New Published Microsoft 70-640 Exam Dumps Free Download from Braindump2go! (181-190)

Get Prepared with fully updated Microsoft 70-640 Real Exam Questions and Accurate Answers for 70-640 Exam Dumps. Braindump2go IT experts review the 70-640 newly added qustions and suggest Correct Microsoft 70-640 Exam Questions Answers in Real Time. 100% Pass easily!

Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring

Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,Microsoft 70-640 Exam Dumps,70-640 Questions and Answers,TS: Windows Server 2008 Active Directory, Configuring

QUESTION 181
Your network contains two Active Directory forests named contoso.com and fabrikam.com.
Each forest contains a single domain.
A two-way forest trust exists between the forests.
Selective authentication is enabled on the trust.
Contoso.com contains a group named Group 1.
Fabrikam.com contains a server named Server1.
You need to ensure that users in Group1 can access resources on Server1.
What should you modify?

A.    the permissions of the Group1 group
B.    the UPN suffixes of the contoso.com forest
C.    the UPN suffixes of the fabrikam.com forest
D.    the permissions of the Server1 computer account

Answer: A

QUESTION 182
Your network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named Sales and an OU named Engineering.
Users in the Sates OU frequently log on to client computers in the Engineering OU.
You need to meet the following requirements:
– All of the user settings in the Group Policy objects (GPOs) linked to both the Sales OU and the Engineering OU must be applied to sales users when they log on to client computers in the Engineering OU.
– Only the policy settings in the GPOs linked to the Sales OU must be applied to sales users when they log on to client computers in the Sales OU.
– Policy settings in the GPOs linked to the Sales OU must not be applied to users in the Engineering OU.
What should you do?

A.    Modify the Group Policy permissions.
B.    Enable block inheritance.
C.    Configure the link order.
D.    Enable loopback processing in merge mode.
E.    Enable loopback processing in replace mode.
F.    Configure WMI filtering.
G.    Configure Restricted Groups.
H.    Configure Group Policy Preferences.
I.    Link the GPO to the Sales OU.
J.    Link the GPO to the Engineering OU.

Answer: D

QUESTION 183
You have an Active Directory domain named contoso.com.
You need to view the account lockout threshold and duration for the domain.
Which tool should you use?

A.    Computer Management
B.    Net Config
C.    Active Directory Users and Computers
D.    Gpresult

Answer: C

QUESTION 184
Your network contains an Active Directory forest.
The forest contains two domains named contoso.com and east.contoso.com.
The contoso.com domain contains a domain controller named DC1.
The east.contoso.com domain contains a domain controller named DC2.
DC1 and DC2 have the DNS Server server role installed.
You need to create a DNS zone that is available on DC1 and DC2.
The solution must ensure that zone transfers are encrypted.
What should you do?

A.    Create a primary zone on DC1 and store the zone in a zone file.
On DC1 and DC2, configure inbound rules and outbound rules by using Windows Firewall
with Advanced Security.
Create a secondary zone on DC2 and select DC1 as the master.
B.    Create a primary zone on DC1 and store the zone in a DC=ForestDNSZones, DC=Contoso,
DC=com naming context.
C.    Create a primary zone on DC2 and store the zone in a DC= DC=East, DC=Contoso/DC=com
naming context.
Create a secondary zone on DC1 and select DC2 as the master.
D.    Create a primary zone on DC1 and store the zone in a zone file.
Configure DNSSEC for the zone.
Create a secondary zone on DC2 and select DC1 as the master.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc781101.aspx

QUESTION 185
Your network contains an Active Directory domain named adatum.com.
All servers run Windows Server 2008 R2.
The network contains an enterprise certification authority (CA).
You need to ensure that all of the members of a group named Managers can view the event log entries for Certificate Services.
Which snap-in should you use?

A.    Active Directory Administrative Center
B.    Authorization Manager
C.    Certificate Templates
D.    Certificates
E.    Certification Authority
F.    Enterprise PKI
G.    Group Policy Management
H.    Security Configuration Wizard
I.    Share and Storage Management

Answer: G
Explanation:
We can make the Group1 group a member of the Event Log Readers Group, giving them read access to all event logs, thus including the Certificate Services events.
We can do that by using Group Policy Management.

QUESTION 186
Your network contains an Active Directory domain named adatum.com.
All servers run Windows Server 2008 R2 Enterprise.
All client computers run Windows 7 Professional.
The network contains an enterprise certification authority (CA).
You need to approve a pending certificate request.
Which snap-in should you use?

A.    Active Directory Administrative Center
B.    Authorization Manager
C.    Certificate Templates
D.    Certificates
E.    Certification Authority
F.    Enterprise PKI
G.    Group Policy Management
H.    Security Configuration Wizard
I.    Share and Storage Management

Answer: E
Explanation:
http://technet.microsoft.com/de-de/library/ff849263.aspx

QUESTION 187
Your network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named Sales and an OU named Engineering.
You have a Group Policy object (GPO) linked to the domain.
You need to ensure that the settings in the GPO are not processed by user accounts or computer accounts in the Sales OU.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do?

A.    Modify the Group Policy permissions.
B.    Enable block inheritance.
C.    Configure the link order.
D.    Enable loopback processing in merge mode.
E.    Enable loopback processing in replace mode.
F.    Configure WMI filtering.
G.    Configure Restricted Groups.
H.    Configure Group Policy Preferences.
I.    Link the GPO to the Sales OU.
J.    Link the GPO to the Engineering OU.

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc731076.aspx
Block Inheritance You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.

QUESTION 188
A corporate network includes a single Active Directory Domain Services (AD DS) domain.
The domain contains 10 domain controllers.
The domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
You plan to create an Active Directory-integrated zone.
You need to ensure that the new zone is replicated to only four of the domain controllers.
What should you do first?

A.    Use the ntdsutil tool to modify the DS behavior for the domain.
B.    Use the ntdsutil tool to add a naming context.
C.    Create a new delegation in the ForestDnsZones application directory partition.
D.    Use the dnscmd tool with the /zoneadd parameter.

Answer: B

QUESTION 189
Your network contains an Active Directory forest named fabrikam.com.
The forest contains the following domains:
– Fabrikam.com
– Eu.fabrikam.com
– Na.fabrikam.com
– Eu.contoso.com
– Na.contoso.com
You need to configure the forest to ensure that the administrators of any of the domains can specify a user principal name (UPN) suffix of contoso.com when they create user accounts from Active Directory Users and Computers.
Which tool should you use?

A.    Active Directory Sites and Services
B.    Set-ADDomain
C.    Set-ADForest
D.    Active Directory Administrative Center

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/dd391925.aspx

QUESTION 190
A corporate network includes a single Active Directory Domain Services (AD DS) domain and two AD DS sites.
The AD DS sites are named Toronto and Montreal.
Each site has multiple domain controllers.
You need to determine which domain controller holds the Inter-Site Topology Generator role for the Toronto site.
What should you do?

A.    Use the Active Directory Sites and Services console to view the NTDS Site Settings for the
Toronto site.
B.    Use the Ntdsutil tool with the roles parameter.
C.    Use the Ntdsutil tool with the LDAP policies parameter.
D.    Use the Active Directory Sites and Services console to view the properties of each domain
controller in the Toronto site.

Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc794776.aspx


100% 70-640 Complete Success & Money Back Guarantee!
By utilizing Braindump2go high quality Microsoft 70-640 Exam Dumps Products, You can surely pass 70-640 certification 100%! Braindump2go also offers 100% money back guarantee to individuals in case they fail to pass Microsoft 70-640 in one attempt.

 

http://www.braindump2go.com/70-640.html