70-648 by - Ali Islam (210q)

Microsoft.Certify-Me.Testking.70-648.v2011-12-18.by.Gosha.
646q
Number: 70-648 Passing Score: 700 Time Limit: 120 min File Version: 1.0
Sections 1. 70-640 2. 70-642
Exam A QUESTION 1 Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. You upgrade all domain controllers to Windows Server 2008. You need to configure the Active Directory environment to support the application of multiple password policies. What should you do? A. B. C. D. Raise the functional level of the domain to Windows Server 2008. On one domain controller, run dcpromo /adv. Create multiple Active Directory sites. On all domain controllers, run dcpromo /adv.
Answer: A Section: 70-640 Explanation/Reference: Explanation:
QUESTION 2 Your company has two Active Directory forests named contoso.com and fabrikam.com. The company network has three DNS servers named DNS1, DNS2, and DNS3. The DNS servers are configured as shown in the following table.
All computers that belong to the fabrikam.com domain have DNS3 configured as the preferred DNS server. All other computers use DNS1 as the preferred DNS server. Users from the fabrikam.com domain are unable to connect to the servers that belong to the contoso.com domain. You need to ensure users in the fabrikam.com domain are able to resolve all contoso.com queries. What should you do? A. B. C. D. Configure conditional forwarding on DNS1 and DNS2 to forward fabrikam.com queries to DNS3. Create a copy of the _msdcs.contoso.com zone on the DNS3 server. Create a copy of the fabrikam.com zone on the DNS1 server and the DNS2 server. Configure conditional forwarding on DNS3 to forward contoso.com queries to DNS1.
Answer: D Section: 70-640 Explanation/Reference: Explanation:
QUESTION 3 Your company, Contoso, Ltd., has offices in North America and Europe. Contoso has an Active Directory forest that has three domains. You need to reduce the time required to authenticate users from the labs.eu. contoso.com domain when they access resources in the eng.na.contoso.com domain. What should you do?
A. B. C. D.
Decrease the replication interval for all Connection objects. Decrease the replication interval for the DEFAULTIPSITELINK site link. Set up a one-way shortcut trust from eng.na.contoso.com to labs.eu.contoso.com. Set up a one-way shortcut trust from labs.eu.contoso.com to eng.na.contoso.com.
Answer: C Section: 70-640 Explanation/Reference: Explanation:
QUESTION 4 Your company has an Active Directory forest that contains eight linked Group Policy Objects (GPOs). One of these GPOs publishes applications to user objects. A user reports that the application is not available for installation. You need to identify whether the GPO has been applied. What should you do? A. B. C. D. Run the Group Policy Results utility for the user. Run the GPRESULT /S <system name> /Z command at the command prompt. Run the GPRESULT /SCOPE COMPUTER command at the command prompt. Run the Group Policy Results utility for the computer.
QUESTION 5 Your company has a single-domain Active Directory forest. The functional level of the domain is Windows Server 2008. You perform the following activities: Create a global distribution group. Add users to the global distribution group. Create a shared folder on a Windows Server 2008 member server. Place the global distribution group in a domain local group that has access to the shared folder. You need to ensure that the users have access to the shared folder. What should you do? A. B. C. D. Add the global distribution group to the Domain Administrators group. Change the group type of the global distribution group to a security group. Change the scope of the global distribution group to a Universal distribution group. Raise the forest functional level to Windows Server 2008.
Answer: B Section: 70-640 Explanation/Reference: Explanation:
QUESTION 6 Your company has a DNS server that has 10 Active DirectoryCintegrated zones. You need to provide copies of the zone files of the DNS server to the security department. What should you do? A. B. C. D. Run the dnscmd /ZoneInfo command. Run the ipconfig /registerdns command. Run the dnscmd /ZoneExport command. Run the ntdsutil > Partition Management > List commands.
QUESTION 7 Your company has a main office and a branch office that are configured as a single Active Directory forest. The functional level of the Active Directory forest is Windows Server 2003. There are four Windows Server 2003 domain controllers in the main office. You need to ensure that you are able to deploy a read-only domain controller (RODC) at the branch office. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. B. C. D. Raise the functional level of the forest to Windows Server 2008. Deploy a Windows Server 2008 domain controller at the main office. Raise the functional level of the domain to Windows Server 2008. Run the adprep/rodcprep command.
Answer: BD Section: 70-640 Explanation/Reference: Explanation:
QUESTION 8 Your company has a domain controller that runs Windows Server 2008. The domain controller has the backup features installed. You need to perform a non-authoritative restore of the doman controller using an existing backup file. What should you do? A. B. C. D. Boot into Directory Services Restore Mode and use wbadmin to restore critical volume Boot into Directory Services Restore Mode and use the backup snap-in to restore critical volume Boot into Safe Mode and use wbadmin to restore critical volume Boot into Safe Mode and use the backup snap-in to restore critical volume
QUESTION 9 Your company has an Active Directory domain. All servers run Windows Server. You deploy a Certification Authority (CA) server. You create a new global security group named CertIssuers. You need to ensure that members of the CertIssuers group can issue, approve, and revoke certificates. What should you do?
A. B. C. D.
Assign the Certificate Manager role to the CertIssuers group Place CertIssuers group in the Certificate Publisher group Run the certsrv -add CertIssuers command promt of the certificate server Run the add -member-membertype memberset CertIssuers command by using Microsoft Windows Powershell
QUESTION 10 Your company has an Active Directory domain. The company has purchased 100 new computers. You want to deploy the computers as members of the domain. You need to create the computer accounts in an OU. What should you do? A. B. C. D. Run the csvde -f computers.csv command Run the ldifde -f computers.ldf command Run the dsadd computer <computerdn> command Run the dsmod computer <computerdn> command
Answer: C Section: 70-640 Explanation/Reference: Explanation: DSAdd is the command line utility that is used to add computers to a domain. DSMod is a commandline utility that is designed to modify an already existing object.
QUESTION 11 Your company has recently acquired a new subsidiary company in Quebec. The Active Directory administrators of the subsidiary company must use the French-language version of the administrative templates. You create a folder on the PDC emulator for the subsidiary domain in the path %systemroot%\SYSVOL \domain\Policies\PolicyDefinitions\FR . You need to ensure that the French-language version of the templates is available. What should you do?
A. Download the Conf.adm, System.adm, Wuau.adm, and Inetres.adm files from the Microsoft Web site. Copy the ADM files to the FR folder. B. Copy the ADML files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator. C. Copy the Install.WIM file from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator. D. Copy the ADMX files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator. Answer: B Section: 70-640 Explanation/Reference: Explanation:
QUESTION 12 Your company has two Active Directory forests named Forestl and Forest2, The forest functional level and the domain functional level of Forestl are set to Windows Server 2008. The forest functional level of Forest2 is set to Windows 2000, and the domain functional levels in Forest2 are set to Windows Server 2003. You need to set up a transitive forest trust between Forestl and Forest2, What should you do first? A. B. C. D. Raise the forest functional level of Forest2 to Windows Server 2003 Interim mode, Raise the forest functional level of Forest2 to Windows Server 2003. Upgrade the domain controllers in Forest2 to Windows Server 2008. Upgrade the domain controllers in Forest2 to Windows Server 2003,
QUESTION 13 Your company has an Active Directory forest that contains two domains, The forest has universal groups that contain members from each domain, A branch office has a domain controller named DC1, Users at the branch office report that the logon process takes too long, You need to decrease the amount of time it takes for the branch office users to logon. What should you do? A. Configure DC1 as a Global Catalog server, B. Configure DC1 as a bridgehead server for the branch office site, C. Decrease the replication interval on the site link that connects the branch office to the corporate network, D. Increase the replication interval on the site link that connects the branch office to the corporate network. Answer: A Section: 70-640 Explanation/Reference: Explanation:
QUESTION 14 You have a domain controller that runs the DHCP service. You need to perform an offline defragmentation of the Active Directory database on the domain controller. You must achieve this goal without affecting the availability of the DHCP service. What should you do? A. B. C. D. Restart the domain controller in Directory Services Restore Mode. Run the Disk Defragmenter utility. Restart the domain controller in Directory Services Restore Mode. Run the Ntdsutil utility. Stop the Active Directory Domain Services service. Run the Ntdsutil utility. Stop the Active Directory Domain Services service. Run the Disk Defragmenter utility.
Answer: C Section: 70-640
Explanation/Reference: Explanation:
QUESTION 15 Your network contains an Active Directory forest. You need to add a new user principal name (UPN) suffix to the forest. Which tool should you use? A. B. C. D. Active Directory Administrative Center Active Directory Domains and Trusts Active Directory Sites and Services Active Directory Users and Computers
QUESTION 16 Your network contains an Active Directory domain. The domain contains two sites named Site1 and Site2. Site 1 contains five domain controllers. Site2 contains one read-only domain controller (RODC). Site1 and Site2 connect to each other by using a slow WAN link. You discover that the cached password for a user named User1 is compromised on the RODC. On a domain controller in Site1, you change the password for User1. You need to replicate the new password for User1 to the RODC immediately. The solution must not replicate other objects to the RODC. Which tool should you use? A. B. C. D. Active Directory Sites and Services Active Directory Users and Computers Repadmin Replmon
QUESTION 17 Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computers run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO). You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers. You need to ensure that the audit policy is applied to all member servers and all client computers. What should you do? A. B. C. D. Add a WMI filter to the Default Domain Policy GPO. Modify the security settings of the Default Domain Policy GPO. Configure a startup script that runs auditpol.exe on the member servers. Configure a startup script that runs auditpol.exe on the domain controllers.
QUESTION 18 Your network contains an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers. You add multiple DNS records to the zone. You need to ensure that the records are replicated to all DNS servers. Which tool should you use? A. B. C. D. Dnslint Ldp Nslookup Repadmin
QUESTION 19 You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do? A. B. C. D. Run certutil.exe Cpulse. Run certutil.exe Cinstallcert. Change the certificate template to a Version 2 certificate template. On the certificate template, assign the Autoenroll permission to the users.
QUESTION 20 Your network contains an Active Directory domain. The domain contains a member server named Server1 that runs Windows Server 2008 R2. You need to configure Server1 as a global catalog server. What should you do? A. B. C. D. Modify the Active Directory schema. From Ntdsutil, use the Roles option. Run the Active Directory Domain Services Installation Wizard on Server1. Move the Server1 computer object to the Domain Controllers organizational unit (OU).
QUESTION 21 Your network contains an Active Directory forest. The forest contains an Active Directory site for a remote office. The remote site contains a read-only domain controller (RODC). You need to configure the RODC to store only the passwords of users in the remote site. What should you do? A. B. C. D. Create a Password Settings object (PSO). Modify the Partial-Attribute-Set attribute of the forest. Add the user accounts of the remote site users to the Allowed RODC Password Replication Group. Add the user accounts of users who are not in the remote site to the Denied RODC Password Replication Group.
QUESTION 22 Your network contains a single Active Directory domain. Client computers run either Windows XP Service Pack 3 (SP3) or Windows 7. All of the computer accounts for the client computers are located in an organizational unit (OU) named OU1. You link a new Group Policy object (GPO) named GPO10 to OU1. You need to ensure that GPO10 is applied only to client computers that run Windows 7. What should you do? A. B. C. D. Create a new OU in OU1. Move the Windows XP computer accounts to the new OU. Enable block inheritance on OU1. Create a WMI filter and assign the filter to GPO10. Modify the permissions of OU1.
Answer: C Section: 70-640 Explanation/Reference: Explanation: http://technet.microsoft.com/en-us/library/cc758471(v=WS.10).aspx
QUESTION 23 Your network contains an Active Directory domain named contoso.com. You need to audit changes to a service account. The solution must ensure that the audit logs contain the before and after values of all the changes. Which security policy setting should you configure? A. B. C. D. Audit Sensitive Privilege Use Audit User Account Management Audit Directory Service Changes Audit Other Account Management Events
QUESTION 24 Your network contains two Active Directory forests named contoso.com and nwtraders.com. Active Directory Rights Management Services (AD RMS) is deployed in each forest. You need to ensure that users from the nwtraders.com forest can access AD RMS protected content in the contoso.com forest. What should you do?
A. B. C. D.
Add a trusted user domain to the AD RMS cluster in the nwtraders.com domain. Create an external trust from nwtraders.com to contoso.com. Add a trusted user domain to the AD RMS cluster in the contoso.com domain. Create an external trust from contoso.com to nwtraders.com.
QUESTION 25 Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 is configured as an Active Directory Federation Services (AD FS) 2.0 standalone server. You plan to add a new token-signing certificate to Server1. You import the certificate to the server as shown in the exhibit. (Click the Exhibit button.) When you run the Add Token-Signing Certificate wizard, you discover that the new certificate is unavailable. You need to ensure that you can use the new certificate for AD FS. What should you do? Exhibit:
A. B. C. D.
From the properties of the certificate, modify the Certificate Policy OIDs setting. Import the certificate to the AD FS 2.0 Windows Service personal certificate store. From the properties of the certificate, modify the Certificate purposes setting. Import the certificate to the local computer personal certificate store.
QUESTION 26 You need to purge the list of user accounts that were authenticated on a read-only domain controller (RODC). What should you do? A. Run the repadmin.exe command and specify the /prp parameter. B. From Active Directory Sites and Services, modify the properties of the RODC computer object.
C. From Active Directory Users and Computers, modify the properties of the RODC computer object. D. Run the dsrm.exe command and specify the -u parameter. Answer: D Section: 70-640 Explanation/Reference: Explanation:
QUESTION 27 Your company has a main office and four branch offices. An Active Directory site exists for each office. Each site contains one domain controller. Each branch office site has a site link to the main office site. You discover that the domain controllers in the branch offices sometimes replicate directly to each other. You need to ensure that the domain controllers in the branch offices only replicate to the domain controller in the main office. What should you do? A. B. C. D. Modify the firewall settings for the main office site. Disable the Knowledge Consistency Checker (KCC) for each branch office site. Disable site link bridging. Modify the security settings for the main office site.
QUESTION 28 Your network contains an Active Directory forest. The forest contains one domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2008 R2. DC1 was installed before DC2. DC1 fails. You need to ensure that you can add 1,000 new user accounts to the domain. What should you do? A. B. C. D. Modify the permissions of the DC2 computer account. Seize the schema master FSMO role. Configure DC2 as a global catalog server. Seize the RID master FSMO role.
QUESTION 29 Your network contains an Active Directory domain named contoso.com. You need to identify whether the Active Directory Recycle Bin is enabled. What should you do? A. B. C. D. From Ldp, search for the Reanimate-Tombstones object. From Ldp, search for the LostAndFound container. From Windows PowerShell, run the Get-ADObject cmdlet. From Windows PowerShell, run the Get-ADOptionalFeature cmdlet.
QUESTION 30 Your network contains an Active Directory domain. You create and mount an Active Directory snapshot. You run dsamain.exe as shown in the exhibit. (Click the Exhibit button.) You need to ensure that you can browse the contents of the Active Directory snapshot. What should you? Exhibit:
A. B. C. D.
Stop Active Directory Domain Services (AD DS), and then rerun dsamain.exe. Change the value of the dbpath parameter, and then rerun dsamain.exe. Change the value of the ldapport parameter, and then rerun dsamain.exe. Restart the Volume Shadow Copy Service (VSS), and then rerun dsamain.exe.
QUESTION 31 Your network contains an Active Directory domain. You need to back up all of the Group Policy objects (GPOs), Group Policy permissions, and Group Policy links for the domain. What should you do?
A. B. C. D.
From Group Policy Management Console (GPMC), back up the GPOs. From Windows Explorer, copy the content of the %systemroot%\SYSVOL folder. From Windows Server Backup, perform a system state backup. From Windows PowerShell, run the Backup-GPO cmdlet.
QUESTION 32 Your network contains a domain controller that runs Windows Server 2008 R2. You need to reset the Directory Services Restore Mode (DSRM) password on the domain controller. Which tool should you use? A. B. C. D. Ntdsutil Dsamain Active Directory Users and Computers Local Users and Groups
QUESTION 33 Your network contains an Active Directory forest. All client computers run Windows 7. The network contains a high-volume enterprise certification authority (CA). You need to minimize the amount of network bandwidth required to validate a certificate. What should you do? A. B. C. D. Configure an LDAP publishing point for the certificate revocation list (CRL). Configure an Online Certification Status Protocol (OCSP) responder. Modify the settings of the delta certificate revocation list (CRL). Replicate the certificate revocation list (CRL) by using Distributed File System (DFS).
QUESTION 34 Your network contains an Active Directory domain. You have five organizational units (OUs) named Finance, HR, Marketing, Sales, and Dev. You link a Group Policy object named GPO1 to the domain as shown in the exhibit. (Click the Exhibit button.) You need to ensure that GPO1 is applied to users in the Finance, HR, Marketing, and Sales OUs. The solution must prevent GPO1 from being applied to users in the Dev OU. What should you do? Exhibit:
A. B. C. D.
Enforce GPO1. Modify the security settings of the Dev OU. Link GPO1 to the Finance OU. Modify the security settings of the Finance OU.
QUESTION 35 Your network contains an Active Directory domain. The domain contains an organizational unit (OU) named OU1. OU1 contains all managed service accounts in the domain. You need to prevent the managed service accounts from being deleted accidentally from OU1. Which cmdlet should you use? A. Set-ADUser B. Set-ADOrganizationalUnit
C. Set-ADServiceAccount D. Set-ADObject Answer: D Section: 70-640 Explanation/Reference: Explanation:
QUESTION 36 Your network contains an Active Directory domain named contoso.com. Contoso.com contains a writable domain controller named DC1 and a read-only domain controller (RODC) named DC2. All domain controllers run Windows Server 2008 R2. You need to install a new writable domain controller named DC3 in a remote site. The solution must minimize the amount of replication traffic that occurs during the installation of Active Directory Domain Services (AD DS) on DC3. What should you do first? A. B. C. D. Run dcpromo.exe /createdcaccount on DC3. Run ntdsutil.exe on DC2. Run dcpromo.exe /adv on DC3. Run ntdsutil.exe on DC1.
QUESTION 37 Your network contains an Active Directory forest. The forest contains 10 domains. All domain controllers are configured as global catalog servers. You remove the global catalog role from a domain controller named DC5. You need to reclaim the hard disk space used by the global catalog on DC5. What should you do? A. B. C. D. From Active Directory Sites and Services, run the Knowledge Consistency Checker (KCC). From Active Directory Sites and Services, modify the general properties of DC5. From Ntdsutil, use the Semantic database analysis option. From Ntdsutil, use the Files option.
QUESTION 38 A corporate network includes an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers. You add multiple DNS records to the zone. You need to ensure that the new records are available on all DNS servers as soon as possible.
Which tool should you use? A. B. C. D. E. F. G. H. Ldp Repadmin Ntdsutil Nslookup Active Directory Sites And Services console Active Directory Domains And Trusts console Dnslint Dnscmd
Answer: H Section: 70-640 Explanation/Reference: Explanation: http://technet.microsoft.com/en-us/library/cc778513(WS.10).aspx
QUESTION 39 You have a DNS zone that is stored in a custom application partition. You need to add a domain controller to the replication scope of the custom application partition. Which tool should you use? A. B. C. D. DNScmd DNS Manager Server Manager Dsmod
QUESTION 40 Your network contains a server named Server1 that runs Windows Server 2008 R2 Standard. Server1 has the Active Directory Certificate Services (AD CS) role installed. You configure a certificate template named Template1 for autoenrollment. You discover that certificates are not being issued to any client computers. The event logs on the client computers do not contain any autoenrollment errors. You need to ensure that all of the client computers automatically receive certificates based on Template1. What should you do? A. B. C. D. Modify the Default Domain Policy Group Policy object (GPO). Modify the Default Domain Controllers Policy Group Policy object (GPO). Upgrade Server1 to Windows Server 2008 R2 Enterprise. Restart Certificate Services on Server1.
QUESTION 41 Your network contains a server that has the Active Directory Lightweight Directory Services (AD LDS) role installed.
You need to perform an automated installation of an AD LDS instance. Which tool should you use? A. B. C. D. Dism.exe Servermanagercmd.exe Adaminstall.exe Ocsetup.exe
QUESTION 42 Your network contains an Active Directory domain named contoso.com. A partner company has an Active Directory domain named nwtraders.com. The networks for contoso.com and nwtraders.com connect to each other by using a WAN link. You need to ensure that users in contoso.com can access resources in nwtraders.com and resources on the Internet. What should you do first? A. B. C. D. Modify the Trusted Root Certification Authorities store. Modify the Intermediate Certification Authorities store. Create conditional forwarders. Add a root hint to the DNS server.
QUESTION 43 Your network contains an Active Directory forest. The forest contains multiple domains. You need to ensure that users in the human resources department can search for employees by using the employeeNumber attribute. What should you do? A. From Active Directory Sites and Services, modify the properties of each global catalog server. B. From the Active Directory Schema snap-in, modify the properties of the user object class. C. From Active Directory Sites and Services, modify the NTDS Settings objectof each global catalog server. D. From the Active Directory Schema snap-in, modify the properties of the employeeNumber attribute. Answer: D Section: 70-640 Explanation/Reference: Explanation:
QUESTION 44 Your network contains a single Active Directory domain. The domain contains an enterprise certification authority (CA). You need to ensure that the encryption keys for e-mail certificates can be recovered from the CA database. You modify the e-mail certificate template to support key archival. What should you do next? A. B. C. D. Issue the key recovery agent certificate template. Run certutil.exe -recoverkey. Run certreq.exe-policy. Modify the location of the Authority Information Access (AIA) distribution point.
Answer: A Section: 70-640 Explanation/Reference: -recoverkey as this recovers archived keys but e-mail certificate Explanation: Not certutil.exe template does not have key archival by default.
QUESTION 45 Your network contains an Active Directory-integrated DNS zone named contoso.com. You discover that the zone includes DNS records for computers that were removed from the network. You need to ensure that the DNS records are deleted automatically from the zone. What should you do? A. B. C. D. From DNS Manager, set the aging properties. Create a scheduled task that runs dnslint.exe /v /d contoso.com. From DNS Manager, modify the refresh interval of the start of authority (SOA) record. Create a scheduled task that runs ipconfig.exe /flushdns.
QUESTION 46 Your network contains a domain controller that runs Windows Server 2008 R2. You run the following command on the domain controller: dsamain.exe C dbpath c:\$SNAP_201006170326_VOLUMEC$\Windows\NTDS\ntds.dit C ldapport 389 allowNonAdminAccess The command fails. You need to ensure that the command completes successfully. How should you modify the command? A. B. C. D. Change the value of the -dbpath parameter. Include the path to Dsamain. Change the value of the -ldapport parameter. Remove the CallowNonAdminAccess parameter.
QUESTION 47 Your network contains an Active Directory domain. The domain contains 10 domain controllers that run Windows Server 2008 R2. You need to monitor the following information on the domain controllers during the next five days: - Memory usage - Processor usage - The number of LDAP queries What should you do? A. B. C. D. Create a User Defined Data Collector Set (DCS) that uses the Active Directory Diagnostics template. Use the System Performance Data Collector Set (DCS). Create a User Defined Data Collector Set (DCS) that uses the System Performance template. Use the Active Directory Diagnostics Data Collector Set (DCS).
QUESTION 48 Your network contains an Active Directory domain named contoso.com. Contoso.com contains a domain controller named DC1 and a read-only domain controller (RODC) named RODC1. You need to view the most recent user accounts authenticated by RODC1. What should you do first? A. From Active Directory Sites and Services, right-click the Connection object for DC1, and then click Replicate Now. B. From Active Directory Sites and Services, right-click the Connection object for DC2, and then click Replicate Now. C. From Active Directory Users and Computers, right-click contoso.com, click Change DomainController, and then connect to DC1. D. From Active Directory Users and Computers, right-click contoso.com, click Change Domain Controller, and then connect to RODC1. Answer: C Section: 70-640 Explanation/Reference: Explanation:
QUESTION 49 Your network contains an Active Directory domain. The domain contains 3,000 client computers. All of the client computers run Windows 7. Users log on to their client computers by using standard user accounts. You plan to deploy a new application named App1. The vendor of App1 provides a Setup.exe file to install App1. Setup.exe requires administrative rights to run. You need to deploy App1 to all client computers. The solution must meet the following requirements: - App1 must automatically detect and replace corrupt application files. - App1 must be available from the Start menu on each client computer. What should you do first? A. B. C. D. Create a logon script that calls Setup.exe for App1. Create a .zap file. Create a startup script that calls Setup.exe for App1. Repackage App1 as a Windows Installer package.
QUESTION 50 Your network contains an Active Directory domain named contoso.com. Contoso.com contains two sites named Site1 and Site2. Site1 contains a domain controller named DC1. In Site1, you install a new domain controller named DC2. You ship DC2 to Site2. You discover that certain users in Site2 authenticate to DC1. You need to ensure that the users in Site2 always attempt to authenticate to DC2 first. What should you do? A. B. C. D. From Active Directory Users and Computers, modify the Location settings of the DC2 computer object. From Active Directory Sites and Services, modify the Location attribute for Site2. From Active Directory Sites and Services, move the DC2 server object. From Active Directory Users and Computers, move the DC2 computer object.
QUESTION 51 Your network contains an Active Directory domain named contoso.com. Contoso.com contains a server named Server2. You open the System properties on Server2 as shown in the exhibit. (Click the Exhibit button.)
When you attempt to configure Server2 as an enterprise subordinate certification authority (CA), you discover that the enterprise subordinate CA option is unavailable. You need to configure Server2 as an enterprise subordinate CA. What should you do first? Exhibit:
A. B. C. D.
Upgrade Server2 to Windows Server 2008 R2 Enterprise. Log in as an administrator and run Server Manager. Import the root CA certificate. Join Server2 to the domain.
QUESTION 52 Your network contains an Active Directory domain. The domain contains an enterprise certification authority (CA). You need to ensure that only members of a group named Admin1 can create certificate templates. Which tool should you use to assign permissions to Admin1? A. B. C. D. the Certification Authority console Active Directory Users and Computers the Certificates snap-in Active Directory Sites and Services
QUESTION 53 Your network contains an Active Directory domain. All DNS servers are domain controllers. You view the properties of the DNS zone as shown in the exhibit. (Click the Exhibit button.) You need to ensure that only domain members can register DNS records in the zone. What should you do first? Exhibit:
A. B. C. D.
Modify the zone type. Create a trust anchor. Modify the Advanced properties of the DNS server. Modify the Dynamic updates setting.
QUESTION 54 Your company has a single Active Directory forest with a single domain. Consultants in different departments of the company require access to different network resources. The consultants belong to a global group named TempWorkers. Three file servers are placed in a new organizational unit named SecureServers. The file servers contain confidential data in shared folders. You need to prevent the consultants from accessing the confidential data. What should you do?
A. Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group. B. Create a new Group Policy Object (GPO) and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group. C. On the three file servers, create a share on the root of each hard disk. Configure the Deny Full control permission for the TempWorkers global group on the share. D. Create a new Group Policy Object (GPO) and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group. E. Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit. Assign the Deny log on locally user right to the TempWorkers global group. Answer: A Section: 70-640 Explanation/Reference: Explanation:
QUESTION 55 Your network contains two Active Directory forests named contoso.com and nwtraders.com. The functional level of both forests is Windows Server 2003. Contoso.com contains one domain. Nwtraders.com contains two domains. You need to ensure that users in contoso.com can access the resources in all domains. The solution must require the minimum number of trusts. Which type of trust should you create? A. B. C. D. external forest realm shortcut
QUESTION 56 You install an Active Directory domain in a test environment. You need to reset the passwords of all the user accounts in the domain from a domain controller. Which two Windows PowerShell commands should you run? (Each correct answer presents part of the solution, choose two.) A. B. C. D. E. F. G. $ newPassword = * Import-Module ActiveDirectory Import-Module WebAdministration Get- AdUser -filter * | Set- ADAccountPossword - NewPassword $ newPassword - Reset Set- ADAccountPossword - NewPassword - Reset $ newPassword = (Read-Host - Prompt "New Password" - AsSecureString ) Import-Module ServerManager
Answer: DF Section: 70-640
QUESTION 57 DRAG DROP Your network contains an Active Directory forest named contoso.com. The forest contains a domain controller named DC1 that runs Windows Server 2008 R2 Enterprise and a member server named Server1 that runs Windows Server 2008 R2 Standard. You have a computer named Computer1 that runs Windows 7. Computer1 is not connected to the network. You need to join Computer1 to the contoso.com domain. What should you do? To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order.
A. B. C. D. Answer: Section: 70-640 Explanation/Reference:
Explanation:
QUESTION 58 HOTSPOT Your network contains an Active Directory domain named contoso.com. You need to ensure that IP addresses can be resolved to fully qualified domain names (FQDNs). Under which node in the DNS snap-in should you add a zone? To answer, select the appropriate node in the answer area.
Explanation: Reverse Lookup Zones Select
QUESTION 59 HOTSPOT Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1. Server1 has an IP address of 192.168.200.100. You need to view the Pointer (PTR) record for Server1. Which zone should you open in the DNS snap-in to view the record? To answer, select the appropriate zone in the answer area.
Explanation: 200.168.192.in-addr.arpa Select
QUESTION 60 HOTSPOT Your network contains an Active Directory domain. You need to create a new site link between two sites named Site1 and Site3. The site link must support the replication of domain objects. Under which node in Active Directory Sites and Services should you create the site link? To answer, select the appropriate node in the answer area.
Explanation:
IP container under Inter-Site Transports. Select the
QUESTION 61 DRAG DROP Your network contains an Active Directory forest named adatum.com. The forest contains four child domains named europe.adatum.com, northamerica.adatum.com, asia.adatum.com, and africa.adatum. com. You need to create four new groups in the forest root domain. The groups must be configured as shown in the following table.
What should you do? To answer, drag the appropriate group type to the correct group name in the answer area.
A. B. C. D.
Answer: Section: 70-640 Explanation/Reference:
Explanation:
QUESTION 62 HOTSPOT You need to modify the Password Replication Policy on a read-only domain controller (RODC). Which tool should you use? To answer, select the appropriate tool in the answer area.
Explanation: Active Directory Users and Computers. Select
QUESTION 63 HOTSPOT Your network contains an Active Directory forest named contoso.com.
The password policy of the forest requires that the passwords for all of the user accounts be changed every 30 days. You need to create user accounts that will be used by services. The passwords for these accounts must be changed automatically every 30 days. Which tool should you use to create these accounts? To answer, select the appropriate tool in the answer area.
Explanation: Active Directory Module for Windows PowerShell. Select
QUESTION 64 Your network contains two forests named adatum.com and litwareinc.com. The functional level of all the domains is Windows Server 2003. The functional level of both forests is Windows 2000. You need to create a forest trust between adatum.com and litwareinc.com. What should you do first? A. B. C. D. Create an external trust. Raise the functional level of both forests. Configure SID filtering. Raise the functional level of all the domains.
QUESTION 65 Your network contains an Active Directory forest named adatum.com. All client computers used by the marketing department are in an organizational unit (OU) named Marketing Computers. All user accounts for the marketing department are in an OU named Marketing Users. You purchase a new application. You need to ensure that every user in the domain who logs on to a marketing department computer can use the application. The application must only be available from the marketing department computers. What should you do? A. Create and link a Group Policy object (GPO) to the Marketing Users OU. Copy the installation package to a shared folder on the network. Assign the application.
B. Create and link a Group Policy object (GPO) to the Marketing Computers OU. Copy the installation package to a shared folder on the network. Assign the application. C. Create and link a Group Policy object (GPO) to the Marketing Computers OU. Copy the installation package to a local drive on each marketing department computer. Publish the application. D. Create and link a Group Policy object (GPO) to the Marketing Users OU. Copy the installation package to a folder on each marketing department computer. Publish the application. Answer: B Section: 70-640 Explanation/Reference: Explanation:
QUESTION 66 Your network contains an Active Directory forest named adatum.com. You need to create an Active Directory Rights Management Services (AD RMS) licensing-only cluster. What should you install before you create the AD RMS root cluster? A. B. C. D. E. The Failover Cluster feature The Active Directory Certificate Services (AD CS) role Microsoft Exchange Server 2010 Microsoft SharePoint Server 2010 Microsoft SQL Server 2008
Answer: E Section: 70-640 Explanation/Reference: Explanation:
QUESTION 67 HOTSPOT Your network contains an Active Directory forest. The DNS infrastructure fails. You rebuild the DNS infrastructure. You need to force the registration of the Active Directory Service Locator (SRV) records in DNS. Which service should you restart on the domain controllers? To answer, select the appropriate service in the answer area.
Explanation: Netlogon service. Select the
QUESTION 68 Your network contains an Active Directory domain named contoso.com. The contoso.com domain contains a domain controller named DC1. You create an Active Directory-integrated GlobalNames zone. You add an alias (CNAME) resource record named Server1 to the zone. The target host of the record is server2.contoso.com. When you ping Server1, you discover that the name fails to resolve. You are able to successfully ping server2.contoso.com. You need to ensure that you can resolve names by using the GlobalNames zone. Which command should you run? A. B. C. D. Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /domain Dnscmd DCl.contoso.com /config /Enableglobalnamessupport forest DnscmdDCl.contoso.com/config/Enableglobalnamessupport 1 Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /forest
QUESTION 69 Your network contains an Active Directory domain named contoso.com. The network has a branch office site that contains a read-only domain controller (RODC) named R0DC1.
R0DC1 runs Windows Server 2008 R2. A user logs on to a computer in the branch office site. You discover that the user's password is not stored on R0DC1. You need to ensure that the user's password is stored on RODC1 when he logs on to a branch office site computer. What should you do? A. Modify the RODC s password replication policy by removing the entry for the Allowed RODC Password Replication Group. B. Modify the RODC's password replication policy by adding R0DC1's computer account to the list of allowed users, groups, and computers. C. Add the user's user account to the built-in Allowed RODC Password Replication Group on R0DC1. D. Add R0DC1's computer account to the built-in Allowed RODC Password Replication Group on R0DC1. Answer: C Section: 70-640 Explanation/Reference: Explanation:
QUESTION 70 You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server named Server1. You need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS. Which protocol should you allow on Server1? A. B. C. D. Kerberos SSL SMB RPC
QUESTION 71 Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Server 2008 R2 Standard. You need to create an enterprise subordinate certification authority (CA) that can issue certificates based on version 3 certificate templates. You must achieve this goal by using the minimum amount of administrative effort. What should you do first? A. Run the certutil.exe - addenrollmentserver command. B. Install the Active Directory Certificate Services (AD CS) role on the member server.
C. Upgrade the member server to Windows Server 2008 R2 Enterprise. D. Run the certutil.exe - installdefaulttemplates command. Answer: B Section: 70-640 Explanation/Reference: Explanation:
QUESTION 72 Your network contains a server named Server1. The Active Directory Rights Management Services (AD RMS) server role is installed on Server1. An administrator changes the password of the user account that is used by AD RMS. You need to update AD RMS to use the new password. Which console should you use? A. B. C. D. Active Directory Rights Management Services Active Directory Users and Computers Local Users and Groups Services
QUESTION 73 Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise. You enable key archival on the CA. The CA is configured to use custom certificate templates for Encrypted File System (EFS) certificates. You need to archive the private key for all new EFS certificates. Which snap-in should you use? A. B. C. D. E. F. G. H. I. Active Directory Users and Computers Authorization Manager Group Policy Management Enterprise PKI Security Templates TPM Management Certificates Certification Authority Certificate Templates
Answer: H Section: 70-640 Explanation/Reference: Explanation:
QUESTION 74 Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise. You need to ensure that all of the members of a group named Group1 can view the event log entries for Certificate Services. Which snap-in should you use? A. B. C. D. E. F. G. H. I. Certificate Templates Certification Authority Authorization Manager Active Directory Users and Computers TPM Management Security Templates Group Policy Management Enterprise PKI Certificates
QUESTION 75 Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise. You need to ensure that users can enroll for certificates that use the IPSEC (Offline request) certificate template Which snap-in should you use? A. B. C. D. E. F. G. H. I. Enterprise PKI TPM Management Certificates Active Directory Users and Computers Authorization Manager Certification Authority Group Policy Management Security Templates Certificate Templates
Answer: I Section: 70-640 Explanation/Reference: Explanation:
QUESTION 76 Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise.
You have a custom certificate template named Template 1. Template1 is published to the CA. You need to ensure that all of the members of a group named Group1 can enroll for certificates that use Template1. Which snap-in should you use?
A. B. C. D. E. F. G. H. I.
Security Templates Enterprise PKI Certification Authority Certificate Templates Certificates TPM Management Authorization Manager Group Policy Management Active Directory Users and Computers
QUESTION 77 Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise. You need to approve a pending certificate request. Which snap-in should you use? A. B. C. D. E. F. G. H. I. Active Directory Users and Computers Authorization Manager Certification Authority Group Policy Management Certificate Templates TPM Management Certificates Enterprise PKI Security Templates
QUESTION 78 DRAG DROP Your network contains an Active Directory domain named adatum.com. You need to use Group Policies to deploy the line-of-business applications shown in the following
table.
What should you do? To answer, drag the appropriate deployment method to the correct application in the answer area.
Explanation:
QUESTION 79 DRAG DROP Your network contains an Active Directory forest named contoso.com. You need to create an Active Directory Rights Management Services (AD RMS) licensing-only cluster. What should you do? To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order.
Explanation:
QUESTION 80 You have a single Active Directory domain. All domain controllers run Windows Server 2008 and are configured as DNS servers. The domain contains one Active Directory-integrated DNS zone. You need to ensure that outdated DNS records are automatically removed from the DNS zone. What should you do? A. B. C. D. From the properties of the zone, modify the TTL of the SOA record. From the properties of the zone, enable scavenging. From the command prompt, run ipconfig /flushdns. From the properties of the zone, disable dynamic updates.
Answer: B Section: 70-640 Explanation/Reference: Explanation: To remove the outdated DNS records from the DNS zone automatically, you should enable Scavenging through Zone properties. Scavenging will help you clean up old unused records in DNS. Since "clean up" really means "delete stuff" a good understanding of what you are doing and a healthy respect for "delete stuff" will keep you out of the hot grease. Because deletion is involved there are quite a few safety valves built into scavenging that take a long time to pop. When enabling scavenging, patience is required. Reference:http://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845-88d2-4091-8088a6bbce0a4304&ID=211
QUESTION 81 Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com. The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone. You install a new domain controller named DC2 in the branch office. You install DNS on DC2. You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails.
What should you do? A. B. C. D. Create a new stub zone named ad.contoso.com on DC2. Create a new standard secondary zone named ad.contoso.com on DC2. Configure the DNS server on DC2 to forward requests to DC1. Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.
Answer: D Section: 70-640 Explanation/Reference: Explanation: To make sure that the DNS service on TK2 can update records and resolve DNS queries in the event of a MAN link failure, you should convert maks.contoso.com on TK1 to an Active Directory- integrated zone. Active Directory-integrated DNS offers two pluses over traditional zones. For one, the fault tolerance built into Active Directory eliminates the need for primary and secondary nameservers. Effectively, all nameservers using Active Directory-integrated zones are primary nameservers. This has a huge advantage for the use of dynamic DNS as well: namely, the wide availability of nameservers that can accept registrations. Recall that domain controllers and workstations register their locations and availability to the DNS zone using dynamic DNS. In a --the primary traditional DNS setup, only one type of nameserver can accept these registrations server, because it has the only read/write copy of a zone. By creating an Active Directory- Microsoft 70-640 Exam integrated zone, all Windows Server 2008 nameservers that store their zone data in Active Directory can accept a dynamic registration, and the change will be propagated using Active Directory multimaster replication. Reference:http://safari.adobepress.com/9780596514112/active_directory-integrated_zones
QUESTION 82 Your company has an Active Directory domain. A user attempts to log on to a computer that was turned off for twelve weeks. The administrator receives an error message that authentication has failed. You need to ensure that the user is able to log on to the computer. What should you do? A. Run the netsh command with the set and machine options. B. Reset the computer account. Disjoin the computer from the domain, and then rejoin the computer to the domain. C. Run the netdom TRUST /reset command. D. Run the Active Directory Users and Computers console to disable, and then enable the computer account. Answer: B Section: 70-640 Explanation/Reference: Explanation: To ensure that the administrator can log on to the computer, you should disjoin the computer from the domain and rejoin it again. Reset the computer account too. Due to long inactivity, the computer was not responding to the authentication query using the Active Directory records. So when you disjoin and rejoin the computer to the domain and reset the computer account, the Active Directory refreshes the computer account password. After that the administrator can easily log on to the computer.
QUESTION 83 Your company has a main office and a branch office. You deploy a read-only domain controller (RODC) that runs Microsoft Windows Server 2008 to the branch office. You need to ensure that users at the branch office are able to log on to the domain by using the RODC. What should you do? A. Add another RODC to the branch office.
B. Configure a new bridgehead server in the main office. C. Decrease the replication interval for all connection objects by using the Active Directory Sites and Services console. D. Configure the Password Replication Policy on the RODC. Answer: D Section: 70-640 Explanation/Reference: Explanation: To ensure that the users at the branch office can log on to the domain using RODC, you should don't cache any user or machine passwords. You can use a Password Replication Policy. RODCs RODC's unique Password Replication Policy (PRP). change this by adding a policy through each A policy would create a group for each branch office with a RODC and add users in that branch office. An administrator, then, can allow password replication for the branch-office group.
QUESTION 84 Your company has a single Active Directory domain named intranet.adatum.com. The domain controllers run Windows Server 2008 and the DNS server role. All computers, including non- domain members, dynamically register their DNS records. You need to configure the intranet.adatum.com zone to allow only domain members to dynamically register DNS records. What should you do? A. B. C. D. Set dynamic updates to Secure Only. Remove the Authenticated Users group. Enable zone transfers to Name Servers. Deny the Everyone group the Create All Child Objects permission.
Answer: A Section: 70-640 Explanation/Reference: Explanation: To make sure only the domain members are able to register their DNS records dynamically, set the option Secure only for Dynamic updates. This will let only the domain members to register their DNS records dynamically. Reference: www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncf_imp_afpf.mspx
QUESTION 85 An Active Directory database is installed on the C volume of a domain controller. You need to move the Active Directory database to a new volume. What should you do? A. Copy the ntds.dit file to the new volume by using the ROBOCOPY command. B. Move the ntds.dit file to the new volume by using Windows Explorer. C. Move the ntds.dit file to the new volume by running the Move-item command in Microsoft Windows PowerShell. D. Move the ntds.dit file to the new volume by using the Files option in the Ntdsutil utility. Answer: D Section: 70-640 Explanation/Reference: Explanation: To move the Active Directory database to a new volume, you should move the ntds.dit file to the new
volume by opening the Files option in the ntdsutil utility. Use Ntdsutil.exe to move the database file, the log files, or both to a larger existing partition. If you are not using Ntdsutil.exe when moving files to a different partition, you will need to manually update the registry. Reference:http://technet2.microsoft.com/ windowsserver/en/library/af6646aa-2360-46e4-81ca- d51707bf01eb1033.mspx?mfr=true
QUESTION 86 Your company uses a Windows 2008 Enterprise certificate authority (CA) to issue certificates. You need to implement key archival. What should you do? A. B. C. D. Configure the certificate for automatic enrollment for the computers that store encrypted files. Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files. Apply the Hisecdc security template to the domain controllers. Archive the private key on the server.
QUESTION 87 Your company has a main office and three branch offices. The company has an Active Directory forest that has a single domain. Each office has one domain controller. Each office is configured as an Active Directory site. All sites are connected with the DEFAULTIPSITELINK object. You need to decrease the replication latency between the domain controllers. What should you do? A. B. C. D. Decrease the replication schedule for the DEFAULTIPSITELINK object. Decrease the replication interval for the DEFAULTIPSITELINK object. Decrease the cost between the connection objects. Decrease the replication interval for all connection objects.
QUESTION 88 Your company has two Active Directory forests named contoso.com and fabrikam.com. Both forests run only domain controllers that run Windows Server 2008. The domain functional level of contoso.com is Windows Server 2008. The domain functional level of fabrikam.com is Windows Server 2003 Native mode. You configure an external trust between contoso.com and fabrikam.com. You need to enable the Kerberos AES encryption option. What should you do? A. B. C. D. Raise the forest functional level of fabrikam.com to Windows Server 2008. Raise the domain functional level of fabrikam.com to Windows Server 2008. Raise the forest functional level of contoso.com to Windows Server 2008. Create a new forest trust and enable forest-wide authentication.
QUESTION 89 You need to remove the Active Directory Domain Services role from a domain controller named DC1. What should you do? A. B. C. D. Run the netdom remove DC1 command. Run the Dcpromo utility. Remove the Active Directory Domain Services role. Run the nltest /remove_server: DC1 command. Reset the Domain Controller computer account by using the Active Directory Users and Computers utility.
QUESTION 90 Your company has an Active Directory forest. Each branch office has an organizational unit and a child organizational unit named Sales. The Sales organizational unit contains all users and computers of the sales department. You need to install an Office 2007 application only on the computers in the Sales organizational unit. You create a GPO named SalesApp GPO. What should you do next? A. Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the Sales organizational unit in each location. B. Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the domain. C. Configure the GPO to publish the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location. D. Configure the GPO to assign the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location. Answer: A Section: 70-640 Explanation/Reference: Explanation:
QUESTION 91 Your company has a main office and three branch offices. Each office is configured as a separate Active Directory site that has its own domain controller. You disable an account that has administrative rights. You need to immediately replicate the disabled account information to all sites. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) A. From the Active Directory Sites and Services console, configure all domain controllers as global catalog servers. B. From the Active Directory Sites and Services console, select the existing connection objects and force replication. C. Use Repadmin.exe to force replication between the site connection objects. D. Use Dsmod.exe to configure all domain controllers as global catalog servers. Answer: BC Section: 70-640 Explanation/Reference: Explanation:
QUESTION 92 Your company network has an Active Directory forest that has one parent domain and one child domain. The child domain has two domain controllers that run Windows Server 2008. All user accounts from the child domain are migrated to the parent domain. The child domain is scheduled to be decommissioned. You need to remove the child domain from the Active Directory forest. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) A. Run the Computer Management console to stop the Domain Controller service on both domain controllers in the child domain. B. Delete the computer accounts for each domain controller in the child domain. Remove the trust relationship between the parent domain and the child domain. C. Use Server Manager on both domain controllers in the child domain to uninstall the Active Directory domain services role. D. Run the Dcpromo tool that has individual answer files on each domain controller in the child domain. Answer: CD Section: 70-640 Explanation/Reference: Explanation:
QUESTION 93 Your company has an Active Directory domain. You install a new domain controller in the domain. Twenty users report that they are unable to log on to the domain. You need to register the SRV records. Which command should you run on the new domain controller? A. B. C. D. Run the netsh interface reset command. Run the ipconfig /flushdns command. Run the dnscmd /EnlistDirectoryPartition command. Run the sc stop netlogon command followed by the sc start netlogon command.
QUESTION 94 Your company uses shared folders. Users are granted access to the shared folders by using domain local groups. One of the shared folders contains confidential data. You need to ensure that unauthorized users are not able to access the shared folder that contains confidential data. What should you do? A. Enable the Do not trust this computer for delegation property on all the computers of unauthorized users by using the Dsmod utility. B. Instruct the unauthorized users to log on by using the Guest account. Configure the Deny Full control permission on the shared folders that hold the confidential data for the Guest account. C. Create a Global Group named Deny DLG. Place the global group that contains the unauthorized users in to the Deny DLG group. Configure the Allow Full control permission on the shared folder that hold the confidential data for the Deny DLG group. D. Create a Domain Local Group named Deny DLG. Place the global group that contains the unauthorized users in to the Deny DLG group. Configure the Deny Full control permission on the shared folder that hold the confidential data for the Deny DLG group. Answer: D Section: 70-640 Explanation/Reference:
Explanation:
QUESTION 95 Your company has three Active Directory domains in a single forest. You install a new Active Directory enabled application. The application ads new user attributes to the Active Directory schema. You discover that the Active Directory replication traffic to the Global Catalogs has increased. You need to prevent the new attributes from being replicated to the Global Catalog. You must achieve this goal without affecting application functionality. What should you do? A. B. C. D. Change the replication interval for the DEFAULTIPSITELINK object to 9990. Change the cost for the DEFAULTIPSITELINK object to 9990. Make the new attributes in the Active Directory as defunct. Modify the properties in the Active Directory schema for the new attributes.
QUESTION 96 There are 100 server and 2000 computers present at your company's headquarters. The DHCP service is installed on a two-node Microsoft failover cluster named CKMFO to ensure the high availability of the service. The nodes are named as CKMFON1 and CKMFON2. The cluster on CKMFO has one physical shared disk of 400 GB capacity. A 200GB single volume is configured on the shared disk. Company has decided to host a Windows Internet Naming Service (WINS) on CKMFON1. The DHCP and WINS services will be hosted on other nodes. Using High Availability Wizard, you begin creating the WINS service group on cluster available on CKMFON1 node. The wizard shows an error "no disks are available" during configuration. Which action should you perform to configure storage volumes on CKMFON1 to successfully add the WINS Service group to CKMFON1? A. Backup all data on the single volume on CKMFON1 and configure the disk with GUID partition table and create two volumes. Restore the backed up data on one of the volumes and use the other for WINS service group B. Add a new physical shared disk to the CKMFON1 cluster and configure a new volume on it. Use this volume to fix the error in the wizard. C. Add new physical shared disks to CKMFON1 and EMBFON2. Configure the volumes onthese disk and direct CKMOFONI to use CKMFON2 volume for the WINS service group D. Add and configure a new volume on the existing shared disk which has 400GB of space. Use this volume to fix the error in the wizard E. None of the above Answer: B Section: 70-640
QUESTION 97 Company servers run Windows Server 2008. It has a single Active Directory domain. A server called S4 has file services role installed. You install some disk for additional storage. The disks are configured as shown in the exhibit. To support data stripping with parity, you have to create a new drive volume. What should you do to achieve this objective? Exhibit:
A. B. C. D.
Build a new spanned volume by combining Disk0 and Disk1 Create a new Raid-5 volume by adding another disk. Create a new virtual volume by combining Disk 1 and Disk 2 Build a new striped volume by combining Disk0 and Disk 2
Answer: B
Section: 70-640 Explanation/Reference: Explanation:
QUESTION 98 Your company asks you to implement Windows Cardspace in the domain. You want to use Windows Cardspace at your home. Your home and office computers run Windows Vista Ultimate. What should you do to create a backup copy of Windows Cardspace cards to be used at home? A. B. C. D. E. F. Log on with your administrator account and copy \Windows\ServiceProfiles folder to your USB drive Backup \Windows\Globalization folder by using backup status and save the folder on your USB drive Back up the system state data by using backup status tool on your USB drive Employ Windows Cardspace application to backup the data on your USB drive. Reformat the C: Drive None of the above
QUESTION 99 Company has servers on the main network that run Windows Server 2008. It also has two domain controllers. Active Directory services are running on a domain controller named CKDC1. You have to perform critical updates of Windows Server 2008 on CKDC1 without rebooting the server. What should you do to perform offline critical updates on CKDC1 without rebooting the server? A. Start the Active Directory Domain Services on CKDC1 B. Disconnect from the network and start the Windows update feature C. Stop the Active Directory domain services and install the updates. Start the Active Directory domain services after installing the updates. D. Stop Active Directory domain services and install updates. Disconnect from the network and then connect again E. None of the above Answer: C Section: 70-640 Explanation/Reference: Explanation:
QUESTION 100 One of the remote branch offices of Company branch is running a Windows Server 2008 having ready only domain controller (RODC) installed.For security reasons you don't want some critical credentials like (passwords, encryption keys) to be stored on RODC. What should you do so that these credentials are not replicated to any RODC's in the forest? (Select 2) A. Configure RODC filtered attribute set on the server B. Configure RODC filtered set on the server that holds Schema Operations Master role.
C. Delegate local administrative permissions for an RODC to any domain user without granting that user any user rights for the domain D. Configure forest functional level server for Windows server 2008 to configure filtered attribute set. E. None of the above Answer: BD Section: 70-640 Explanation/Reference: Explanation:
QUESTION 101 Company has a server with Active Directory Rights Management Services (AD RMS) server installed. Users have computers with Windows Vista installed on them with an Active Directory domain installed at Windows Server 2003 functional level. As an administrator at Company, you discover that the users are unable to benefit from AD RMS to protect their documents. You need to configure AD RMS to enable users to use it and protect their documents. What should you do to achieve this functionality? A. B. C. D. E. Configure an email account in Active Directory Domain Services (AD DS) for each user. Add and configure ADRMSADMIN account in local administrators group on the user computers Add and configure the ADRMSSRVC account in AD RMS server's local administrator group Reinstall the Active Directory domain on user computers All of the above
QUESTION 102 Company has an active directory forest on a single domain. Company needs a distributed application that employs a custom application. The application is directory partition software named PARDAT. You need to implement this application for data replication. Which two tools should you use to achieve this task? (Choose two answers. Each answer is a part of a complete solution) A. B. C. D. E. Dnscmd. Ntdsutil. Ipconfig Dnsutil All of the above
Answer: AB Section: 70-640 Explanation/Reference: Explanation:
QUESTION 103 Company has an Active Directory forest with six domains. The company has 5 sites. The company requires
a new distributed application that uses a custom application directory partition named ResData for data replication. The application is installed on one member server in five sites. You need to configure the five member servers to receive the ResData application directory partition for data replication. What should you do? A. B. C. D. Run the Dcpromo utility on the five member servers. Run the Regsvr32 command on the five member servers Run the Webadmin command on the five member servers Run the RacAgent utility on the five member servers
QUESTION 104 As an administrator at Company, you have installed an Active Directory forest that has a single domain. You have installed an Active Directory Federation services (AD FS) on the domain member server. What should you do to configure AD FS to make sure that AD FS token contains information from the active directory domain? A. B. C. D. E. Add a new account store and configure it. Add a new resource partner and configure it Add a new resource store and configure it Add a new administrator account on AD FS and configure it None of the above
QUESTION 105 Company runs Window Server 2008 on all of its servers. It has a single Active Directory domain and it uses Enterprise Certificate Authority. The security policy at ABC.com makes it necessary to examine revoked certificate information. You need to make sure that the revoked certificate information is available at all times. What should you do to achieve that? A. Add and configure a new GPO (Group Policy Object) that enables users to accept peer certificates and link the GPO to the domain. B. Configure and use a GPO to publish a list of trusted certificate authorities to the domain C. Configure and publish an OCSP (Online certificate status protocol) responder through ISAS (Internet Security and Acceleration Server) array. D. Use network load balancing and publish an OCSP responder. E. None of the above Answer: D Section: 70-640
QUESTION 106 As the Company administrator you had installed a read-only domain controller (RODC) server at remote location. The remote location doesn't provide enough physical security for the server. What should you do to allow administrative accounts to replicate authentication information to Read-Only Domain Controllers?
A. Remove any administrative accounts from RODC's group B. Add administrative accounts to the domain Allowed RODC Password Replication group C. Set the Deny on Receive as permission for administrative accounts on the RODC computer account Security tab for the Group Policy Object (GPO) D. Configure a new Group Policy Object (GPO) with the Account Lockout settings enabled. Link the GPO to the remote location. Activate the Read Allow and the Apply group policy Allow permissions for the administrators on the Security tab for the GPO. E. None of the above Answer: B Section: 70-640 Explanation/Reference: Explanation:
QUESTION 107 ABC.com boosts a two-node Network Load Balancing cluster which is called web. CK1.com. The purpose of this cluster is to provide load balancing and high availability of the intranet website only. With monitoring the cluster, you discover that the users can view the Network Load Balancing cluster in their Network Neighborhood and they can use it to connect to various services by using the name web. CK1.com. You also discover that there is only one port rule configured for Network Load Balancing cluster. You have to configure web. CK1 .com NLB cluster to accept HTTP traffic only. Which two actions should you perform to achieve this objective? (Choose two answers. Each answer is part of the complete solution) A. B. C. D. Create a new rule for TCP port 80 by using the Network Load Balancing Cluster console Run the wlbs disable command on the cluster nodes Assign a unique port rule for NLB cluster by using the NLB Cluster console Delete the default port rules through Network Load Balancing Cluster console
Answer: AD Section: 70-640 Explanation/Reference: Explanation:
QUESTION 108 ABC.com has a main office and a branch office. ABC.com's network consists of a single Active Directory forest. Some of the servers in the network run Windows Server 2008 and the rest run Windows server 2003.
You are the administrator at ABC.com. You have installed Active Directory Domain Services (AD DS) on a computer that runs Windows Server 2008. The branch office is located in a physically insecure place. It has not IT personnel onsite and there are no administrators over there. You need to setup a Read-Only Domain Controller (RODC) on the Server Core installation computer in the branch office. What should you do to setup RODC on the computer in branch office? A. B. C. D. E. Execute an attended installation of AD DS Execute an unattended installation of AD DS Execute RODC through AD DS Execute AD DS by using deploying the image of AD DS none of the above
QUESTION 109 You had installed an Active Directory Federation Services (AD FS) role on a Windows server 2008 in your organization. Now you need to test the connectivity of clients in the network to ensure that they can successfully reach the new Federation server and Federation server is operational. What should you do? (Select all that apply) A. B. C. D. Go to Services tab, and check if Active Directory Federation Services is running In the event viewer, Applications, Event ID column look for event ID 674. Open a browser window, and then type the Federation Service URL for the new federation server. None of the above
Answer: BC Section: 70-640 Explanation/Reference: Explanation:
QUESTION 110 ABC.com has purchased laptop computers that will be used to connect to a wireless network. You create a laptop organizational unit and create a Group Policy Object (GPO) and configure user profiles by utilizing the names of approved wireless networks. You link the GPO to the laptop organizational unit. The new laptop users complain to you that they cannot connect to a wireless network. What should you do to enforce the group policy wireless settings to the laptop computers? A. B. C. D. E. Execute gpupdate/target:computer command at the command prompt on laptop computers Execute Add a network command and leave the SSID (service set identifier) blank Execute gpupdate/boot command at the command prompt on laptops computers Connect each laptop computer to a wired network and log off the laptop computer and then login again. None of the above
Answer: D Section: 70-640
QUESTION 111 The Company has a Windows 2008 domain controller server. This server is routinely backed up over the network from a dedicated backup server that is running Windows 2003 OS. You need to prepare the domain controller for disaster recovery apart from the routine backup procedures. You are unable to launch the backup utility while attempting to back up the system state data for the data controller. You need to backup system state data from the Windows Server 2008 domain controller server. What should you do? A. B. C. D. Add your user account to the local Backup Operators group Install the Windows Server backup feature using the Server Manager feature. Install the Removable Storage Manager feature using the Server Manager feature Deactivating the backup job that is configured to backup Windows 2008 server domain controller on the Windows 2003 server. E. None of the above Answer: B Section: 70-640 Explanation/Reference: Explanation:
QUESTION 112 You are an administrator at ABC.com. Company has a RODC (read-only domain controller) server at a remote location. The remote location doesn't have proper physical security. You need to activate nonadministrative accounts passwords on that RODC server. Which of the following action should be considered to populate the RODC server with non-administrative accounts passwords? A. Delete all administrative accounts from the RODC's group B. Configure the permission to Deny on Receive for administrative accounts on the security tab for Group Policy Object (GPO) C. Configure the administrative accounts to be added in the Domain RODC Password Replication Denied group D. Add a new GPO and enable Account Lockout settings. Link it to the remote RODC server and on the security tab on GPO, check the Read Allow and the Apply group policy permissions for the administrators. E. None of the above Answer: C Section: 70-640 Explanation/Reference: Explanation:
QUESTION 113 ABC.com has a network that is comprise of a single Active Directory Domain. As an administrator at ABC.com, you install Active Directory Lightweight Directory Services (AD LDS) on a server that runs Windows Server 2008. To enable Secure Sockets Layer (SSL) based connections to the AD LDS server, you install certificates from a trusted Certification Authority (CA) on the AD LDS server and
client computers. Which tool should you use to test the certificate with AD LDS? A. B. C. D. E. F. Ldp.exe Active Directory Domain services ntdsutil.exe Lds.exe wsamain.exe None of the above
QUESTION 114 ABC.com boosts a main office and 20 branch offices. Configured as a separate site, each branch office has a Read-Only Domain Controller (RODC) server installed. Users in remote offices complain that they are unable to log on to their accounts. What should you do to make sure that the cached credentials for user accounts are only stored in their local branch office RODC server? A. Open the RODC computer account security tab and set Allow on the Receive as permission only for the users that are unable to log on to their accounts B. Add a password replication policy to the main Domain RODC and add user accounts in the security group C. Configure a unique security group for each branch office and add user accounts to the respective security group. Add the security groups to the password replication allowed group on the main RODC server D. Configure and add a separate password replication policy on each RODC computer account Answer: D Section: 70-640 Explanation/Reference: Explanation:
QUESTION 115 The corporate network of Company consists of a Windows Server 2008 single Active Directory domain. The domain has two servers named Company 1 and Company 2. To ensure central monitoring of events you decided to collect all the events on one server, Company 1. To collect events from Company 2. and transfer them to Company 1, you configured the required event subscriptions. You selected the Normal option for the Event delivery optimization setting by using the HTTP protocol. However, you discovered that none of the subscriptions work. Which of the following actions would you perform to configure the event collection and event forwarding on the two servers? (Select three. Each answer is a part of the complete solution).
A. B. C. D. E. F.
Through Run window execute the winrm quickconfig command on Company 2. Through Run window execute the wecutil qc command on Company 2. Add the Company 1 account to the Administrators group on Company 2. Through Run window execute the winrm quickconfig command on Company 1. Add the Company 2 account to the Administrators group on Company 1. Through Run window execute the wecutil qc command on Company 1.
Answer: ABF Section: 70-640 Explanation/Reference: Reference: http://msdn.microsoft.com/en-us/library/bb870973%28VS.85%29.aspx
QUESTION 116 ABC.com has a software evaluation lab. There is a server in the evaluation lab named as CKT. CKT runs Windows Server 2008 and Microsoft Virtual Server 2005 R2. CKT has 200 virtual servers running on an isolated virtual segment to evaluate software. To connect to the internet, it uses physical network interface card. ABC.com requires every server in the company to access Internet. ABC.com security policy dictates that the IP address space used by software evaluation lab must not be used by other networks. Similarly, it states the IP address space used by other networks should not be used by the evaluation lab network. As an administrator you find you that the applications tested in the software evaluation lab need to access normal network to connect to the vendors update servers on the internet. You need to configure all virtual servers on the CKT server to access the internet. You also need to comply with company's security policy. Which two actions should you perform to achieve this task? (Choose two answers. Each answer is a part of the complete solution) A. Trigger the Virtual DHCP server for the external virtual network and run ipconfig/renew command on each virtual server B. On CKT's physical network interface, activate the Internet Connection Sharing (ICS) C. Use ABC.com intranet IP addresses on all virtual servers on CKT. D. Add and install a Microsoft Loopback Adapter network interface on CKT. Use a new network interface and create a new virtual network. E. None of the above Answer: AD Section: 70-640 Explanation/Reference: Explanation:
QUESTION 117 You are an administrator at ABC.com. Company has a network of 5 member servers acting as file servers. It has an Active Directory domain. You have installed a software application on the servers. As soon as the application is installed, one of the member servers shuts down itself. To trace and rectify the problem, you create a Group Policy Object (GPO). You need to change the domain security settings to trace the shutdowns and identify the cause of it. What should you do to perform this task? A. Link the GPO to the domain and enable System Events option
B. C. D. E.
Link the GPO to the domain and enable Audit Object Access option Link the GPO to the Domain Controllers and enable Audit Object Access option Link the GPO to the Domain Controllers and enable Audit Process tracking option Perform all of the above actions
QUESTION 118 ABC.com has a network that consists of a single Active Directory domain. A technician has accidently deleted an Organizational unit (OU) on the domain controller. As an administrator of ABC.com, you are in process of restoring the OU. You need to execute a non-authoritative restore before an authoritative restore of the OU. Which backup should you use to perform non- authoritative restore of Active Directory Domain Services (AD DS) without disturbing other data stored on domain controller? A. B. C. D. E. Critical volume backup Backup of all the volumes Backup of the volume that hosts Operating system Backup of AD DS folders all of the above
QUESTION 119 DRAG DROP ABC.com has an Active Directory forest on a single domain. The domain operates Windows Server 2008. A new administrator accidentally deletes the entire organizational unit in the Active Directory database that hosts 6000 objects. You have backed up the system state data using third-party backup software. To restore backup, you start the domain controller in the Directory Services Restore Mode (DSRM). You need to perform an authoritative restore of the organizational unit and restore the domain controller to its original state. Which three actions should you perform? The answer should be in a sequence. Drag and drop the appropriate action into the sequential order.
QUESTION 120 ABC.com has a network that consists of a single Active Directory domain.Windows Server 2008 is installed on all domain controllers in the network. You are instructed to capture all replication s from all domain controllers to a central location. What should you do to achieve this task?
A. B. C. D.
Initiate the Active Directory Diagnostics data collector set Set event log subscriptions and configure it Initiate the System Performance data collector set Create a new capture in the Network Monitor
QUESTION 121 Company has a single domain network with Windows 2000, Windows 2003, and Windows 2008 servers. Client computers running Windows XP and Windows Vista. All domain controllers are running Windows server 2008. Exhibit B Servers Operating system Role Company_DC1 Windows server 2008 Domain controller Company _DC2 Windows server 2008 Domain controller Company _SRV5 Windows server 2008 File and Print server You need to deploy Active Directory Rights Management System (AD RMS) to secure all documents, spreadsheets and to provide user authentication. What do you need to configure, in order to complete the deployment of AD RMS? A. Upgrade all client computers to Windows Vista. Install AD RMS on domain controller Company _DC1 B. Ensure that all Windows XP computers have the latest service pack and install the RMS client on all systems. Install AD RMS on domain controller Company _DC1 C. Upgrade all client computers to Windows Vista. Install AD RMS on Company _SRV5 D. Ensure that all Windows XP computers have the latest service pack and install the RMS client on all systems. Install AD RMS on domain controller Company _SRV5 E. None of the above Answer: D Section: 70-640 Explanation/Reference: Explanation:
QUESTION 122 You are formulating the backup strategy for Active Directory Lightweight Directory Services (AD LDS) to ensure that data and log files are backed up regularly. This will also ensure the continued availability of data to applications and users in the event of a system failure. Because you have limited media resources, you decided to backup only specific ADLDS instance instead of taking backup of the entire volume. What should you do to accomplish this task? A. Use Windows Server backup utility and enable checkbox to take only backup of database and log files of AD LDS B. Use Dsdbutil.exe tool to create installation media that corresponds only to the ADLDS instance C. Move AD LDS database and log files on a separate volume and use windows server backup utility D. None of the above
QUESTION 123 You had installed Windows Server 2008 on a computer and configured it as a file server, named FileSrv1. The FileSrv1 computer contains four hard disks, which are configured as basic disks. For fault tolerance and performance you want to configure Redundant Array of Independent Disks (RAID) 0 +1 on FileSrv1. Which utility you will use to convert basic disks to dynamic disks on FileSrv1? A. B. C. D. E. Diskpart.exe Chkdsk.exe Fsutil.exe Fdisk.exe None of the above
QUESTION 124 ABC.com has a domain controller that runs Windows Server 2008. The ABC.com network boosts 40 Windows Vista client machines. As an administrator at ABC.com, you want to deploy Active Directory Certificate service (AD CS) to authorize the network users by issuing digital certificates. What should you do to manage certificate settings on all machines in a domain from one main location? A. B. C. D. E. Configure Enterprise CA certificate settings Configure Enterprise trust certificate settings Configure Advance CA certificate settings Configure Group Policy certificate settings All of the above
QUESTION 125 DRAG DROP Your network contains two forests named contoso.com and fabrikam.com. The functional level of all the domains is Windows Server 2003. The functional level of both forests is Windows 2000. You need to create a trust between contoso.com and fabrikam.com. The solution must ensure that users from contoso.com can only access the servers in fabrikam.com that have the Allowed to Authenticate permission set.
What should you do? To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order.
Explanation:
QUESTION 126 Your network contains an Active Directory domain named adatum.com. You need to ensure that IP addresses can be resolved to fully qualified domain names (FQDNs). Under which node in the DNS snap-in should you add a zone? A. B. C. D. E. Reverse Lookup Zones adatum.com Forward Lookup Zones Conditional Forwarders _msdcs.adatum.com
QUESTION 127 DRAG DROP Your company has a main office and a branch office. All servers are located in the main office. The network contains an Active Directory forest named adatum.com. The forest contains a domain controller named MainDC that runs Windows Server 2008 R2 Enterprise and a member server named FileServer that runs Windows Server 2008 R2 Standard. You have a kiosk computer named Public_Computer that runs Windows 7. Public_Computer is not connected to the network. You need to join Public_Computer to the adatum.com domain.
Explanation:
QUESTION 128 Your network contains an Active Directory domain named adatum.com. The domain contains a domain controller named DC1. DC1 has an IP address of 192.168.200.100. You need to identify the zone that contains the Pointer (PTR) record for 0C1. Which zone should you identify? A. adatum.com B. _msdcs.adatum.com C. 100.168.192.in-addr.arpa
D. 200.168.192.in-addr.arpa Answer: D Section: 70-640 Explanation/Reference: Explanation:
QUESTION 129 Your network contains an Active Directory forest named adatum.com. The DNS infrastructure fails. You rebuild the DNS infrastructure. You need to force the registration of the Active Directory Service Locator (SRV) records in DNS. Which service should you restart on the domain controllers? A. B. C. D. E. Netlogon DNS Server Network Location Awareness Network Store Interface Service Online Responder Service
QUESTION 130 Your network contains an Active Directory domain named adatum.com. The password policy of the domain requires that the passwords for all user accounts be changed every 50 days. You need to create several user accounts that will be used by services. The passwords for these accounts must be changed automatically every 50 days. Which tool should you use to create the accounts? A. B. C. D. E. Active Directory Administrative Center Active Directory Users and Computers Active Directory Module for Windows PowerShell ADSI Edit Active Directory Domains and Trusts
QUESTION 131 Your network contains an Active Directory domain. The domain contains several domain controllers. You
need to modify the Password Replication Policy on a read-only domain controller (RODC). Which tool should you use? A. B. C. D. E. Group Policy Management Active Directory Domains and Trusts Active Directory Users and Computers Computer Management Security Configuration Wizard
QUESTION 132 HOTSPOT Your network contains an Active Directory forest named contoso.com. All client computers run Windows 7 Enterprise. You need automatically to create a local group named PowerManagers on each client computer that contains a battery. The solution must minimize the amount of administrative effort. Which node in Group Policy Management Editor should you use? To answer, select the appropriate node in the answer area.
Explanation: Control Panel Settings under Preferences. Select
QUESTION 133 Your network contains an Active Directory forest. The forest contains domain controllers that run Windows Server 2008 R2. The functional level of the forest is Windows Server 2003. The functional level of the domain is Windows Server 2008. From a domain controller, you need to perform an authoritative restore of an organizational unit (OU). What should you do first? A. B. C. D. Raise the functional level of the forest Modify the tombstone lifetime of the forest. Restore the system state. Raise the functional level of the domain.
QUESTION 134 Your network contains an Active Directory forest. The forest contains two domains named contoso.com and woodgrovebank.com. You have a custom attribute named Attribute 1 in Active Directory. Attribute 1 is associated to User objects. You need to ensure that Attribute1 is included in the global catalog. What should you do? A. From the Active Directory Schema snap-in, modify the properties of the Attribute 1 attributeSchema object. B. In Active Directory Users and Computers, configure the permissions on the Attribute 1 attribute for User objects. C. From the Active Directory Schema snap-in, modify the properties of the User classSchema object.
D. In Active Directory Sites and Services, configure the Global Catalog settings for all domain controllers in the forest. Answer: A Section: 70-640 Explanation/Reference: Explanation:
QUESTION 135 Your network contains a server named Server1. Server1 runs Windows Server 2008 R2 and has the Active Directory Lightweight Directory Services (AD LDS) role installed. Server1 hosts two AD LDS instances named Instance1 and Instance2. You need to remove Instance2 from Server1 without affecting Instance1. Which tool should you use? A. B. C. D. NTDSUtil Dsdbutil Programs and Features in the Control Panel Server Manager
QUESTION 136 Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. You need to compact the Active Directory database. What should you do? A. B. C. D. E. F. G. H. I. J. Run the Get-ADForest cmdlet. Configure subscriptions from Event Viewer. Run the eventcreate.exe command. Configure the Active Directory Diagnostics Data Collector Set (OCS). Create a Data Collector Set (DCS). Run the repadmin.exe command. Run the ntdsutil.exe command. Run the dsquery.exe command. Run the dsamain.exe command. Create custom views from Event Viewer.
Answer: G Section: 70-640 Explanation/Reference: Explanation:
QUESTION 137
Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. You need to collect all of the Directory Services events from all of the domain controllers and store the events in a single central computer. What should you do? A. B. C. D. E. F. G. H. I. J. Run the ntdsutil.exe command. Run the repodmin.exe command. Run the Get-ADForest cmdlet. Run the dsamain.exe command. Create custom views from Event Viewer. Run the dsquery.exe command. Configure the Active Directory Diagnostics Data Collector Set (DCS), Configure subscriptions from Event Viewer. Run the eventcreate.exe command. Create a Data Collector Set (DCS).
QUESTION 138 Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. You need to receive a notification when more than 100 Active Directory objects are deleted per second. What should you do? A. B. C. D. E. F. G. H. I. J. Create custom views from Event Viewer. Run the Get-ADForest cmdlet. Run the ntdsutil.exe command. Configure the Active Directory Diagnostics Data Collector Set (DCS). Create a Data Collector Set (DCS). Run the dsamain.exe command. Run the dsquery.exe command. Run the repadmin.exe command. Configure subscriptions from Event Viewer. Run the eventcreate.exe command.
QUESTION 139 Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. You need to create a snapshot of Active Directory. What should you do?
A. B. C. D. E. F. G. H. I. J.
Run the dsquery.exe command. Run the dsamain.exe command. Create custom views from Event Viewer. Configure subscriptions from Event Viewer. Create a Data Collector Set (DCS). Configure the Active Directory Diagnostics Data Collector Set (DCS). Run the repadmin.exe command. Run the ntdsutil.exe command. Run the Get-ADForest cmdlet. Run the eventcreate.exe command.
QUESTION 140 Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. You mount an Active Directory snapshot. You need to ensure that you can query the snapshot by using LDAP. What should you do? A. B. C. D. E. F. G. H. I. J. Run the dsamain.exe command. Create custom views from Event Viewer. Run the ntdsutil.exe command. Configure subscriptions from Event Viewer. Run the Get-ADForest cmdlet. Create a Data Collector Set (DCS). Run the eventcreate.exe command. Configure the Active Directory Diagnostics Data Collector Set (DCS). Run the repadmin.exe command. Run the dsquery.exe command.
Exam B QUESTION 1 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. All client computers run Windows 7. You create a new zone named secure.contoso.com and configure the zone to use DNSSEC. You need to ensure that all client computers verify whether the name and address information of secure.contoso.com is validated by the DNS servers. What should you configure from Group Policy? A. B. C. D. an IPSec Security policy the DNS Client settings the Public Key policies a Name Resolution Policy rule
Answer: D Section: 70-642 Explanation/Reference: Explanation: see also: http://technet.microsoft.com/de-de/library/ee649207(WS.10).aspx
QUESTION 2 Your network contains an Active Directory domain. The domain contains an enterprise certification authority (CA) named Server1 and a server named Server2. On Server2, you deploy Network Policy Server (NPS) and you configure a Network Access Protection (NAP) enforcement policy for IPSec. From the Health Registration Authority snap-in on Server2, you set the lifetime of health certificates to four hours. You discover that the validity period of the health certificates issued to client computers is one year. You need to ensure that the health certificates are only valid for four hours. What should you do? A. B. C. D. Modify the Request Handling settings of the certificate template used for the health certificates. Modify the Issuance Requirements settings of the certificate template used for the health certificates. On Server1, run certutil.exe -setreg policy\editflags +editf_attributeenddate. On Server1, run certutil.exe Csetregdbflags +dbflags_enablevolatilerequests.
QUESTION 3 Your company has a server that runs Windows Server 2008 R2. You have a new application that locates remote resources by name. The new application requires IPv6. You need to ensure that the application can locate remote resources by using IPv6. What should you do? A. B. C. D. Create a new Pointer (PTR) DNS record. Create a new Quad-A (AAAA) DNS record. Create a new Signature (SIG) DNS record. Create a new Route Through (RT) DNS record.
Answer: B Section: 70-642 Explanation/Reference:
Explanation:
QUESTION 4 Your network contains an Active Directory domain. The domain contains DNS servers that run Windows Server 2008 R2. The network has two external links. One link connects to the Internet. The other link directly connects to the network of a partner company. The partner companys network is not connected to the Internet. You need to ensure that users on your network can access resources on the partner companys network. The solution must ensure that the users on your network can continue to access resources on the Internet. Which two actions should you perform on the DNS servers? (Each correct answer presents a complete solution. Choose two.) A. B. C. D. E. Configure conditional forwarding. Add a stub zone. Modify the root hints. Add a reverse lookup zone. Add a trust anchor.
Answer: AC Section: 70-642 Explanation/Reference: Explanation:
QUESTION 5 Your network contains a server named Server1 that runs Windows Server 2008 R2. You configure IPSec on Server1. You need to identify the total number of encrypted bytes sent and received by Server1. Which node should you use to achieve this task? To answer, select the appropriate node in the answer area.
A. B. C. D.
Active Policy Main Mode Quick Mode None
Answer: C Section: 70-642 Explanation/Reference:
Explanation:
QUESTION 6 Your network contains a Windows Server Update Services (WSUS) server named Server1. All client computers are configured to download updates from Server1. Server1 is configured only to synchronize manually to Microsoft Update. Your company deploys a new Microsoft application. You discover that the new application is not listed on the Products and Classifications list. You need to ensure that updates for the new application are available to all of the client computers. What should you do first? A. B. C. D. Run the Server Cleanup Wizard. Approve updates. Synchronize the WSUS server. Modify the Products and Classifications settings.
QUESTION 7 You have a perimeter network that contains 20 servers. All of the servers run Windows Server 2008 R2 and are members of a workgroup. You add an additional server named Server21 to the perimeter network. You plan to configure Server21 to collect events forwarded from the other servers. You need to ensure that the events are available on Server21 as quickly as possible. Which event delivery optimization option should you enable?
A. B. C. D.
Normal Custom Minimize Bandwidth Minimize Latency
QUESTION 8 You have a client computer named Computer1 that runs Windows 7. You need to ensure that, from Computer1, you can enumerate all of the records in a DNS zone. Which settings should you configure from the properties of the DNS zone? To answer, select the appropriate tab in the answer area.
A. B. C. D. E. F.
General Start Of Authority (SOA) Security Zone Transfers Name Servers Wins
Answer: D Section: 70-642
Explanation/Reference:
QUESTION 9 Your network contains an Active Directory domain named fabrikam.com. The domain contains five domain controllers named DC1, DC2, DC3, DC4, and DC5. All domain controllers run Windows Server 2008 R2 and have the DNS server role installed. On DC5, you create a new Active Directory-integrated DNS zone named adatum.com. You need to ensure that the adatum.com DNS zone is only replicated to DC5 and DC2. The solution must ensure that all zone replication traffic is encrypted. What should you do first? A. B. C. D. Create an application directory partition. Create a primary zone. Modify the zone transfer settings. Change the zone replication scope.
QUESTION 10 Your network contains a server named Server1 that runs Windows Server 2008 R2. You enable IPSec on Server1. You need to identify which client computers have active IPSec associations to Server1. Which administrative tool should you use to achieve this task? To answer, select the appropriate tool from the answer area.
A. B. C. D.
Computer Management Storage Explorer Component Services Windows Firewall with Advanced Security
Answer: D Section: 70-642 Explanation/Reference:
Explanation: M
QUESTION 11 Your network contains a DHCP server named DHCP1 that runs Windows Server 2008 R2. All client computers on the network obtain their network configurations from DHCP1. You have a client computer named Client1 that runs Windows 7 Enterprise. You need to configure Client1 to use a different DNS server than the other client computers on the network. What should you do? A. B. C. D. Configure the scope options. Create a reservation. Create a DHCP filter. Define a user class.
QUESTION 12 Your network contains an Active Directory forest named fabrikam.com. The forest contains a DNS server named Server1. You need to configure Server1 to resolve single-label names. What should you do? A. Create a DNS zone named GlobalNames. Run dnscmd.exe and specify the Config parameter. B. Create a DNS zone named GlobalNames. Run dnscmd.exe and specify the CreateDirectoryPartition parameter. C. Create a DNS zone named RootNames. Run dnscmd.exe and specify the CreateDirectoryPartition parameter. D. Create a DNS zone named RootNames. Run dnscmd.exe and specify the Config parameter. Answer: A Section: 70-642 Explanation/Reference: Explanation:
QUESTION 13 Your network contains a server named Server1. You perform a full server backup by using Windows Server
Backup. You need to test a full server restore. Which option should you select from the Advanced Boot Options menu? To answer, select the appropriate option in the answer area.
Then
A. B. C. D. E. F. G. H. I. J. K. L.
Repair Your Computer Safe Mode Safe Mode With Networking Safe Mode With Command Prompt Enable boot logging Enable low resolution video (640 480) Last Known Good Configuration (advanced) Directory services restore mode Debugging mode Disable automatic restart on system failure Disable Driver Signature Enforcement Start Windows normally
Answer: A Section: 70-642 Explanation/Reference:
Then
Explanation: A
QUESTION 14 Your network contains a server that runs Windows Server 2008 R2 named Server1. You install a new application on Server1. After the installation, you discover that Server1 frequently becomes
unavailable. You need to identify whether the issues on Server1 coincide with the installation of the application. What should you do? A. B. C. D. From Reliability Monitor, review the reliability details. From Administrative Tools, run Windows Memory Diagnostic. From the System Configuration utility, select Diagnostic startup. From the command prompt, run the Program Compatibility Wizard.
QUESTION 15 Your network contains a file server named Server1 that runs Windows Server 2008 R2. Users report that when they try to open some of the folders in \\server1\folder1, they receive an Access is Denied error message. You need to ensure that when the users connect to \\server1\folder1, they only see the files and the folders to which they are assigned permissions. Which tool should you use? A. B. C. D. Local Security Policy Share and Storage Management Windows Explorer Windows Firewall with Advanced Security
QUESTION 16 You configure a full server backup on a server as shown in the exhibit. (Click the Exhibit button.) You need to ensure that a full server backup runs each day at 23:45 and that a custom script runs when the backup completes. Which tool should you use? Exhibit:
A. B. C. D.
Task Scheduler Windows Server Backup System Configuration Services
QUESTION 17 You need to configure a static IPv6 address for a server that runs a Server Core installation of Windows Server 2008 R2. Which tool should you use? A. netsh B. ocsetup C. servermanagercmd
D. ipconfig Answer: A Section: 70-642 Explanation/Reference: Explanation:
QUESTION 18 Your network contains an Active Directory forest. The forest contains a member server named Server1 that runs Windows Server 2008 R2. You need to ensure that UNIX-based client computers can access shared folders on Server1. Which server role, role service, or feature should you install? A. B. C. D. E. F. G. H. I. J. K. L. M. Windows Server Update Services (WSUS) Network Policy Server (NPS) Routing and Remote Access service (RRAS) Simple TCP/IP Services Windows System Resource Manager (WSRM) File Server Resource Manager (FSRM) Wireless LAN Service Network Load Balancing (NLB) Windows Internal Database Services for Network File System (NFS) Group Policy Management Health Registration Authority (HRA) Connection Manager Administration Kit (CMAK)
Answer: J Section: 70-642 Explanation/Reference: Explanation:http://technet.microsoft.com/en-us/library/cc753302(WS.10).aspx
QUESTION 19 Your network contains an Active Directory forest. The forest contains a member server named Server1 that runs Windows Server 2008 R2. You need to create folder quotas on Server1. Which server role, role service, or feature should you install? A. B. C. D. E. F. G. H. I. J. K. L. M. Routing and Remote Access service (RRAS) Health Registration Authority (HRA) Network Load Balancing (NLB) File Server Resource Manager (FSRM) Windows Server Update Services (WSUS) Connection Manager Administration Kit (CMAK) Wireless LAN Service Windows Internal Database Network Policy Server (NPS) Group Policy Management Windows System Resource Manager (WSRM) Simple TCP/IP Services Services for Network File System (NFS)
QUESTION 20 Your network contains an Active Directory forest. The forest contains a member server named Server1 that runs Windows Server 2008 R2. You need to configure Server1 to provide central authentication of dial-up, VPN, and wireless connections to the network. Which server role, role service or feature should you install? A. B. C. D. E. F. G. H. I. J. K. L. M. Simple TCP/IP Services Windows System Resource Manager (WSRM) Routing and Remote Access service (RRAS) Network Policy Server (NPS) File Server Resource Manager (FSRM) Network Load Balancing (NLB) Windows Internal Database Health Registration Authority (HRA) Group Policy Management Wireless LAN Service Connection Manager Administration Kit (CMAK) Windows Server Update Services (WSUS) Services for Network File System (NFS)
QUESTION 21 Your network contains a file server named Server1. Server1 contains a folder named Folder1. The permissions for Folder1 are configured as shown in the following table.
You need to ensure that only members of Group1 can add files to Folder1 over the network. What should you do? A. B. C. D. Modify the share permission for Group1. Modify the share permission for Authenticated Users. Modify the NTFS permission for Group1. Modify the NTFS permission for Authenticated Users.
Answer: C Section: 70-642
QUESTION 22 Your network contains an Active Directory forest. The forest contains a member server named Server1 that runs Windows Server 2008 R2. You configure Server1 as a VPN server. You need to ensure that only client computers that have up-to-date virus definitions can establish VPN connections to Server1. Which server role, role service, or feature should you install? A. B. C. D. E. F. G. H. I. J. K. L. M. Simple TCP/IP Services Windows Internal Database Connection Manager Administration Kit (CMAK) File Server Resource Manager (FSRM) Windows Server Update Services (WSUS) Services for Network File System (NFS) Routing and Remote Access service (RRAS) Network Policy Server (NPS) Wireless LAN Service Group Policy Management Health Registration Authority (HRA) Windows System Resource Manager (WSRM) Network Load Balancing (NLB)
QUESTION 23 Your network contains an Active Directory forest. The forest contains a member server named Server1 that runs Windows Server 2008 R2. You need to configure Server1 as a network address translation (NAT) server. Which server role, role service, or feature should you install? A. B. C. D. E. F. G. H. I. J. K. L. M. Services for Network File System (NFS) Wireless LAN Service Network Load Balancing (NLB) Group Policy Management Routing and Remote Access service (RRAS) File Server Resource Manager (FSRM) Windows System Resource Manager (WSRM) Health Registration Authority (HRA) Windows Server Update Services (WSUS) Windows Internal Database Simple TCP/IP Services Connection Manager Administration Kit (CMAK) Network Policy Server (NPS)
Answer: E Section: 70-642 Explanation/Reference:
Explanation:
QUESTION 24 Your network contains an Active Directory domain named contoso.com. Contoso.com contains two servers named Server1 and Server2 that run Windows Server 2008 R2. DirectAccess is deployed on Server2. You need to configure Server1 as a network location server (NLS). Which Web Server (IIS) role service should you install on Server1? A. B. C. D. Request Filtering IIS Client Certificate Mapping Authentication URL Authorization IP and Domain Restrictions
Answer: D Section: 70-642 Explanation/Reference: Explanation: see steps below : If your DirectAccess server is acting as the network location server, you must install the Web Server (IIS) server role with the IP and Domain Restrictions role service. source: http://technet.microsoft.com/en-us/ library/ee649160%28WS.10%29.aspx
QUESTION 25 Your network contains three servers named Server1, Server2, and Server3 that have the Network Policy Server (NPS) role service installed. On Server1, you configure a Remote RADIUS Server Group that contains Server2 and Server3. On Server2 and Server3, you configure Server1 as a RADIUS client. You configure Server2 and Server3 to authenticate remote users. You need to configure Server1 to forward RADIUS authentication requests to Server2 and Server3. What should you create on Server1? A. B. C. D. a network policy a remediation server group a connection request policy a health policy
Answer: C Section: 70-642 Explanation/Reference: Explanation: http://technet.microsoft.com/en-us/library/cc754518.aspx
QUESTION 26 Your network contains an Active Directory domain. The domain contains a file server named Server1 that runs Windows Server 2008 R2. You need to ensure that a user named User1 can back up and restore files on Server1. The solution must minimize the number of user rights assigned to User1. What should you do? A. B. C. D. Add User1 to the Server Operators group. Assign the Backup files and directories user right to User1. Add User1 to the Backup Operators group. Assign the Perform volume maintenance tasks user right to User1.
QUESTION 27 Your network contains a server named Server1 that runs Windows Server 2008 R2. You configure IPSec on Server1. You need to identify the total number of authentication failures and negotiation failures that occurred on Server1. Which node should you use to achieve this task? To answer, select the appropriate node in the answer area.
A. B. C. D.
Main Mode Active Policy Quick Mode None
Answer: A Section: 70-642 Explanation/Reference:
Explanation: E
QUESTION 28 Your network contains a file server named Server1 that runs Windows Server 2008 R2. You enable IPSec on Server1. You need to identify which client computers have active IPSec associations to Server1. Which administrative tool should you use to achieve this task? A. B. C. D. Share and Storage Management Windows Firewall with Advanced Security Performance Monitor Event Viewer
QUESTION 29 Your network contains a DNS server named DNS1 that runs Windows Server 2008 R2. You need to be notified by e-mail if the DNS service logs errors or warnings. The solution must minimize the number of email notifications you receive. What should you do? A. B. C. D. Create an alert in Performance Monitor. Run the Configure a DNS Server Wizard. Select the DNS Server log from Event Viewer and attach a task to the log. Create a custom view from Event Viewer and attach a task to the custom view.
Answer: D Section: 70-642 Explanation/Reference:
Explanation:
QUESTION 30 Your company has four DNS servers that run Windows Server 2008 R2. Each server has a static IP address. You need to prevent DHCP from assigning the addresses of the DNS servers to DHCP clients. What should you do? A. B. C. D. Create a new scope for the DNS servers. Create a reservation for the DHCP server. Configure the 005 Name Servers scope option. Configure an exclusion that contains the IP addresses of the four DNS servers.
QUESTION 31 Your network contains a file server that runs Windows Server 2008 R2. You create a shared folder on the server. You need to ensure that an administrator is notified whenever a user saves .exe files to the shared folder. What should you do? A. B. C. D. Configure access-based enumeration (ABE). Create a file screen. Modify the NTFS permissions and the share permissions. Create a soft quota.
Answer: B Section: 70-642 Explanation/Reference: Explanation: http://technet.microsoft.com/en-us/library/cc732349(WS.10).aspx Topic 5, Exam Set E
QUESTION 32 Your network contains a server that runs a Server Core installation of Windows Server 2008 R2. You need to configure outbound firewall rules on the server. Which tool should you use? A. B. C. D. ocsetup servermanagercmd netcfg netsh
QUESTION 33 Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 and Server2 are configured as DNS servers. On Server1, you create a primary DNS zone named contoso.
com. You configure Server2 to host a secondary copy of contoso.com. On Server2, you open DNS Manager as shown in the exhibit. (Click the Exhibit button.) You need to ensure that the contoso.com zone is available on Server2. What should you do? Exhibit:
A. B. C. D.
From Server2, modify the root hints. From Server1, modify the zone transfer settings of the primary zone. From Server1, add Server2 as a name server for the zone. From Server2, modify the zone transfer settings of the secondary zone.
QUESTION 34 Your network contains a domain-based Distributed File System (DFS) namespace named \\contoso.com \dfs. \\contoso.com\\dfs is configured to use Windows 2000 Server mode. The domain contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 is configured as a namespace server for \\contoso.com\dfs. You need to migrate \\contoso.com\dfs to Windows Server 2008 mode. You install the Distributed File System role service on Server2. What should you do next? A. B. C. D. Configure Server2 as a namespace server for \\contoso.com\dfs. At the command prompt, run dfsutil root export \\contoso.com\dfs c:\dfs.xml. At the command prompt, run dfsutil root adddom \\contoso.com\dfs v2. Create a new shared folder named DFS on Server2.
QUESTION 35 Your network contains a file server named Server1 that runs Windows Server 2008 R2. Server1 has a
volume named E. From the File Server Resource Manager console, you create a new quota for volume E. The quota is derived from the 100 MB limit quota template. You need to prevent users from storing audio and video files on volume E. What should you do? A. B. C. D. Create a file screen. Create a file management task. Modify the properties of the quota. Modify the properties of the Audio and Video Files file group.
Answer: A Section: 70-642 Explanation/Reference: Explanation: Create a File Screen to prevent users from saving of video/audio files to a share and send notifications when users attempt to do that.
QUESTION 36 Your network contains a server named Server1 that runs a Server Core installation of Windows Server 2008 R2. Server1 is configured as a DNS server. You need to ensure that Server1 only resolves name queries from IPv6 clients. What should you do? A. B. C. D. Run netsh.exe and specify the dnsclient parameter. Run dnscmd.exe and specify the /config parameter. Run dnscmd.exe and specify the /resetlistenaddresses parameter. Run netsh.exe and specify the interface parameter.
Answer: C Section: 70-642 Explanation/Reference: Explanation: To configure your DNS server to listen over IPv6, do the following: Install Windows Support Tools. For more information, see Install Windows Support Tools Open Command Prompt. Type the following command: dnscmd /config /EnableIPv6 1 Restart the DNS Server service. For more information, see Start or stop a DNS server. http://technet.microsoft.com/en-us/library/cc783049 (WS.10).aspx
QUESTION 37 Your network contains an Active Directory domain. The domain contains a DNS server that runs Windows Server 2008 R2. You plan to deploy DirectAccess on the network. You need to ensure that the internal DNS infrastructure supports name resolution for DirectAccess. What should you do? A. B. C. D. Modify the Dynamic updates setting. Add a trust anchor. Modify the global query block list. Create a GlobalNames zone.
Answer: C
Section: 70-642 Explanation/Reference: Explanation:
QUESTION 38 Your network contains a file server named Server1 that runs Windows Server 2008 R2. Server1 hosts a shared folder that stores Microsoft Excel spreadsheets. A new Excel spreadsheet is created each day. You need to ensure that all Excel spreadsheets that are older than one month are automatically moved to a different folder. What should you do? A. B. C. D. Create an Active Directory Rights Management Services (AD RMS) policy template. Create a quota for the shared folder. Create a file management task. Modify the archive attribute of the shared folder.
Answer: C Section: 70-642 Explanation/Reference: Explanation: http://technet.microsoft.com/en-us/library/dd759233.aspx
QUESTION 39 Your network contains a server named Server1. Server1 has the DHCP server role installed and contains multiple scopes. You restore the DHCP database and discover that the active IP address leases are not displayed. You need to ensure that all IP address leases are displayed. What should you do? A. B. C. D. Reconcile all of the scopes. Run jetpack.exe dhcp.mdb temp.mdb. Restart the DHCP Server service. Authorize Server1.
Answer: C Section: 70-642 Explanation/Reference: Explanation: Recovery: Restoring from Backup If the DHCP server database becomes corrupted or is lost, simple recovery is possible by replacing the server database file (Dhcp.mdb), located in the % SystemRoot %\System32\Dhcp folder, with a backup copy of the same file. You can then perform a simple file copy to overwrite the current corrupted database with a backup copy of the same file. If DHCP Manager has been used previously to enable backup, you can obtain the backup copy of the server database file located in the % SystemRoot %\System32\Dhcp\Backup folder. As an option, you can also choose to restore the Dhcp.mdb file from a tape backup or other backup media. Before restoring the database file from backup, the DHCP service must first be stopped. Once you have copied the backup file to the % SystemRoot %\System32\Dhcp folder from your preferred backup source, you can restart the DHCP service. To stop the DHCP server service, type the following at a command prompt: net stop dhcpserver Once the DHCP service has been stopped, the following procedure can be used to safely restore a backup copy of the database from either backup media or the DHCP service backup folder. First, move the files from your existing DHCP folder to a different folder location, such as \Olddhcp. Be careful to keep the DHCP folder structure intact. For example, type the following set of commands at a command prompt to perform this step: md c:\Olddhcp move % SystemRoot % \system32\DHCP\*.* C:\Olddhcp Next, remove the corrupted server database file. This can also be done at the command prompt: del % SystemRoot % \system32\DHCP\Dhcp.mdb You can then copy the backup database file into the DHCP service folder. The path to be used when performing the actual copy operation varies (as shown in Table 4.15), depending on the specific server
version of Windows running on the computer where the DHCP database file is being restored. http://technet.microsoft.com/en-us/library/cc958954.aspx
QUESTION 40 Your network contains an Active Directory domain. The domain contains two DHCP servers named DHCP1 and DHCP2. On DHCP1, you create a scope named Scope1. You configure Scope1 as a split scope and add DHCP2 as an additional DHCP server. You need to ensure that DHCP1 and DHCP2 can issue IP addresses. What should you do from the DHCP console? A. B. C. D. Reconcile Scope1 on DHCP2. Activate Scope1 on DHCP2. Restart the DHCP Server service on DHCP2. Update the range of IP addresses on DHCP1.
Answer: B Section: 70-642 Explanation/Reference: Explanation: http://technet.microsoft.com/en-us/library/ee405264(WS.10).aspx
QUESTION 41 You deploy Network Access Protection (NAP) on your network. An administrator configures a network policy as shown in the exhibit. (Click the Exhibit button.) You discover that noncompliant client computers cannot access the remediation network. You need to configure the network policy to ensure that noncompliant client computers can access the remediation network. What should you do? Exhibit:
A. In Access Permission, select the Grant access. Grant access if the connection request matches this policy option button. B. In the Type of network access server list, click HCAP Server. C. In the Type of network access server list, click Health Registration Authority. D. In Access Permission, select the Ignore user account dial-in properties check box. Answer: A Section: 70-642 Explanation/Reference: Explanation:
QUESTION 42 Your network contains a server named Server1 that runs Windows Server 2008 R2. The network for Server1 is configured as shown in the table.
You plan to deploy DirectAccess on Server1. You need to configure the network interfaces on Server1 to support DirectAccess. What should you do? A. B. C. D. Add the IP address of 10.1.2.2 to LAN1. Remove the IP address of 131.107.1.13 from Internet2, and then add the address to LAN1. Remove the IP of address 131.107.1.13 from Internet2, and then add the address to Internet1. Add the default gateway of 131.107.1.1 to Internet2.
QUESTION 43 Your network contains a server named Server1 that runs a Server Core installation of Windows Server 2008 R2. The network contains a client computer named Computer1 that runs Windows 7. You need to ensure that you can collect events from Server1 on Computer1. What should you run on Server1? A. B. C. D. wecutil cs eventcreate /so winrm quickconfig net config server
Answer: C Section: 70-642 Explanation/Reference: Explanation: http://technet.microsoft.com/en-us/library/cc748890(v=WS.10).aspx
QUESTION 44 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. The network contains a DHCP server named DHCP1 on a subnet named Subnet1. You implement a new subnet named Subnet2. Subnet2 contains a server named Server1. On DHCP1, you create a DHCP scope for Subnet2. You need to configure Server1 to ensure that the client computers on Subnet2 can receive IP addresses from DHCP1. What should you install on Server1?
A. B. C. D.
the Application Server server role the DHCP server role the Network Policy Server (NPS) role service the Routing and Remote Access service (RRAS) role service
QUESTION 45 Your network contains an Active Directory forest named contoso.com. Contoso.com contains three domain controllers that run Windows Server 2008 R2 and three domain controllers that run Windows Server 2003. All domain controllers are configured as DNS servers. You configure the contoso.com zone to use DNSSEC. You need to ensure that the zone only replicates to DNS servers that support DNSSEC. What should you do first? A. B. C. D. Modify the Notify settings of the contoso.com zone. Create an application directory partition. Move the contoso.com zone to the ForestDnsZones application directory partition. Add a server certificate to the Windows Server 2003 DNS servers.
Answer: B Section: 70-642 Explanation/Reference: Explanation: you've installed Windows Server 2008 Core, you don't use DHCP and you want to get the thing So I'd create this post to help me on the network. I keep forgetting how to do this so I thought remember! I'm assuming that you've got as far as changing the administrator password and logging in. The next step is as easy as typing a few commands into the plain black window you see in front of you. let's assume that we want the server to have the following network configuration: For this example,
HOSTNAME: win2008core IP ADDRESS: 10.1.5.16
SUBNET MASK: 255.255.255.128 DEFAULT GATEWAY: 10.1.5.126 DNS SERVER: 10.10.20.6 DNS SERVER: 10.20.4.3 We first have to extract two pieces of information from the server. The current hostname and the index of the NIC that we want to configure. The hostname can be acquired simply by entering the command: "WIN-87abac8chasa87 or something random like that. hostname This will return something like we'll need it later. Make a note of the name returned as Next enter the following command: netsh interface ipv4 show interfaces This will return an output a bit like the one below. The important thing though is getting the index you're interested in (3 in this case). By default this will probably be (Idx) value for the interface that "Local Area Connection". called To setup the IP details for the interface just enter the following command: netsh interface ipv4 set address name="3" source=static address=10.1.5.16 mask=255.255.255.128 gateway=10.1.5.126 To add the DNS servers to this interface, use the following commands: netsh interface ipv4 add dnsserver name="3" address=10.10.20.6 index=1 netsh interface ipv4 add dnsserver name="3" address=10.20.4.3 index=2 Note that we incremented the index value in the second command. That was quite easy really. All that remains is to rename the server. This is done with another simple command using the value that we obtained earlier: netdom renamecomputer WIN-87abac8chasa87 /NewName:win2008core All that you then need to do is reboot the server: shutdown /r /t 0
QUESTION 46 Your network contains an Active Directory domain named fabrikam.com. The domain contains a DNS server named Server1. Server1 hosts the DNS zone for fabrikam.com. You have a client computer named Computer1 that runs Windows 7. You need to ensure that, from Computer1, you can enumerate all of the records in the fabrikam.com DNS zone. What should you modify? A. B. C. D. the forwarders of Server1 the root hints of Server1 the security settings of the fabrikam.com DNS zone the zone transfer settings of the fabrikam.com DNS zone
QUESTION 47 Your network contains a server named Server1 that runs Windows Server 2008 R2. You need to ensure that you can log performance counter data from Server1 to a SQL database.
Which tool should you use? A. B. C. D. Component Services Data Sources (ODBC) Share and Storage Management Storage Explorer
QUESTION 48 Your network contains an Active Directory domain. The network contains a standalone server that runs Windows Server 2008 R2. The server has a static IP address. You need to configure the server as a DHCP Relay Agent. What should you do first? A. B. C. D. Install the Health Registration Authority (HRA) role service on the server. Configure the server to use a dynamic IP address. Install the Routing and Remote Access service (RRAS) role service on the server. Join the server to the domain.
QUESTION 49 You have an application server that runs Windows Server 2008 R2. You need to configure Windows Firewall to allow communications on the server as shown in the following table.
What is the minimum number of firewall rules you should create? A. B. C. D. 4 2 1 3
QUESTION 50 Your network is configured as shown in the exhibit. (Click the Exhibit button.)
The network contains a server named TMG1. TMG1 runs Microsoft Forefront Threat Management Gateway (TMG) 2010 and has a default gateway of 131.107.1.2. You need to ensure that TMG1 can connect to the Internet and to the client computers in all of the internal subnets. What should you do on TMG1? A. B. C. D. Run route -p add 192.168.1.0 netmask 255.255.255.0 192.168.2.1. Change the default gateway to 192.168.1.1. Run route -p add 192.168.2.0 netmask 255.255.255.0 192.168.1.1. Change the default gateway to 192.168.2.1.
QUESTION 51 You have an application that requires localhost to resolve to 127.0.0.1. You ping localhost as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that localhost resolves to 127.0.0.1. What should you do? A. B. C. D. Modify the Hosts file. Add a Microsoft Loopback Adapter. Modify the Lmhosts file. Modify the properties of the local area connection.
QUESTION 52 Your network contains an Active Directory domain. Your company is implementing Network Access Protection (NAP). You need to define which network resources non-compliant client computers can access. What should you configure? A. B. C. D. E. F. G. H. I. J. the Windows Authentication authentication provider remediation server groups the RADIUS Accounting accounting provider system health validators (SHVs) IKEv2 client connections the Windows Accounting accounting provider the RADIUS Authentication authentication provider Group Policy preferences health policies connection request policies
QUESTION 53 Your network contains an Active Directory domain. You deploy Network Access Protection (NAP). You need to verify whether VPN clients have Windows Firewall enabled. What should you configure? A. B. C. D. E. F. G. H. I. J. connection request policies IKEv2 client connections Group Policy preferences the RADIUS Authentication authentication provider remediation server groups the Windows Authentication authentication provider the Windows Accounting accounting provider the RADIUS Accounting accounting provider system health validators (SHVs) health policies
Answer: I Section: 70-642 Explanation/Reference: Explanation:
QUESTION 54 Your network contains an Active Directory domain. The domain contains several VPN servers that have the Routing and Remote Access service (RRAS) role service installed. You need to collect information about the duration of the VPN connections. The information must be stored in a central location. What should you
configure on the VPN servers? A. B. C. D. E. F. G. H. I. J. connection request policies the RADIUS Authentication authentication provider health policies the RADIUS Accounting accounting provider remediation server groups the Windows Accounting accounting provider system health validators (SHVs) Group Policy preferences the Windows Authentication authentication provider IKEv2 client connections
QUESTION 55 Your network contains an Active Directory domain. Your company provides VPN access for multiple organizations. You need to configure Network Policy Server (NPS) to forward authentication requests to the appropriate organization. What should you configure on the NPS server? A. B. C. D. E. F. G. H. I. J. the RADIUS Accounting accounting provider the Windows Accounting accounting provider remediation server groups health policies connection request policies the RADIUS Authentication authentication provider the Windows Authentication authentication provider system health validators (SHVs) Group Policy preferences IKEv2 client connections
QUESTION 56 Your network contains two servers named Server1 and Server2 that run a Server Core installation of Windows Server 2008 R2. Server1 has the SNMP Service installed. You need to ensure that Server2 can send SNMP traps to Server1. What should you do? A. B. C. D. On Server2, run dism /online /enable-feature /featurename:snmp-sc. On Server1, run oclistsnmp-sc. On Server2, run oclistsnmp-sc. On Server1, run dism /online /enable-feature /featurename:snmp-sc.
Answer: A Section: 70-642
QUESTION 57 Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 contains two shared folders named Share 1 and Share2. The shared folders are located on the same volume. You need to prevent users from storing more that 100 MB of data in Share1 only. What should you install on Server1? A. B. C. D. File Server Resource Manager (FSRM) Network Policy Server (NPS) Services for Network File System (NFS) Windows System Resource Manager (WSRM)
Answer: A Section: 70-642 Explanation/Reference: Explanation: Reference: http://technet.microsoft.com/en-us/library/cc733029.aspx
QUESTION 58 Your network contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2008 R2. The servers have the Network Policy Server (NPS) role service installed. You configure a Remote RADIUS Server Group named Group1. Group 1 contains Server2, Server3, and Server4. You need to configure load balancing for the members of Group1 to meet the following requirements: Server1 must send 25 percent of all authentication requests to Server3. Server1 must send 75 percent of all authentication requests to Server2. Server1 must only send authentication requests to Server4 if Server2 and Server3 are unavailable. What should you do from the Network Policy Server console? A. For Server2, set the weight to 75 and the priority to 75, For Server3, set the weight to 25 and the priority to 25. For Server4, set the weight to 100 and the priority to 200. B. For Server2, set the weight to 75 and the priority to 1. For Server3, set the weight to 25 and the priority to 1. For Server4, set the weight to 100 and the priority to 100. C. For Server2, set the weight to 1 and the priority to 75. For Server3, set the weight to 1 and the priority to 25. For Server4, set the weight to 100 and the priority to 1. D. For Server2, set the weight to 75 and the priority to 25. For Server3, set the weight to 25 and the priority to 75. For Server4, set the weight to 100 and the priority to 1. Answer: B Section: 70-642 Explanation/Reference: Explanation:
Reference: http://technet.microsoft.com/en-us/library/dd197433(WS.10).aspx
QUESTION 59 You are planning the network for a branch office. The branch office will contain 100 IPv4 hosts. You need to recommend a subnet mask for the branch office. The subnet mask must minimize the number of unused IP addresses. Which subnet mask should you use? A. B. C. D. 255.255.255.0 255.255.255.128 255.255.0.0 255.255.128.0
Answer: B Section: 70-642 Explanation/Reference: Explanation: http://www.pantz.org/software/tcpip/subnetchart.html
QUESTION 60 Your Network contains a server named Server1 that has the Routing and Remote Access service(RRAS) role servive installed Server1 provides access to the internal network by using Point-to-Point ytunneling protocol (PPTP).Static RRAS filters on the external interface of Server1 allow only PPTP. THe IPaddress of the external interface is 131.107.1.100 You install the Web server (IIS) role on Server1. You need to ensure that users o nthe internet can access a Web site on server1 by using HTTP. The solution must minimize the number of open ports on Server1 Which static RRAS filter or filters should you configure on server1 ? Choose 2 A. An outbound filter that has the following configurations Source network 131.107.1.100/32 Destination network :any Protocol :TCP Port 80 B. An inbound filter that has the following configurations Source network: any Destination network : 131.107.1.100/32 Protocol :TCP Port 80 C. An outbound filter that has the following configurations Source network: 131.107.1.100/32 Destination network :any Protocol :TCP Port any D. An outbound filter that has the following configurations Source network: 131.107.1.100/32 Destination network :any Protocol :TCP(established) Port 80
E. An inbound filter that has the following configurations Source network: 131.107.1.100/32 Destination network :any Protocol :TCP Port any Answer: BD Section: 70-642 Explanation/Reference:
QUESTION 61 Your network contains a subnet named Subnet1. You add a new subnet named Subnet2 to the network. Subnet1 and Subnet2 are connected by a router named Router1. You need to configure the IP addresses on Router1 to ensure that IP traffic can be routed between Subnet1 and Subnet2. Which IP addresses should you assign to Router1? To answer, drag the appropriate IP address to the correct interface in the answer area.
A. B. C. D. E. F.
10.10.10.0 10.10.10.1 10.10.10.64 10.10.10.65 10.10.10.128 10.10.10.129
Answer: DF Section: 70-642 Explanation/Reference:
QUESTION 62 Your network contains an Active Directory forest. The forest contains a member server named VPN1 that runs Windows Server 2008 R2. You configure VPN1 as a VPN server. You need to ensure that only client computers that have windows Update enabled can establish VPN connections to VPN1. What should you install on VPN1? A. B. C. D. Windows Server Update Services (WSUS) Network Policy Server (NPS) Health Registration Authority (HRA) Connection Manager Administration Kit (CMAK)
Answer: B Section: 70-642 Explanation/Reference: Explanation: http://technet.microsoft.com/en-us/library/cc754378.aspx
QUESTION 63 Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. The network contains a DHCP server named Server1 on a subnet namend Subnet1. You implement a new subnet named Subnet2. Subnet2 contains a server named Server2.
On Server1, you create a DHCP scope for Subnet2. You need to configure Server2 to ensure that the client computers on Subnet2 can receive IP adresses from Server1. What should you do? To answer move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order.
Answer:
Section: 70-642 Explanation/Reference:
QUESTION 64 Your network contains an Active Directory domain. The domain contains a server named Server 1 that runs Windows Server 2008 R2 Server 1 contains a folder named Folder1. a domain user named User1 does not have NTFS Read permission for Folder1. You need User1 to create a backup copy of Folder1. User1 must NOT be able to restore the backup copy on Server1
Answer:
QUESTION 65 Your Network contains a server named Server1 that runs Windows Server 2008 R2 You need to log performance counter data from Server1 to SQL database What should you do? To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order.
Answer:
Section: 70-642 Explanation/Reference: http://www.simple-talk.com/sql/performance/collecting-performance-data-into-a-sql-server-table/
QUESTION 66 Your network contains an Active Directory forest. The forest contains a server named server1.contoso.com. You need to ensure that all DNS clients can user DNS to resolve the single-label name of a server named Server1. What should you do? To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order.
Answer:
QUESTION 67 Your network contains a Windows Server Update Services (WSUS) server named Server1. All client computers are configured to download updates from Server1. Server1 ts configured only to synchronize manually to Microsoft Update. Your company deploys a new Microsoft application. You discover that the new application is not listed on the Products and Classifications list. You synchronize the WSUS server. You need to ensure that updates for the new application are available to all of the client computers. what should you do? To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order.
Answer:
QUESTION 68 Your network contains an Active Directory domain. The domain contains a server that runs Windows Server 2008 R2. The server contains 10 shared folders. You need to be notified by email when users save .mp3 files to the shared folders. What should you do? To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order.
Answer:
QUESTION 69 Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. The domain contains three domain controllers named DC1, DC2, and DC3. All of the domain controllers have the DNS server role installed. You create a new Active Directory-integrated DNS zone on DC1. You need to ensure that the zone is only replicated to DC1 and DC3. The solution must ensure that all zone replication traffic is encrypted. What should you do? To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order.
Answer:
QUESTION 70 Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 has the DHCP server role installed. All client computer on the network obtain their network configurations from Server1. You have a client computer named Computer1. You need to configure Computer1 to use a different DNS server than the other client computers on the network. What should you do? To answer , move the appropriate actions from Possible Actions list to the Necessary Actions area and arrange them in the correct order.
Answer:

70-648 by - Ali Islam (210q)

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

70-648 by - Ali Islam (210q)

Загружено:

Авторское право:

Доступные форматы

Microsoft.Certify-Me.Testking.70-648.v2011-12-18.by.Gosha.

Sections 1. 70-640 2. 70-642

Answer: A Section: 70-640 Explanation/Reference: Explanation:

Answer: D Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640 Explanation/Reference: Explanation:

Answer: A Section: 70-640 Explanation/Reference: Explanation:

Answer: B Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640 Explanation/Reference: Explanation:

Answer: BD Section: 70-640 Explanation/Reference: Explanation:

Answer: A Section: 70-640 Explanation/Reference: Explanation:

Answer: A Section: 70-640 Explanation/Reference: Explanation:

Answer: B Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640

Answer: B Section: 70-640 Explanation/Reference: Explanation:

Answer: A Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640 Explanation/Reference: Explanation:

Answer: D Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640 Explanation/Reference: Explanation: http://technet.microsoft.com/en-us/library/cc758471(v=WS.10).aspx

Answer: C Section: 70-640 Explanation/Reference: Explanation:

Answer: D Section: 70-640 Explanation/Reference: Explanation:

Answer: D Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640 Explanation/Reference: Explanation:

Answer: D Section: 70-640 Explanation/Reference: Explanation:

Answer: D Section: 70-640 Explanation/Reference: Explanation:

Answer: B Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640 Explanation/Reference: Explanation:

Answer: A Section: 70-640 Explanation/Reference: Explanation:

Answer: B Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640 Explanation/Reference: Explanation:

C. Set-ADServiceAccount D. Set-ADObject Answer: D Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640 Explanation/Reference: Explanation:

Answer: D Section: 70-640 Explanation/Reference: Explanation:

Answer: H Section: 70-640 Explanation/Reference: Explanation: http://technet.microsoft.com/en-us/library/cc778513(WS.10).aspx

Answer: A Section: 70-640 Explanation/Reference: Explanation:

Answer: A Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640 Explanation/Reference: Explanation:

Answer: A Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640 Explanation/Reference: Explanation:

Answer: A Section: 70-640 Explanation/Reference: Explanation:

Answer: D Section: 70-640 Explanation/Reference: Explanation:

Answer: C Section: 70-640 Explanation/Reference: Explanation:

Answer: D Section: 70-640 Explanation/Reference: Explanation:

Answer: D Section: 70-640 Explanation/Reference: Explanation:

Answer: A Section: 70-640 Explanation/Reference: Explanation:

Answer: D Section: 70-640 Explanation/Reference: Explanation:

Answer: DF Section: 70-640

A. B. C. D. Answer: Section: 70-640 Explanation/Reference:

A. B. C. D. Answer: Section: 70-640 Explanation/Reference:

Explanation: Reverse Lookup Zones Select

A. B. C. D. Answer: Section: 70-640 Explanation/Reference:

Explanation: 200.168.192.in-addr.arpa Select

A. B. C. D. Answer: Section: 70-640 Explanation/Reference:

IP container under Inter-Site Transports. Select the

Answer: Section: 70-640 Explanation/Reference:

A. B. C. D. Answer: Section: 70-640 Explanation/Reference:

Explanation: Active Directory Users and Computers. Select

A. B. C. D. Answer: Section: 70-640 Explanation/Reference:

Explanation: Active Directory Module for Windows PowerShell. Select