Braindump2go Promise You Pass New Exam 70-640 One Time Just Using 70-640 Latest Released Exam Questions (221-230)

2015 Latest released Microsoft Official 70-640 Practice Exam Question Free Download From Braindump2go Now! All New Updated 651 Questions And Answers are Real Questions from Microsoft Exam Center!

Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring

Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,Microsoft 70-640 Exam Dumps,70-640 Questions and Answers,TS: Windows Server 2008 Active Directory, Configuring

QUESTION 221
Your company has an Active Directory forest. Each regional office has an organizational unit (OU) named Marketing.
The Marketing OU contains all users and computers in the region’s Marketing department.
You need to install a Microsoft Office 2007 application only on the computers in the Marketing OUs.
You create a GPO named MarketingApps.
What should you do next?

A.    Configure the GPO to assign the application to the computer account.
Link the GPO to the domain.
B.    Configure the GPO to assign the application to the user account.
Link the GPO to each Marketing OU.
C.    Configure the GPO to assign the application to the computer account.
Link the GPO to each Marketing OU.
D.    Configure the GPO to publish the application to the user account.
Link the GPO to each Marketing OU.

Answer: C

QUESTION 222
You create a new Active Directory domain.
The functional level of the domain is Windows Server 2003.
The domain contains five domain controllers that run Windows Server 2008 R2.
You need to monitor the replication of the group policy template files.
Which tool should you use?

A.    Dfsrdiag
B.    Fsutil
C.    Ntdsutil
D.    Ntfrsutl

Answer: D
Explanation:
With domain functional level 2008 you have available dfs-r sysvol replication. So with DFL2008 you can use the DFSRDIAG tool. It is not available with domain functional level 2003.
With domain functional level 2003 you can only use Ntfrsutl.

QUESTION 223
You have a domain controller named Server1 that runs Windows Server 2008 R2.
You need to determine the size of the Active Directory database on Server1.
What should you do?

A.    Run the Active Directory Sizer tool.
B.    Run the Active Directory Diagnostics data collector set.
C.    From Windows Explorer, view the properties of the %systemroot%\ntds\ntds.dit file.
D.    From Windows Explorer, view the properties of the %systemroot%\sysvol\domain folder.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc961761.aspx

QUESTION 224
You need to receive an e-mail message whenever a domain user account is locked out.
Which tool should you use?

A.    Active Directory Administrative Center
B.    Event Viewer
C.    Resource Monitor
D.    Security Configuration Wizard

Answer: B

QUESTION 225
Your network contains an Active Directory domain named contoso.com.
You have a management computer named Computer1 that runs Windows 7.
You need to forward the logon events of all the domain controllers in contoso.com to Computer1.
All new domain controllers must be dynamically added to the subscription.
What should you do?

A.    From Computer1, configure source-initiated event subscriptions.
From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU),
configure the Event Forwarding node.
B.    From Computer1, configure collector-initiated event subscriptions.
From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU),
configure the Event Forwarding node.
C.    From Computer1, configure source-initiated event subscriptions.
Install a server authentication certificate on Computer1.
Implement autoenrollment for the Domain Controllers organizational unit (OU).
D.    From Computer1, configure collector-initiated event subscriptions.
Install a server authentication certificate on Computer1.
Implement autoenrollment for the Domain Controllers organizational unit (OU).

Answer: A
Explanation:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb870973(v=vs.85).aspx
Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer. This differs from a collector initiated subscription because in the collector initiated subscription model, the event collector must define all the event sources in the event subscription.

QUESTION 226
Your network contains an Active Directory domain that has two sites.
You need to identify whether logon scripts are replicated to all domain controllers.
Which folder should you verify?

A.    GroupPolicy
B.    NTDS
C.    SoftwareDistribution
D.    SYSVOL

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc794837.aspx
SYSVOL is a collection of folders that contain a copy of the domain’s public files, including system policies, logon scripts, and important elements of Group Policy objects (GPOs).

QUESTION 227
You install a standalone root certification authority (CA) on a server named Server1.
You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer’s Trusted Root Certification Authorities store.
Which command should you run on Server1?

A.    certreq.exe and specify the -accept parameter
B.    certreq.exe and specify the -retrieve parameter
C.    certutil.exe and specify the -dspublish parameter
D.    certutil.exe and specify the -importcert parameter

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc732443.aspx

QUESTION 228
Your network contains an Active Directory forest.
The forest contains two domains.
You have a standalone root certification authority (CA).
On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled.
You need to install an enterprise subordinate CA on the server.
What should you use to log on to the new server?

A.    an account that is a member of the Certificate Publishers group in the child domain
B.    an account that is a member of the Certificate Publishers group in the forest root domain
C.    an account that is a member of the Schema Admins group in the forest root domain
D.    an account that is a member of the Enterprise Admins group in the forest root domain

Answer: D
Explanation:
http://social.technet.microsoft.com/Forums/uk/winserversecurity/thread/887f4cec-12f6-4c15-a506-568ddb21d46b
In order to install Enterprise CA you MUST have Enterprise Admins permissions, because Configuration naming context is replicated between domain controllers in the forest (not only current domain) and are writable for Enterprise Admins (domain admins permissions are insufficient).

QUESTION 229
You have an enterprise subordinate certification authority (CA).
You have a group named Group1.
You need to allow members of Group1 to publish new certificate revocation lists.
Members of Group1 must not be allowed to revoke certificates.
What should you do?

A.    Add Group1 to the local Administrators group.
B.    Add Group1 to the Certificate Publishers group.
C.    Assign the Manage CA permission to Group1.
D.    Assign the Issue and Manage Certificates permission to Group1.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc732590.aspx
Manage CA is a security permission belonging to the CA Administrator role. The CA Administrator can enable, publish, or configure certificate revocation list (CRL) schedules.
Revoking certificates is an activity of the Certificate Manager role.

QUESTION 230
You have an enterprise subordinate certification authority (CA) configured for key archival.
Three key recovery agent certificates are issued.
The CA is configured to use two recovery agents.
You need to ensure that all of the recovery agent certificates can be used to recover all new private keys.
What should you do?

A.    Add a data recovery agent to the Default Domain Policy.
B.    Modify the value in the Number of recovery agents to use box.
C.    Revoke the current key recovery agent certificates and issue three new key recovery agent
certificates.
D.    Assign the Issue and Manage Certificates permission to users who have the key recovery
agent certificates.

Answer: B


Latest 70-640 Questions and Answers from Microsoft Exam Center Offered by Braindump2go for Free Share Now! Read and remember all Real Questions Answers, Guaranteed Pass 70-640 Real Test 100% Or Full Money Back!

 

http://www.braindump2go.com/70-640.html