QUESTION 21
You need to remove the Active Directory Domain Services role from a domain controller named DC1. What should you do?
A. Run the netdom remove DC1 command.
B. Run the Dcpromo utility. Remove the Active Directory Domain Services role.
C. Run the nltest /remove_server: DC1 command.
D. Reset the Domain Controller computer account by using the Active Directory Users and Computers utility.
Answer: B
QUESTION 22
Your company has an Active Directory forest. The company has branch offices in three locations. Each location has an organizational unit. You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Run the Delegation of Control wizard and delegate the right to link GPOs for their branch organizational units to the branch office administrators.
B. Add the user accounts of the branch office administrators to the Group Policy Creator Owners Group.
C. Modify the Managed By tab in each organizational unit to add the branch office administrators to their respective organizational units.
D. Run the Delegation of Control wizard and delegate the right to link GPOs for the domain to the branch office administrators.
Answer: AB
QUESTION 23
One of the remote branch offices is running a Windows Server 2008 read only domain controller (RODC). For security reasons you don’t want some critical credentials like (passwords, encryption keys) to be stored on RODC. What should you do so that these credentials are not replicated to any RODC’s in the forest? (Select 2)
A. Configure RODC filtered attribute set on the server
B. Configure RODC filtered set on the server that holds Schema Operations Master role.
C. Delegate local administrative permissions for an RODC to any domain user without granting that user any user rights for the domain
D. Configure forest functional level server for Windows server 2008 to configure filtered attribute set.
E. None of the above
Answer: BD
QUESTION 24
Company has a server with Active Directory Rights Management Services (AD RMS) server installed. Users have computers with Windows Vista installed on them with an Active Directory domain installed at Windows Server 2003 functional level. As an administrator at Company, you discover that the users are unable to benefit from AD RMS to protect their documents. You need to configure AD RMS to enable users to use it and protect their documents. What should you do to achieve this functionality?
A. Configure an email account in Active Directory Domain Services (AD DS) for each user.
B. Add and configure ADRMSADMIN account in local administrators group on the user computers
C. Add and configure the ADRMSSRVC account in AD RMS server’s local administrator group
D. Reinstall the Active Directory domain on user computers
E. All of the above
Answer: A
VALID 70-640 Exam VCE And PDF Dumps Ensure 100% Pass — http://www.passleader.com/70-640.html
QUESTION 25
Company has an active directory forest on a single domain. Company needs a distributed application that employs a custom application. The application is directory partition software named PARDAT. You need to implement this application for data replication. Which two tools should you use to achieve this task? (Choose two answers. Each answer is a part of a complete solution)
A. Dnscmd.
B. Ntdsutil.
C. Ipconfig
D. Dnsutil
E. All of the above
Answer: AB
QUESTION 26
Company has an Active Directory forest with six domains. The company has 5 sites. The company requires a new distributed application that uses a custom application directory partition named ResData for data replication. The application is installed on one member server in five sites. You need to configure the five member servers to receive the ResData application directory partition for data replication. What should you do?
A. Run the Dcpromo utility on the five member servers.
B. Run the Regsvr32 command on the five member servers
C. Run the Webadmin command on the five member servers
D. Run the RacAgent utility on the five member servers
Answer: A
QUESTION 27
As an administrator at Company, you have installed an Active Directory forest that has a single domain. You have installed an Active Directory Federation services (AD FS) on the domain member server. What should you do to configure AD FS to make sure that AD FS token contains information from the active directory domain?
A. Add a new account store and configure it.
B. Add a new resource partner and configure it
C. Add a new resource store and configure it
D. Add a new administrator account on AD FS and configure it
E. None of the above
Answer: A
QUESTION 28
Company runs Window Server 2008 on all of its servers. It has a single Active Directory domain and it uses Enterprise Certificate Authority. The security policy at ABC.com makes it necessary to examine revoked certificate information. You need to make sure that the revoked certificate information is available at all times. What should you do to achieve that?
A. Add and configure a new GPO (Group Policy Object) that enables users to accept peer certificates and link the GPO to the domain.
B. Configure and use a GPO to publish a list of trusted certificate authorities to the domain
C. Configure and publish an OCSP (Online certificate status protocol) responder through ISAS (Internet Security and Acceleration Server) array.
D. Use network load balancing and publish an OCSP responder.
E. None of the above
Answer: D
QUESTION 29
As the Company administrator you had installed a read-only domain controller (RODC) server at remote location. The remote location doesn’t provide enough physical security for the server. What should you do to allow administrative accounts to replicate authentication information to Read-Only Domain Controllers?
A. Remove any administrative accounts from RODC’s group
B. Add administrative accounts to the domain Allowed RODC Password Replication group
C. Set the Deny on Receive as permission for administrative accounts on the RODC computer account Security tab for the Group Policy Object (GPO)
D. Configure a new Group Policy Object (GPO) with the Account Lockout settings enabled. Link the GPO to the remote location. Activate the Read Allow and the Apply group policy Allow permissions for the administrators on the Security tab for the GPO.
E. None of the above
Answer: B
QUESTION 30
ABC.com boasts a two-node Network Load Balancing cluster which is called web. L2P.com. The purpose of this cluster is to provide load balancing and high availability of the intranet website only. With monitoring the cluster, you discover that the users can view the Network Load Balancing cluster in their Network Neighborhood and they can use it to connect to various services by using the name web.L2P.com. You also discover that there is only one port rule configured for Network Load Balancing cluster. You have to configure web.L2P.com NLB cluster to accept HTTP traffic only. Which two actions should you perform to achieve this objective? (Choose two answers. Each answer is part of the complete solution)
A. Create a new rule for TCP port 80 by using the Network Load Balancing Cluster console
B. Run the wlbs disable command on the cluster nodes
C. Assign a unique port rule for NLB cluster by using the NLB Cluster console
D. Delete the default port rules through Network Load Balancing Cluster console
Answer: AD
QUESTION 31
ABC.com has a main office and a branch office. ABC.com’s network consists of a single Active Directory forest. Some of the servers in the network run Windows Server 2008 and the rest run Windows server 2003. You are the administrator at ABC.com. You have installed Active Directory Domain Services (AD DS) on a computer that runs Windows Server 2008. The branch office is located in a physically insecure place. It has no IT personnel onsite and there are no administrators over there. You need to setup a Read-Only Domain Controller (RODC) on the Server Core installation computer in the branch office. What should you do to setup RODC on the computer in branch office?
A. Execute an attended installation of AD DS
B. Execute an unattended installation of AD DS
C. Execute RODC through AD DS
D. Execute AD DS by using deploying the image of AD DS
E. none of the above
Answer: B
QUESTION 32
You had installed an Active Directory Federation Services (AD FS) role on a Windows server 2008 in your organization. Now you need to test the connectivity of clients in the network to ensure that they can successfully reach the new Federation server and Federation server is operational. What should you do? (Select all that apply)
A. Go to Services tab, and check if Active Directory Federation Services is running
B. In the event viewer, Applications, Event ID column look for event ID 674.
C. Open a browser window, and then type the Federation Service URL for the new federation server.
D. None of the above
Answer: BC
QUESTION 33
ABC.com has purchased laptop computers that will be used to connect to a wireless network. You create a laptop organizational unit and create a Group Policy Object (GPO) and configure user profiles by utilizing the names of approved wireless networks. You link the GPO to the laptop organizational unit. The new laptop users complain to you that they cannot connect to a wireless network. What should you do to enforce the group policy wireless settings to the laptop computers?
A. Execute gpupdate/target:computer command at the command prompt on laptop computers
B. Execute Add a network command and leave the SSID (service set identifier) blank
C. Execute gpupdate/boot command at the command prompt on laptops computers
D. Connect each laptop computer to a wired network and log off the laptop computer and then login again.
E. None of the above
Answer: D
QUESTION 34
The Company has a Windows 2008 domain controller server. This server is routinely backed up over the network from a dedicated backup server that is running Windows 2003 OS. You need to prepare the domain controller for disaster recovery apart from the routine backup procedures. You are unable to launch the backup utility while attempting to back up the system state data for the data controller. You need to backup system state data from the Windows Server 2008 domain controller server. What should you do?
A. Add your user account to the local Backup Operators group
B. Install the Windows Server backup feature using the Server Manager feature.
C. Install the Removable Storage Manager feature using the Server Manager feature
D. Deactivating the backup job that is configured to backup Windows 2008 server domain controller on the Windows 2003 server.
E. None of the above
Answer: B
VALID 70-640 Exam VCE And PDF Dumps Ensure 100% Pass — http://www.passleader.com/70-640.html
QUESTION 35
You are an administrator at ABC.com. Company has a RODC (read-only domain controller) server at a remote location. The remote location doesn’t have proper physical security. You need to activate nonadministrative accounts passwords on that RODC server. Which of the following action should be considered to populate the RODC server with non-administrative accounts passwords?
A. Delete all administrative accounts from the RODC’s group
B. Configure the permission to Deny on Receive for administrative accounts on the security tab for Group Policy Object (GPO)
C. Configure the administrative accounts to be added in the Domain RODC Password Replication Denied group
D. Add a new GPO and enable Account Lockout settings. Link it to the remote RODC server and on the security tab on GPO, check the Read Allow and the Apply group policy permissions for the administrators.
E. None of the above
Answer: C
QUESTION 36
ABC.com has a network that is comprise of a single Active Directory Domain. As an administrator at ABC.com, you install Active Directory Lightweight Directory Services (AD LDS) on a server that runs Windows Server 2008. To enable Secure Sockets Layer (SSL) based connections to the AD LDS server, you install certificates from a trusted Certification Authority (CA) on the AD LDS server and client computers. Which tool should you use to test the certificate with AD LDS?
A. Ldp.exe
B. Active Directory Domain services
C. ntdsutil.exe
D. Lds.exe
E. wsamain.exe
F. None of the above
Answer: A
QUESTION 37
ABC.com boasts a main office and 20 branch offices. Configured as a separate site, each branch office has a Read-Only Domain Controller (RODC) server installed. Users in remote offices complain that they are unable to log on to their accounts. What should you do to make sure that the cached credentials for user accounts are only stored in their local branch office RODC server?
A. Open the RODC computer account security tab and set Allow on the Receive as permission only for the users that are unable to log on to their accounts
B. Add a password replication policy to the main Domain RODC and add user accounts in the security group
C. Configure a unique security group for each branch office and add user accounts to the respective security group. Add the security groups to the password replication allowed group on the main RODC server
D. Configure and add a separate password replication policy on each RODC computer account
Answer: D
QUESTION 38
The corporate network of Company consists of a Windows Server 2008 single Active Directory domain. The domain has two servers named Company 1 and Company 2. To ensure central monitoring of events you decided to collect all the events on one server, to collect events from Company, and transfer them to Company 1. You configure the required event subscriptions. You selected the Normal option for the Event delivery optimization setting by using the HTTP protocol. However, you discovered that none of the subscriptions work. Which of the following actions would you perform to configure the event collection and event forwarding on the two servers? (Select three. Each answer is a part of the complete solution).
A. Run window execute the winrm quickconfig command on Company 2.
B. Run window execute the wecutil qc command on Company 2.
C. Add the Company 1 account to the Administrators group on Company 2.
D. Run window execute the winrm quickconfig command on Company 1.
E. Add the Company 2 account to the Administrators group on Company 1.
F. Run window execute the wecutil qc command on Company 1.
Answer: ADF
QUESTION 39
Your company has a main office and 40 branch offices. Each branch office is configured as a separate Active Directory site that has a dedicated read-only domain controller (RODC). An RODC server is stolen from one of the branch offices. You need to identify the user accounts that were cached on the stolen RODC server. Which utility should you use?
A. Dsmod.exe
B. Ntdsutil.exe
C. Active Directory Sites and Services
D. Active Directory Users and Computers
Answer: D
QUESTION 40
ABC.com has a software evaluation lab. There is a server in the evaluation lab named as CKT. CKT runs Windows Server 2008 and Microsoft Virtual Server 2005 R2. CKT has 200 virtual servers running on an isolated virtual segment to evaluate software. To connect to the internet, it uses physical network interface card. ABC.com requires every server in the company to access Internet. ABC.com security policy dictates that the IP address space used by software evaluation lab must not be used by other networks. Similarly, it states the IP address space used by other networks should not be used by the evaluation lab network. As an administrator you find you that the applications tested in the software evaluation lab need to access normal network to connect to the vendors update servers on the internet. You need to configure all virtual servers on the CKT server to access the internet. You also need to comply with company’s security policy. Which two actions should you perform to achieve this task? (Choose two answers. Each answer is a part of the complete solution)
A. Trigger the Virtual DHCP server for the external virtual network and run ipconfig/renew command on each virtual server
B. On CKT’s physical network interface, activate the Internet Connection Sharing (ICS)
C. Use ABC.com intranet IP addresses on all virtual servers on CKT.
D. Add and install a Microsoft Loopback Adapter network interface on CKT. Use a new network interface and create a new virtual network.
E. None of the above
Answer: AD
The Same As Real 70-640 Test Questions Offered By Passleader Help You Pass Exam Easily