Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Version: 14.91
QUESTION 431
Your company network has an Active Directory forest that has one parent domain and one child domain. The child domain has two domain controllers that run Windows Server 2008. All user accounts from the child domain are migrated to the parent domain. The child domain is scheduled to be decommissioned. You need to remove the child domain from the Active Directory forest. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Run the Computer Management console to stop the Domain Controller service on both domain controllers
in the child domain.
B. Delete the computer accounts for each domain controller in the child domain. Remove the trust relationship
between the parent domain and the child domain.
C. Use Server Manager on both domain controllers in the child domain to uninstall the Active Directory domain
services role.
D. Run the Dcpromo tool that has individual answer files on each domain controller in the child domain.
Answer: CD
QUESTION 432
Your network consists of a single Active Directory domain. The domain contains 10 domain controllers. The domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You plan to create a new Active Directory-integrated zone. You need to ensure that the new zone is only replicated to four of your domain controllers. What should you do first?
A. From the command prompt, run dnscmd and specify the /createdirectorypartition parameter.
B. Create a new delegation in the ForestDnsZones application directory partition.
C. From the command prompt, run dnscmd and specify the /enlistdirectorypartition parameter.
D. Create a new delegation in the DomainDnsZones application directory partition.
Answer: A
QUESTION 433
Your company has an Active Directory domain and an organizational unit. The organizational unit is named Web. You configure and test new security settings for Internet Information Service (IIS) Servers on a server named IISServerA. You need to deploy the new security settings only on the IIS servers that are members of the Web organizational unit. What should you do?
A. Run secedit /configure /db iis.inf from the command prompt on IISServerA, then run secedit /configure /db
webou.inf from the comand prompt.
B. Export the settings on IISServerA to create a security template. Import the security template into a GPO
and link the GPO to the Web organizational unit.
C. Export the settings on IISServerA to create a security template. Run secedit /configure /db webou.inf from
the comand prompt.
D. Import the hisecws.inf file template into a GPO and link the GPO to the Web organizational unit.
Answer: B
QUESTION 434
Your network consists of an Active Directory forest that contains two domains. All servers run Windows Server 2008 R2. All domain controllers are configured as DNS Servers. You have a standard primary zone for dev. contoso.com that is stored on a member server. You need to ensure that all domain controllers can resolve names from the dev.contoso.com zone. What should you do?
A. On the member server, create a stub zone.
B. On the member server, create a NS record for each domain controller.
C. On one domain controller, create a conditional forwarder. Configure the conditional forwarder to replicate
to all DNS servers in the forest.
D. On one domain controller, create a conditional forwarder. Configure the conditional forwarder to replicate
to all DNS servers in the domain.
Answer: C
QUESTION 435
Your company has an Active Directory domain. You install a new domain controller in the domain. Twenty users report that they are unable to log on to the domain. You need to register the SRV records. Which command should you run on the new domain controller?
A. Run the netsh interface reset command.
B. Run the ipconfig /flushdns command.
C. Run the dnscmd /EnlistDirectoryPartition command.
D. Run the sc stop netlogon command followed by the sc start netlogon command.
Answer: D
QUESTION 436
You have a Windows Server 2008 R2 that has the Active Directory Certificate Services server role installed.
You need to minimize the amount of time it takes for client computers to download a certificate revocation list (CRL).
What should you do?
A. Install and configure an Online Responder.
B. Import the Issuing CA certificate into the Trusted Root Certification Authorities store on all client workstations.
C. Install and configure an additional domain controller.
D. Import the Root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
Answer: A
QUESTION 437
You want users to log on to Active Directory by using a new Principal Name (UPN). You need to modify the UPN suffix for all user accounts. Which tool should you use?
A. Dsmod
B. Netdom
C. Redirusr
D. Active Directory Domains and Trusts
Answer: A
QUESTION 438
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. Auditing is configured to log changes made to the Managed By attribute on group objects in an organizational unit named OU1.
You need to log changes made to the Description attribute on all group objects in OU1 only.
What should you do?
A. Run auditpol.exe.
B. Modify the auditing entry for OU1.
C. Modify the auditing entry for the domain.
D. Create a new Group Policy Object (GPO). Enable Audit account management policy setting. Link the
GPO to OU1.
Answer: B
QUESTION 439
Your company uses shared folders. Users are granted access to the shared folders by using domain local groups. One of the shared folders contains confidential data. You need to ensure that unauthorized users are not able to access the shared folder that contains confidential data. What should you do?
A. Enable the Do not trust this computer for delegation property on all the computers of unauthorized users
by using the Dsmod utility.
B. Instruct the unauthorized users to log on by using the Guest account. Configure the Deny Full control
permission on the shared folders that hold the confidential data for the Guest account.
C. Create a Global Group named Deny DLG. Place the global group that contains the unauthorized users
in to the Deny DLG group. Configure the Allow Full control permission on the shared folder that hold the
confidential data for the Deny DLG group.
D. Create a Domain Local Group named Deny DLG. Place the global group that contains the unauthorized
users in to the Deny DLG group. Configure the Deny Full control permission on the shared folder that hold
the confidential data for the Deny DLG group.
Answer: D
QUESTION 440
Your company has an Active Directory domain. You install an Enterprise Root certification authority (CA) on a member server named Server1. You need to ensure that only the Security Manager is authorized to revoke certificates that are supplied by Server1. What should you do?
A. Remove the Request Certificates permission from the Domain Users group.
B. Remove the Request Certificated permission from the Authenticated Users group.
C. Assign the Allow – Manage CA permission toonly the Security Manager user Account.
D. Assign the Allow – Issue and Manage Certificates permission to only the Security Manger user account
Answer: D
If you want to pass Microsoft 70-640 exam successfully, donot missing to read latest lead2pass Microsoft 70-640 dumps.
If you can master all lead2pass questions you will able to pass 100% guaranteed.
http://www.lead2pass.com/70-640.html
