QUESTION 21
You deploy a new Active Directory Federation Services (AD FS) federation server. You request new certificates for the AD FS federation server. You need to ensure that the AD FS federation server can use the new certificates. To which certificate store should you import the certificates?
A. Computer
B. IIS Admin Service service account
C. Local Administrator
D. World Wide Web Publishing Service service account
Answer: A
QUESTION 22
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the Active Directory Federation Services (AD FS) role installed. You have an application named App1 that is configured to use Server1 for AD FS authentication. You deploy a new server named Server2. Server2 is configured as an AD FS 2.0 server. You need to ensure that App1 can use Server2 for authentication. What should you do on Server2?
A. Add an attribute store.
B. Create a relying party trust.
C. Create a claims provider trust.
D. Create a relaying provider trust.
Answer: B
QUESTION 23
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. The Active Directory Federation Services (AD FS) role is installed on Server1. Contoso.com is defined as an account store. A partner company has a Web-based application that uses AD FS authentication. The partner company plans to provide users from contoso.com access to the Web application. You need to configure AD FS on contoso.com to allow contoso.com users to be authenticated by the partner company. What should you create on Server1?
A. a new application
B. a resource partner
C. an account partner
D. an organization claim
Answer: D
QUESTION 24
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has the Active Directory Federation Services (AD FS) Federation Service role service installed. You plan to deploy AD FS 2.0 on Server2. You need to export the token-signing certificate from Server1, and then import the certificate to Server2. Which format should you use to export the certificate?
A. Base-64 encoded X.509 (.cer)
B. Cryptographic Message Syntax Standard PKCS #7 (.p7b)
C. DER encoded binary X.509 (.cer)
D. Personal Information Exchange PKCS #12 (.pfx)
Answer: D
QUESTION 25
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has Active Directory Federation Services (AD FS) 2.0 installed. Server1 is a member of an AD FS farm. The AD FS farm is configured to use a configuration database that is stored on a separate Microsoft SQL Server. You install AD FS 2.0 on Server2. You need to add Server2 to the existing AD FS farm. What should you do?
A. On Server1, run fsconfig.exe.
B. On Server1, run fsconfigwizard.exe.
C. On Server2, run fsconfig.exe.
D. On Server2, run fsconfigwizard.exe.
Answer: C
PassLeader Real Exam Dumps For 70-648 With 100% Pass Ensure — http://www.passleader.com/70-648.html
QUESTION 26
Your network contains a single Active Directory domain. The functional level of the forest is Windows Server 2008 R2. You need to enable the Active Directory Recycle Bin. What should you use?
A. the dsmod tool
B. the Enable-ADOptionalFeaturecmdlet
C. the ntdsutiltool
D. the Set-ADDomainModecmdlet
Answer: B
QUESTION 27
Your network contains an Active Directory domain. You need to restore a deleted computer account from the Active Directory Recycle Bin. What should you do?
A. From the command prompt, run recover.exe.
B. From the command prompt, run ntdsutil.exe.
C. From the Active Directory Module for Windows PowerShell, run the Restore-Computercmdlet.
D. From the Active Directory Module for Windows PowerShell, run the Restore-ADObjectcmdlet.
Answer: D
QUESTION 28
Your network contains a single Active Directory domain. You need to create an Active Directory Domain Services snapshot. What should you do?
A. Use the Ldp tool.
B. Use the ntdsutiltool.
C. Use the wbadmin tool.
D. From Windows Server Backup, perform a full backup.
Answer: B
QUESTION 29
You have an Active Directory snapshot. You need to view the contents of the organizational units (OUs) in the snapshot. Which tools should you run?
A. explorer.exe, netdom.exe,and dsa.msc
B. ntdsutil.exe, dsamain.exe,and dsa.msc
C. wbadmin.msc, dsamain.exe,and netdom.exe
D. wbadmin.msc, ntdsutil.exe,and explorer.exe
Answer: B
QUESTION 30
Your network contains a domain controller that runs Windows Server 2008 R2. You need to change the location of the Active Directory log files. Which tool should you use?
A. dsamain
B. dsmgmt
C. dsmove
D. ntdsutil
Answer: D
QUESTION 31
Your network contains an Active Directory domain that contains five domain controllers. You have a management computer that runs Windows 7. From the Windows 7 computer, you need to view all account logon failures that occur in the domain. The information must be consolidated on one list. Which command should you run on each domain controller?
A. wecutil.exe qc
B. wevtutil.exe gli
C. winrm.exe quickconfig
D. winrshost.exe
Answer: C
QUESTION 32
You create a new Active Directory domain. The functional level of the domain is Windows Server 2008 R2. The domain contains five domain controllers. You need to monitor the replication of the group policy template files. Which tool should you use?
A. dfsrdiag
B. fsutil
C. ntdsutil
D. ntfrsutl
Answer: A
QUESTION 33
You create a new Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains five domain controllers that run Windows Server 2008 R2. You need to monitor the replication of the group policy template files. Which tool should you use?
A. dfsrdiag
B. fsutil
C. ntdsutil
D. ntfrsutl
Answer: D
QUESTION 34
You have a domain controller named Server1 that runs Windows Server 2008 R2. You need to determine the size of the Active Directory database on Server1. What should you do?
A. Run the Active Directory Sizer tool.
B. Run the Active Directory Diagnostics data collector set.
C. From Windows Explorer, view the properties of the %systemroot%\ntds\ntds.ditfile.
D. From Windows Explorer, view the properties of the %systemroot%\sysvol\domainfolder.
Answer: C
QUESTION 35
Your network contains a single Active Directory domain. The functional level of the forest is Windows Server 2008. The functional level of the domain is Windows Server 2008 R2. All DNS servers run Windows Server 2008. All domain controllers run Windows Server 2008 R2. You need to ensure that you can enable the Active Directory Recycle Bin. What should you do?
A. Change the functional level of the forest.
B. Change the functional level of the domain.
C. Modify the Active Directory schema.
D. Modify the Universal Group Membership Caching settings.
Answer: A
PassLeader Real Exam Dumps For 70-648 With 100% Pass Ensure — http://www.passleader.com/70-648.html
QUESTION 36
Your network contains an Active Directory domain. The domain contains two domain controllers named DC1 and DC2. You perform a full backup of the domain controllers every night by using Windows Server Backup. You update a script in the SYSVOL folder. You discover that the new script fails to run properly. You need to restore the previous version of the script in the SYSVOL folder. The solution must minimize the amount of time required to restore the script. What should you do first?
A. Run the Restore-ADObjectcmdlet.
B. Restore the system state to its original location.
C. Restore the system state to an alternate location.
D. Attach the VHD file created by Windows Server Backup.
Answer: D
QUESTION 37
You have a domain controller that runs Windows Server 2008 R2. The Windows Server Backup feature is installed on the domain controller. You need to perform a non-authoritative restore of the domain controller by using an existing backup file. What should you do?
A. Restart the domain controller in Directory Services Restore Mode. Use the wbadmin command to perform a critical volume restore.
B. Restart the domain controller in Directory Services Restore Mode. Use the Windows Server Backup snap-in to perform a critical volume restore.
C. Restart the domain controller in Safe Mode. Use the Windows Server Backup snap-in to perform a critical volume restore.
D. Restart the domain controller in Safe Mode. Use the wbadmincommand to perform a critical volume restore.
Answer: A
QUESTION 38
Your company has an Active Directory domain that runs Windows Server 2008 R2. The Sales OU contains an OU for Computers, an OU for Groups, and an OU for Users. You perform nightly backups. An administrator deletes the Groups OU. You need to restore the Groups OU without affecting users and computers in the Sales OU. What should you do?
A. Perform an authoritative restore of the Sales OU.
B. Perform an authoritative restore of the Groups OU.
C. Perform a non-authoritative restore of the Groups OU.
D. Perform a non-authoritative restore of the Sales OU.
Answer: B
QUESTION 39
Your network contains an Active Directory domain. The domain contains two Active Directory sites named Site1 and Site2. Site1 contains two domain controllers named DC1 and DC2. Site2 contains two domain controller named DC3 and DC4. The functional level of the domain is Windows Server 2008 R2. The functional level of the forest is Windows Server 2003. Active Directory replication between Site1 and Site2 occurs from 20:00 to 01:00 every day. At 07:00, an administrator deletes a user account while he is logged on to DC1. You need to restore the deleted user account. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?
A. On DC1, run the Restore-ADObjectcmdlet.
B. On DC3, run the Restore-ADObjectcmdlet.
C. On DC1, stop Active Directory Domain Services, restore the System State, and then start Active Directory Domain Services.
D. On DC3, stop Active Directory Domain Services, perform an authoritative restore, and then start Active Directory Domain Services.
Answer: D
QUESTION 40
Your company has a main office and a branch office. The network contains a single Active Directory service domain. The main office contains a domain controller named DC1. You need to install a domain controller in the branch office by using an offline copy of the Active Directory the database. What should you do first?
A. From the ntdsutiltool, create an IFM media set.
B. From the command prompt, run djoin.exe /loadfile.
C. From Windows Server Backup, perform a system state backup.
D. From Windows PowerShell, run the Get-ADDomainControllercmdlet.
Answer: A
The Latest Study Materials For 70-648 Exam From Passleader Help You Pass Exam Easily