SR03 and TESTKING-SR04 that are placed in an
Organizational Unit (OU) named TKServers.
TestKing has several contractual workers who are members of a global group named
PartTimeUsers. A new Company.com security policy requires that any attempts by
contractual workers to access the folders and files on the file servers in the TKServers
OU needs to be tracked.
What action should you take to implement this policy? (To answer, drag the appropriate
action to the appropriate location in the work area.)

- 18 -
Answer:

- 19 -
QUESTION NO: 21
Server 2008.
The Company.com network has two servers named TESTKING-SR01 and

TESTKING-SR02.
TESTKING-SR01 - Enterprise Root certificate authority (CA).

TESTKING-SR02 - Hosts the Online Responder role.
What step you can perform to make sure that TESTKING-SR02 is issuing the certificate
revocation lists (CRL).
A. You should enable the Dual Certificate List extension on TESTKING-SR02.

B. You should ensure that TESTKING-SR02 is a member of the CertPublishers group.

- 20 -
C. You should import the enterprise root CA certificate and the OCSP Response Signing
certificate.
D. You should enable the Authority Information Access (AIA) extension on
TESTKING-SR02.
E. You should run the CERTSRV command on TESTKING-SR02.
Answer: C
QUESTION NO: 22
Server 2008 and all client computers run Windows Vista.
During the course of the day a Company.com user named Rory Allen complains that he
receives an error message stating that his account has expired when he attempts to
authenticate to the Company.com domain from his client computer.
What action should you consider to have Rory Allen log on to the Company.com domain
from his client computer?
A. You should consider reducing the account lockout duration in the default domain
policy.
B. You should consider resetting Rory Allen's user account.
C. You should consider setting Rory Allen's user account to never expire.
D. You should consider resetting the computer account for Rory Allen's client computer.
Answer: C
QUESTION NO: 23
You work as the network administrator at Company.com . Company.com has its
headquarters in London. The Company.com network has a domain named Company.com
that consists of a single Active Directory site named LondonSite. The LondonSite
contains a domain controller named TESTKING-DC01.
Company.com opens a branch office in York and you create another Active Directory site
named YorkSite.
How can you have Active Directory replication configured between the two sites?
A. You need to consider installing a new domain controller in YorkSite and creating a
site link between the two sites. Then you should consider decreasing the site link cost.

- 21 -
B. You need to consider installing a new domain controller in the LondonSite and
configuring it as a preferred bridgehead server.
C. You need to consider installing a new domain controller in the LondonSite and
configuring a new site link bridge between the two sites.
D. You need to consider installing a new domain controller in the YorkSite and
configuring a new IP subnet for the YorkSite.
Answer: D
QUESTION NO: 24
has a domain named Company.com . The Company.com network has three domain
controllers named TESTKING-DC01, TESTKING-DC02 and TESTKING-DC03 that
run Windows Server 2003. Company.com purchases a new Windows Server 2008
computer named TESTKING-SR04.
What is the first step you should take to install TESTKING-SR04 as a domain controller
on the Company.com network?
A. You should consider running the dconfig command on TESTKING-SR04.

B. You should consider running the adprep /forestprep command on TESTKING-DC01.
C. You should consider raising the domain functional level to Windows Server 2008.
D. You should consider running the adprep /domainprep command on
TESTKING-DC01.
E. You should consider running the dcpromo /remove command on TESTKING-DB01,
TESTKING-DB02 and TESTKING-DB03.
Answer: B
QUESTION NO: 25
Windows Server 2008.
A new Company.com domain controller management policy states that replication errors
need to be logged to a central server.
How would you implement this policy?

- 22 -
A. You should consider having the RepMonitor configured for central logging.
B. You should consider having the System Performance data collector set is started on
each domain controller.
C. You should consider having event log subscriptions created on each domain
controller.
D. You should consider having the RepAdmin Diagnostics data collector started on each
domain controller.
Answer: C

forest with a domain named Company.com and a child domain named intl.Company.com .
All domain controllers and servers on the Company.com network run Windows Serer
2008.
The Company.com domain has two domain controllers named TESTKING-DC01 and
TESTKING-DC02 and the intl.Company.com domain has two domain controllers named
TESTKING-DC03 and TESTKING-DC04.
Company.com decides to reorganize the forest structure by removing the intl.Company.com

child domain.
What actions should you take to remove the intl.Company.com child domain? (To answer,
drag the appropriate action to the appropriate location in the work area.)

- 23 -
Answer:

- 24 -
QUESTION NO: 27
Server 2008.
The Company.com network has six domain controllers named TESTKING-DC01,

TESTKING-DC02, TESTKING-DC03, TESTKING-DC04, TESTKING-DC05 and
TESTKING-DC06. All six domain controllers function as DNS servers. You are in the
process of implementing a new Active Directory-integrated DNS zone.
What action should you take first if you want the new zone replicated only to
TESTKING-DC05 and TESTKING-DC06?

- 25 -
A. You should consider having the dnscmd /createdirectorypartition command executed
on TESTKING-DC05 and TESTKING-DC06.
B. You should consider having the dnscmd /config command executed on
C. You should consider having the .(root) zone is deleted from TESTKING-DC01,
TESTKING-DC02, TESTKING-DC03 and TESTKING-DC04.
D. You should consider having BIND secondaries enabled on TESTKING-DC05 and
TESTKING-DC06.
E. You should consider having the dnscmd /unenlistdirectorypartition command executed
on TESTKING-DC01, TESTKING-DC02, TESTKING-DC03 and TESTKING-DC04.
Answer: A
QUESTION NO: 28
Server 2008.
The Company.com network has a domain controller named TESTKING-SR01 that also
functions as a DNS server. You add a new stand alone server named TESTKING-SR02
and configure it as a DNS server. You then configure a standard secondary zone with
TESTKING-SR01 as the master server.
What action should you take to have zone updates replicated from TESTKING-SR01 to
TESTKING-SR02?
A. You should consider having TESTKING-SR02 made a member of the

DNSUpdateProxy group.
B. You should consider having the permission of the Company.com zone modified on
TESTKING-SR01.
C. You should consider having the dnscmd /ZoneUpdateFromDs command run on
TESTKING-SR02.
D. You should consider having the zone transfer settings of the Company.com zone
configured on TESTKING-SR01.
E. You should consider having TESTKING-SR02 promoted to a domain controller.
Answer: D
QUESTION NO. 29

- 26 -
Server 2008.
The Company.com network has a server named TESTKING-SR03 that functions as an

Enterprise Root certification authority (CA). Company.com issues a new security policy
that states that only a Company.com CEO named Kara Lang must be allowed to sign
code.
What action should you take to implement this policy? (Choose all that apply.)
A. You should publish a list of trusted certificate authorities and only grant Kara Lang
the necessary permissions to access the Trusted Publishers list.
B. You should apply the code signing template to TESTKING-SR03 and configure the
template only grant Kara Lang the necessary permissions to request code signing
certificates.
C. You should import the Online Certificate Status Protocol (OCSP) Response Signing
certificate to TESTKING-SR03 and only grant Kara Lang the necessary permissions to
distribute code signing certificates.
D. You should add TESTKING-SR03 to the CertPublishers group and only grant Kara
Lang the necessary permissions to manage TESTKING-SR03.
Answer: B
QUESTION NO: 30
You work as a systems administrator at Company.com . The Company.com network has a
forest with a domain named Company.com . All servers on the Company.com network run
You are responsible for managing a stand-alone server named TESTKING-SR05. You
are in the process of configuring TESTKING-SR05 as an Enterprise certification
authority (CA). You now want to assign the Active Directory Certificate Services (AD
CS) role to TESTKING-SR05. However, you notice that you cannot select the Enterprise
CA option.
What action should you take configuring TESTKING-SR05 as an Enterprise CA?
A. Your best option would be to first configure TESTKING-SR05 as a Standalone CA.

B. Your best option would be to first have TESTKING-SR05 joined to the Company.com
domain.

- 27 -
C. Your best option would be to first install Internet Information Services (IIS) on
TESTKING-SR05.
D. Your best option would be to first assign the Active Directory Certificate Services
(AD CS) role to TESTKING-SR05.
Answer: B
QUESTION NO: 31
Windows Server 2008 and all client computers run Windows Vista Enterprise Edition.
All client computers are located in an Organizational Unit named ClientPCs.
Company.com has acquired a new third-party application that you need to install on the
client computers. Before you can install the application you need prepare the client
computers by applying a file named tkApp.adm to them. The tkApp.adm file makes
changes to the registry on the client computers.
What action should you take to apply the tkApp.adm file?
A. Your best option would be to create a transformation package that applies the
tkApp.adm file and assign the package to the client computers.
B. Your best option would be to copy the tkApp.adm file to a network share and write a
Microsoft Windows PowerShell script that applies the file to the client computers.
C. Your best option would be to write that the Microsoft Windows PowerShell script that
copies the tkApp.adm file to the client computers.
D. Your best option would be to create a Group Policy Object (GPO) that imports the
tkApp.adm and link the GPO to the ClientPCs OU.
Answer: D


- 28 -
The Company.com network has a member server named TESTKING-SR05. You assign
the Active Directory Certificate Service (AD CS) role to TESTKING-SR05. You create a
security group named SMCGRP. You want to grant the SMCARD group the necessary
permissions to issue smartcard credentials. However, the SMCGRP must not be granted
the permissions to revoke certificates.
Which actions should you take? (To answer, drag the appropriate action to the
appropriate location in the work area.)
Answer:

- 29 -
QUESTION NO: 33
Server 2008 and all client computers run Windows Vista. Company.com has its
headquarters in London and branch offices in Lisbon, Madrid and Paris. Each office is
structured as a separate site named London, Lisbon, Madrid and Paris.
Due to company growth, Company.com has hired 150 additional employees that are
distributed among the four sites. You create user accounts for the new Company.com
users. However, the new users complain that when they attempt to logon to the domain
they receive an error message stating that their username or password is incorrect.
What action should you take to allow the new Company.com users to log on to the
domain?
A. You should consider resetting the user accounts for the new users.
B. You should consider adding the new users to the Remote Desktop Users group.
C. You should consider running the repadmin /replicate command.
D. You should consider install Global Catalog servers at the Lisbon, Madrid and Paris
sites.

- 30 -
Answer: C
QUESTION NO: 34
a forest with a domain named Company.com .
The Company.com network has four Windows Server 2008 domain controllers named
TESTKING-DC01, TESTKING-DC02, TESKING-DC03 and TESTKING-DC04. All
four domain controllers run the DNS Server role and are part of an Active Directory
integrated zone. The Company.com network also has a UNIX-based DNS server named
TESTKING-SR05.
One of the administrators in your department created an Active Directory-integrated zone

for Company.com . Company.com has recently acquired a During the course of the
business day you receive an instruction from the CIO to configure the Windows Server
2008 organization. Company.com plans to make use of this configuration to permit zone
transfers of the Company.com zone to TESTKING-SR01.
What action should you take to ensure that zone transfers to TESTKING-SR05 can
occur?
A. You should consider installing Active Directory Lightweight Directory Services (AD
LDS) on TESTKING-SR05.
B. You should consider running the dcpromo command on TESTKING-SR05.
C. You should consider having a stub zone created for TESTKING-SR05.
D. You should consider configuring BIND secondaries.
Answer: D
QUESTION NO: 35
a domain named Company.com . The Company.com has a Windows Server 2008 domain
controller named TESTKING-DC01.
You log on as the Domain Administrator on TESTKING-DC01 to view the Active

Directory Schema console. However, you cannot locate the Active Directory Schema
console.
What action should you take to locate the console?

- 31 -
A. You should consider running the net start "Active Directory Services" command on
TESTKING-DC01.
B. You should have the Schema Master Operations role assigned to TESTKING-DC01.
C. You should consider having Schmmgmt.dll registered on TESTKING-DC01.
D. You should consider logging on to TESTKING-DC01 as the Local Administrator.
Answer: C
QUESTION NO: 36
Server 2008.
The Company.com network has a server named TESTKING-SR02 that functions as

stand-alone Certificate Authority (CA). You want to track any modifications made to the
configuration and security settings of the TESTKING-SR02.
What action should you take?
A. You should configure auditing in the Certification Services console.

B. You should add TESTKING-SR02 to the TKCertificates group.
C. You should configured the Audit object Access setting on TESTKING-SR02.
D. You should join TESTKING-SR02 to the Company.com domain.
E. You should enable the Authority Information Access (AIA) extension on
TESTKING-SR02.
Answer: C
QUESTION NO: 37
a domain named Company.com . The domain functional level is set at Windows Server
2008.
The Company.com network has a file server named TESTKING-SR04. You configure a
shared folder named KINGDATA on TESTKING-SR04. You then move users to a new
global distribution group named DISTGRP. You grant a domain local group named
DLOCGRP access to KINGDATA. You then add DISTGRP to DLOCGRP.
What action should you take to make sure that all users in the DISTGRP group are able
to access the KINGDATA share?
- 32 -
A. You should configure DISGRP to be a universal distribution group.
B. You should configure DISGRP to be a security group.
C. You should configure DLOCGRP to be a universal security group.
D. You should add the DISTGRP to the Local Administrators group on
TESTKING-SR04.
Answer: B
QUESTION NO: 38
Windows Server 2008. Company.com has its headquarters in Chicago.
Company.com opens a new branch office in Dallas. You need to allow Company.com
users in the Dallas office to access network resources in the Chicago office. You assign
the Company.com users in the Dallas office the Read and Execute permissions to the
network resources in the Chicago office. You then create a VPN connection which the
Company.com users in the Dallas office to establish connectivity to the Chicago office.
However, the users in the Dallas office report that they cannot connect to the Chicago
office by using the VPN connection.
What action should you take to resolve this problem?
A. Your best option would to assign the Allow Access Dial-in permission to the users in
the Dallas office.
B. Your best option would to make the users in the Dallas office members of the Remote
Desktop Users security group.
C. Your best option would to make the users in the Dallas office members of the Network
Configuration Operators security group.
D. Your best option would to delete and recreate the VPN connection.
Answer: A
QUESTION NO: 39
You work as the network administrator at Company.com . The network has the following
configuration.
Server named TESTKING-DC01.

Setup as a domain controller.

- 33 -
Running Windows Server 2008.
The client computers are using Lightweight Directory Access (LDAP).
What action should you take to determine which LDAP clients are consuming the most
CPU resources on TESTKING-DC01?
A. You should open System Information and view the Hardware Resources node.
B. You should open Task Manager and view the Processes tab.
C. You should open the Active Directory Diagnostics Data Collector and view of the
Active Directory report.
D. You should open the Resource Monitor opened and view the CPU performance data.
Answer: C
QUESTION NO: 40
has a forest with a domain named Company.com . All servers on the Company.com network
run Windows Server 2003.
You need to upgrade the domain controllers from Windows Server 2003 to Windows
2008 on Company.com domain.
What command can be used on servers running Windows 2003 in order to prepare
Company.com for the upgrade?
A. You should execute the dcpromo /adv command.

B. You should execute the adprep /forestprep and the adprep /domainprep commands.
C. You should set the domain functional level to Windows Server 2008.
D. You should execute the dcpromo /createdcaccount command.
Answer: B
QUESTION NO: 41
Server 2008.
The Company.com network has a server named TESTKING-SR01 configured as a

domain controller as well as a DNS server configured with several Active Directory
Integrated Zones.

- 34 -
What action should you take if you want to copy the zone files on TESTKING-SR01 to a
network share?
A. You should consider having the dnscmd /ZoneExport command executed on

TESTKING-SR01.
B. You should consider having the dnscmd /WriteBackFiles command executed on
TESTKING-SR01.
C. You should consider having the dnscmd /Info command executed on
TESTKING-SR01.
D. You should consider having the dnscmd /EnumRecords command executed on
TESTKING-SR01.
E. You should consider having the dnscmd /EnumZones command executed on
TESTKING-SR01.
Answer: A
QUESTION NO: 42
Windows Server 2008. Company.com has its headquarters in Seattle and branch offices in
Dallas, Miami and Chicago. Each office is configured as a separate site named Seattle,
Dallas, Miami and Chicago.
The Seattle site as three domain controllers named TESTKING-DC01,

TESTKING-DC02 and TGESTKING-DC03. The Dallas site has a single domain
controller named TESTKING-DC04, the Miami site has a single domain controller
named TESTKING-DC05 and the Chicago site has a single domain controller named
TESTKING-DC06. TESTKING-DC01, TESTKING-DC02 and TGESTKING-DC03 are
configured as Global Catalog servers.
Where should you consider deactivating the Universal Group Membership Caching
(UGMC) option at the Dallas, Miami and Chicago offices?
A. You should consider deactivating the UGMC in Active Directory Users and
Computers.
B. You should consider deactivating the UGMC at the Site level.
C. You should consider deactivating the UGMC through a Group Policy Object linked to
the domain.
D. You should consider deactivating the UGMC at the Organizational Unit (OU) level.

- 35 -
Answer: B
QUESTION NO: 43
Server 2003.
You have just performed the migration of domain controllers from Windows 2003 to
Windows 2008.
Which of following commands can be used to configure DFS Replication (DFS-R) to

replicate the Sysvol share?
A. This can be accomplished by running the netdom /dfs -r command.

B. This can be accomplished by raising the domain functional level to Windows Server
2008.
C. This can be accomplished by running dfsutil /share:sysvol command.
D. This can be accomplished by running dfsutil /addstdroot command.
Answer: B
QUESTION NO: 44
has a forest with a domain named Company.com . The forest functional level is set at
Windows Server 2003 Native Mode. Company.com has two divisions namely Chicago
and a Dallas.
The Company.com network has three Windows Server 2003 domain controllers named
TESTKING-DC01, TESTKING-DC02 and TESTKING-DC03 that are located in the
Chicago office. You want to install a read-only domain controller (RODC) named
TESTKING-DC04 in the Dallas office.
What action should you consider?
A. You should consider upgrading TESTKING-DC01 to Windows Server 2008 and then
execute the adprep /rodcprep command on TESTKING-DC01.
B. You should consider configuring the Dallas network as a separate site and upgrading
TESTKING-DC04 to Windows Server 2008.
C. You should consider upgrading all domain controllers to Windows Server 2008 and
having the forest functional level set to Windows Server 2008.

- 36 -
D. You should consider configuring the Dallas network as a child domain with the
domain functional level set at Windows Server 2008.
Answer: A
QUESTION NO: 45
You have a workstation called Testking-WS10 and performed the following tasks:
- Install Windows Vista Enterprize.

-Added to Company.com domain.
What action should you take to make sure that the Testking-WS10 computer account has
been created in an organizational unit (OU)?
A. You should consider using Active Directory Users and Computers to create the
computer accounts.
B. You should consider using the csvde command.
C. You should consider using the Idifde command.
D. You should consider using the dsadd command.
Answer: D
QUESTION NO: 46
a domain named Company.com . All server on the Company.com network run Windows
Server 2008. The Company.com network has two domain controllers named
What action should you take to verify the successful replication of Active Directory
information TESTKING-DC01 to TESTKING-DC02?
A. You should execute the RepAdmin command on TESTKING-SR02.

B. You should execute the Dnscmd command on TESTKING-SR02.
C. You should execute the Dsmod command on TESTKING-SR02.
D. You should execute the RepMonitor command on TESTKING-SR02.
E. You should execute the Rsdiag command on TESTKING-SR02.

- 37 -
Answer: A
Explanation: RepAdmin is a command line utility which is used to view as well as
configure Windows Server 2008 replication amid domain controllers.
Topic 2, Exam Set 2 (50 Questions)

QUESTION NO: 1
Your company has two locations: Chicago and Miami. The network is configured as a
single Active Directory domain. You are planning to install Windows Server 2008 on a
domain controller at each location. IP addresses will be assigned using a Dynamic Host
Configuration Protocol (DHCP) server at each location. Your solution must meet the
following requirements:
* Administrators in Chicago need to be able to create and modify Active Directory

accounts.
* Administrators in Miami need to be able to update drivers on the domain controller in
Miami, but should not be able to create or modify user accounts.
* Records in the Domain Name System (DNS) database must be kept up to date.
* Only Active Directory domain members can register with the DNS server.
* Name resolution traffic across the Wide Area Network (WAN) link should be
minimized.
You need to plan the DNS configuration.
What should you do? (Each correct answer presents part of the solution. Choose two.)
A. Deploy a standard primary zone in Chicago.

B. Deploy an Active Directory-Integrated zone in Miami.
C. Deploy a primary read-only zone in Miami.
D. Deploy a stub zone in Miami.
E. Deploy an Active Directory-Integrated zone in Chicago.
Answer: C, E
QUESTION NO: 2
You have deployed Active Directory Federation Services (AD FS) in your organization.
You need to configure another organization as a federated partner. Your organization is
the resource partner in this partnership.
You need to exchange partner values with the partner organization. You want to do this
with as little administrative effort as possible.

- 38 -
What should you do?
A. Add your partner's domain as an Active Directory Domain Services (AD DS) Account
store.
B. Export your trust policy files and send the resulting file to the partner administrator.
C. Have the partner send its federation server's validation certificate.
D. Deploy an AD FS Proxy in the partner's perimeter network.
Answer: B
QUESTION NO: 3
A computer running Microsoft Windows Server 2008 is configured as a domain
controller. The computer also supports other services, including the Dynamic Host
Configuration Protocol (DHCP) service.
You need to move the Active Directory database on the computer. You must minimize
the impact on the other services running on the computer.
What should you do first? (Each correct answer presents a complete solution. Choose
two.)
A. Use Computer Manager to stop the Active Directory service.

B. Run Net stop to stop the Active Directory service.
C. Run Ntdsutil to compact the database.
D. Run Dcpromo to force removal of the Active Directory Domain Services (AD DS)
role.
E. Restart the domain controller in Directory Services Restore Mode (DSRM).
Answer: A, B
QUESTION NO: 4
Your company's network consists of 10 Microsoft Windows Server 2008 domain
controllers. There are also 15 member servers running Windows Server 2008 and 1,000
client computers running Windows XP Professional. All computers are members of a
single Active Directory domain. A Public Key Infrastructure (PKI) is also in place using
Active Directory Certificate Services. Users are required to enroll for a User certificate
using Web enrollment.
Users are reporting that the response time is very slow when accessing servers that host
financial data. Certificate authentication is required to access these servers. You discover
that the network is extremely busy and network bandwidth is reaching capacity.
You need to re-configure the Certificate Authority (CA) infrastructure to help reduce
traffic on the network.

- 39 -
What should you do?
A. Open Active Directory Sites and Services. Deny users the Enroll permission on all
templates except the User template.
B. Open the Certificate Authority snap-in and configure the CA to use a Delta Certificate
Revocation List (CRL).
C. Open the Certificate Templates snap-in and configure auto-enrollment instead of
Web-based enrollment.
D. Open the Certificate Authority snap-in and decrease the Certificate Revocation List
(CRL) publication interval.
Answer: B
QUESTION NO: 5
Your company's network is configured as a single Active Directory domain. All domain
controllers are running Windows Server 2008. The network currently has only a single
site. The company is preparing to open a branch office.
You must ensure that administrators at the branch office can create, modify, and delete
user accounts only for employees at the branch office. Administrators must be able to
manage user accounts even if the link to the corporate office is unavailable.
What should you do?
A. Install a read-only domain controller (RODC) at the branch office.

Create a global group named BranchAdmins.
Create an organizational unit (OU) named BranchUsers.
Delegate the Create, delete, and manage user accounts task on BranchUsers to
BranchAdmins.
B. Install a read-only domain controller (RODC) at the branch office.

Create domain local group named BranchUsers.
BranchAdmins.
C. Install a standard domain controller at the branch office.

Create a domain local group named BranchUsers.
BranchAdmins.
D. Install a standard domain controller at the branch office.

- 40 -
Create an organizational unit (OU) named BranchUsers.
BranchAdmins.
Answer: D
QUESTION NO: 6
You work as a Network Administrator for Perfect Solutions Inc. The company has its
headquarters in
Los Angeles. The branch offices of the company are located in Denver, San Jose, and
San Diego. All locations are connected through 128Kbps leased lines.
You are configuring the network of the company. The company wants to configure a
Windows 2008 Active Directory-based network. You are supposed to provide a design
for the network. The management of the company does not want unnecessary traffic over
the WAN connection.
Which of the following strategies will you implement to fulfill the requirements of the
company?
A. Create a separate site for each location. Move the domain controllers to their
respective sites.
B. Create a separate site for each location. Keep all domain controllers at the
headquarters site.
C. Create a site for the headquarters and move all domain controllers to this site.
D. Create a single site that covers all locations. Keep all domain controllers at the
headquarters.
Answer: A
QUESTION NO: 7
You work as a Network Administrator for Tech Perfect Inc. The company has a
Windows 2008 Active Directory-based network. The company's network consists of two
sites, namely San Francisco and San Diego. These sites are connected with a high-speed
T1 line as shown in the image below:

- 41 -
The San Francisco site is highly protected and a firewall has been configured for its
security.
You create a site link to replicate the Active Directory data between the two sites. You
find that the replication is not working properly. You know that the firewall is preventing
data from being replicated between the two sites.
What will you do to resolve the issue?
A. Increase the cost of the site link.

B. Remove the firewall from the San Francisco site.
C. Make the firewall proxy server of the San Francisco site a preferred bridgehead server.
D. Schedule the site link to replicate the Active Directory data twenty-four hours a day.
Answer: C
QUESTION NO: 8
Windows 2008 Active Directory-based network. All client computers on the network run
Windows Vista Ultimate. You have configured a Dynamic DNS (DDNS) on the network.
There are a lot of mobile users who often connect to and disconnect from the network.
Users on the network complain of slow network responses. You suspect that the stale
records on the DNS server may be the cause of the issue. You want to remove the stale
records.
Which of the following technologies will you use to accomplish the task?
A. Scavenging
B. Aging
C. Forwarding
D. RODC
Answer: A
QUESTION NO: 9

- 42 -
You work as a Network Administrator for McRoberts Inc. The company has a Windows
2008 Active Directory-based single domain network. The company has organized its OU
structure according to its departments. Three organizational units (OUs) named HR,
Marketing, and Administration are configured in the domain. You create a GPO named
ADM and configure it to show desktop items that are required by most of the users in the
Administration department. You link the GPO with the Administration OU. You find that
the users in the Administration OU are not receiving the setting that was applied by the
GPO on their computers. You suspect that the issue is due to some conflicting policies
that are taking higher precedence on the other policies applied by the GPO. Which of the
following actions can you take to find out the policies applied on the users?
Each correct answer represents a complete solution. Choose two.

A. Use the HFNETCHK.EXE command.
B. Use the NTDSUTIL utility.
C. Use the GPRESULT /z command.
D. Use the RSoP Wizard in logging mode.
Answer: C, D
QUESTION NO: 10
You work as a Network Administrator for Blue Well Inc. The company has a Windows
2000 single domain Active Directory-based network. The company wants to upgrade all
its servers to Windows Server 2008 and then its network to a Windows 2008 Active
Directory-based network. Before upgrading the network, you want to test the transfer of
user and computer accounts from the existing environment to the new environment. You
take the following steps:
Create some test users and a test group in the existing environment.
Make these users members of the group.
Create a new Windows 2008 forest in a new server.
Which of the following tools will you use to test the successful transfer of user and
computer accounts and groups?
A. Windows Easy Transfer

B. ADMT v3
C. CSVDE
D. USMT 3.0
Answer: B
QUESTION NO: 11

- 43 -
Windows 2008 Active Directory-based single domain network. The company has two
offices, one in Atlanta and the other in Denver. The company's headquarters is located in
Atlanta. Both locations have been configured as separate sites. The headquarters contains
500 users, whereas the branch office in Denver contains fifty users.
Users in the company use an application named REPORT that requires directory access.
The management of the company wants to raise the level of security data. The new
company policy dictates that Active Directory data must be secure. You know that the
physical security in the branch office can be compromised. You need to secure the
domain controller in the branch office. Which of the following steps will you take to
accomplish the task?
A. Configure universal group membership caching at the branch office. Remove the
domain controller.
B. Install a global catalog server at the branch office. Remove the domain controller.
C. Install an RODC at the branch office. Remove the domain controller.
D. Place the domain controller at the branch in a strong room secured with locks and
keys.
Answer: C
QUESTION NO: 12
You work as a Network Administrator for Net World International. The company has an
Active Directory-based Windows single forest network. Organizational units (OUs) are
configured separately for each department. All the department's users and computers are
placed in their respective OUs. A domain-level OU is also configured on the network to
implement domain-wide policies. Rick, a Sales Manager, complains that he is unable to
access an application. You suspect that a group policy is preventing Rick from accessing
the application. You want to find out the effective group policies on Rick. Which
command-line tool will you use to accomplish the task?
A. GPUPDATE
B. GETRESULT
C. GPRESULT
D. Resultant Set of Policy Wizard
Answer: C
QUESTION NO: 13
You work as a Network Administrator for Tech Perfect Inc. The company has an Active
Directorybased network. You have installed Windows Server 2008 on a computer. You
want to configure the server as a Certificate Authority (CA). Which of the following
utilities will you use to accomplish the task?
- 44 -
A. Manage Your Server
B. Configure Your Server
C. Security Configuration Wizard
D. Server Manager
Answer: D
QUESTION NO: 14
You work as a Network Administrator for Maya Inc. The company has a Windows
Active Directory-based single domain network. The company's offices are located in Los
Angeles, Denver, San Jose, and San Diego. All locations have been configured as
separates sites. The company' headquarters is located in Los Angeles. The network is
configured as shown in the image below:
You have configured domain controllers at each site. A bridgehead server is configured
at the headquarters. Each branch office contains fifty users. Users use an Active
Directory integrated application. You experience that the bridgehead server at the
headquarters is receiving a lot of Active Directory replication traffic from the branch
offices. You are required to reduce the Active Directory replication traffic. Which of the
following steps will you take to accomplish the task?
A. Install a global catalog server at the branch offices.

B. Configure universal group membership caching at the branch offices. Remove the
domain controllers from the branch offices.
C. Replace the domain controllers at the branch offices with RODCs.
D. Change the 256kbps lines to T1 lines.
Answer: C
QUESTION NO: 15

- 45 -
You work as a Network Administrator for Maya Inc. The company has an Active
Directory-based network. You install Server Core of Windows Server 2008 on a
computer. You want to install an Active Directory Certificate Authority (CA) on the
server. Which of the following steps will you take to accomplish the task?
A. Run the Configure Your Server wizard.

B. Run the Manage Your Server wizard.
C. You cannot install AD CA in a Server Core installation of Windows Server 2008.
D. Run the Server Manager console.
Answer: C
QUESTION NO: 16
You work as a Network Administrator for Net World Inc. The company has a Windows
Active Directory-based single forest network. The functional level of the forest is
Windows Server 2008. All client computers on the network run Windows Vista Ultimate.
The company's headquarters is located in San Francisco. The company has three branch
offices located in San Jose, San Diego, and New Orleans. Each location is configured as
a different site. Each site location is configured as a separate domain too. The branch
offices are connected to the headquarters as shown in the image below:
The location information of the resources is placed in Active Directory. Users in the New
Orleans domain regularly search for available resources in Active Directory by using the
Entire Directory option. The users complain of slow response time while searching
Active Directory for resources. You are required to improve the response time for users
at the New Orleans office.

- 46 -
Which of the following steps will you take to accomplish the task?
A. Configure a domain controller of the San Francisco domain at the New Orleans site.
B. Configure universal group membership caching at the New Orleans site.
C. Upgrade the 256Kbps WAN link to a 1Mbps WAN link.
D. Configure a global catalog server at the New Orleans office.
Answer: D
QUESTION NO: 17
You work as a Network Administrator for Maya Inc. The company has a Windows
network environment. The network is configured as a Windows Active Directory-based
single forest single domain network. The network contains Windows Server 2003 and
Windows Server 2008 domain controllers. Client computers on the network either run
Windows Vista Ultimate or Windows XP Professional. A new security policy is to be
implemented. It requires multiple password policies to be implemented on the network.
You are required to prepare the network for implementing the new security policy. Your
solution must involve minimum administrative efforts. Which of the following steps will
you take to accomplish the task?
Each correct answer represents a part of the solution. Choose two.
A. Upgrade all domain controllers running Windows Server 2003 to Windows Server
2008.
B. Raise the functional level of the forest to Windows Server 2008.
C. Configure different domains for different password policies.
D. Upgrade all computers running Windows XP Professional to Windows Vista.
E. Raise the functional level of the domain to Windows Server 2008.
Answer: A. E
QUESTION NO: 18
You work as a Network Administrator for Peach Tree Inc. The company has a Windows
Server 2003- based network. The company wants to upgrade all its Windows 2003
servers to Windows Server
2008.
Before upgrading the servers, you want to test the new operating system and its
reliability. You also want to test various different operating systems. Which of the
following features of Windows Server 2008 allows you to install and run different
operating systems on a single computer?
A. RODC
B. Hyper-V
C. RSoP
D. Online Responder

- 47 -
Answer: B
QUESTION NO: 19
You have been hired by McNeil Inc., to design the company's network. The company's
headquarters is located in Denver. The company has many branch offices. All branch
offices are connected to the headquarters through dedicated T1 lines. The management of
the company wants to have a Windows 2008 Active Directory-based network. The
company's policy states that only the administrators of the headquarters are allowed to
create and manage user accounts. The local administrators in the branch offices are
allowed to control their own resources only. Replication or authentication traffic on the
WAN is not an issue here.
Which of the following designs will you use to fulfill the requirements of the company?
A. Create a multi-forest network.
Create a forest for each branch office and one for the main office.
Delegate the authority for the resource administration to the local Administrators for their
respective forests.
Delegate the authority to the main office's forest to the Domain Admins group only.
B. Create a single domain network.
Create an organizational unit (OU) for each branch office and an OU for the main office.
own OUs.
Delegate the authority for the main office's OU to the Domain Admins group only.
C. Create a domain for the main office.
Create child domains for the branch offices.
Keep all the user accounts in the main office domain and the resources on each domain of
the branch offices.
Give Administrators Full Control access to the domain controllers.
D. Create a single domain network.
Create a site for each branch office and a site for the main office.
respective sites.
Delegate the authority of the main office's site to the Domain Admins group only.
Answer: B
QUESTION NO: 20
You are the systems administrator for your company, a plastic container manufacturer
and distributor. The company's network consists of a single Active Directory forest. The
network contains an Internet Information Services (IIS) server that hosts a Web
application that allows users to purchase your company's products online.

- 48 -
Your company has a partner organization, a graphic design firm that designs your
company's products. The partner company has its own Active Directory forest. You are
required to enable users in the partner organization to access your Web application
without being prompted for secondary credentials.
Which Windows Server 2008 server role should you install in your network to provide
Web-based Single-Sign-On (SSO) capabilities to users in the partner organization?
A. Active Directory Rights Management Services (AD RMS)

B. Active Directory Federation Services (AD FS)
C. Active Directory Lightweight Directory Services (AD LDS)
D. Active Directory Directory Services (AD DS)
Answer: B
QUESTION NO: 21
You administer your company's network. The network consists of a single Active
Directory domain. All servers run Windows Server 2008, and all client computers run
Windows Vista. The company's written security policy stipulates that employees must
use certificates for remote access and secure e-mail. Only designated administrators are
authorized to approve users' requests for certificates, issue certificates, and revoke
certificates.
You install Certificate Services on several servers and configure them as enterprise
certification authorities (CAs).
You must assign the appropriate privileges to the designated administrators in accordance
with the company policy. Which of the following should you do?
A. Issue an Enrollment Agent certificate to each designated administrator.
B. Assign the designated administrators to the Certificate Manager role on each CA.
C. Assign the Allow - Enroll permission for each certificate template to the designated
administrators.
D. Assign the Allow - Write permission for each CA to the designated administrators.
Answer: B
QUESTION NO: 22
You are the systems administrator for your company. The company's network consists of
a single Active Directory domain. A computer running Windows Server 2008 has both
Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory
Services (AD LDS) roles installed. The AD LDS server contains an instance with the
default name that is used by several applications that access data from and write data to
the AD LDS database.
Over time, users report to you that the AD LDS applications have become slow. To
resolve this problem, you want to defragment the AD LDS database.

- 49 -
What should you do to perform an offline defragmentation of AD LDS database?
(Choose all that apply. Each correct answer is part of a single solution.)
A. Restart the domain controller in Directory Services Restore Mode.

B. Run the Net stop Adam_instance1 command.
C. Run the Net stop Ntds command.
D. Use the Ntdsutil command with the appropriate parameters to defrag the database.
E. Run the Net start Adam_instance1 command.
F. Run the Net start Ntds command.
Answer: B, D, E
QUESTION NO: 23
You are a network administrator for your company. The corporate network consists of a
single Active Directory domain where all servers run Windows Server 2003 and all client
computers run Windows XP Professional. You use a Group Policy object (GPO) to
deploy an application on the network. Later, you receive a different application to work
with the files that have the same file name extensions instead of the previously deployed
application. You must deploy the new application, but users should not have to install it
if they choose to use the original application instead of the new one. However, only one
of these applications should be installed on the same computer.
Which of the following should you do?

A. Assign the new application to computers; specify in the GPO that the original
application be removed before the new one is installed.
B. Publish the new application to computers and remove the GPO that deploys the
original application.
C. Assign the new application to users and remove the GPO that deploys the original
application.
D. Publish the new application to users; specify in the GPO that the original application
be removed before the new one is installed.
Answer: D
QUESTION NO: 24
You are the network administrator for Network Corporation. Your network has a single
domain, and all of the domain controllers run Windows Server 2008.
A domain controller in the branch office failed this morning. This domain controller does
not hold any other roles.
You bring the domain controller back on line, but you need to perform a nonauthoritative
restore of the domain controller. You do not have a critical volume backup of the domain
controller on hand, but you do have a recent full backup.
What should be your first action to perform a nonauthoritative restore of the domain
controller?

- 50 -
A. Perform a critical backup of another domain controller. Reboot the failed domain
controller into Directory Services Restore Mode (DSRM).
B. Perform a full backup of another domain controller. Reboot the failed domain
controller into Directory Services Restore Mode (DSRM).
C. At the command prompt, type bcdedit/set safeboot dsrepair and hit Enter. At the
next command prompt, type shutdown -t 0 -r and hit Enter.
D. At the command prompt, type bcdedit /set safeboot and hit Enter. At the next
command prompt, type shutdown -t 0 -r and hit Enter.
Answer: C
QUESTION NO: 25
You are the network administrator of your company. Your company has a main office
and a branch office. The main office network consists of a single Active Directory
domain.
You want to create a new domain for the branch office in the same forest as the main
office domain. Which operations master role must be available in the forest for you to
create a new domain for the branch office successfully?
A. Schema master
B. Domain naming master
C. Relative ID (RID) master
D. Primary domain controller (PDC) emulator master
E. Infrastructure master
Answer: B
QUESTION NO: 26
You are the network administrator of your company. You install Windows Server 2008
on all servers on the network. All client computers are configured to run Windows Vista.
You want to be able to use Advanced Encryption Standard (AES) with Kerberos for
encryption of Ticket Granting Tickets (TGTs), service tickets, and session keys.
What is the minimum domain functional level that is required to support AES encryption
with Kerberos?
A. Windows 2000 Server mixed
B. Windows 2000 Server native
C. Windows Server 2003
D. Windows Server 2008
Answer: D
QUESTION NO: 27

- 51 -
You are the systems administrator for your company. The company's network consists of
a single Active Directory domain. All domain controllers run Windows Server 2008, and
all client computers run Windows Vista. You have a public key infrastructure that has a
subordinate enterprise Certification Authority (CA), which issues certificates on behalf of
the root CA.
You have a certificate template that allows users to autoenroll, and a group policy object
that distributes the certificates to users. All users are able to automatically obtain
certificates. You now want routers and other network devices are able to obtain
certificates from the CA.
What should you do?

A. Assign the routers and network devices the Autoenroll permission in a certificate
template.
B. Change the Publish Delta CRL to 1 hour so expired certificates for routers and
network devices are published in Active Directory.
C. Install the Online Certificate Status Protocol (OCSP) role service for AD CS.
D. Install the Microsoft Simple Certificate Enrollment Protocol (MSCEP) role service for
AD CS.
Answer: D
QUESTION NO: 28
You are the network administrator for your company. Your company's network has a
single forest with three domains. All domain controllers in your forest are Windows
Server 2008. Each domain is configured to be a separate site.
Recently the telephone company has changed the telephone number of a department in
the location of one of your company's domains. There are 55 accounts that are affected
by the telephone number change. You need to change the telephone number property in
the 55 different accounts.
You want to perform the update as quickly as possible. What should you do?
A. Use CSVDE to export the 55 accounts to a CSV file. Change the telephone number
and use CSVDE to import the accounts.
B. In Active Directory Users and Computers, select Find from the Action menu and
create a saved LDAP query that will return the 55 user accounts. Select all of the user
accounts returned by the query and simultaneously modify the telephone number in their
accounts' properties.
C. Create a saved LDAP query that will return user accounts of the 55 user accounts.
Export the results to a tab-delimited file, modify the expiration date in the file and use the
LDIFDE utility to import the file into Active Directory.
D. In Active Directory Users and Computers, select Find from the

- 52 -
Action menu and create a LDAP query that will return the 55 user accounts. Export the
results to a comma-delimited file, modify the expiration date in the file and use the
CSVDE utility to import the file into Active Directory.
Answer: B
QUESTION NO: 29
You are the administrator for a nationwide company with over 5,000 employees. Your
main office has approximately 4,500 employees, while the company's ten remote offices
have 50 users residing in each. You are often unaware of the physical security in place at
these offices. However, since there is a fairly sizable amount of users at each office, you
must provide them with directory services.
What is the BEST option to use for directory services when security is often an
unknown?
A. Lightweight Directory Services

B. Read-only domain controllers
C. Active Directory Federation Services
D. Active Director Rights Management Services
Answer: B
QUESTION NO: 30
You are the administrator for a nationwide company with over 5,000 employees. Your
director tells you your company has just signed into a partnership with another
organization, and that you will be responsible for ensuring that authentication can occur
between both organizations without the need for additional sign-on accounts. Your boss
mentions that the partner has a variety of Directory Services installed throughout their
organizations. Which of the following can Active Directory Federation Services NOT
connect to?
A. Lightweight Directory Services

B. Windows Server 2003 Directory Services
C. Windows Server 2003 R2 Directory Services
D. All of the above
Answer: B
QUESTION NO: 31

- 53 -
You are the administrator for a nationwide company that currently runs Windows Server
2008 DNS and are reviewing the resource records in your Active Directory-integrated
DNS zone. You notice there are hostnames that do not meet your company's naming
convention and verify that the computers are not members of your Active Directory
domain. What must you do to ensure these hosts cannot create records in your DNS
zone?
A. Disable DNS and enable DHCP.

B. Configure your zone to enable secure dynamic updates.
C. Disable dynamic updates in your zone.
D. You cannot prevent this from occurring in DNS.
Answer: B
QUESTION NO: 32
You are creating a new standard primary zone for the company you work for, Name
Resolution University, using the domain nru.corp. You create the zone through the DNS
management console, and now you want to view the corresponding DNS zone file,
nru.corp.dns. Where do you need to look in order to find this file?
A. You cannot view the zone file because it is stored in Active Directory.
B. You can look in the %systemroot%\system32\dns folder.
C. You cannot view the DNS file except by using the DNS management console.
D. The DNS zone file is actually just a key in the Windows Registry. You need to use the
Registry Editor if you want to view the file.
Answer: B
QUESTION NO: 33
You have implemented DNS on a Windows Server 2008 Core Server installation. You
want to list the DNS zones on this server. What command-line utility would you use to
accomplish this?
A. ocsetup.
B. netsh.
C. dnscmd.
D. None of the above. You must use the GUI from another Windows Server
2008 host.
Answer: C

- 54 -
QUESTION NO: 34
What is the purpose of resetting an account?
A. Helps you reset a computer password stored in Active Directory so the computer can
make a trusted connection with Active Directory.
B. Helps you reboot the computer.
C. Helps you restart netlogon services.
D. Helps you change the authentication protocol from NTML to Kerberos.
Answer: A
QUESTION NO: 35
Josh is responsible for administering a small Active Directory domain. Recently, your
company has acquired a small company where all the computers are installed in a
workgroup. Which of the following operations must she perform in order to create the
computer accounts? (Choose all that apply.)
A. Select Start | Run, and then type in the joinallwks /user:administrator command.
B. Select Start | Programs | Administrative Tools | Active Directory Users and
Computers, and then right-click the computer container and create the computer objects.
C. Rename the existing computers in a workgroup.
D. Query for resources.
Answer: B
QUESTION NO: 36
Himma is managing an Active Directory environment of a medium-size company. He is
troubleshooting a problem with the Active Directory. One of the administrators made an
update to a user object and another reported that he had not seen the changes appear on
another DC. It was more than a week since the change was made. Robin checks the
problem by making a change to another Active Directory object. Within a few hours, the
change appears on a few DCs, but not on all of them. Which of the following is a
possible cause for this problem?
A. Connection objects are not properly configured.

B. Robin has configured one of the DCs for manual updates.
C. There might be different DCs for different domains.
D. Creation of multiple site links between the sites.
Answer: A
QUESTION NO: 37

- 55 -
You are a systems administrator for an Active Directory environment that consists of two
dozen sites. The physical network environment is not fully routed, and You have disabled
automatic site link transitivity. Now you want to set up three site links to be transitive, as
they are physically connected to one another. Which of the following Active Directory
objects is responsible for representing a transitive relationship between sites?
A. Additional sites
B. Additional site links
C. Bridgehead servers
D. Site link bridges
Answer: D
QUESTION NO: 38
Maria is an administrator of a medium-size organization responsible for managing Active
Directory replication traffic. She finds an error in the replication configuration. How can
she look for specific error messages related to replication?
A. Use the Active Directory Sites and Services administrative tool

B. Use the Disk Management tool
C. View the System log option in the Event Viewer
D. View the Directory Service log option in the Event Viewer
Answer: D
QUESTION NO: 39
Martin is going to be migrating his Lotus Notes environment into his newly established
Windows Server 2008 forest. He has guidance on what he will require for Group Policy
settings for the different teams and departments.
He has not yet created his OU structure. How should Joey proceed in creating the
required GPOs?
A. Create stand-alone GPOs

B. Create the GPOs at the Domain level
C. Create the GPOs at the Site level
D. Wait to create the GPOs until the OU structure is in place
Answer: A
QUESTION NO: 40

- 56 -
The CIO has asked you to configure a GPO that will ensure that antivirus software is
installed on every computer in the company. You are the most senior administrator in the
company and have full access to every computer, and to Active Directory. Your company
has a single domain and site. Which one of the following actions do you take?
A. You configure a GPO at the domain level, and publish the application to all
computers.
B. You configure a GPO at the site level, and assign the application to all computers.
C. You create a GPO with the required settings and link it into all OUs that have
computer accounts in it. You set the options to assign the application to computers.
D. You tell him it cannot be done.
Answer: D
QUESTION NO: 41
Joe is responsible for administering her company's PKI. The company has an offline root
CA and four enterprise subordinate CAs, each of which issues certificates to users in a
major division of the company.
As a result of corporate downsizing and reorganization, one of the four major divisions is
being disbanded. Betsy must ensure that resources on the network will not accept
certificates from the subordinate CA located in the division that is being disbanded.
Which of the following should she do? (Each correct answer represents part of the
solution. Choose three answers.)
A. At the disbanded division's subordinate CA, revoke all the certificates that it has
issued.
B. Uninstall the AD CS role from the disbanded division's subordinate CA.
C. Bring the offline root CA online, revoke the disbanded division's subordinate CA's
certificate, and then take the root CA back offline.
D. Publish a new base CRL.
E. Publish a new delta CRL.
F. Copy the new CRL to the network's CRL distribution point.
G. Add the AIA extension to all URLs where certificates issued by the disbanded
division's subordinate CA can be retrieved.
Answer: C, D, F
QUESTION NO: 42
Martin is responsible for administering AD CS within his company's AD DS domain. He
has configured a PKI that consists of a standalone root CA and two enterprise
subordinate CAs on servers running Windows Server 2008 Enterprise Edition. He wants
to configure the subordinate CAs to support the Online Responder service for keeping
track of revoked certificates. Which of the following tasks must Jim perform? (Each
correct answer represents part of the solution. Choose two answers.)
- 57 -
A. Enable the use of the OCSP Response Signing certificate template from the Certificate
Templates snap-in.
B. Configure the CA servers to publish delta CRLs.
C. From the Extensions tab of the CA server's Properties dialog box, configure a CRL
distribution point on the CA servers.
D. From the Extensions tab of the CA server's Properties dialog box, select the URL for
the online responder, and select the check box labeled Include in the AIA Extension of
Issued Certificates.
E. From the Extensions tab of the CA server's Properties dialog box, select the URL for
the online responder, and select the check boxes labeled Include in the AIA Extension of
Issued Certificates and Include in the Online Certificate Status Protocol (OCSP)
Extension.
Answer: A, E
QUESTION NO: 43
Lee is responsible for maintaining DNS on his company's AD DS network, which
consists of a single domain in which all servers run Windows Server 2008. The company
operates an office in downtown Denver and a suburban office in Littleton.
After upgrading a member server in the company's suburban office to a domain

controller, users at that office report that logon to the domain is slow. Upon investigating
the problem, Roy notices that the service (SRV) resource records for the new domain
controller are not registered in the DNS zone for the suburban office. What should he do
to reregister these SRV resource records as quickly as possible?
A. Restart the DNS Server service.

B. Restart the DNS Client service.
C. Restart the Netlogon service.
D. Reboot the domain controller.
Answer: C
QUESTION NO: 44
Kevin is responsible for maintaining AD DS replication on his company's network,
which consists of three domains and nine sites. When he uses replmon to check the
automatically configured replication topology, he notices that connection paths are not
established in what he thinks is the optimum manner.
What can Kevin do to manually change the topology?
A. Edit the Registry to indicate the appropriate paths.

B.

- 58 -
Use Active Directory Sites and Services to manually create a site link object connecting
the required servers.
C. Force the Knowledge Consistency Checker (KCC) to update the replication topology.
D. Brian cannot modify the replication paths. The KCC does not permit this type of
configuration.
Answer: B
QUESTION NO: 45
Greg is the network administrator for a company that operates an AD DS network
consisting of a single domain. Company executives have signed a long-term partnership
agreement with another company that also operates an AD DS network. Users in Greg's
company will require access to rights-protected confidential information that is stored on
web servers located on the second company's network. Users in the second company will
not require access to documents on Greg's network.
Which two of the following should Carol configure on her network? (Each correct
answer represents part of the solution. Choose two answers.)
A. Active Directory Lightweight Directory Services (AD LDS)

B. Active Directory Rights Management Services (AD RMS)
C. Active Directory Federation Services (AD FS)
D. Active Directory Certificate Services (AD CS)
E. A one-way external trust relationship
Answer: B, C
QUESTION NO: 46
You are the network administrator for a company that operates an AD DS network
consisting of a single domain. Servers run Windows Server 2008, and client computers
run Windows Vista Enterprise. The domain contains OUs that are structured according to
the departmental structure of the company, and all OUs have multiple
GPOs linked to them.
As a result of departmental reorganization, the Design OU needs to be moved under the

Engineering OU. Alfredo needs to determine which objects in the Design OU are
adversely affected by GPOs linked to the Engineering OU. What should Alfredo do to
achieve this goal without disruption to users?
A. Use the Group Policy Modeling Wizard for the Design OU. Choose the Engineering
OU to simulate policy settings.
B.

- 59 -
Use the Group Policy Modeling Wizard for the Engineering OU. Choose the Design OU
to simulate policy settings.
C. Use the Group Policy Results Wizard for the Design OU. Review the policy results
for users in the OU.
D. Use the Group Policy Results Wizard for the Engineering OU. Review the policy
results for users in the OU.
Answer: A
QUESTION NO: 47
Joe's company operates an AD DS forest consisting of a single tree with an empty root
domain and five child domains that represent operational divisions. Joe is responsible for
maintaining the FSMO roles. In total, how many FSMO roles are present in this tree?
A. One schema master, one domain naming master, six RID masters, six PDC emulators,
and six infrastructure masters
B. One schema master, one domain naming master, five RID masters, five PDC
emulators, and five infrastructure masters
C. Six schema masters, six domain naming masters, six RID masters, six PDC emulators,
and six infrastructure masters
D. One schema master, one domain naming master, one RID master, one PDC emulator,
and one infrastructure master
Answer: A
QUESTION NO: 48
You administer the network for a catering company called Thoughtful Food. Your firm
operates a single domain AD DS network that includes three Windows Server 2008
computers and a mix of Windows XP Professional and Windows Vista Business clients.
Management has notified you that a competitor known as Engorge & Devour
has taken a keen interest in your pumpkin soup recipe. Two employees of Thoughtful
Food have recently resigned and taken up positions with Engorge & Devour, and
management is afraid that they will attempt to steal proprietary formulas and recipes
belonging to Thoughtful Food by breaking into your network. You are tasked with
improving logon security on Thoughtful Food's network by limiting the number of failed
logon attempts for all users on the network and by establishing an audit policy for
tracking failed logon attempts.
Which of the following tasks should you undertake to complete this task? (Each correct
answer represents part of the solution. Choose two answers.)
A. Edit the Default Domain Policy GPO to enable auditing and account lockout.

- 60 -
B. Monitor the security log for failed account management attempts on each domain
controller.
C. Monitor the security log for failed logon attempts on each domain controller.
D. Configure a local security policy on each computer in the domain.
Answer: A, C
QUESTION NO: 49
Kevin is the senior network administrator for his company. The CIO has asked him to
create an OU structure that enables the Research department to administer its own user
accounts so that the IT department staff other than Kevin don't have permissions to this
OU. Kevin is the only member of the Enterprise Admins group, other than the
domain's default administrator account, whose password is known only by Kevin and the
CIO.
Kevin creates a Research Admins security group and Research OU, delegates
administrative permissions to the Research Admins group, and removes the IT
department security group from the permissions list.
A few days later, Kevin discovers that another administrator has been resetting user
accounts for Research employees. What has he missed?
A. Kevin needs to create a separate Research domain to isolate it from the corporate
domain.
B. Kevin needs to change the password on the domain administrator account because the
other administrator must be using that account.
C. Kevin needs to remove the Enterprise Admins group from the permissions list.
D. Kevin needs to remove the Domain Admins group from the permissions list.
Answer: D
QUESTION NO: 50
Jim is the systems administrator for a company that operates an AD DS network
consisting of a single domain. He is configuring the properties of several GPOs, one of
which is linked to the domain, and the others are linked to various OUs, including child
OUs. At the domain level, Jim configures a Restricted Desktop GPO that removes the
Network and Games folders from the Start menu. On the Scope tab for this policy in
Group Policy Management Console (GPMC), he sets the Enforced option to Yes. Jim
also configures another GPO that disables the removal of the Network folder, links it to
the IT OU, and specifies Block Inheritance so that the IT staff will be able to use this
folder. Later, a couple of IT staffers call to complain that they are unable to reach the
Network folder.

- 61 -
What is the most likely reason that IT staffers are unable to reach the Network folder?
A. Block Inheritance takes precedence over Enforced.

B. Enforced takes precedence over Block Inheritance.
C. When both these options are set, they cancel each other out.
D. The policies that Jim configured at the OU level were ignored because these options
can be set only at the site or domain level.
Answer: B

- 62 -

70 640b

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

70 640b

Загружено:

Авторское право:

Доступные форматы

Contents

Topic 1, Exam Set 1 ( 46 Questions) 3

Total number of questions = 96

Leading the way in IT testing and certification tools, www.Company.com

What action should you consider?

Leading the way in IT testing and certification tools, www.Company.com

A. You should run the net start command on TESTKING-SR15.

The Company.com network has two domain controllers TESTKING-DC01 and

Leading the way in IT testing and certification tools, www.Company.com

"SQL Server does not exist or access is denied."

How can you access the AD RMS administration website?

Leading the way in IT testing and certification tools, www.Company.com

What action should you take adhere to the new policy?

A. This can be accomplished by having a list of trusted certificate authorities published to

TESTKING-SR01 running Enterprise Root certificate authority (CA)

Leading the way in IT testing and certification tools, www.Company.com

What action should you consider in order to log on to TESTKING-WS640?

A. You should consider opening the command prompt on TESTKING-WS640 and

Leading the way in IT testing and certification tools, www.Company.com

The network has the following setup.

Leading the way in IT testing and certification tools, www.Company.com

Leading the way in IT testing and certification tools, www.Company.com

The Company.com network has two servers named TESTKING-SR01 and

TESTKING-SR01 - Standard Primary zone

You have to perform the following tasks

- Perform the replication of Company.com Zone Data

A. You should consider having the zone transfer settings configured on

Leading the way in IT testing and certification tools, www.Company.com

Leading the way in IT testing and certification tools, www.Company.com

QUESTION NO: 14 DRAG DROP

Leading the way in IT testing and certification tools, www.Company.com

Leading the way in IT testing and certification tools, www.Company.com

The Company.com network has a server named TESTKING-SR01 that functions as an

A. The Hisecdc security template should be applied to TESTKING-SR01.

Leading the way in IT testing and certification tools, www.Company.com

The Company.com Network contains a server which is configured as:

Leading the way in IT testing and certification tools, www.Company.com

A. You should consider running the DCPROMO command on TESTKING-DC06 to

Leading the way in IT testing and certification tools, www.Company.com

QUESTION NO: 20 DRAG DROP

The Company.com network has four file servers named TESTKING-SR01,

Leading the way in IT testing and certification tools, www.Company.com

Leading the way in IT testing and certification tools, www.Company.com

The Company.com network has two servers named TESTKING-SR01 and

TESTKING-SR01 - Enterprise Root certificate authority (CA).

A. You should enable the Dual Certificate List extension on TESTKING-SR02.

Leading the way in IT testing and certification tools, www.Company.com

Leading the way in IT testing and certification tools, www.Company.com

A. You should consider running the dconfig command on TESTKING-SR04.

How would you implement this policy?

Leading the way in IT testing and certification tools, www.Company.com

QUESTION NO: 26 DRAG DROP

Company.com decides to reorganize the forest structure by removing the intl.Company.com

Leading the way in IT testing and certification tools, www.Company.com

Leading the way in IT testing and certification tools, www.Company.com

The Company.com network has six domain controllers named TESTKING-DC01,

Leading the way in IT testing and certification tools, www.Company.com

A. You should consider having TESTKING-SR02 made a member of the

Leading the way in IT testing and certification tools, www.Company.com

The Company.com network has a server named TESTKING-SR03 that functions as an

What action should you take configuring TESTKING-SR05 as an Enterprise CA?

A. Your best option would be to first configure TESTKING-SR05 as a Standalone CA.