(New Updated) Full Valid Microsoft 70-640 Exam Dumps With New Added Questions (1-15)

BEFORE THE WORDS: PassLeader provide you with the most accurate 70-640 study materials to prepare your Microsoft 70-640 certification exams. Our best 70-640 exam dumps will offer you the newest questions and answers with premium VCE and PDF format to download. And we PassLeader also offer you the latest free version VCE Player!

Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring

QUESTION 1
Your company has a single Active Directory domain named intranet.adatum.com. The domain controllers run Windows Server 2008 and the DNS server role. All computers, including non-domain members, dynamically register their DNS records. You need to configure the intranet.adatum.com zone to allow only domain members to dynamically register DNS records. What should you do?

A.    Set dynamic updates to Secure Only.
B.    Remove the Authenticated Users group.
C.    Enable zone transfers to Name Servers.
D.    Deny the Everyone group the Create All Child Objects permission.

Answer: A

QUESTION 2
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. A domain controller named DC1 has a standard primary zone for contoso.com. A domain controller named DC2 has a standard secondary zone for contoso.com. You need to ensure that the replication of the contoso.com zone is encrypted. You must not lose any zone data. What should you do?

A.    Convert the primary zone into an Active Directory-integrated stub zone. Delete the secondary zone.
B.    Convert the primary zone into an Active Directory-integrated zone. Delete the secondary zone.
C.    Configure the zone transfer settings of the standard primary zone. Modify the Master Servers lists on the secondary zone.
D.    On both servers, modify the interface that the DNS server listens on.

Answer: B

QUESTION 3
You are decommissioning domain controllers that hold all forest-wide operations master roles. You need to transfer all forest-wide operations master roles to another domain controller. Which two roles should you transfer? (Each correct answer presents part of the solution. Choose two.)

A.    Domain naming master
B.    Infrastructure master
C.    RID master
D.    PDC emulator
E.    Schema master

Answer: AE

QUESTION 4
Contoso, Ltd. has an Active Directory domain named ad.contoso.com. Fabrikam, Inc. has an Active Directory domain named intranet.fabrikam.com. Fabrikam’s security policy prohibits the transfer of internal DNS zone data outside the Fabrikam network. You need to ensure that the Contoso users are able to resolve names from the intranet.fabrikam.com domain. What should you do?

A.    Create a new stub zone for the intranet.fabrikam.com domain.
B.    Configure conditional forwarding for the intranet.fabrikam.com domain.
C.    Create a standard secondary zone for the intranet.fabrikam.com domain.
D.    Create an Active DirectoryCintegrated zone for the intranet.fabrikam.com domain.

Answer: B

QUESTION 5
An Active Directory database is installed on the C volume of a domain controller. You need to move the Active Directory database to a new volume. What should you do?

A.    Copy the ntds.dit file to the new volume by using the ROBOCOPY command.
B.    Move the ntds.dit file to the new volume by using Windows Explorer.
C.    Move the ntds.dit file to the new volume by running the Move-item command in Microsoft Windows PowerShell.
D.    Move the ntds.dit file to the new volume by using the Files option in the Ntdsutil utility.

Answer: D

QUESTION 6
Your company has file servers located in an organizational unit named Payroll. The file servers contain payroll files located in a folder named Payroll. You create a GPO. You need to track which employees access the Payroll files on the file servers. What should you do?

A.    Enable the Audit process tracking option. Link the GPO to the Domain Controllers organizational unit. On the file servers, configure Auditing for the Authenticated Users group in the Payroll folder.
B.    Enable the Audit object access option. Link the GPO to the Payroll organizational unit. On the file servers, configure Auditing for the Everyone group in the Payroll folder.
C.    Enable the Audit process tracking option. Link the GPO to the Payroll organizational unit. On the file servers, configure Auditing for the Everyone group in the Payroll folder.
D.    Enable the Audit object access option. Link the GPO to the domain. On the domain controllers, configure Auditing for the Authenticated Users group in the Payroll folder.

Answer: B

QUESTION 7
Your company uses a Windows 2008 Enterprise certificate authority (CA) to issue certificates. You need to implement key archival. What should you do?

A.    Configure the certificate for automatic enrollment for the computers that store encrypted files.
B.    Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files.
C.    Apply the Hisecdc security template to the domain controllers.
D.    Archive the private key on the server.

Answer: D


http://www.passleader.com/70-640.html

QUESTION 8
Your company has an Active Directory domain that runs Windows Server 2008 R2. The Sales OU contains an OU for Computers, an OU for Groups, and an OU for Users. You perform nightly backups. An administrator deletes the Groups OU. You need to restore the Groups OU without affecting users and computers in the Sales OU. What should you do?

A.    Perform an authoritative restore of the Sales OU.
B.    Perform a non-authoritative restore of the Sales OU.
C.    Perform an authoritative restore of the Groups OU.
D.    Perform a non-authoritative restore of the Groups OU.

Answer: C

QUESTION 9
Your network consists of a single Active Directory domain. The functional level of the forest is Windows Server 2008 R2. You need to create multiple password policies for users in your domain. What should you do?

A.    From the Group Policy Management snap-in, create multiple Group Policy objects.
B.    From the Schema snap-in, create multiple class schema objects.
C.    From the ADSI Edit snap-in, create multiple Password Setting objects.
D.    From the Security Configuration Wizard, create multiple security policies.

Answer: C

QUESTION 10
You have a domain controller that runs Windows Server 2008 R2 and is configured as a DNS server. You need to record all inbound DNS queries to the server. What should you configure in the DNS Manager console?

A.    Enable debug logging.
B.    Enable automatic testing for simple queries.
C.    Configure event logging to log errors and warnings.
D.    Enable automatic testing for recursive queries.

Answer: A

QUESTION 11
Your company has a main office and a branch office. The company has a single-domain Active Directory forest. The main office has two domain controllers named DC1 and DC2 that run Windows Server 2008 R2. The branch office has a Windows Server 2008 R2 read-only domain controller (RODC) named DC3. All domain controllers hold the DNS Server role and are configured as Active Directory-integrated zones. The DNS zones only allow secure updates. You need to enable dynamic DNS updates on DC3. What should you do?

A.    Run the Dnscmd.exe /ZoneResetType command on DC3.
B.    Reinstall Active Directory Domain Services on DC3 as a writable domain controller.
C.    Create a custom application directory partition on DC1. Configure the partition to store Active Directory-integrated zones.
D.    Run the Ntdsutil.exe > DS Behavior commands on DC3.

Answer: B

QUESTION 12
Your company has an Active Directory domain named ad.contoso.com. The domain has two domain controllers named DC1 and DC2. Both domain controllers have the DNS server role installed. You install a new DNS server named DNS1.contoso.com on the perimeter network. You configure DC1 to forward all unresolved name requests to DNS1.contoso.com. You discover that the DNS forwarding option is unavailable on DC2. You need to configure DNS forwarding on the DC2 server to point to the DNS1.contoso.com server. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Clear the DNS cache on DC2.
B.    Configure conditional forwarding on DC2.
C.    Configure the Listen On address on DC2.
D.    Delete the Root zone on DC2.

Answer: BD

QUESTION 13
Your company has an organizational unit named Production. The Production organizational unit has a child organizational unit named R&D. You create a GPO named Software Deployment and link it to the Production organizational unit. You create a shadow group for the R&D organizational unit. You need to deploy an application to users in the Production organizational unit. You also need to ensure that the application is not deployed to users in the R&D organizational unit. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

A.    Configure the Block Inheritance setting on the R&D organizational unit.
B.    Configure the Enforce setting on the software deployment GPO.
C.    Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group.
D.    Configure the Block Inheritance setting on the Production organizational unit.

Answer: AC

QUESTION 14
Your company has a branch office that is configured as a separate Active Directory site and has an Active Directory domain controller. The Active Directory site requires a local Global Catalog server to support a new application. You need to configure the domain controller as a Global Catalog server. Which tool should you use?

A.    The Server Manager console
B.    The Active Directory Sites and Services console
C.    The Dcpromo.exe utility
D.    The Computer Management console
E.    The Active Directory Domains and Trusts console

Answer: B

QUESTION 15
Your company has a main office and three branch offices. The company has an Active Directory forest that has a single domain. Each office has one domain controller. Each office is configured as an Active Directory site. All sites are connected with the DEFAULTIPSITELINK object. You need to decrease the replication latency between the domain controllers. What should you do?

A.    Decrease the replication schedule for the DEFAULTIPSITELINK object.
B.    Decrease the replication interval for the DEFAULTIPSITELINK object.
C.    Decrease the cost between the connection objects.
D.    Decrease the replication interval for all connection objects.

Answer: B


http://www.passleader.com/70-640.html