New Published Microsoft 70-640 Exam Dumps Free Download from Braindump2go! (331-340)
Try 2015 Latet Updated 70-640 Practice Exam Questions and Answers, Pass 70-640 Actual Test 100% in 2015 New Year! Braindump2go Latest released Free Sample 70-640 Exam Questions are shared for instant download! Braindump2go holds the confidence of 70-640 exam candiates with Microsoft Official Guaranteed 70-640 Exa Dumps Products! 651 New Updated Questions and Answers! 2015 Microsoft 70-640 100% Success! Vendor: Microsoft Exam Code: 70-640 Exam Name: TS: Windows Server 2008 Active Directory, Configuring Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,Microsoft 70-640 Exam Dumps,70-640 Questions and Answers,TS: Windows Server 2008 Active Directory, Configuring
QUESTION 331 Your network contains an Active Directory domain. All DNS servers are domain controllers. You view the properties of the DNS zone as shown in the exhibit. (Click the Exhibit button.) You need to ensure that only domain members can register DNS records in the zone. What should you do first? A. Modify the zone type. B. Create a trust anchor. C. Modify the Advanced properties of the DNS server. D. Modify the Dynamic updates setting. Answer: A QUESTION 332 Your company has a single Active Directory forest with a single domain. Consultants in different departments of the company require access to different network resources. The consultants belong to a global group named TempWorkers. Three file servers are placed in a new organizational unit named SecureServers. The file servers contain confidential data in shared folders. You need to prevent the consultants from accessing the confidential data. What should you do? A. Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group. B. Create a new Group Policy Object (GPO) and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group. C. On the three file servers, create a share on the root of each hard disk. Configure the Deny Full control permission for the TempWorkers global group on the share. D. Create a new Group Policy Object (GPO) and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group. E. Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit. Assign the Deny log on locally user right to the TempWorkers global group. Answer: A QUESTION 333 Your network contains two Active Directory forests named contoso.com and nwtraders.com. The functional level of both forests is Windows Server 2003. Contoso.com contains one domain. Nwtraders.com contains two domains. You need to ensure that users in contoso.com can access the resources in all domains. The solution must require the minimum number of trusts. Which type of trust should you create? A. external B. forest C. realm D. shortcut Answer: B Explanation: http://technet.microsoft.com/en-us/library/cc771397.aspx 2 1 When to create a forest trust You can create a forest trust between forest root domains if the forest functional level is Windows Server 2003 or higher. Creating a forest trust between two root domains with a forest functional level of Windows Server 2003 or higher provides a one-way or two-way, transitive trust relationship between every domain in each forest. Forest trusts are useful for application service providers, organizations undergoing mergers or acquisitions, collaborative business extranets, and organizations seeking a solution for administrative autonomy. QUESTION 334 You install an Active Directory domain in a test environment. You need to reset the passwords of all the user accounts in the domain from a domain controller. Which two Windows PowerShell commands should you run? (Each correct answer presents part of the solution, choose two.) A. $ newPassword = * B. Import-Module ActiveDirectory C. Import-Module WebAdministration D. Get- AdUser -filter * | Set- ADAccountPossword - NewPassword $ newPassword - Reset E. Set- ADAccountPossword - NewPassword - Reset F. $ newPassword = (Read-Host - Prompt "New Password" - AsSecureString ) G. Import-Module ServerManager Answer: DF QUESTION 335 Your network contains two forests named adatum.com and litwareinc.com. The functional level of all the domains is Windows Server 2003. The functional level of both forests is Windows 2000. You need to create a forest trust between adatum.com and litwareinc.com. What should you do first? A. Create an external trust. B. Raise the functional level of both forests. C. Configure SID filtering. D. Raise the functional level of all the domains. Answer: B Explanation: http://technet.microsoft.com/en-us/library/cc771397.aspx 2 1 When to create a forest trust You can create a forest trust between forest root domains if the forest functional level is Windows Server 2003 or higher. QUESTION 336 Your network contains an Active Directory forest named adatum.com. All client computers used by the marketing department are in an organizational unit (OU) named Marketing Computers. All user accounts for the marketing department are in an OU named Marketing Users. You purchase a new application. You need to ensure that every user in the domain who logs on to a marketing department computer can use the application. The application must only be available from the marketing department computers. What should you do? A. Create and link a Group Policy object (GPO) to the Marketing Users OU. Copy the installation package to a shared folder on the network. Assign the application. B. Create and link a Group Policy object (GPO) to the Marketing Computers OU. Copy the installation package to a shared folder on the network. Assign the application. C. Create and link a Group Policy object (GPO) to the Marketing Computers OU. Copy the installation package to a local drive on each marketing department computer. Publish the application. D. Create and link a Group Policy object (GPO) to the Marketing Users OU. Copy the installation package to a folder on each marketing department computer. Publish the application. Answer: B Explanation: The software must only be available on the marketing department computers, so we must link the GPO to the Marketing Computers OU. Next we need to assign the application to the Marketing Computers OU. When you assign software to computers, it is available to all authenticated users of the computer, regardless of their group membership or privileges. The software package is installed when the computer is next restarted after the package has been assigned. For example, suppose that you have a design application that should be available on all computers in the Engineering OU but not to computers elsewhere on your network. You would assign this application to computers in a Group Policy object (GPO) linked to the Engineering OU. QUESTION 337 Your network contains an Active Directory forest named adatum.com. You need to create an Active Directory Rights Management Services (AD RMS) licensing-only cluster. What should you install before you create the AD RMS root cluster? A. The Failover Cluster feature B. The Active Directory Certificate Services (AD CS) role C. Microsoft Exchange Server 2010 D. Microsoft SharePoint Server 2010 E. Microsoft SQL Server 2008 Answer: E QUESTION 338 Your network contains an Active Directory domain named contoso.com. The contoso.com domain contains a domain controller named DC1. You create an Active Directory-integrated GlobalNames zone. You add an alias (CNAME) resource record named Server1 to the zone. The target host of the record is server2.contoso.com. When you ping Server1, you discover that the name fails to resolve. You are able to successfully ping server2.contoso.com. You need to ensure that you can resolve names by using the GlobalNames zone. Which command should you run? A. Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /domain B. Dnscmd DCl.contoso.com /config /Enableglobalnamessupport forest C. DnscmdDCl.contoso.com/config/Enableglobalnamessupport 1 D. Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /forest Answer: C QUESTION 339 Your network contains an Active Directory domain named contoso.com. The network has a branch office site that contains a read-only domain controller (RODC) named R0DC1. R0DC1 runs Windows Server 2008 R2. A user logs on to a computer in the branch office site. You discover that the user's password is not stored on R0DC1. You need to ensure that the user's password is stored on RODC1 when he logs on to a branch office site computer. What should you do? A. Modify the RODC s password replication policy by removing the entry for the Allowed RODC Password Replication Group. B. Modify the RODC's password replication policy by adding R0DC1's computer account to the list of allowed users, groups, and computers. C. Add the user's user account to the built-in Allowed RODC Password Replication Group on R0DC1. D. Add R0DC1's computer account to the built-in Allowed RODC Password Replication Group on R0DC1. Answer: C QUESTION 340 You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server named Server1. You need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS. Which protocol should you allow on Server1? A. Kerberos B. SSL C. SMB D. RPC Answer: B Want Pass 70-640 Exam At the first try? Come to Braindump2go! Download the Latest Microsoft 70-640 Real Exam Questions and Answers PDF & VCE from Braindump2go,100% Pass Guaranteed Or Full Money Back! http://www.braindump2go.com/70-640.html
|