2015 Latest 70-640 Real exam questions to master and practice upon! Braindump2go Offers the New Updated Microsoft 70-640 651 Exam Questions in PDF & VCE files that can also be downloaded on every mobile device for preparation!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,Microsoft 70-640 Exam Dumps,70-640 Questions and Answers,TS: Windows Server 2008 Active Directory, Configuring
QUESTION 251
You need to compact an Active Directory database on a domain controller that runs Windows Server 2008 R2.
What should you do?
A. Run defrag.exe /a /c.
B. Run defrag.exe /c /u.
C. From Ntdsutil, use the Files option.
D. From Ntdsutil, use the Metadata cleanup option.
Answer: C
QUESTION 252
Your network contains an Active Directory domain named contoso.com.
Contoso.com contains three servers.
The servers are configured as shown in the following table.
You need to ensure that users can manually enroll and renew their certificates by using the Certificate Enrollment Web Service.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure the policy module settings.
B. Configure the issuance requirements for the certificate templates.
C. Configure the Certificate Services Client – Certificate Enrollment Policy Group Policy setting.
D. Configure the delegation settings for the Certificate Enrollment Web Service application pool
account.
Answer: BD
Explanation:
http://technet.microsoft.com/en-us/library/dd759245.aspx
The Certificate Enrollment Web Service can process enrollment requests for new certificates and for certificate renewal. In both cases, the client computer submits the request to the Web service and the Web service submits the request to the certification authority (CA) on behalf of the client computer. For this reason, the Web service account must be trusted for delegation in order to present the client identity to the CA.
http://social.technet.microsoft.com/wiki/contents/articles/7734.certificate-enrollment-web-services-in-active-directory-certificate-services.aspx
Delegation is required for the Certificate Enrollment Web Service account when all of the following are true:
The CA is not on the same computer as the Certificate Enrollment Web Service Certificate Enrollment Web Service needs to be able to process initial enrollment requests, as opposed to only processing certificate renewal requeststhe authentication type is set to Windows Integrated Authentication or Client certificate authentication
QUESTION 253
Your network contains an Active Directory domain named contoso.com.
Contoso.com contains a member server that runs Windows Server 2008 Standard.
You need to install an enterprise subordinate certification authority (CA) that supports private key archival.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A. Initialize the Trusted Platform Module (TPM).
B. Upgrade the member server to Windows Server 2008 R2 Standard.
C. Install the Certificate Enrollment Policy Web Service role service on the member server.
D. Run the Security Configuration Wizard (SCW) and select the Active Directory Certificate
Services–Certification Authority server role template check box.
Answer: B
QUESTION 254
You have an enterprise subordinate certification authority (CA).
You have a custom Version 3 certificate template.
Users can enroll for certificates based on the custom certificate template by using the Certificates console.
The certificate template is unavailable for Web enrollment.
You need to ensure that the certificate template is available on the Web enrollment pages.
What should you do?
A. Run certutil.exe Cpulse.
B. Run certutil.exe Cinstallcert.
C. Change the certificate template to a Version 2 certificate template.
D. On the certificate template, assign the Autoenroll permission to the users.
Answer: C
QUESTION 255
Your network contains an Active Directory domain.
The domain contains a member server named Server1 that runs Windows Server 2008 R2.
You need to configure Server1 as a global catalog server.
What should you do?
A. Modify the Active Directory schema.
B. From Ntdsutil, use the Roles option.
C. Run the Active Directory Domain Services Installation Wizard on Server1.
D. Move the Server1 computer object to the Domain Controllers organizational unit (OU).
Answer: C
Explanation:
Now it’s just a member server, so you’ll have to run dcpromo to start the Active Directory Domain Services Installation Wizard in order to promote the server to a domain controller.
Only a domain controller can be a global catalog server.
Reference:
http://technet.microsoft.com/en-us/library/cc728188.aspx
The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication.
QUESTION 256
Your network contains three Active Directory forests named Forest1, Forest2, and Forest3.
Each forest contains three domains.
A two-way forest trust exists between Forest1 and Forest2.
A two-way forest trust exists between Forest2 and Forest3.
You need to configure the forests to meet the following requirements:
– Users in Forest3 must be able to access resources in Forest1
– Users in Forest1 must be able to access resources in Forest3.
– The number of trusts must be minimized.
What should you do?
A. In Forest2, modify the name suffix routing settings.
B. In Forest1 and Forest3, configure selective authentication.
C. In Forest1 and Forest3, modify the name suffix routing settings.
D. Create a two-way forest trust between Forest1 and Forest3.
E. Create a shortcut trust in Forest1 and a shortcut trust in Forest3.
Answer: D
QUESTION 257
Your network contains an Active Directory domain.
All domain controller run Windows Server 2003.
You replace all domain controllers with domain controllers that run Windows Server 2008 R2.
You raise the functional level of the domain to Windows Server 2008 R2.
You need to minimize the amount of SYSVOL replication traffic on the network.
What should you do?
A. Raise the functional level of the forest to Windows Server 2008 R2.
B. Modify the path of the SYSVOL folder on all of the domain controllers.
C. On a global catalog server, run repadmin.exe and specify the KCC parameter.
D. On the domain controller that holds the primary domain controller (PDC) emulator FSMO role,
run dfsrmig.exe.
Answer: D
QUESTION 258
Your network contains an Active Directory forest.
The forest contains two domain controllers.
The domain controllers are configured as shown in the following table.
All client computers run Windows 7.
You need to ensure that all client computers in the domain keep the same time as an external time server.
What should you do?
A. From DC1, run the time command.
B. From DC2, run the time command.
C. From DC1, run the w32tm.exe command.
D. From DC2, run the w32tm.exe command.
Answer: D
QUESTION 259
Your network contains an Active Directory domain named contoso.com.
Contoso.com contains two domain controllers.
The domain controllers are configured as shown in the following table.
All client computers have IP addresses in the 10.1.2.1 to 10.1.2.240 range.
You need to minimize the number of client authentication requests sent to DC2.
What should you do?
A. Create a new site named Site1.
Create a new subnet object that has the 10.1.1.0/24 prefix and assign the subnet to Site1.
Move DC1 to Site1.
B. Create a new site named Site1.
Create a new subnet object that has the 10.1.1.1/32 prefix and assign the subnet to Site1.
Move DC1 to Site1.
C. Create a new site named Site1.
Create a new subnet object that has the 10.1.1.2/32 prefix and assign the subnet to Site1.
Move DC2 to Site1.
D. Create a new site named Site1.
Create a new subnet object that has the 10.1.2.0/24 prefix and assign the subnet to Site1.
Move DC2 to Site1.
Answer: C
QUESTION 260
You have opened Command Prompt, using Run As Administrator, with credentials in the Domain Admins group.
You use the DSRm command to remove an OU that had been created accidentally by James, a member of the Administrators group of the domain.
You receive the response: Dsrm Failed: Access Is Denied.
What is the cause of the error?
A. You must launch Command Prompt as a member of Administrators to perform Active
Directory tasks.
B. Only administrators can delete OUs.
C. Only the owner of the OU can delete an OU.
D. The OU is protected from deletion.
Answer: D
Guaranteed 100% Microsoft 70-640 Exam Pass OR Full Money Back! Braindump2go Provides you the latest 70-640 Dumps PDF & VCE for Instant Download!