70-640 Practice Exam: Microsoft Windows Server 2008 Active Directory, Configuring

Microsoft 70-640
70-640 TS: Windows Server 2008 Active Directory, Configuring
Practice Test
Version 10.0
Microsoft 70-640: Practice Exam QUESTION NO: 1 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest containing a single domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. The CertKiller.com network currently has two Active Directory-integrated zones: CertKiller.com and Weyland.com. During the course of the day you receive instruction from CertKiller.com to ensure that Rory Allen from the Paris office Weyland.com zone is allowed to modify records in the CertKiller.com zone. CertKiller.com additionally wants you to prevent Rory Allen from modifying the SOA record in the CertKiller.com zone. What should you do? A. You should consider having the permission of the Weyland.com zone modified by accessing the DNS Manager Console. B. You should consider having the Domain Controllers organizational unit modified by accessing the Active Directory Users and Computers console. C. You should consider having the permissions of the CertKiller.com zone modified by accessing the DNS Manager Console. D. You should consider having the user permissions on CertKiller.com modified to include all the users. You should then have Rory Allen's permissions on CertKiller.com configured to allow only the administrators group to modify the records. Answer: C
Explanation: In the scenario you should set the permissions of CertKiller.com using DNS Manager Console which would allow you to prevent users from modifying the SOA record in the CertKiller.com zone. You set permissions for network users to modify records in CertKiller.com but setting permissions on the Active Directory-integrated zone would prevent users from modifying anything else on other zones.
QUESTION NO: 2 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest containing a single domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 and CERTKILLERSR02 configured as DNS servers. "Pass Any Exam. Any Time." - www.actualtests.com 2
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam During the course of the day you are informed that only one Active-Directory integrated zone has been configured in the domain. CertKiller.com has requested that you start removing the outdated DNS records from the DNS zone automatically. What should you do? A. You should consider having the netsh/Reset DNS command run from the Command prompt. B. You should consider having the zone properties accessed and enable Scavenging. C. You should consider having the zone propertied accessed to modify the TTL of the SOA record. D. You should consider having the zone properties accessed to disable updates. Answer: B Explanation: In the scenario you should enable scavenging through the zone properties because scavenging removes the outdated DNS records from the DNS zone automatically. You should additionally note that patience would be required when enabling scavenging as there are some safety valves built into scavenging which takes long to pop. Reference: http://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845-88d2-4091-8088a6bbce0a4304&ID=211
QUESTION NO: 3
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest containing a single domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 and CERTKILLERSR02 that is configured as DNS servers. CertKiller.com currently has the Standard Primary zone for CertKiller.com on CERTKILLER-SR01 and the Standard Secondary zone for CertKiller.com on CERTKILLER-SR02. During the course of the day you receive instruction from CertKiller.com to make sure that the replication of the CertKiller.com zone is encrypted without the loss of zone data. What should you do? A. You should consider having the interface changed where the DNS server listens on both servers. B. You should consider having the zone transfer settings configured on the standard secondary zone. "Pass Any Exam. Any Time." - www.actualtests.com 3
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam You should then have the Schema master servers lists modified on the primary zone. C. You should consider having a stub zone. You should then have the secondary zone deleted. D. You should consider having the primary zone converted to active directory zone. You should then have the secondary zone deleted. Answer: D Explanation: In the scenario you should have the CertKiller.com primary zone converted to an active directoryintegrated zone and delete the secondary zone as this would ensure replication of the CertKiller.com zone is encrypted whilst preventing data loss.
QUESTION NO: 4 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently has the London and Paris office connected via a WAN link. CertKiller.com additionally makes use of a computer in the London office named CERTKILLERSR01 configured as the DNS server hosting a standard primary zone. During the course of the day you receive instruction from CertKiller.com to install a computer named CERTKILLER-SR02 in the Paris office configured as a DNS server. CertKiller.com additionally wants you to ensure that the DNS service on CERTKILLER-SR02 in the Paris office is able to update records and resolve queries in the event of a WAN link failure. What should you do?
A. You should consider having CertKiller.com converted to an Active Directory-integrated zone on CERTKILLER-SR01. B. You should consider having a new stub zone configured on CERTKILLER-SR01. You should then set the forwarding option to CERTKILLER-SR02. C. You should consider having DNS on CERTKILLER-SR01 configured to forward request to CERTKILLER-SR02. D. You should consider having a secondary zone added on CERTKILLER-SR02 named CertKiller.com. Answer: A Explanation:
"Pass Any Exam. Any Time." - www.actualtests.com
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam In the scenario you should ensure that CERTKILLER-SR01's DNS service is able to update and resolve DNS queries if the WAN link fails. In addition you should have the mask converted to an Active Directory-integrated zone on CERTKILLER-SR01 as this eliminates the need for primary and secondary name servers as fault tolerance is built into Active Directory which in addition is a bonus when using dynamic DNS. Reference: http://safari.adobepress.com/9780596514112/active_directory-integrated_zones
QUESTION NO: 5 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 configured as a DNS server configured with seven Active Directory Integrated Zones. During the course of the day you receive instruction from CertKiller.com to provide copies of the zone files of CERTKILLERSR01 to the security audit group for auditing purposes. What should you do?
Answer: A
QUESTION NO: 6 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 configured as the network DNS server. During the course of the day you receive instruction from CertKiller.com to "Pass Any Exam. Any Time." - www.actualtests.com 5
Ac
A. You should consider having the dnscmd/ZoneInfo command executed at the command prompt. B. You should consider having the dnscmd/ZoneOutput command executed at the command prompt. C. You should consider having the ntdsutil > Partition Management > Display command executed at the command prompt. D. You should consider having the ipconfig/registerdns command executed at the command prompt.
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam install the DNS server role on a member server in the Paris office named CERTKILLER-SR02 whilst creating a standard secondary zone for CertKiller.com on CERTKILLER-SR02. CertKiller.com has additionally requested that you configure CERTKILLER-SR01 as the master server for the zone whilst ensuring that CERTKILLER-SR02 is able to obtain zone updates from CERTKILLER-SR01. What should you do? A. You should consider having the CERTKILLER-SR01 computer account added to the DNSUpdateProxy group. B. You should consider having the permission on CERTKILLER-SR01 modified for the CertKiller.com zone. C. You should consider having CertKiller.com added as a conditional forwarder. D. You should consider having the zone transfer settings on CERTKILLER-SR01 modified for the CertKiller.com zone. Answer: D
What should you do?
A. You should consider having a NS record added in the CertKiller.com.com zone B. You should consider having a secondary zone created on a Global catalog server. C. You should consider having a delegation created in the CertKiller.com zone. D. You should consider having the properties of SOA record changed in the uk.CertKiller.com zone. Answer: C
QUESTION NO: 8 "Pass Any Exam. Any Time." - www.actualtests.com 6
Ac
During the course of the day you receive instruction from CertKiller.com to add a domain controller named CERTKILLER-SR01 with a standard primary zone for uk.CertKiller.com. CertKiller.com has additionally requested all company domain controllers be configured appropriately to resolve names for uk.CertKiller.com.
tua
lTe
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest containing a single domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. The current CertKiller.com DNS zone is stored on the ForestDnsZones Active directory partition.
sts
QUESTION NO: 7
.co
Microsoft 70-640: Practice Exam You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 configured as a DNS server running a standard primary zone. During the course of the day you receive instruction from CertKiller.com to setup a strategy which allows the CertKiller.com DNS server to hold the same database whilst ensuring that secure DNS dynamic updates are used for all clients. CertKiller.com wants you to decide on which DNS strategy type to use. What should you do? (Choose two) A. You should consider having all servers configured as primary servers. You should then have replication configured. B. You should consider having all network servers upgraded to Active Directory Integrated servers. C. You should consider having a server upgraded as a primary master. You should then have the rest of the servers configured as secondary zones. D. You should consider having a server upgraded as a primary master. You should then have the rest of the servers configured as stub zones. Answer: B,D
QUESTION NO: 9 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive reports from CertKiller.com that they are experiencing problems with a computer named CERTKILLER-SR01 which is configured as a DNS server. CertKiller.com wants you to determine whether the correct host name is used whilst testing DNS "Pass Any Exam. Any Time." - www.actualtests.com 7
Ac
Explanation: In the scenario you should have the DNS server upgraded to Active Directory-integrated zones which would permit the DNS servers to share an identical Active Directory database. You should additionally note that Active Directory-integrated zones support secure dynamic updates. You should also note that when the TTL is to minute that the load on the DNS servers would be increased.
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam on the local system to establish the host name 'CERTKILLER-SR01' is resolved to the IP address 137.134.12.33. CertKiller.com wants you to provide a solution to the problem at hand. What should you do? A. You should consider having an MX record added to the local DNS server. B. You should consider having an MX record added to the local WINS server. C. You should consider having a DNS server added to the local subnet. D. You should consider having the host name mapped to "CERTKILLER-SR01 and add the IP address 137.134.12.33 in the local systems HOSTS file. Answer: D Explanation: Your best option to select in this scenario would be Option D. The HOSTS file is a text file-based database of mappings amid hostnames and IP addresses. It performs similar to a file based version of DNS and resolves a hostname to an IP address.
QUESTION NO: 10
What would your reply be?
A. You should inform CertKiller.com that CERTKILLER-SR01 would only be able to host Secondary DNS. B. You should inform CertKiller.com that CERTKILLER-SR01 would only be able to host stub DNS. C. You should inform CertKiller.com that CERTKILLER-SR01 would only be able to host Primary DNS with Active Directory integration. D. You should inform CertKiller.com that CERTKILLER-SR01 would only be able to host Readonly DNS. Answer: D
Ac
CertKiller.com currently makes use of a computer named CERTKILLER-SR01 configured as a Read-Only Domain Controller (RODC) server running DNS. During the course of the day you receive instruction from CertKiller.com to determine which types of DNS zones are available on CERTKILLER-SR01.
tua
lTe
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista.
sts
.co
Microsoft 70-640: Practice Exam Explanation: In the scenario you should note that installing DNS on a Read-Only Domain Controller (RODC) server that the copy of DNS would be a read-only copy. You should additionally note that the use of the read-only DNS zone does not permit making use of dynamic updates. Additionally an advantage of read-only DNS zones is that they can be placed in a non-secure location.
QUESTION NO: 11 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 in the London office which has the DNS service role installed. During the course of the day you are informed by CertKiller.com that non-domain members are able to dynamically register DNS records. CertKiller.com has recently requested that you ensure that only the domain controllers of CertKiller.com are able to dynamically register their DNS registration information. What should you do?
Answer: C
Explanation: In order to ensure that only domain members are able to register their DNS records dynamically you need to set the option Secure only for Dynamic updates. This will only allow the domain members to register their DNS records dynamically. Reference : www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncf_imp_afpf.mspx
QUESTION NO: 12 You are employed as the enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All domain controllers at CertKiller.com are configured to run Windows Server 2003. "Pass Any Exam. Any Time." - www.actualtests.com 9
Ac
tua
A. You should consider ensuring that the zone transfers are enabled to Name Servers B. You should consider ensuring that the Authenticated Users group is removed C. You should consider ensuring that the dynamic updates are set to Secure Only. D. You should consider ensuring that the Everyone group is denied the Create All Child Objects permission.
lTe
sts
.co
Microsoft 70-640: Practice Exam You have received instruction from management to install Windows Server 2008 on a server. You decide to add the Windows Server 2008 server as a domain controller to the CertKiller.com domain. You need to identify the first step that needs to be performed. What should you identify? A. You should consider running the rundcpromo /createdcaccount command on the Windows Server 2008 domain controller. B. You should consider running the adprep /forestprep command on a domain controller. C. You should consider running the runadprep /rodcprep command on a domain controller. D. You should consider running the rundcpromo /adv command on the Windows Server 2008 domain controller. Answer: B
QUESTION NO: 13
During the course of the day you receive complaints from network users who have CERTKILLERSR02 configured as their preferred DNS server are unable to access the Internet. CertKiller.com wants you to ensure that the network users are able to access the Internet by enabling Internet name resolutions for all client computers. What should you do? A. You should consider having the .(root) zone updated on CERTKILLER-SR02 server. B. You should consider having CERTKILLER-SR01 configured to have a .(root) zone. C. You should consider having the .(root) zone deleted from the CERTKILLER-SR02 DNS server. D. You should consider having the DNS cache on CERTKILLER-SR02 deleted. E. You should consider having CERTKILLER-SR01 DNS server reconfigured and connect it to the domain. "Pass Any Exam. Any Time." - www.actualtests.com 10
Ac
tua
lTe
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 and CERTKILLER-SR02 configured as DNS servers. The configuration of CERTKILLER-SR01 and CERTKILLER-SR02 is shown below:
sts
.co
Microsoft 70-640: Practice Exam Answer: C Explanation: In this scenario, you should delete the .( root) zone on CertKiller2 server. The .( root) zone is creating a problem. Windows Server 2008 follows specific steps for host name resolution. The server checks its zone records after querying its cache. After that, the DNS server sends requests to the forwarders and then tries resolution by using root servers. The CertKiller2 server contains a root zone by default. This disables the DNS forwarding option and the DNS cannot act as a forwarder. To enable DNS forwarding, you have to delete the root zone. To delete the root zone you can either use the DNS snap-in or the dnscmd.exe command-line utility. You can use dnscmd / zonedelete parameter and specify the name of the DNS zone that you want to delete.
QUESTION NO: 14 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 which has the DNS server role installed. CertKiller.com currently has CERTKILLER-SR01 configured with a single network interface named KingAreaNetwork. During the course of the day you determine that the static IP address of the network interface is 192.168.1.100. CertKiller.com recently requested that you create a DNS zone named local.CertKiller.com on CERTKILLER-SR01. What should you do?
A. You should consider having the dnscmd CERTKILLER-SR01/ZoneAdd local.CertKiller.com/DSPrimary command run from the command prompt. B. You should consider having the dnscmd CERTKILLER-SR01/ZoneAdd local.CertKiller.com/Primary /file local.CertKiller.com.dns command run from the command prompt. C. You should consider having the ipconfig /registerdns:local.CertKiller.com command run from the command prompt. D. You should consider having the netsh interface ipv4 set dnsserver name=local.CertKiller.com static 192.168.1.100 primary command run from the command prompt. Answer: B Explanation: In the scenario you should make use of the dnscmd CERTKILLER-SR01/ ZoneAdd local.CertKiller.com/Primary /file local.CertKiller.com.dns command to create the zone named local.CertKiller.com on CERTKILLER-SR01. "Pass Any Exam. Any Time." - www.actualtests.com 11
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam You should additionally note that the DNS command used to add a zone uses the syntax bellow: dnscmd [ ServerName ] / zoneadd ZoneName ZoneType [ / dp FQDN |{ /domain | /enterprise | /legacy }] You should also note that the ServerName specifies where you specify the DNS server and ZoneName specifies the name of the zone and ZoneType would specify the type of zone to create which all requires different parameters to be used. Reference : Dnscmd Syntax http://technet2.microsoft.com/windowsserver/en/library/d652a163-279f-4047-b3e00c468a4d69f31033.mspx?mfr=true
QUESTION NO: 15 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 in the London office as the network DNS server. CertKiller.com currently has the network configured with each office containing a file server used to access and store files. During the course of the day you receive complaints from network users complaining about the long wait when connecting to network resources. You later checked the WAN bandwidth and discovered no problems. CertKiller.com requested that you ensure the network users are able to access resources quickly as possible. What should you do? (Choose two)
A. You should consider having a DNS server installed in the Paris office. B. You should consider having a secondary zone configured in the Paris office. You should then ensure the secondary zone used the London office DNS server as a master. C. You should consider having forwarders configured in the Paris office. You should then configure the Paris office DNS server to point to the DNS server in the London office. D. You should consider having the Paris office configured with a standard primary zone. Answer: A,B Explanation: In the scenario you should have a DNS server installed in the Paris office with a separate zone for the office as a single zone can become overburdened consuming the bandwidth and we should ensure that the network users receive access to resources as quickly as possible. "Pass Any Exam. Any Time." - www.actualtests.com 12
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam The Paris office should be configured with a secondary zone which uses the London office DNS server as a master. You should then consider having copies of the zone file distributed among several name servers to ensure quick access to network resources. You should finally know that changes made to the primary zone are replicated to the secondary zone which is known as a zone transfer. You should also not confuse that a name server is necessarily the primary or secondary server because a DNS server might host the primary zone for a specific portion of the Organization name space and a secondary for another name space. You should then note that you would not be able to have forwarders set in the Paris office which means you would not be able to resolve names outside your own network. Reference : Getting Started With Microsoft DNS Server Primary and Secondary Zones http://www.microsoft.com/technet/archive/winntas/plan/dns0197.mspx?mfr=true Reference : Understanding forwarders http://technet2.microsoft.com/windowsserver/en/library/a3cf0184-0594-4e78-8247609f038434381033.mspx?mfr=true
QUESTION NO: 16
CertKiller.com recently partnered with Weyland Industries which has an Active Directory Forest containing a single domain named Weyland.com. The Weyland.com domain additionally has an Active Directory Integrated DNS zone named Weyland.com. During the course of the day you receive instruction from CertKiller.com to change the IP addresses of the Weyland.com DNS servers whilst ensuring name resolution for the CertKiller.com users to the resources at Weyland.com. What should you do? A. You should consider having an application directory partition configured in the CertKiller.com forest which enlists all DNS servers in the CertKiller.com forest in the partition. B. You should consider having an application directory partition configured in the Weyland.com forest which enlists all DNS server in the CertKiller.com forest in the partition. "Pass Any Exam. Any Time." - www.actualtests.com 13
Ac
tua
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest containing a single domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 configured as the network DNS server hosting the Active Directory integrated DNS zone.
lTe
sts
.co
Microsoft 70-640: Practice Exam C. You should consider having a stub zone created for Weyland.com on CERTKILLER-SR01 at CertKiller.com. D. You should consider having the Zone Replication Scope for Weyland.com configured to replicate to all DNS servers in the CertKiller.com forest in the partition. Answer: C Explanation: In the scenario you should consider having a stub zone created to ensure that the CertKiller.com users are able to access resources in Weyland.com. You should additionally note that stub zones were introduced in Windows Server 2003 DNS which can be used to streamline name resolution especially in a split name scenario. You should additionally note that a stub zone is actually a copy of a zone containing only resource records requires to identify authoritative Domain Name System (DNS) server for the specific zone. The use of a stub zone is to resolve name resolution requests between separate DNS namespaces. Reference : DNS Stub Zones in Windows Server 2003 http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html
CertKiller.com as additionally configured the servers in both offices to have Active Directoryintegrated DNS zones configured. During the course of the day you receive instruction from CertKiller.com to ensure that all the client computers are configured to use their local DNS servers for name resolution whilst ensuring that the changes are immediately reflected at the Paris office DNS server when you change the IP address of CERTKILLER-SR01 in the London office. What should you do? A. You should consider having the standard domain controllers used at the Paris office instead of ththe Read-Only Domain Controller (RODC) server. B. You should consider having the Minimum (default) TTL option decreased to 15 minutes on the Start of Authority (SOA) record for the zone. "Pass Any Exam. Any Time." - www.actualtests.com 14
Ac
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 in the London office and CERTKILLER-SR02 in the Paris office both servers configured as Read-Only Domain Controllers (RODC) running DNS.
tua
lTe
QUESTION NO: 17
sts
.co
Microsoft 70-640: Practice Exam C. You should consider having the dnscmd /ZoneUpdateFromDs command run at the command prompt on a domain controller in the London office D. You should consider having the dnscmd /ZoneUpdateFromDs command run at the command prompt on the Paris office servers. Answer: D Explanation: In order to reflect the change immediately, you need to run the dnscmd / ZoneUpdateFromDs command on the branch office servers. This command updates the specified ActiveDirectoryintegrated zone from ADDS. Reference : dnscmd / zoneupdatefromds http://technet2.microsoft.com/windowsserver2008/en/library/e7f31cb5-a426-4e25-b71488712b8defd51033.mspx?mfr=true
QUESTION NO: 18
Whilst performing your routine maintenance you discovered that the zone transfer has failed on CERTKILLER-SR03. CertKiller.com wants you to configure DNS to provide zone data to the DNS server CERTKILLER-SR03 in the Toronto office. What should you do? A. You should consider having CERTKILLER-SR03 added to the DNSUpdateProxy Global security group in Active Directory Users and Computers. B. You should consider having dnscmd /ZoneResetMasters command run at the command prompt. C. You should consider having the Zone Transfers tab opened on one of the DNS servers in the London office. "Pass Any Exam. Any Time." - www.actualtests.com 15
Ac
During the course of the day you receive instruction from CertKiller.com to add an additional computer named CERTKILLER-SR03 to the newly acquired Toronto office. You have later installed and configured DNS service and configured a secondary zone on CERTKILLER-SR03 for the domain.
tua
lTe
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently has the Paris office DNS server hosting a standard secondary zone configured to have the London office DNS servers as their Master servers.
sts
.co
Microsoft 70-640: Practice Exam You should then have CERTKILLER-SR03 added to the list. D. You should consider having the dnscmd /ZoneResetSecondaries command run at the command prompt. Answer: C Explanation: In the scenario you should consider having a new DNS server added via the Zone Transfers tab on the DNS Server in the London office to configure the DNS zone to provide zone data to the DNS servers in the Paris office. You should additionally note that the DNS servers in the London office can be configured as Active Directory-integrated zones which would have the London office DNS server configured as primary name servers. You should then additionally remember that you would be required to click the 'Records' button in the main window when enabling zone transfers for a single zone in addition to right clicking the zone you ish to enable zone transfers and selecting the 'Properties' option from the popup menu in the "Zone Properties" tab when specifying which IP addresses are allowed fir zone transfers. Reference : 4.8. Active Directory-Integrated Zones http://safari.adobepress.com/9780596514112/active_directory-integrated_zones Reference : Enabling Zone Transfers from another DNS server http://www.simpledns.com/kb.aspx?kbid=1156
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com and a public name space uk.CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the business day you receive instruction from CertKiller.com to ensure that the public DNS records are not copied without impacting the functionality of public DNS name resolution requests. What should you do? A. You should consider having the All domain controllers in the domain zone replication option enabled on CertKiller.com. B. You should consider having the Notify feature deselected for the uk.CertKiller.com zone. C. You should consider having the Allow - Read permission disabled in the Everyone group on the uk.CertKiller.com DNS domain.
Ac
tua
QUESTION NO: 19
lTe
sts
.co
16
Microsoft 70-640: Practice Exam D. You should consider having the Allow zone transfers only to servers listed on the Name Servers option enabled on uk.CertKiller.com Answer: D Explanation: In the scenario you should consider having the public zone configured to Allow zone transfers only to servers listed on the Names Servers option on CertKiller.com which would ensure that public DNS zone records are able to be copied without impacting the functionality of the public DNS servers. You should additionally note that using only the allowed server listed that you are restricting zone transfers to only known servers listed in the Name Servers resource option on CertKiller.com. Reference : DNS Zones http://books.google.co.in/books?id=pL89TOMFcHsC&pg=RA1-PA244&lpg=RA1PA244&dq=Allow+zone+transfers+only+to+servers+listed+on+the+Name+Servers+option+&sourc e=web&ots=StFz29rSf5&sig=0wRSARkgYxCy2ohweQs4QUDMqEQ&hl=en#PRA1-PA243,M1
During the course of the day you receive complaints from client computers on the external network that they are unable to send e-mail messages to the CertKiller.com network. Whilst doing routine maintenance you discover that a host (A) DNS record exists for CERTKILLER-SR02 on the external computers. CertKiller.com wants you to ensure that CERTKILLER-SR02 is configured correctly to receive e-mail messages. What should you do? A. You should consider having a Service Location (SRV) record added for CERTKILLER-SR02. You should then set the Service field to _smtp and the Protocol field to _tcp using Port Number 25. B. You should consider having a Canonical (CNAME) record added which maps CERTKILLERSR02 to CertKiller.com. C. You should consider having a Mail Exchanger (MX) record added for CERTKILLER-SR02.
Ac
tua
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 that is configured as the network public DNS server. CertKiller.com additionally uses a computer named CERTKILLER-SR02 configured as an e-mail server.
lTe
sts
QUESTION NO: 20
.co
17
Microsoft 70-640: Practice Exam D. You should consider having a Mailboc (MB) record added for CERTKILLER-SR02. You should then set the Mailbox Host setting to CERTKILLER-SR02. Answer: C Explanation: In the scenario you should consider having a Mail Exchanger (MX) record added for CERTKILLER-SR02 to ensure that CERTKILLER-SR02 is to receive e-mail from external client computers. You should additionally note that the MX record controls the way e-mail is delivered and are particularly used to locate the receiving mail servers for a given host with the order of priority of these mail servers. You should also remember that non-RFX-compliant server fail to deliver e-mail for domain which lack MX records which includes certain versions of Microsoft Exchange. In the scenario you are aware that host (A) DNS records are available to the external client computers soo configuring the Mail Exchanger record for CERTKILLER-SR02 defines the destination host record for the mail server. You should finally note that the destination mail server record uses the host (A record not a CNMAE or IP address. Reference : E-mail, Mail Exchangers, and DNS http://www.dyndns.com/support/kb/email_mail_exchangers_and_dns.html
QUESTION NO: 21
During the course of the day you receive instruction from CertKiller.com to install DNS on a member server in the Paris office named CERTKILLER-SR02 which meets the requirements set below:CERTKILLER-SR02 should be able to query the London office DNS servers.CERTKILLERSR02 should be configured to ensure a limited number of DNS records would be transferred to CERTKILLER-SR02 in the Paris office. What should you do? A. You should consider having CERTKILLER-SR02 configured with a secondary zone. B. You should consider having CERTKILLER-SR02 installed in the Paris office. You should then configure a stub zone in the London office.
Ac
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. The CertKiller.com network currently contains multiple DNS servers in the London office.
tua
lTe
sts
.co
18
Microsoft 70-640: Practice Exam C. You should consider having CERTKILLER-SR02 configured with a primary zone. D. You should consider having CERTKILLER-SR02 configured with a stub zone. Answer: D Explanation: You should consider having a DNS server install in the Paris office configured as a stub zone which would ensure that the DNS server in the Paris office is able to query any DNS server in the London office ensuring that only a limited number of DNS records are transferred to the DNS server in the Paris office. You should note that the stub zone is a copy of a zone containing only the resource records required to identify authoritative name server for the zone. You should be aware that a stub zone keeps a DNS server hosting a parent zone aware of the authoritative DNS servers for its child zone. You should additionally note that the stub zone would only contain a copy of the SOA and NS records for the name servers authoritative for the for the zone and no CNAME records, MX records or SRV records for the other hosts in the zone. Reference : DNS Server Role http://technet2.microsoft.com/windowsserver2008/en/library/533a1cfc-5173-4248-914c433bd018f66d1033.mspx?mfr=true Reference : What is Stub zone in DNS/ What Stub Zones Do http://caloni00net.blog.dada.net/post/439393/What+is+Stub+zone+in+DNS
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. The London and Paris office are connected via a WAN link. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 configured as a DNS server hosting the Active Directory Integrated zone and CERTKILLER-SR02 in the Paris office configured as a DNS server hosting the secondary zone for CertKiller.com. CertKiller.com has recently requested that you configure CERTKILLER-SR02 to have CERTKILLER-SR01 as the DNS Master server for the zone whilst minimizing the DNS zone transfer traffic over the WAN link. What should you do? "Pass Any Exam. Any Time." - www.actualtests.com 19
Ac
QUESTION NO: 22
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam A. You should consider having the refresh interval setting increased in the Start of Authority (SOA) record for the zone. B. You should consider having the refresh interval setting decreased in the Start of Authority (SOA) record for the zone. C. You should consider having the Retry Interval setting decreased in the Start of Authority (SOA) record for the zone. D. You should consider having the netmask ordering option disabled in the properties of CERTKILLER-SR01. Answer: A Explanation: In the scenario you should consider having the Refresh Interval setting increased in the Start Of Authority record for the zone to have DNS zone transfer traffic minimized over the WAN link. You should additionally note that the Refresh Interval is responsible for informing the secondary name server when to poll the primary names server and how often to check for a serial number change. You should also be aware that the Refresh Interval effects how long DNS changes made on the Primary server takes to propagate which means the configurations made would ensure that zone transfers occur less frequently. Reference : DNS Resource Records / SOA Record Data Fields http://www.cisco.com/en/US/tech/ck648/ck362/technologies_tech_note09186a0080094727.shtml# topic2
QUESTION NO: 23
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest containing a single domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 which has the DNS server role installed. During the course of the day whilst performing routine maintenance you discovered a few stale resource records in the CertKiller.com zone. You later decided to enable scavenging on CERTKILLER-SR01 to get rid of the stale records. A month later you during your security maintenance you discover that the same stale records still exist. CertKiller.com wants you to ensure that the stale records are removed from the CertKiller.com zone. What should you do?
Ac
tua
lTe
sts
.co
20
Microsoft 70-640: Practice Exam A. You should consider having the dnscmd CERTKILLER-SR01 /AgeAllRecords command run at the command prompt. B. You should consider having the DNS service on CERTKILLER-SR01 stopped and restarted. C. You should consider having the dnscmd CERTKILLER-SR01 /StartScavenging command run at the command prompt. D. You should consider having scavenging enabled on the CertKiller.com zone. Answer: D Explanation: You again noticed the same stale resource records still lay CertKiller.com even after enabled DNS scavenging on CERTKILLER-SR01 because the CERTKILLER-SR01 may not have CertKiller.com zone integrated with ADDS and loaded at the server. To ensure that the stale resource records are removed from na.CertKiller.com, you need to enable DNS scavenging on the CertKiller.com zone. The aging and scavenging can be configured for specified zones on the DNS server to make sure that the stale records are removed from the specified zone. Reference : Enable Aging and Scavenging for DNS http://technet2.microsoft.com/windowsserver2008/en/library/7972082c-22a1-44fc-8e39841f7327b6051033.mspx?mfr=true
QUESTION NO: 24
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 which is configured as a DNS server hosting the DNS primary zone for CertKiller.com and a computer named CERTKILLER-SR02 in the Paris office configured as a DNS server hosting the DNS secondary zone for CertKiller.com. During the course of the day you configure the client computer to use their respective office DNS servers for DNS name resolution. CertKiller.com has recently requested that you change the IP address of CERTKILLER-SR03 a member server in the London office. CertKiller.com wants you to ensure that CERTKILLER-SR02 reflects the changes immediately. What should you do? A. You should consider having the dnscmd /zonerefresh command run at the command prompt on CERTKILLER-SR02. "Pass Any Exam. Any Time." - www.actualtests.com 21
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam B. You should consider having the dnscmd /zonerefresh command run at the command prompt on CERTKILLER-SR01. C. You should consider having the refresh interval ser to 10 minutes on the Start Of Authority (SOA) record. D. You should consider having the DNS Server service restarted on CERTKILLER-SR01. Answer: B Explanation: In order to ensure that CERTKILLER-SR02 reflects the change immediately you need to run the dnscmd command on CERTKILLER-SR01 and use the / zonerefresh option for the command The dnscmd / zonerefresh option will manually force zone replication on CERTKILLER-SR02 Reference : How can I easily administer DNS servers by using the command prompt? http://www.petri.co.il/dnscmd_command_in_windows_2000_2003.htm
QUESTION NO: 25
What should you do?
A. You should consider having a LegacyWINS zone created. You should then have host (A) records created for single name resources. B. You should consider having a GlobalNames zone created. You should then have host (A) records created for single name resources. C. You should consider having WINS-R lookup enabled in DNS. D. You should consider having Service Locator (SRV) records created for single name resources. Answer: B Explanation: In order to decommission the WINS service and to enable forest-wide single name resolution, you need to create an Active Directory-integrated zone named GlobalNames and create host (A) "Pass Any Exam. Any Time." - www.actualtests.com 22
Ac
tua
CertKiller.com currently makes use of a computer named CERTKILLER-SR01 in the London office which has the DNS Server role installed. During the course of the day you receive instruction from CertKiller.com to prepare the network for decommissioning the WINS service from the network. CertKiller.com wants you to have forest-wide single name resolution.
lTe
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest containing a single domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista.
sts
.co
Microsoft 70-640: Practice Exam records for the single name resources. GNZ is intended to aid the retirement of WINS. Windows Server 2008 (WS2K8) introduces the GlobalNames zone (GNZ) where larger environments with multiple DNS suffixes can use a single name host across all domains. To help customers migrate to DNS for all name resolution, the DNS Server role in Windows Server 2008 supports a special GlobalNames Zone (also known as GNZ) feature. Some customers in particular require the ability to have the static, global records with single-label names that WINS currently provides. These single-label names typically refer to records for important, well-known and widely-used servers for the company, servers that are already assigned static IP addresses and are currently managed by IT-administrators using WINS. GNZ is designed to enable the resolution of these single-label, static, global names for servers using DNS.
QUESTION NO: 26
During the course of the day you receive instruction from CertKiller.com do design a security solution for CertKiller.com which is isolated from the Internet. CertKiller.com has additionally requested that you determine the recommendations for DNS. What should you do? (Choose two)
A. You should consider having Active Directory integrated zones used on the network. B. You should consider having secondary zones used on the network. C. You should consider having a private DNS infrastructure used with internal root hint servers. D. You should consider having secure dynamic updates used on the network. Answer: A,C Explanation: In this scenario your best option would be to recommend the use of integrated Active Directory zones and a private DNS infrastructure with internal root hint servers. When the DNS infrastructure is isolated from the Internet you have to configure it with root hints. The root hints have to be pointed to the internal servers. The default Windows Server 2008 servers usually point "Pass Any Exam. Any Time." - www.actualtests.com 23
Ac
tua
lTe
sts
.co
Reference : Understanding GlobalNames Zone in Windows Server 2008 http://www.petri.co.il/windows-DNS-globalnames-zone.htm
Microsoft 70-640: Practice Exam to the Internet's root name servers. The Active Directory zones will supply you with extra security and fault tolerance. Recommending the use of secure dynamic updates is incorrect. Dynamic updates should not be permitted in secure environments. Recommending the use of secondary zones is incorrect. Secondary zones are less secure than Active Directory zones. Reference : Syngress.The.Real.MCTS.MCITP.Exam.70-648.Prep.Kit.Mar.2008
QUESTION NO: 27 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista.
What should you do?
Answer: A
Explanation: Permissions permits secure dynamic updates. The replication of zone recordswill happens at the property level. These records are encrypted and compressed. The records of the integrated zones are kept in the AD directory services. The records are kept inactive Directory which is objects that the permissions are assigned to. Reference : Syngress.The.Real.MCTS.MCITP.Exam.70-648.Prep.Kit.Mar.2008
Section 2, Configure DNS server settings (12 Question) "Pass Any Exam. Any Time." - www.actualtests.com 24
Ac
A. You should consider having all the options below used. B. You should consider having Zone records kept as Active Directory objects. C. You should consider having Active Directory integrated zones stored in Active Directory. D. You should consider having dynamic updates allowed. E. You should consider having replication be more efficient and secure.
tua
lTe
sts
During the course of the day you receive instruction from CertKiller.com to prepare the CertKiller.com network for the transition of DNS services to Active Directory Integrated zones whilst determining the key features.
.co
Microsoft 70-640: Practice Exam
QUESTION NO: 28 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest containing a single domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of two computer named CERTKILLER-DC01 and CERTKILLER-DC02 in the London office which have the DNS Server role installed. CertKiller.com additionally deployed a computer named CERTKILLER-DC03 configured as a Read-only Domain Controller (RODC) which has the DNS Server role installed and configured with Active Directory-integrated zones. During the course of the day you receive instruction from CertKiller.com to configure secure updates on the DNS servers whilst ensuring that CERTKILLERDC03 is configured to accept dynamic DNS updates. What should you do?
Answer: D
Explanation: In order to enable the dynamic DNS updates on CERTKILLER-DC03 you need uninstall the Active Directory Domain services on CERTKILLER-DC03. Thereafter you can reinstall it as a writeable domain controller. A writeable domain controller performs originating updates and outbound replication. Reference: http://msdn.microsoft.com/en-us/library/cc207937.aspx
QUESTION NO: 29 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest containing a single domain named CertKiller.com. CertKiller.com has "Pass Any Exam. Any Time." - www.actualtests.com 25
Ac
tua
A. You should consider having CERTKILLER-DC03 the Read-only Domain Controller (RODC) reconfigured to allow dynamic updates. B. You should consider having the dnscmd/ZoneResetType command run at the command prompt on CERTKILLER-DC03. C. You should consider having an active partition created and configured on CERTKILLER-DC01 to store the Active Directory-integrated zones. D. You should consider having Active Directory Domain services uninstalled in CERTKILLERDC03. You should then re-install Active Directory as a writeable domain controller.
lTe
sts
.co
Microsoft 70-640: Practice Exam its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 in the London office which has the DNS Server role installed with Active Directory-integrated zone configured for two sites containing four domain controllers each. A new company directive is received during the day that states that a new NS record needs to be added to the zone. Additionally CertKiller.com informs you that the newly created NS record has to be received instantaneously by the domain controllers. What should you do? A. You should consider having a Start-Of Authority (SOA) record created in the DNS Manager console. B. You should consider having the DNS server service shutdown and restarted from the services snap-in. C. You should consider having the repadmin/syncall command executed at the command prompt. D. You should consider having the zone reloaded from the DNS Manager console.
During the course of the day you receive instruction from CertKiller.com to install an additional DNS server named CERTKILLER-SR03 on the perimeter network. You have later decided to configure CERTKILLER-SR01 to forward all unresolved requests to CERTKILLER-SR03. During your routine maintenance you discover that DNS forward option is unavailable on CERTKILLERSR02. CertKiller.com recently requested that you travel to the Paris office and configure DNS forwarding on CERTKILLER-SR02 to forward the unresolved name requests to CERTKILLERSR03. What should you do? (Choose two) A. You should consider having the Root zone deleted on CERTKILLER-SR02.
Ac
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of two computers named CERTKILLER-SR01 and CERTKILLER-SR02 configured with the DNS server role.
tua
lTe
QUESTION NO: 30
sts
Answer: C
.co
26
Microsoft 70-640: Practice Exam B. You should consider having zone forwarding added on CERTKILLER-SR02. C. You should consider having the DNS cached cleared on CERTKILLER-SR02. D. You should consider having conditional forwarding configured on CERTKILLER-SR02. Answer: A,D
QUESTION NO: 31 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 which has the DNS server role installed. During the course of the day you receive instruction from CertKiller.com to have all inbound DNS queries to CERTKILLER-SR01 recorded. What should you do?
Answer: B
QUESTION NO: 32
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of two Active Directory forests named CertKiller.com and us.CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of three computer named CERTKILLER-SR01, CERTKILLERSR02 and CERTKILLER-SR03 which are configured as DNS servers. The settings of the DNS servers are shown in the exhibit below: CERTKILLER-SR03 is configured for all workstations in the CertKiller-south.com domain as the DNS server. CERTKILLER-SR01 is configured as the DNS server for the other workstations. During routine monitoring you discover that employees from CertKiller-south.com are unable to connect to the servers belonging to CertKiller-north.com. You receive an instruction from the CIO "Pass Any Exam. Any Time." - www.actualtests.com 27
Ac
tua
A. You should consider having automatic testing for recursive queries enabled in the DNS Manager Console. B. You should consider having debug logging enabled in the DNS Manager Console. C. You should consider having event logging configured to log errors and warnings in the DNS Manager Console. D. You should consider having automatic logs for recursive queries disabled in the DNS Manager Console.
lTe
sts
.co
Microsoft 70-640: Practice Exam to make sure that all CertKiller-south.com queries can be resolved by employees at CertKillernorth.com. What should you do? A. This can be accomplished by creating a copy of the_msdcs.CertKiller-north.com zone on CERTKILLER-SR03. B. This can be accomplished by creating configuring conditional forwarding on CERTKILLERSR03 in order to forward CertKiller-north.com queries to CERTKILLER-SR01. C. This can be accomplished by creating a copy of the CertKiller-south.com zone on CERTKILLER-SR01 as well as CERTKILLER-SR02. D. This can be accomplished by configuring conditional forwarding on CERTKILLER-SR01 and CERTKILLER-SR02 in order to forward CertKiller-south.com queries to CERTKILLER-SR03. Answer: B
QUESTION NO: 33
What would your reply be?
A. The root name server would reply with the IP address of www.Weyland.com B. The root name server would reply with the IP address of the name server for the .com top-level domain. C. The root name server would reply with the IP address of the name server for the Weyland.com domain. D. The root name server would reply with the DNS name of the .com top-level domain. Answer: B Explanation:
Ac
CertKiller.com currently makes use of a computer named CERTKILLER-SR01 which has the DNS Server role installed. During the course of the day you a network user named Rory Allen send a recursive query looking for the IP address of www.Weyland.com. Rory Allen has then discovered that the DNS server cannot find any local zones matching the requested domain name and the DNS server forwards the request to a root name server. Rory Allen wants to know what the root name server should reply with.
tua
lTe
sts
.co
28
Microsoft 70-640: Practice Exam The root name server has control over the root domain and has to reply with the IP address of a name server for the .com top-level domain. Upon receiving the IP address of the top-level domain the system should inquire for the Weyland.com address.
QUESTION NO: 34 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day whilst performing routine maintenance you discovered that a spammer tried sending junk mail via an unwary mail server at CertKiller.com. You have additionally determined that the spammer used a fake DNS name which they assumed would be accepted by the mail server but is still rejected. CertKiller.com has later asked you what caused to mail server to refuse the spammer's mail. What would your reply be?
Answer: A
Explanation: The majority of mail servers are capable of being configured to have incoming mail rejected from servers whose IP addresses cannot be determined with a reverse lookup.
QUESTION NO: 35 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from CertKiller.com to troubleshoot an error reported by a network user named Rory Allen who states the client computer appears to contain "Pass Any Exam. Any Time." - www.actualtests.com 29
Ac
tua
A. You should inform CertKiller.com that the mail is rejected when a mail server doing a reverse lookup zone with the aim of confirming that DNS names are not fake. B. You should inform CertKiller.com that the mail is rejected when the spammer has no MX record in the database of the DNS server which serves the mail server's domain. C. You should inform CertKiller.com that the mail is rejected when the spammer's DNS name is not found in the cache file of the primary DNS server serving the mail server's domain. D. You should inform CertKiller.com that the mail is rejected when a fake DNS name is detected.
lTe
sts
.co
Microsoft 70-640: Practice Exam outdated DNS data. You later decided to use the ipconfig command line utility to view what DNS servers the client is using when pinging to confirm connectivity to those server. What should you do? A. You should consider having the dns /register command run at the command prompt. B. You should consider having the ipconfig /flushdns command run at the command prompt. C. You should consider having the ipconfig /cleardns command run at the command prompt. D. You should consider having the nslookup /flushdns command run at the command prompt. Answer: B Explanation: The command ipconfig / flushdns clears up the local DNS cache.
QUESTION NO: 36
During the course of the day CertKiller.com is approached by Weyland Industries who wants CertKiller.com to configure their Windows Server 2008 DNS server to answer queries for hosts on the local intranet but not the Internet. What should you do? (Choose two)
A. You should consider having the forwarding option left turned off. B. You should consider having the Weyland Industries DNS server installed behind the Weyland Industries firewall. C. You should consider having recursive lookups disabled. D. You should consider having the Weyland.com server configured as a root server. You should then leave the root hints for the top-level domains. Answer: A,D Explanation: Having the server configured as a root server and leaving forwarding off indicates that the server will either answer a query for known addresses or return a failure for unknown addresses.
Ac
tua
lTe
sts
.co
30
Microsoft 70-640: Practice Exam QUESTION NO: 37 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day a network user named Rory Allen asked you which tools can be used to configure DNS server services. What would your reply be? A. You should inform Rory Allen that the Network Properties can be used to configured DNS server services. B. You should inform Rory Allen that the Active Directory Users and Computers can be used to configured DNS server services. C. You should inform Rory Allen that the DNS administrative tool can be used to configured DNS server services. D. You should inform Rory Allen that the Computer Management can be used to configured DNS server services. Answer: C
QUESTION NO: 38
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from CertKiller.com to utilize multiple account lockout policies. A network user named Rory Allen has recently asked you which policy type you would use. What would you reply be? A. You should inform Rory Allen that you plan on using the OU password policy. B. You should inform Rory Allen that you plan on using the fine-grained password policy. C. You should inform Rory Allen that you plan on using the Multiple password policy.
Ac
tua
lTe
Explanation: The DNS administrative tool is to be used to configure settings for the DNS server service. DNS zone files can be manually edited by making use of a standard text file editor.
sts
.co
31
Microsoft 70-640: Practice Exam D. You should inform Rory Allen that you plan on using the DSA password policy. Answer: B Explanation: Windows Server 2008 boasts a new fine-grained password policy which permits an organization to have different password as well as account lockout policies for diverse sets of users in the same domain.
QUESTION NO: 39 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you received instruction from CertKiller.com to prevent the network users from starting or stopping a particular service on a domain controller named CERTKILLER-DC01. What should you do?
QUESTION NO: 40 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest containing a single domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-DC01 in the London office and CERTKILLER-DC02 in the Paris office each configured as an Active Directory site. During the course of the day you notice all sites are connected with the DEFAULTIPSITELINK object. You "Pass Any Exam. Any Time." - www.actualtests.com 32
Ac
Explanation: The settings made in the Domain Controller Security Policy tool are only relevant to domain controllers. Section 3, Configure zone transfers and replication (8 Questions)
tua
Answer: D
lTe
A. You should consider having the Domain Security Policy used. B. You should consider having the Local System Policy used. C. You should consider having the Active Directory Users and Computers tool used. D. You should consider having the Domain Controller Security Policy used.
sts
.co
Microsoft 70-640: Practice Exam receive an instruction from the CIO to reduce any replication latency that may exist between CERTKILLER-DC01 and CERTKILLER-DC02. What should you do? A. You should consider having the replication interval for the DEFAULTIPSITELINK object decreased. B. You should consider having the replication interval for the DEFAULTIPSITELINK object increased. C. You should consider having the connection replication interval for all connection objects decreased. D. You should consider having the cost between the connection objects decreased. Answer: A
What should you do?
A. You should consider having a new delegation configured in the ForestDnsZones application directory partition. B. You should consider having the dnscmd/createdirectorypartition command run at the command prompt. C. You should consider having the dnscmd/enlistdirectorypartition command executed from the command prompt. D. You should consider having a delegation created in the DomainDnsZones application directory partition. Answer: B
Ac
tua
CertKiller.com currently makes use of two computers named CERTKILLER-SR01 in the London office and CERTKILLER-SR02 in the Paris office which has the DNS Server role installed. During the course of the day you receive instruction from CertKiller.com to create a new Active Directoryintegrated zone. CertKiller.com additionally wants you to ensure that the new zone is only replicated to one domain controller.
lTe
sts
.co
QUESTION NO: 41
33
Microsoft 70-640: Practice Exam QUESTION NO: 42 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use two computers named CERTKILLER-SR01 and CERTKILLER-SR02 configured as DNS servers. The configuration of the DNS servers is shown in the exhibit below:
What should you do?
QUESTION NO: 43 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest containing a single domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. One of the administrators in your department created an Active Directory-integrated zone for CertKiller.com. CertKiller.com has recently acquired a UNIX-based DNS server named CERTKILLER-SR01. During the course of the business day you receive an instruction from the CIO to configure the Windows Server 2008 organization. CertKiller.com plans to make use of this configuration to permit zone transfers of the CertKiller.com zone to CERTKILLER-SR01. "Pass Any Exam. Any Time." - www.actualtests.com 34
Ac
Answer: C
tua
A. You should consider having the list of root hints servers updated on CERTKILLER-SR02. B. You should consider having a copy of the .(root) zone created on CERTKILLER-SR01. C. You should consider having the .(root)zone deleted from CERTKILLER-SR02. You should then have conditional forwarding configured on CERTKILLER-SR02. D. You should consider having the Cache.dns file updated on CERTKILLER-SR02. You should then have conditional forwarding configured on CERTKILLER-SR01.
lTe
sts
.co
During the course of the day you receive complaints from the network users that they are not able to connect to Internet websites while using CERTKILLER-SR02 as their preferred DNS server. CertKiller.com recently requested that you enable Internet name resolution for all client computers on the network.
Microsoft 70-640: Practice Exam What should you do? A. You should consider having recursion disabled in the DNS Manager console. B. You should consider having a stub zone created in the DNS Manager console. C. You should consider having a secondary zone created in the DNS Manager console. D. You should consider having BIND secondaries enabled in the DNS Manager console. Answer: D
QUESTION NO: 44 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. The London office and Paris office are linked via a slow satellite link. During the course of the day you receive instruction from CertKiller.com to install DNS into the Paris office to ensure that the client computers in the Paris office are easily locate authoritative DNS server located in the London office. What should you do?
Answer: B
Explanation: Stub zones are extremely effective for use in slow WAN connections. These zones only store three types of resource records that being: NS records, glue host (A) records, and SOA records. These three records can be utilized to locate authoritative DNS servers.
QUESTION NO: 45 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. "Pass Any Exam. Any Time." - www.actualtests.com 35
Ac
tua
A. You should consider having Active Directory-integrated zones created in the Paris office. B. You should consider having a stub zone created in the Paris office C. You should consider having a primary DNS zone created in the Paris office. D. You should consider having a secondary DNS zone created in the Paris office.
lTe
sts
.co
Microsoft 70-640: Practice Exam CertKiller.com currently makes use two computers named CERTKILLER-SR01 running the DNS service configured as a primary master and CERTKILLER-SR02 configured as a secondary master for the CertKiller.com zone. A network user named Rory Allen wants to know which part of the DNS zone would be used to establish whether or not zone data has changed. What would your reply be? A. You should inform Rory Allen that the secondary master would use the serial number. B. You should inform Rory Allen that the secondary master would use the database record tombstone. C. You should inform Rory Allen that the secondary master would use the TTL, or time to live. D. You should inform Rory Allen that the secondary master would use the NS record. Answer: A Explanation: The serial number is utilized by secondary servers to establish whether or not the zone data has changed. This value is routinely updated with Windows Server 2008 DNS server by default. The zone's TTL is used to verify what time to query for an update of the zone file from the master server except if a Notify message has been sent by the master server in the interim.
QUESTION NO: 46
During the course of the day you receive instruction from CertKiller.com to have several server in the network mirror each other in the occurrence of server failure. CertKiller.com has recently deployed a Web server named CERTKILLER-SR01 hosting the www.CertKiller.com web site. During your routine maintenance you decided to replicate the website replicated to the Paris office with all required host records in DNS. During the week you have discovered that only one DNS server is responding to client requests. CertKiller.com has requested that you check if the default settings which were changed whilst ensuring the Web site would be able to utilize all the mirrored web servers. What should you do? A. You should consider having Round robin enabled. B. You should consider having the request redirector enabled. "Pass Any Exam. Any Time." - www.actualtests.com 36
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam C. You should consider having the correct priorities metric configured for the hostname. D. You should consider having DNS sharing enabled. E. You should consider having IIS sharing enabled. Answer: A Explanation: The round robin option permits you to bear a hostname listed with multiple IP addresses and then, as each request enters the DNS server, rotate the list, in succession presenting all of the IP addresses. This will have the load balanced out across all the servers which you have mirrored as well as configured in the DNS.
QUESTION NO: 47 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. The CertKiller.com network contains two DNS servers. The DNS servers are named CERTKILLER-SR13 and CERTKILLER-SR14. The exhibit below illustrates how the DNS servers are configured: You receive numerous complaints from domain users that they are unable to establish a connection to Internet Web sites. You check and discover that the error occurs with the users that make use of CERTKILLER-SR14. To ensure that enhance productivity you need to ensure that the Internet name resolution is enabled for all user workstations. What should you do?
A. This can be accomplished by ensuring that a list of root hints servers is updated on CERTKILLER-SR14. B. This can be accomplished by ensuring that the .(root) zone is deleted from CERTKILLERSR14. Thereafter conditional forwarding should be configured on CERTKILLER-SR14. C. This can be accomplished by ensuring that the Cache.dns file is updated on CERTKILLERSR14. Thereafter conditional forwarding should be configured on CERTKILLER-SR13. D. This can be accomplished by ensuring that a copy of the .(root) zone is created on DNSL. Answer: B
QUESTION NO: 48
Ac
tua
lTe
sts
.co
37
Microsoft 70-640: Practice Exam CertKiller.com has hired you as a systems administrator for their network. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. CertKiller.com has acquired another company named TestLabs Inc that contains an Active Directory domain named intranet.testlabs.com. A security policy of TestLabs Inc prevents internal DNS zone data to be transfered to users outside the testlabs.com network. During the course of the day you receive an instruction from the CIO to grant employees of CertKiller.com the necessary permissions to allow them to resolve names from intranet.testlabs.com. What should you do? A. This can be accomplished by putting intranet.testlabs.com in the Active Directory of CertKiller.com. B. This can be accomplished by having a subzone established for the intranet.testlabs.com domain. C. This can be accomplished by reconfiguring the intranet.testlabs.com domain as a standard primary zone. D. This can be accomplished by setting conditional forwarding for the intranet.testlabs.com domain.
QUESTION NO: 49
CertKiller.com has employed you as a network administrator. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You are responsible for managing two domain controllers named CERTKILLER-DC01 and CERTKILLER-DC02. You receive numerous complaints from other administrators attempting to log on to CERTKILLER-DC01 and CERTKILLER-DC02. You decide to determine the logon attempts on CERTKILLER-DC01 and CERTKILLER-DC02.
Ac
tua
Explanation: In order to permit a CertKiller.com user to resolve names from intranet.testlabs.com domain you need to set the conditional forwarding for the intranet.testlabs.com domain. A conditional forwarding is a DNS query setting that allows a DNS server to route a request for a particular name to another DNS server by specifying a name and IP address.
lTe
Answer: D
sts
.co
38
Microsoft 70-640: Practice Exam What should you do? A. You should consider checking the security tab on the domain controller computer object. B. You should consider accessing the Event Viewer on the Administrators workstations. C. You should consider checking the security log on domain controller using event viewer. D. You should consider checking executing the netsh/events command on the command prompt. Answer: C Explanation: In order to identify the logon attempts on the domain controllers you need to access the Event Viewer and check the logon attempts. The Event viewer will tell you the IP address and other details of the user account which was used to logon to the domain controllers.
What should you do?
A. You should consider setting the Primary DNS server to only register authenticated members. B. You should consider disabling the Everyone group in the Dynamic Objects permission. C. You should consider setting the option Secure only for Dynamic updates. D. You should consider configuring zone transfers to Name Servers. Answer: C Explanation: In order to ensure that only domain members are able to register their DNS records dynamically you need to set the option Secure only for Dynamic updates. This will only allow the domain members to register their DNS records dynamically. Reference : www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncf_imp_afpf.mspx
Ac
tua
lTe
All domain controllers on the CertKiller.com network have the DNS server role installed. All computers in the domain as well as non domain members register their DNS records automatically. During the course of the day you receive an instruction from management to ensure that only domain members is able to register their DNS records automatically.
sts
You are employed as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional.
.co
QUESTION NO: 50
39
QUESTION NO: 51 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. A number of domain controllers in the CertKiller.com network are configured to host the forest wide operations master roles. A new company directive states that all domain controllers hosting this master role be decommissioned. You thus decide to have the forest wide operations master roles transferred to a new domain controller named CERTKILLER-DC03 prior to taking down the domain controllers. What should you do? (Choose all that apply.)
Answer: C,D
Explanation: In order to transfer all forest-wide operation master roles to another domain you need to transfer Domain naming master as well as the Schema master. Schema Master: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest. Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. There can be only one domain naming master in the whole forest. Reference: http://support.microsoft.com/kb/324801
QUESTION NO: 52 You are the newly appointed network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All domain controllers on the CertKiller.com network run Windows Server 2003 and all client computers run Windows XP Professional. "Pass Any Exam. Any Time." - www.actualtests.com 40
Ac
tua
lTe
sts
A. You should consider transferring the Forest-wide server master roles. B. You should consider transferring the PDC Master. C. You should consider transferring the Schema master. D. You should consider transferring the Domain naming master. E. You should consider transferring the Secondary domain master.
.co
Microsoft 70-640: Practice Exam You are in the process of upgrading the domain controllers on the network to Windows Server 2008. You receive an instruction from the CIO to ensure that the application of multiple password policies will be supported. You thus decide to configure the Active Directory environment to accomplish this. What should you do? A. You should consider executing executing dcpromo/adv on 2 domain controllers. B. You should consider creating four Active Directory sites. C. You should consider setting the functional level of the domain to Windows Server 2008. D. You should consider executing dcpromo/adv on all domain controllers on the network. Answer: C
QUESTION NO: 53
You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest that contains a single domain named CertKiller.com. At present the domain controllers on the CertKiller.com network is configured to run Windows Server 2003. You receive an instruction from the CIO to prepare the Active Directory domain in order to deploy Windows Server 2008 on all domain controllers. You need to determine the appropriate actions that need to be executed to accomplish this task. What should you do? (Choose all that apply.)
Answer: A,C
QUESTION NO: 54 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest named us.CertKiller.com and uk.CertKiller.com. The functional level of us.CertKiller.com is set at Windows Server 2008 and the functional level of uk.CertKiller.com is set at Windows Server 2003 Native Mode. During the course of the day you receive an instruction from management to have an external trust configured between us.CertKiller.com and uk.CertKiller.com. To ensure productivity throughout the organization you "Pass Any Exam. Any Time." - www.actualtests.com 41
Ac
A. You should consider running the adprep /domainprep command. B. You should consider raising the forest functional level to Windows Server 2008. C. You should consider running the adprep /forestprep command. D. You should consider raising the domain functional level to Windows Server 2008.
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam thus decide to have Kerberos AES encryption enabled. What should you do? A. This can be accomplished by ensuring that the uk.CertKiller.com forest functional level is raised to Windows Server 2008. B. This can be accomplished by ensuring that the uk.CertKiller.com domain functional level is raised to Windows Server 2008. C. This can be accomplished by ensuring that the us.CertKiller.com forest functional level is raised to Windows Server 2008. D. This can be accomplished by ensuring that a new forest trust created and forest-wide authentication is enabled. Answer: B
What should you do?
A. This can be achieved by having the global distribution group renamed to a universal distribution group. B. This can be achieved by having the global distribution group type modified to a security group. C. This can be achieved by havin the forest functional level set to Windows Server 2008. D. This can be achieved by having the Domain Administrators added to the global distribution group. Answer: B
QUESTION NO: 56
Ac
tua
During the course of the day you receive an instruction from the CIO to create a global distribution group as well as adding users to it. After creating the global distribution group and adding the users you create a shared folder named KINGDATA on a Windows Server 2008 member server. Thereafter you place the global distribution group in a domain local group that has access to KINGDATA. To ensure productivity you need to make sure that all users are able to access KINGDATA.
lTe
sts
You are employed as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest that contains a single domain named CertKiller.com. The functional level of the forest is set at Windows Server 2008.
.co
QUESTION NO: 55
42
Microsoft 70-640: Practice Exam CertKiller.com has hired you as a systems administrator for their network. The CertKiller.com network consists of a single Active Directory forest that contains two domains named us.CertKiller.com and uk.CertKiller.com. CertKiller.com has its headquarters in Phoenix and a branch office in Dallas. To ensure productivity management wants you to minimize the time needed to authenticate users from the us.CertKiller.com when they access resources in the uk.CertKiller.com. What should you do? A. This can be accomplished by increasing the replication interval for the DEFAULTIPSITELINK site link. B. This can be accomplished by creating a one-way shortcut trust from us.CertKiller.com to uk.CertKiller.com. C. This can be accomplished by increasing the replication interval for all connections objects. D. This can be accomplished by creating a one-way shortcut trust from uk.CertKiller.com to us.CertKiller.com. Answer: D
QUESTION NO: 57
CertKiller.com has employed you as a network administrator. The CertKiller.com network consists of a single Active Directory forest that contains a parent domain as well as a child domain. The child domain contains two domain controllers named CERTKILLER-DC01 and CERTKILLERDC02. CERTKILLER-DC01 and CERTKILLER-DC02 are configured to run Windows Serer 2008. You are in the process of migrating the user accounts from the child domain to that of the parent domain. A new company directive states that the child domain is scheduled for decommissioning. During the course of the day you receive an instruction from the CIO to remove the child domain from the Active Directory forest. What should you do? (Choose all that apply.) A. Your best option would be to have the Domain Controller service on CERTKILLER-DC01 and CERTKILLER-DC02 stopped in the child domain using the Computer Management Console. B. Your best option would be to have the Active Directory domain services role uninstalled in the child domain on CERTKILLER-DC01 and CERTKILLER-DC02 using Server Manager. C. Your best option would be to have Dcpromo utility executed on CERTKILLER-DC01 and CERTKILLER-DC02 in the child domain that has the individual answer files. D. Your best option would be to have the computer accounts for CERTKILLER-DC01 and CERTKILLER-DC02 deleted in the child domain. "Pass Any Exam. Any Time." - www.actualtests.com 43
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam Thereafter the trust relationship between the parent domain and the child domain should be removed. Answer: B,C
QUESTION NO: 58 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com recently employed Windows Server 2008. A number of CertKiller.com remote sites do not have a very secure security policy in place. You therefore decide to implement read-only domain controllers (RODC) at these sites. You need to determine the forest and function level the network will require in order to do the installation.
What should you identify?
Answer: A,D
QUESTION NO: 59
You are the newly appointed network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. You are in the process of promoting a Windows Server 2008 workstation to an Active Directory domain controller for testing purposes. The new domain controller is added to the existing domain. You encounter an error message that stops the server from being promoted whilst using the Active Directory Installation Wizard. In order to rectify the error you need to identify the likely cause.
What should you identify? "Pass Any Exam. Any Time." - www.actualtests.com 44
Ac
tua
Explanation: The forest and function levels have to be Windows 2003 or above to install a RODC.
lTe
A. You should consider installing Windows 2008. B. You should consider installing Windows 2000 Mixed. C. You should consider installing Windows 2000 Native. D. You should consider installing Windows 2003.
sts
.co
Microsoft 70-640: Practice Exam A. A possible reason could be that the system lacks an NTFS partition on which the Sysvol directory could be created. B. A possible cause could be the lack of a Windows Server 2008 DNS server on the network. C. A possible cause could be that the TCP/IP configuration on the new server is incorrect. D. A possible cause could be the domain reached its limit for the amount of domain controllers. Answer: A,C Explanation: The Sysvol directory has to be created on an NTFS partition. In the case of such a partition being unavailable, the server will not be able to be promoted to a domain controller. An error in the network configuration may impede the server from connecting to another domain controller in the environment.
QUESTION NO: 60
What should you do?
A. You should consider using the DCPromo.exe command. B. You should consider using the DCPromote.exe command. C. You should consider using the DomainPromote.exe command. D. You should consider using the Promote.exe command Answer: A Explanation: The DCPromo.exe has to be used to initiate the process of promoting or demoting a server to/from a domain controller.
QUESTION NO: 61 CertKiller.com has employed you as a network administrator. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com "Pass Any Exam. Any Time." - www.actualtests.com 45
Ac
tua
lTe
You receive an instruction during the course of the day to install the first domain controller in the Active Directory environment. To accomplish this task you need to execute the appropriate command that will start the Active Directory Installation Wizard.
sts
CertKiller.com has hired you as a systems administrator for their network. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional.
.co
Microsoft 70-640: Practice Exam network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. In order to accomplish a few tasks you need to access the Active Directory Installation Wizard. You thus need to identify the appropriate command that will permit you to access the Active Directory Installation Wizard. What should you identify? A. You need to run the dconfig command. B. You need to run the dcpromo command. C. You need to run the domaininstall command. D. You need to run the domainupgrade command. E. You need to run the dcinstall command. Answer: B Explanation: The dcpromo command should be utilized to launch the Active Directory Installation Wizard. All of the remaining commands are not valid in Windows Server 2008.
QUESTION NO: 62
A. You should consider using the dcpromo /remove command. B. You should consider reinstalling the server over the existing installation. Thereafter the machine should be assigned as a member of a workgroup. C. You should consider reinstalling the server over the existing installation. Thereafter the machine should be assigned as a member of a domain. D. You should consider using the Active Directory Installation Wizard in order to demote CERTKILLER-DC01. Answer: D Explanation: The Active Directory Installation Wizard allows administrators to remove a domain controller from a domain quickly and easily devoid of the need to reinstall the operating system. "Pass Any Exam. Any Time." - www.actualtests.com 46
Ac
What should you do?
tua
You are employed as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. During the course of the day you receive an instruction from the CIO to remove a domain controller named CERTKILLER-DC01 from the domain. You need to execute this task using the easiest method.
lTe
sts
.co
QUESTION NO: 63 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. Your job function encompasses managing the CertKiller.com infrastructure. Due to company growth Tesckin.com acquired another company. You receive an instruction to merge the newly acquired company into your current domain and forest. Management wants you to create the domain of the new company as a new domain in order for it to be an addition the root domain of CertKiller.com. What should you do?
Answer: C
QUESTION NO: 64 You are the newly appointed network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. You receive an instruction from management to inform them which modes need to be used for Windows Server 2000, 2003 and 2008 in order to support domain controllers in an Active Directory domain. What should you inform them? A. You should inform them that Windows Server 2003 mode will accomplish this.
Ac
Explanation: Your best option in this scenario would be to create a new tree to form or add to a forest that is as simple as promoting a server to a domain controller for a new domain that does not share a namespace with an existing Active Directory domain. In order to have a new domain added to an existing forest, you should already encompass a minimum of one other domain. This domain then serves as the root domain for the whole forest.
tua
lTe
sts
A. You should consider tolerating a canonical name record with the purpose of translating to the new domain. B. You should consider joining the new domain to a new forest. C. You should consider joining the new domain to the current one. D. You should consider creating a new FQDN as well as using a secondary zone.
.co
47
Microsoft 70-640: Practice Exam B. You should inform them that Windows Server 2008 mode will accomplish this. C. You should inform them that Windows 2000 Native mode will accomplish this. D. You should inform them that Low-security mode will accomplish this. Answer: C Explanation: Windows 2000 Native mode will need to be used for Windows Server 2000, 2003 and 2008 to be capable of supporting domain controllers. Making use of this configuration will yield several Windows 2000 Server Active Directory features to be unavailable.
QUESTION NO: 65 CertKiller.com has hired you as a systems administrator for their network. You recently completed the installation of a Windows Server 2008 system into the CertKiller.com network. During the course of the day you come across the default accounts that are domain local. You receive an instruction from management to determine which accounts are not set up by default. What should you inform them?
Answer: E
Explanation: Every domain local group is correct apart from Remote Administrators; this does not form part of a default group created with the base OS install.
QUESTION NO: 66 CertKiller.com has employed you as a network administrator. You receive an instruction from the CIO to create the logical structure of the company from the active directory domains. In order to accomplish your task you need to determine the appropriate objects that will assist you in accomplishing this task. What should you do?
Ac
tua
A. The Administrators is not set up by default. B. The Backup Operators is not set up by default. C. The Guests is not set up by default. D. The Print Operators is not set up by default. E. The Remote Administrators is not set up by default. F. The Users is not set up by default.
lTe
sts
.co
48
Microsoft 70-640: Practice Exam A. This can be accomplished using Organizational units (OUs). B. This can be accomplished using Users. C. This can be accomplished using Sites. D. This can be accomplished using Trees. Answer: A Explanation: Organizational units are employed when a hierarchical structure needs to be created within a domain. Users are objects contained by the directory, sites are employed for physical planning and trees are relationships amid domains.
QUESTION NO: 67 You are employed as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. At present various groups in the organization are subdivided inside the Active Directory. To ensure productivity management wants the Finance group to be separated from the Sales group. You receive an instruction from the CIO to create a system of organizing for this subdivision as well as other groups. What should you do?
Answer: C Explanation: An OU is an organizational unit as well as a container object which is an Active Directory administrative partition. OUs are able to contain users, groups, resources as well as other OU's. You can utilize OUs to aid building an organization into your directory so that software updates can be rolled out to groupings of users and computers. OUs facilitate the assigning of administration to very well-defined subtrees of the directory. OUs are capable of being departments or groups and can be used to structure and manage your network in such a way that has a company's business organization reflected.
Ac
A. Your best option would be to build a container in LM Manager. B. Your best option would be to create a Sites and Services subnet grouping. C. Your best option would be to create OU's. D. Your best option would be to make use of Users and Groups.
tua
lTe
sts
.co
49
Microsoft 70-640: Practice Exam QUESTION NO: 68 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You receive an instruction from the CIO during the course of the day to determine what will happen to the copy of the Active Directory on other domain controllers for the same domain in the event of an authoritative restore of the entire Active Directory database. What should you identify? A. This will result in other domain controllers being automatically demoted. B. This will result in the Active Directory duplicating on the restored domain controller being overwritten. C. This will result in the Active Directory duplicating on other domain controllers being overwritten. D. This will result in the all data on the domain controllers being merged. Answer: C
QUESTION NO: 69
A CertKiller.com user named Rory Allen is a newly appointed junior technician in your department. Rory Allen is given a specific task on writing a report of converting a Windows Server 2008 workstation to a domain controller. Prior to starting his report he approaches you to determine what this process is called. What should you inform him? A. The process is named Promotion. B. The process is named Advertising. C. The process is named Reinstallation.
Ac
You are the newly appointed network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional.
tua
lTe
Explanation: An authoritative restore of the entire Active Directory database causes the restored copy to write over information stored on other domain controllers.
sts
.co
50
Microsoft 70-640: Practice Exam D. The process is named Conversion. Answer: A Explanation: The process of preparing a Windows Server 2008 workstation as a new domain controller is known as promotion. This is the only method to have Active Directory installed.
QUESTION NO: 70 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. The company runs Windows Server 2008 on all the servers on the network. You receive an instruction from the CIO to identify all logon attempts on the domain controllers that has failed. What should you do?
What should you do? A. This can be accomplished by creating multiple class schema objects from the Schema snap-in. B. This can be accomplished by creating multiple Group Policy objects from the Group Policy Management snap-in. C. This can be accomplished by creating multiple Password Setting objects from the ADSI Edit snap-in. D. This can be accomplished by creating multiple security policies from the Security Configuration Wizard. Answer: C "Pass Any Exam. Any Time." - www.actualtests.com 51
Ac
You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. The functional level of the forest is set at Windows Server 2008. You receive an instruction from the CIO to create multiple password policies for all CertKiller.com clients in the domain.
tua
QUESTION NO: 71
lTe
Answer: B
sts
A. You should consider viewing the Netlogon.log file. B. You should consider running Event Viewer. C. You should consider viewing running the Security and Configuration Wizard. D. You should consider viewing the Security tab on the domain controller computer object.
.co
QUESTION NO: 72 You work as the enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. The company runs Windows Server 2008 on all domain controllers on the network. At present the domain functional level as well as the forest functional level is set to Windows 2000 native mode. To ensure productivity management wants you to make sure that the UPN suffix for CertKiller.com is accessible for user accounts within the network. You thus need to determine the first step that should be executed to accomplish this. A. The CertKiller.com forest functional level should be raised to Windows Server 2003 or Windows Server 2008. B. The Primary DNS Suffix option in the Default Domain Controllers Group Policy Object (GPO) should be changed to CertKiller.com. C. The new UPN suffix should be added to the forest. D. The CertKiller.com domain functional level should be raised to Windows Server 2003 or Windows Server 2008. Answer: C
QUESTION NO: 73
You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Due to expansion, CertKiller.com has purchase 50 new computers. You receive an instruction from the CIO to install the 50 computers to be part of the CertKiller.com domain. You decide to create computer accounts in an organizational unit. What should you do? A. You should consider running the dsmod computer <computerdn> command. B. You should consider running the csvde f computers.csv command. C. You should consider running the Idifde f computers.Idf command. D. You should consider running the dsadd computer <computerdn> command. Answer: D
Ac
tua
lTe
sts
.co
52
Microsoft 70-640: Practice Exam QUESTION NO: 74 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com has its headquarters in Chicago and a branch office in Dallas. Jobs were created at the branch offices of CertKiller.com. Due to this, CertKiller.com has hired 15 new users in the Dallas office. CertKiller.com management wants the new users to connect to the headquarters via a VPN connection. You then grant the new users the Allow Read and Allow Execute permissions on their newly created accounts. The new users will make use of these permissions in order to access the shared resources at the Chicago office. You receive numerous complaints from the users stating that they are unable to access the shared resources in the Chicago office. To ensure productivity you need to make sure that a VPN connection is established to the Chicago office. What should you do?
Answer: A
Explanation: Section 2, Configure trusts (2 Questions)
QUESTION NO: 75
You are employed as the network administrator at CertKiller.com. The CertKiller.com network consists of two Active Directory domains named us.CertKiller.com and uk.CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. The domain was configured to cancel any trust relationship between the two. During the course of the day you receive an instruction from the CIO that shared resources between the domains are now needed. You thus decide to have a trust relationship between us.CertKiller.com and uk.CertKiller.com. Prior to taking further action you need to identify the statements that are true. What should you identify? "Pass Any Exam. Any Time." - www.actualtests.com 53
Ac
tua
lTe
A. Your best option would to give the Allow Access Dial-in permission to the new users. B. Your best option would to join the Windows Authorization Access security group to the new users. C. Your best option would to join the Remote Desktop Users security group to the new users. D. Your best option would to give the Allow Full control permission to the new users.
sts
.co
Microsoft 70-640: Practice Exam A. You should identify that uk.CertKiller.com clients will lack the permission to gain access to resources in us.CertKiller.com. B. You should identify that all us.CertKiller.com clients are able to access all resources in uk.CertKiller.com. C. You should identify that us.CertKiller.com clients will lack permission to gain access to resources in uk.CertKiller.com. D. You should identify that all uk.CertKiller.com clients are able to access resources in us.CertKiller.com. E. You should identify that resources cannot be shared amongst domains. Answer: A,C Explanation: A trust relationship will only allow the possibility of sharing resources amongst domains. It will not explicitly supply any permission. You need have the appropriate permissions configured in order to permit users access to resources in another domain.
QUESTION NO: 76
What should you tell her?
A. You should inform her Transitive two-way trusts. B. You should inform her Transitive trusts. C. You should inform her Two-way trusts. D. You should inform her Intransitive two-way trusts. Answer: A Explanation: A transitive two-way trust is automatically created amid the domains in a domain tree. Section 3, Configure sites (5 Questions)
Ac
tua
A CertKiller.com user named Kara Lang is a newly appointed technician in your department. She wants to know which trust types that are automatically created amongst the domains in a domain tree.
lTe
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista.
sts
.co
54
Microsoft 70-640: Practice Exam QUESTION NO: 77 CertKiller.com has employed you as a network administrator. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You need to determine the items that are not dependant on the DNS namespace. What should you identify? (Choose all that apply.) A. Domain forests are not dependant on the DNS namespace. B. DNS zones are not dependant on the DNS namespace. C. Organizational units (OUs) are not dependant on the DNS namespace. D. Domain trees are not dependant on the DNS namespace. E. Active Directory sites are not dependant on the DNS namespace. F. Domains are not dependant on the DNS namespace.
QUESTION NO: 78
The Active Directory of CertKiller.com forms part of four sites. You receive an instruction from the CIO to configure the site links to be transitive. You thus need to determine the Active Directory object that is responsible for representing a transitive relationship amid sites. What should you do? A. You should identify additional sites. B. You should identify Site link bridges. C. You should identify additional site links. D. You should identify Bridgehead servers. Answer: B
Ac
CertKiller.com has hired you as a systems administrator for their network. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista.
tua
lTe
sts
Explanation: OUs do not take part in the DNS namespace. OU's are mainly used for having objects named within an Active Directory domain. The naming for Active Directory objects, such as sites, is not dependant on DNS names either.
.co
Answer: C,E
55
Microsoft 70-640: Practice Exam Explanation: Site link bridges are built with intent to permit site links to be transitive. This permits site links to make use of other site links in order to have replication information transferred between sites. All site links are bridged yet, it is possible to turn off transitivity if you wish to override this behavior.
QUESTION NO: 79 You are the newly appointed network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. You decide to add various routers to the environment with the aim of reducing the amount of traffic going to and from the various areas of the network. Management wants you to reconfigure Active Directory Replication to reflect these changes. To accomplish this you need to identify the Active Directory objects that need to be modified in order to define the network boundaries for Active Directory sites. What should you do?
Answer: A
Explanation: Subnets define the specific network segments which are well linked.
QUESTION NO: 80
You are employed as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. The CertKiller.com network has alternate locations at two different sites. At present a T1 line as well as a dial-up line is used for redundancy connecting the sites. You receive an instruction from the CIO to determine whether replication occurs normally on the T1 line as well as ensuring that the dial-up line is only there as back up in the event of T1 going down. What should you do? "Pass Any Exam. Any Time." - www.actualtests.com 56
Ac
tua
lTe
A. You should consider modifying the Subnets. B. You should consider modifying the Site links. C. You should consider modifying the Site link bridges. D. You should consider modifying the Bridgehead servers.
sts
.co
Microsoft 70-640: Practice Exam A. This can be accomplished by raising the cost of the dial-up line. B. This can be accomplished by lowering the cost of the T1 line. C. This can be accomplished by lowering the cost of the dial-up line. D. This can be accomplished by raising the cost of the T1 line. Answer: A,B Explanation: Lower costs are preferred over higher costs. However, if the lower cost connection fails for any reason, the higher cost link will then be utilized.
QUESTION NO: 81 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. Your job function encompasses deploying sites and subnets within the CertKiller.com environment. You wish to verify that you have arranged your subnet objects correctly. You need to identify the subnet object that cannot be used. What should you identify?
Answer: C
Explanation: 192.168.256.0 is an invalid IP address and therefore will not work as a subnet object.
Section 4, Configure Active Directory replication (10 Questions)
QUESTION NO: 82 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All domain controllers on the CertKiller.com network run Windows Server 2003. "Pass Any Exam. Any Time." - www.actualtests.com 57
Ac
tua
A. You should not make use of 172.16.1.0 B. You should not make use of 10.1.1.0 C. You should not make use of 192.168.256.0 D. You should not make use of 11.1.1.0
lTe
sts
.co
Microsoft 70-640: Practice Exam During the course of the business day you receive an instruction from the CIO to have the domain controllers in the network upgraded to Windows Server 2008. You need to make sure replication is able to take place by the Sysvol share. A new CertKiller.com policy state that DFS Replication (DFS-R) be used in such instances. What should you do? A. This can be accomplished by running netdom/dfs-r. B. This can be accomplished by raising the functional level of the domain to Windows Server 2008. C. This can be accomplished by running dfsutil/addroot:sysvol. D. This can be accomplished by running dcpromo/attend:attendfile.xml. Answer: B
QUESTION NO: 83
What should you do?
A. You should consider having the System Performance data collector set started. B. You should consider having the Active Directory Diagnostics data collector set started. C. You should consider having a new capture created in the Network Monitor. D. You should consider having event log subscriptions set and configured. Answer: D
QUESTION NO: 84 You are employed as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory site named CertKiller-north.com. Due to the company expanding you create another Active Directory site named CertKiller"Pass Any Exam. Any Time." - www.actualtests.com 58
Ac
tua
A new CertKiller.com policy states that replication errors need to be captured to a central location. During the Course of the business day you receive an instruction from the CIO to capture the replication errors of all domain controllers in the CertKiller.com domain.
lTe
You are employed as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All domain controllers on the CertKiller.com network are configured to run Windows Server 2008 and all client computers run Windows XP Professional.
sts
.co
Microsoft 70-640: Practice Exam south.com. You receive an instruction from the CIO to configure Active Directory replication between CertKiller-north.com and CertKiller-south.com. To accomplish this you decide to install a new domain controller. After the installation you create the site link between CertKiller-north.com and CertKiller-south.com. What should your subsequent step be? A. You need to consider decreasing the site link cost between CertKiller-north.com and CertKillersouth.com. B. You need to consider configuring the new domain controller as a preferred bridgehead server for CertKiller-north.com. C. You need to consider configuring a new site link bridge object. D. You need to consider assigning a new IP subnet to CertKiller-south.com. Thereafter the new domain controller object should be moved to CertKiller-south.com. Answer: D
QUESTION NO: 85
What should you do? (Choose all that apply.) A. This can be accomplished by having the domain controllers configured as global catalog servers using Dsmod.exe. B. This can be accomplished by having the existing connection objects selected and replication forced from the Active Directory Sites and Services console. C. This can be accomplished by having the domain controllers configured as global catalog servers from the Active Directory Sites and Services console. D. This can be accomplished by forcing replication between the site connection objects using Repadmin.exe. Answer: B,D
QUESTION NO: 86 CertKiller.com has hired you as a systems administrator for their network. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the "Pass Any Exam. Any Time." - www.actualtests.com 59
Ac
tua
lTe
CertKiller.com has employed you as a network administrator. CertKiller.com has itsheadquarters in London and branch offices in Paris, Berlin, Milan and Athens. Every office is configured as a separate Active Directory site. Every site has its own domain controller. During the course of the day you disable an account that has administrative rights. You receive an instruction from the CIO to replicate the disabled account information to all CertKiller.com sites.
sts
.co
Microsoft 70-640: Practice Exam CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. You receive an instruction from the CIO to establish a replication scenario with reference to three domains as well as three sites without creating it manually. What should you do? A. You should use site links. B. You should use sites. C. You should use subnets. D. You should use connection objects. Answer: D Explanation: The connection objects are created automatically by the Active Directory replication engine as standard. You can decide whether or not to override the default behavior of Active Directory replication topology by creating Connection objects manually; however this step is not necessary.
QUESTION NO: 87
During routine monitoring you detect that new employees are not replicating properly on your Windows Server 2008 server. To ensure productivity you need to verify the replication of the domain controllers. What should you do?
A. You should consider employing the RepAdmin utility. B. You should consider employing the RepConsole utility. C. You should consider employing the RepMonitor utility. D. You should consider employing the RepView utility. Answer: A Explanation: RepAdmin is a command line utility which is used to view as well as configure Windows Server 2008 replication amid domain controllers.
Ac
tua
lTe
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista.
sts
.co
60
Microsoft 70-640: Practice Exam QUESTION NO: 88 You are employed as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. You have a strong suspicion that there is an error in the replication configuration. You decide to locate the error message pertaining to replication. What should you do? A. You should consider viewing the Event Viewer Directory Service log. B. You should consider using the Active Directory Sites and Services administrative tool. C. You should consider using the Computer Management tool. D. You should consider viewing the Event Viewer System log. Answer: A
QUESTION NO: 89
You are responsible for managing three domain controllers named CERTKILLER-DC01, CERTKILLER-DC02 and CERTKILLER-DC03. During routine monitoring you discover that these domain controllers always have Knowledge Consistency Checker (KCC) errors popping up in the directory services Event Viewer log. You need to establish the reason for this predicament. What is the likely reason? A. This will occur due to problems linked with Global Catalog placement. B. This will occur due to DNS problems. C. This will occur due to Replication problems. D. This will occur due to Name resolution problems. Answer: C Explanation: "Pass Any Exam. Any Time." - www.actualtests.com 61
Ac
tua
You are the newly appointed network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista.
lTe
sts
Explanation: The Directory Service event log will hold all error messages as well as information linked to replication. These details are helpful when troubleshooting replication problems.
.co
Microsoft 70-640: Practice Exam Due to the nature of KCC errors it is vital to realize that they directly relate to replication problems, site linkage issues, et cetera. KCC errors pinpoints replication problems.
QUESTION NO: 90 CertKiller.com has employed you as a network administrator. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You need to determine which AD service is responsible for maintaining the replication topology. What should you identify? A. The Windows Internet Name Service will accomplish this. B. The File Replication Service will accomplish this. C. The Domain Name System will accomplish this. D. The Knowledge Consistency Checker will accomplish this. Answer: D
QUESTION NO: 91
A new CertKiller.com policy states that replication errors need to be captured to a central location. You need to determine a method that will ensure that the domain controller replication errors are captured to the central location. What should you do? A. This can be achieved by installing Network Monitor. Thereafter a new capture can be created. B. This can be achieved by ensuring that the System Performance data collector set is started. C. This can be achieved by ensuring that event log subscriptions are configured. D. This can be achieved by ensuring that the Active Directory Diagnostics data collector set is started. "Pass Any Exam. Any Time." - www.actualtests.com 62
Ac
You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All domain controllers on the CertKiller.com network are configured to run Windows Server 2008.
tua
lTe
Explanation: The Knowledge Consistency Checker (KCC) is accountable for setting up the replication topology as well as ensuring that all domain controllers are kept current.
sts
.co
Microsoft 70-640: Practice Exam Answer: C Explanation: Section 5, Configure the global catalog (4 Questions)
QUESTION NO: 92 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional and the rest run Windows Vista. CertKiller.com has its headquarters in Seattle and branch offices in Dallas, Phoenix, Miami and Chicago. At every office an Active Directory site with one domain controller is installed. All domain controllers at the Seattle office is configured as Global Catalog Servers. You receive an instruction from the CIO to ensure that the Universal Group Membership Caching (UGMC) option is deactivated at the branch office level. You thus need to identify the appropriate level where this should be deactivated. A. You should consider deactivating the UGMC on the Server level. B. You should consider deactivating the UGMC on the Site level. C. You should consider deactivating the UGMC on the domain level. D. You should consider deactivating the UGMC on the Connection object level. Answer: B
QUESTION NO: 93
CertKiller.com has employed you as a junior technician. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You need to identify the computers on the CertKiller.com network that will contain a copy of the Global Catalog (GC). What should you identify? A. You should identify the specific Active Directory domain controllers. B. You should identify the Active Directory computers. C. You should identify all the Active Directory domain controllers. D. You should identify all the Windows NT domain controllers.
Ac
tua
lTe
sts
.co
63
Microsoft 70-640: Practice Exam Answer: A Explanation: CertKiller.com systems administrators have the ability to define which domain controllers in the environment contain a copy of the GC. However the GC does contain information regarding every domain in the environment, it does not need to reside on every domain controller.
QUESTION NO: 94 CertKiller.com has hired you as a systems administrator for their network. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. A CertKiller.com user named Kara Lang is a junior technician in your department. Kara Lang wants to know which server forms part of the Active Directory topology as well as the schema information repository for the Active Directory. What should you tell her? A. You should tell her the Global Catalog. B. You should tell her the Domain Controller. C. You should tell her the Domain Partition. D. You should tell her the Schema Master. Answer: A
QUESTION NO: 95 You work as an enterprise administrator at CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com has its headquarters in Chicago and a branch office in Miami. The Miami office is configured as a separate Active Directory site and consists of an Active Directory domain controller named CERTKILLER-DC06. You receive an instruction from the CIO to install a new application at the Miami office. In order for the application to run a Global Catalog server is required. To ensure productivity at the Miami office you decide to setup CERTKILLER"Pass Any Exam. Any Time." - www.actualtests.com 64
Ac
Explanation: The Global Catalog holds information regarding multiple domains. Having more Global Catalog servers added is capable of greatly increasing the performance of operations such as shared folder and printer searches. The other options are features of Active Directory, yet they have not been designed for fast searching across numerous domains.
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam DC06 as a Global Catalog server. What should you do? A. This can be accomplished using the Computer Management console in order to configure CERTKILLER-DC06 as a Global Catalog server. B. This can be accomplished using the Dcpromo.exe utility in order to configure CERTKILLERDC06 as a Global Catalog server. C. This can be accomplished using the Server Manager console in order to configure CERTKILLER-DC06 as a Global Catalog server. D. This can be accomplished using the Active Directory Domains and Trusts console in order to configure CERTKILLER-DC06 as a Global Catalog server. E. You should consider using the Active Directory Sites and Services console to configure the CERTKILLER-DC06 as a Global Catalog server. Answer: E Explanation: Section 6, Configure operations masters (10 Question)
QUESTION NO: 96
The CertKiller.com network contains two domain controllers named CERTKILLER-DC01 and CERTKILLER-DC02. CERTKILLER-DC01 is configured to host the Schema Master Role. During the course of the day you discover that CERTKILLER-DC01 has failed. In order to rectify the problem you log on to the Active Directory using the administrator account. You attempt to transfer the Schema Master Operations role but are unsuccessful in accomplishing this task. Management wants you to make sure that CERTKILLER-DC02 is configured to host the Schema Masters Role. What should you do? A. Your best option would be to configure CERTKILLER-DC02 as a Primary domain controller. B. Your best option would be to seize the Schema Master role on CERTKILLER-DC02. C. Your best option would be to register Schemamt.dll on the Active Directory domain. Thereafter the Active Directory Schema snap-in can be started. D. Your best option would be to join the Schema Administrators group. Thereafter the Schema settings should be modified to save records on CERTKILLER-DC02. "Pass Any Exam. Any Time." - www.actualtests.com 65
Ac
tua
CertKiller.com has employed you as a network administrator. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista.
lTe
sts
.co
Microsoft 70-640: Practice Exam Answer: B Explanation: To ensure that CERTKILLER-DC02 holds the Schema Master role you need to seize the Schema Master role on CERTKILLER-DC02. Seizing the schema master role is a drastic step that should be considered only if the current operations master will never be available again. So to transfer the schema master operations role, you have to seize it on CERTKILLER-DC02. Reference: http://technet2.microsoft.com/windowsserver/en/library/d4301a14-dd18-4b3c-a3ccec9a773f7ffb1033.mspx?mfr=true
QUESTION NO: 97 CertKiller.com has appointed you as a network developer. You completed the deployment of a single Active Directory domain named CertKiller.com. At present the company makes use of the Active Directory schema for storing essential data linked to its members. Most of the information fields you intend supporting are already included with the basic Active Directory schema. However you require another field-a "security clearance level" value-that is not supported. You want to take advantage from the extensibility of Active Directory by having the required filed added to the properties of a User object. You need to determine on which server the modifications can be made. What should you do?
Answer: D
Explanation: The Schema Master is the lone server within Active Directory to which alterations to the schema can be made.
QUESTION NO: 98 You are the newly appointed network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. You receive an instruction from the CIO to keep track of licensing with the licensing "Pass Any Exam. Any Time." - www.actualtests.com 66
Ac
A. You should make modifications on a domain controller. B. You should make modifications on the Global Catalog. C. You should make modifications on a member server. D. You should make modifications on the Schema Master.
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam server. To accomplish this you need to determine where you can configure the licensing server to ensure that you are compliant. What should you do? A. Licensing will need to be configured in the Control Panel under the Licensing Applet. B. Licensing will need to be configured in the Registry under the HKEY_ClASSES_ROOT key. C. Licensing will need to be configured in the Computer Management MMC. D. Licensing will need to be configured in the Active Directory Sites and Services tool. Answer: D Explanation: As a systems administrator, you may wish to utilize the Licensing Service to keep track on your compliance. This can be accomplished in the Active Directory Sites and Services administration tool.
QUESTION NO: 99
What should you inform the technician?
Answer: A Explanation: When you are a member of the Enterprise Admins group you are assigned full permissions to administer all domains in an Active Directory forest.
QUESTION NO: 100 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest "Pass Any Exam. Any Time." - www.actualtests.com 67
Ac
A. This can be accomplished when one is a member of the Enterprise Admins group. B. This can be accomplished when one is a member of the Domain Users group. C. This can be accomplished when one is a member of the Domain Admins group. D. This can be accomplished when one is a member of the Administrators group.
tua
lTe
You are employed as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. A newly appointed technician in your department wants to know in which group members have the authorization to execute actions in multiple domains.
sts
.co
Microsoft 70-640: Practice Exam run Windows Vista. You receive an instruction from the CIO to install the Active Directory Federation Services (AD FS). To accomplish this task you need to determine the appropriate applications needed for your installation. What should you do? A. You should consider using Server Set-Up. B. You should consider using Server Manager. C. You should consider using Role Manager. D. You should consider using Add/Remove Programs-Services. Answer: B Explanation: Your best option in this scenario would be to make use of Server Manager. Server Manager is a Microsoft Management Console (MMC) snap-in which allows you to view information regarding server configuration, status of roles that are installed as well as links for having features and roles added and removed.
QUESTION NO: 101
A. The security requirements are irrelevant in your OU design. B. The system administration requirements are irrelevant in your OU design. C. The physical network topology is irrelevant in your OU design. D. The business organizational requirements are irrelevant in your OU design. Answer: C Explanation: Organizational Units are created to reflect a company's logical organization. Due to your concentration on the OU structure, you need to be primarily concerned with business requirements. Other Active Directory features could be utilized to assist the network topology and technical issues for example the performance and scalability.
Ac
tua
CertKiller.com has employed you as a consultant. You are in the process of designing the Active Directory environment of CertKiller.com. You main focus is to concentrate on the organization unit (OU) structure. Other consultants will be responsible for preparing the technical issues. You need to devise a list of data needed to create the OU structure for a single domain. You need to determine the data that is irrelevant to you when designing the OU structure.
lTe
sts
.co
68
Microsoft 70-640: Practice Exam QUESTION NO: 102 CertKiller.com has hired you as a systems administrator for their network. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. You are responsible for managing the IT department situated at the head quarters. You receive an instruction from management to deploy three Windows Server 2008 systems. To ensure productivity within your department after deployment you need to understand the normal load put on the systems under regular operations. What should you do? A. Your best option would be to set up Task Manager. B. Your best option would be to deploy the Alerts in the Performance Console. C. Your best option would be to make use of Network Monitor to view the current and future load. D. Your best option would be to establish a baseline of the current performance. Answer: D
QUESTION NO: 103
You are the newly appointed network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. During routine monitoring you discover that a domain controller is not performing properly. You check and discover that it is not a server performance error. You need to identify where you will be able to get more information regarding the errors that are taking place or a specific problem that prevent the domain controller from functioning properly. What should you do?
Ac
tua
Explanation: By determining a baseline of the current performance of your systems you will get an impression of how they normally operate. You will then know when they are not performing as expected due to the charts being off. Ensure this procedure is documented and consider arranging a linear rather than circular log.
lTe
sts
.co
69
Microsoft 70-640: Practice Exam A. You should check in the Event Viewer. B. You should check in the Network Monitor. C. You should check in the Performance Monitor. D. You should check in the Task Manager. Answer: A Explanation: The Event Viewer is the optimum tool for viewing information, warnings and alerts that are linked to Windows Server 2008 functions.
QUESTION NO: 104 You are employed as the systems administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. At present the operating system is booted using the Directory Services Restore mode. During the course of the day you attempt to log in using a Domain administrator account but are unable to do so. You need to determine the reason why you are unable to log in. What should you identify?
Answer: A Explanation: When you boot in Directory Services Restore mode the Active Directory is not started and network services are all disabled. The systems administrator will therefore have to make use of a local account in order to log in.
QUESTION NO: 105 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network "Pass Any Exam. Any Time." - www.actualtests.com 70
Ac
A. You are unable to log in because the Active Directory services are unavailable as a result you need to make use of the local Administrator password. B. You are unable to log in because another domain controller is unavailable to authenticate the login. C. You are unable to log in because the permissions on the domain controller do not allow users to log on locally. D. You are unable to log in because another domain administrator disabled the account.
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You are responsible for all the servers in the CertKiller.com environment. During the course of the day whilst monitoring the Event Viewer logs you discover that a driver failed to load the startup. You decide to check whether the event was recorded. To accomplish this you need to check the appropriate logs in order to find the entry. What should you do? A. You should need to check the System log. B. You should need to check the Security log. C. You should need to check the Event log. D. You should need to check the Application log. Answer: A
QUESTION NO: 106 DRAG DROP Exhibit:
A server named CK-LDS1 resides in the CertKiller LAN and has the Active Directory Domain Services (AD DS) role and the Active Directory Lightweight Directory Services (AD LDS) role installed. An AD LDS instance named CKLDS1 stores its data on the default application directory partition. The drive letters, size and space available on the CK-LDS1 server are configured as shown in the table exhibit. You find that the AD LDS database files are growing quickly, so you decide to relocate the AD LDS application partition to the D: drive where more space is available. Which three actions should you perform, and in what order? Note: Some answer choices will not be used. "Pass Any Exam. Any Time." - www.actualtests.com 71
Ac
tua
lTe
sts
Explanation: You make use of Event Viewer to view the logs. The system log is where the Windows system components event logs are confined. When a driver fails to load during startup it will be recorded in the system log. Windows has the events which are logged by system components predetermined.
.co
Answer:
Explanation:
Ac
tua
lTe
sts
.co
72
QUESTION NO: 107
What should you do?
A. You should use the wsamain.exe to test the certificate with AD LDS. B. You should use the ntdsutil.exe to test the certificate with AD LDS. C. You should use the Ldp.exe to test the certificate with AD LDS. D. You should use the Lds.exe to test the certificate with AD LDS. E. You should use the Active Directory Domain services to test the certificate with AD LDS. Answer: C Explanation: You need to use the Ldp.exe test the certificate with AD LDS. A certificate should be present on CERTKILLER-SR12 to establish an SSL connection to AD LDS. Furthermore, if you want to set up the SSL, you need a certificate marked for server authentication from a trusted CA that should be installed on the server, in this case CERTKILLER-SR12, which is running AD LDS. You shod also "Pass Any Exam. Any Time." - www.actualtests.com 73
Ac
tua
CertKiller.com contains a server named CERTKILLER-SR12 that has the Active Directory Lightweight Directory Services (AD LDS) installed. A New Tesckng.com policy requires you to enable Secure Sockets Layer (SSL) based connections to CERTKILLER-SR12. You have made use a trusted Certification Authority (CA) to install certificates on CERTKILLER-SR12 and the client computers at CertKiller.com. However, you need to test the certificates.
lTe
sts
You are employed as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008.
.co
Microsoft 70-640: Practice Exam run the ldp.exe to test the certificate with CERTKILLER-SR12. Thereafter you should connect to the local instance of AD LDS by employing SSL.
QUESTION NO: 108 You are a newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a server named CERTKILLER-SR13 that has the Active Directory Lightweight Directory Services (AD LDS) role installed. CERTKILLER-SR13 contains an AD LDS instance named CK_Data. The default application directory partition is used by the instance to store data. You need to relocate CK_Data to the D: Drive. What should you do? (Choose THREE. Each answer forms part of the solution) A. The best option is to run the net stop CERTKILLER-SR13 command. B. The best option is to run the net stop "Domain Controller" command. C. The best option is to use the Ntdsutil tool to move the database files. D. The best option is to run the xcopy command to move the database files. E. The best option is to run the net start CERTKILLER-SR13 command. F. The best option is to run the net start "Domain Controller" command. Answer: A,C,E
Reference : Using Ntdsutil http://technet2.microsoft.com/windowsserver/en/library/5b1d983d-ffab-4514-a95e6aa0420dacb51033.mspx?mfr=true Reference : Event ID 1136 - Schema Operations http://technet2.microsoft.com/windowsserver2008/en/library/6a5d89c1-81df-445b-b67dd5ce9b0fed921033.mspx?mfr=true
QUESTION NO: 109 You are a newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the "Pass Any Exam. Any Time." - www.actualtests.com 74
Ac
Explanation: You should use the Ntdsutil tool to relocate the AD LDS application partition. With the Ntdsutil tool you can manage the Active Directory. To use this toll, you need to stop the NTDS service with the net stop command and start the NTDS service using net start command on CERTKILLER-SR13.
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam CertKiller.com network run Windows Server 2008. CertKiller.com contains a server named CERTKILLER-SR14 that has the Active Directory Lightweight Directory Services (AD LDS) installed. You need to create a backup strategy for Active Directory Lightweight Directory Services (AD LDS) which will back up data and log files on a regular basis. Due to little media resources, only specific AD LDS instance will be backed up. What should you do? A. The best option is to select the checkbox to take only the backup of database and log files of AD LDS by using the Windows Server backup utility. B. The best option is to use the windows server backup utility and move AD LDS database and log files on a separate volume. C. The best option is to create installation media with the Dsdbutil.exe tool which will only corresponds to the AD LDS instance. D. None of the above Answer: C
Reference : Step 1: Back Up AD LDS Instance Data http://technet2.microsoft.com/windowsserver2008/en/library/8e82c111-32da-430e-a954c0dbe9f4607f1033.mspx?mfr=true
QUESTION NO: 110
You are working as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a server named CERTKILLER-SR15 that has the Active Directory Lightweight Directory Services (AD LDS) installed. During the course of the business day you receive an instruction from the CIO to have new Organizational Units (OU's) created in the directory partition of the AD LDS application. What should you do? A. The best option is to use of the dsmod OU <OrganizationalUnitDN> command. B. The best option is to use of the ADSI Edit Snap-in. C. The best option is to use of the dsadd OU <OrganizationalUnitDN> command. D. The best option is to use of the Active Directory Users and Computers snap-in. "Pass Any Exam. Any Time." - www.actualtests.com 75
Ac
tua
lTe
sts
Explanation: You need to use the Dsdbutil.exe tool to create installation media that corresponds only to the AD LDS instance. By this you can only back up specific AD LDS instances.
.co
Microsoft 70-640: Practice Exam Answer: B Explanation: You need to use the ADSI Edit snap-in to create new OUs in the AD LDS application directory partition. You also need to add the snap-in in the Microsoft Management Console (MMC).
QUESTION NO: 111 You are working as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a server named CERTKILLER-SR16 that has the Active Directory Lightweight Directory Services (AD LDS) installed. You receive an instruction from the CIO to test AD LDS. To accomplish this you decide to replicate the AD LDS instance on a test computer that is located on the network. What should you do?
Answer: C
Explanation: You need to run the AD LDS setup wizard on the test computer to create and install a replica of AD LDS. The AD LDS setup wizard has an option to replicate the AD LDS instance on another computer.
QUESTION NO: 112 DRAG DROP CertKiller.com has a server named CKD1. Active Directory Domain Services (AD DS) role and the Active Directory Lightweight Services (AD LDS) role are installed on CKD1. An instance of AD LDS named ELDS1 stores its data on the C: drive. You need to relocate the ELDS1 instance to the D: drive. Which three actions should you perform in sequence to achieve this task? (To answer, move the three appropriate actions from the list of action on the left to the list on the right in a correct order.) "Pass Any Exam. Any Time." - www.actualtests.com 76
Ac
tua
A. The best option is to run the repadmin/bs <servername> command on the test computer. B. The best options are to copy and pasting the entire partition on the test computer and configure a new AD LDS instance. C. The best option is to create and install a replica of AD LDS on the test computer and run the AD LDS Setup wizard. D. The best option is to create a naming context on the test computer by running the Dsmgmt command.
lTe
sts
.co
Explanation:
Ac
tua
lTe
sts
.co
Answer:
77
QUESTION NO: 113
You are a newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a server named CERTKILLER-SR17 that has the Active Directory Lightweight Directory Services (AD LDS) role installed. The AD LDS contains three instances. However, you need to uninstall the present Active Directory Lightweight Directory Services (AD LDS) role and install a new role. You then use the ocsetupcommand with the /uninstall switch, but with no avail. What should you do next?
A. The best option is to remove the three instances as well as the role by using the Server Manager. B. The best option is to reboot CERTKILLER-SR17 to allow the running setup processes to complete and then use the uninstall command. C. The best option is to uninstall the three instances and then run the ocsetup /uninstall via the Programs and Features. D. The best option is to run the oclist command to confirm the syntax of the option you need to remove and then use the ocsetup command with the correct syntax. Answer: C
Ac
tua
lTe
sts
.co
78
Microsoft 70-640: Practice Exam Explanation: The best option is to remove the three instances before you remove the server from the role. Incorrect Answers: A: You need to remove the three instances before removing the role. The Server Manager will not solve the problem. B: It is very difficult to determine when the setup process is finished because it will answer with a command prompt when the operation is complete. Furthermore, there are no setup processes after a reboot. Thus AD LDS cannot be uninstalled. D: It is true that Oclist will give you the names of the roles and the attributes. However, you contain a full Windows Server 2008 installation. Because of this, Oclist does not function on a full installation.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
What should you do?
Answer: A
Explanation: You should make use of the Active Directory Sites and Services to configure sites. This is also important when you are configuring geographical allocated LDS implementations. Incorrect Answers: B: You cannot us the Active Directory Users and Computers, because it is not supported in the LDS implementation. C: The Active Directory Domains and Trusts is not supported in the LDS implementation. D: The Active Directory Licensing Manager does not there.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions Section 2, Configure Active Directory Rights Management Service (AD RMS) (7 Questions)
Ac
tua
A. The best option is to use the Active Directory Sites and Services. B. The best option is to use the Active Directory Users and Computers. C. The best option is to use the Active Directory Domains and Trusts. D. The best option is to use the Active Directory Licensing Manager.
lTe
sts
You are a newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. You have received instructions from the CIO to install the Windows Server 2008 Lightweight Directory Services.
.co
QUESTION NO: 114
79
Microsoft 70-640: Practice Exam QUESTION NO: 115 You are a newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. The functional level of CertKiller.com is set at Windows Server 2003. The client computers at CertKiller.com run with the Windows Vista operating system. CertKiller.com contains a server that has the Active Directory Rights Management Services (AD RMS) installed. During a routing monitoring you notice that the users do not use the full extends from the AD RMS, which will protect their documents. The users need to benefit from the AD RMS to protect their documents. What should you do? A. The best option is to add and configure ADRMSADMIN account in local administrators group on the client computers B. The best option is to add and configure the ADRMSSRVC account in AD RMS server's local administrator group C. The best option is to configure an email account for each user the Active Directory Domain Services (AD DS). D. The best option is to reinstall the Active Directory domain on the client computers Answer: C
Reference: http://technet2.microsoft.com/windowsserver2008/en/library/c8f83d5b-e10d-4c31-8af9d2afb076dbf81033.mspx?mfr=true
QUESTION NO: 116 You are working as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 all client computers run Windows Vista. You have received instructions from the CIO to deploy Active Directory Certificate service (AD CS) which will authorize the CertKiller.com users by issuing digital certificates. You need to manage the certificate settings on the client computers from one main location. "Pass Any Exam. Any Time." - www.actualtests.com 80
Ac
tua
Explanation: You need to configure an email account in Active Directory Domain Services (AD DS) for the user. Doing this you will be able to configure AD RMS to enable users to use it and protect their documents. The AD RMS must use AD DS, which will then regulate access to rights-protected content for all AD RMS users.
lTe
sts
.co
Microsoft 70-640: Practice Exam What should you do? A. The best option is to configure the Enterprise CA certificate settings. B. The best option is to configure the Enterprise trust certificate settings. C. The best option is to configure the Advance CA certificate settings. D. The best option is to configure the Group Policy certificate settings. Answer: D Explanation: You need to configure Group Policy certificate settings. This will allow you to manage certificate settings on the client computers from one location. If you use a group policy to configure the certificate setting, it will change the setting in the entire domain. You can use server manager to configure AD CS because the AD CS is a certificate service that is a type of server role in Windows Server 2008.
QUESTION NO: 117
A. The best option is to create an e-mail account in Active Directory Domain Services (AD DS) for each user. B. The best option is to use a group policy to install the AD RMS client computers which will protect their documents. C. The best option is add the ADRMSADMIN account to the local administrators group on client computers which will protect their documents. D. The best option is add the ADRMSSRVC account to the local administrators on the AD RMS server which will protect their documents. E. The best option is upgrade the functional level from Windows Server 2003 to Windows 2008 server. Answer: A
Ac
What should you do?
tua
CertKiller.com contains a server that has the Active Directory Rights Management Services (AD RMS) installed. The employees at CertKiller.com have a complaint that they cannot protect their documents. The employees need to protect their documents.
lTe
You are a newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. The functional level of CertKiller.com is set at Windows Server 2003. The client computers at CertKiller.com run with the Windows Vista operating system.
sts
.co
81
Microsoft 70-640: Practice Exam Explanation: You need to configure an email account in Active Directory Domain Services (AD DS) for the user. Doing this you will be able to configure AD RMS to enable users to use it and protect their documents. You can use Microsoft Word, Outlook, or PowerPoint in Microsoft Office 2007 to enable AD RMS. AD RMS can be integrated with other technologies such as smart cards. Reference : Active Directory Rights Management Services Overview http://technet2.microsoft.com/windowsserver2008/en/library/74272acc-0f2d-4dc2-876f15b156a0b4e01033.mspx?mfr=true
QUESTION NO: 118 You are working as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run different operating systems that consist of Windows 2000, Windows 2003, and Windows 2008. The client computers at CertKiller.com run with the Windows XP and Windows Vista. The domain controllers at CertKiller.com are running Windows server 2008 as seen in the following exhibit. You have received instructions from the CIO to install Active Directory Rights Management System (AD RMS) to give user authentication and to secure the documents and spreadsheets. What should you do?
A. The best option is to install AD RMS on CERTKILLER-DC01 and upgrade the XP computers to Windows Vista. B. The best option is to run the latest service pack on the XP Computers and then deploy the RMS client on all the computers. You should also install AD RMS on CERTKILLER-SR11. C. The best option is to run the latest service pack on the XP Computers and then deploy the RMS client on all the computers. You should also install AD RMS on CERTKILLER-DC01. D. The best option is to install AD RMS on CERTKILLER-SR11 and upgrade the Windows XP computers to Windows Vista. Answer: B Explanation: You need to run the latest service pack on the XP Computers and then deploy the RMS client on all the computers. You should also install AD RMS on CERTKILLER-SR11. This will secure all documents, spreadsheets and user authentication. Furthermore, you cannot install the AD RMS on a Domain controller, only on a member server. Reference : Pre-installation Information for Active Directory Rights Management Services "Pass Any Exam. Any Time." - www.actualtests.com 82
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam http://technet2.microsoft.com/windowsserver2008/en/library/878e9550-5966-40f3-862c7ea309ddb0ed1033.mspx?mfr=true Reference : Active Directory Rights Management Services Overview http://technet2.microsoft.com/windowsserver2008/en/library/74272acc-0f2d-4dc2-876f15b156a0b4e01033.mspx?mfr=true
QUESTION NO: 119 You are a newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of an Active directory forest. The functional level of the forest is set at Windows Server 2008. The client computers at CertKiller.com run with the Windows Vista operating system. CertKiller.com contains a server named CERTKILLER-DB04 that is running Microsoft SQL server 2005. CERTKILLER-DB04 is hosting the Active Directory Rights Management Service (AD RMS) which will allow the user to have access to the database service. However, when you open the AD RMS administration website, you received a message telling you that the SQL Server does not exist or access is denied. You need to access the AD RMS administration website to correct the problem. What should you do? (Choose TWO. Each answer forms part of a complete solution) A. You need to reboot the Internet Information Server (IIS). B. You need to install and configure Message Queuing. C. You need to start the MSSQLSVC service. D. You need to delete the AD RMS instance and the SQL server and reinstall it. Answer: A,C
Explanation: You need to restart the internet information server (IIS) to correct the problem. The starting of the MSSQULSVC service will allow you to access the database from AD RMS administration website.
QUESTION NO: 120 You are working as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 all client computers run Windows Vista. You have received instructions from the CIO to secure the documents and that the emails should use Microsoft Office 2007 Enterprise. What should you do? "Pass Any Exam. Any Time." - www.actualtests.com 83
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam A. The best option is to install the Active Directory Rights Management Service (AD RMS). B. The best option is to install the Active Directory Federation Services (AD FS). C. The best option is to install the Active Directory Certificate Services (AD CS). D. The best option is to install the Active Directory Lightweight Directory Services (AD LDS). Answer: A Explanation: If you are using the Active Directory Rights Management Service (AD RMS), you can establisih the access of the users (open, read, modify, etc.). It can also be used to to secure email messages, internal websites, as well as documents.
QUESTION NO: 121 You are an enterprise administrator for CertKiller.com. The company runs Windows Server 2008 on all the servers on the network. A new security policy states that all documents and e-mails using Microsoft Office 2007 Enterprise needs to be secure. You need to install a service to accomplish this set requirement. Which service should you install? A. The best option is to install the Active Directory Lightweight Directory Services (AD LDS). B. The best option is to install the Active Directory Federation Services (AD FS). C. The best option is to install Active Directory Rights Management Service (AD RMS). D. The best option is to install Active Directory Certificate Services (AD CS). Answer: C
Explanation: The Active Directory Rights Management Services will allow you to ascertain which access the users and administrators should have. You can also use this to secure email messages, internal websites, as well as documents. Incorrect Answers: A: You should not use the AD LDS. It enabled applications to store and retrieve information without needing the dependencies AD DS requires. B: You should not use the AD FS. This has the ability to do a single sign-on as well as accessing other networks without requiring a secondary password. D: You should not use the AD CS. This is use to configure services for issuing and managing public key certificates.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit Independent and Complete Self-Paced Solutions Section 3, Configure the read-only domain controller (RODC) (14 Questions)
QUESTION NO: 122
Ac
tua
lTe
sts
.co
84
Microsoft 70-640: Practice Exam You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a RODC (read-only domain controller) server named CERTKILLER-DC01 that resides in a remote location. The remote location lack suitable physical security. You have received instructions from the CIO to activate and populate non-administrative accounts passwords on CERTKILLER-DC01. What should you do? A. The best option is to add the administrative accounts in the Domain RODC Password Replication Denied group. B. The best option is to delete all administrative accounts from the RODC's group C. The best option is to configure the permission to Deny on Receive for administrative accounts on the security tab for Group Policy Object (GPO) D. The best option is to add a new GPO and enable Account Lockout settings. Thereafter you should link it to the remote RODC server and on the security tab on GPO. You should also check the Read Allow and the Apply group policy permissions for the administrators. Answer: A
QUESTION NO: 123 You are working as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest. The servers on the CertKiller.com network runs Windows Server 2008 and Windows server 2003. CertKiller.com has its headquarters in Chicago and a branch office in Dallas. CertKiller.com contains a server that has Active Directory Domain Services (AD DS) installed. The Dallas office does not have an administrator or IT personnel. You have received instruction from the CIO to setup a Read-Only Domain Controller (RODC) on the Server Core installation computer in Dallas.
Ac
Explanation: You need to configure the administrative accounts to be added in the Domain RODC Password Replication Denied Group, to populate CERTKILLER-DC01 with non-administrative accounts passwords. The password replication policy will act as a access control list. For nonadministrative passwords, you have to add the administrative accounts in the RODC password replication denied group so that the password could not be cached. The Password Replication policy lists the accounts that are permitted to be cached and the account that are denied from being cached.
tua
lTe
sts
.co
85
Microsoft 70-640: Practice Exam What should you do? A. You need to run an unattended installation of AD DS. B. You need to run an attended installation of AD DS. C. You need to run RODC through AD DS. D. You need to run AD DS by using the image of AD DS. Answer: A Explanation: You need to run an unattended installation of AD DS to setup RODC at the branch office. Domain Controllers can be installed very easily by using RODC. You can also install RODC on a Server Core installation of Windows Server 2008. However, you need to be a member of the Domain Admins group or authority to perform installation in order to install RODC. You should not perform an attended installation of AD DS because you won't be able to install RODC on a Server Core installation. Only unattended installations of AD D S can be performed to install RODC.
QUESTION NO: 124
A. The best option is to set up RODC filtered attribute set on CERTKILLER-DC02. B. The best option is to set up RODC filtered set on the server that holds Schema Operations Master role. C. The best option is to set up forest functional level server for Windows server 2008 to configure filtered attribute set D. The best option is to delegate local administrative permissions for an RODC to any domain user without granting that user any user rights for the domain E. None of the above Answer: B,C Explanation:
Ac
What should you do?
tua
CertKiller.com contains a RODC (read-only domain controller) server named CERTKILLER-DC02 that resides in a remote location. A new CertKiller.com security policy requires that no passwords and encryption keys be stored on CERTKILLER-DC02. You need to make sure that the passwords and encryption keys cannot be stored on CERTKILLER-DC02.
lTe
sts
You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008.
.co
86
Microsoft 70-640: Practice Exam You need to configure a filtered attribute set. This will ensure that the critical credentials are not replicated. You also need to then set up the RODC filtered set on the server that holds Schema Operations Master role. If you want to set up filtered attribute, you need to use forest functional level server for Windows server 2008. This will also allow you to use a Windows Server 2003 domain controller to replicate the attributes. However, if forest functional level server is Windows Server 2008 then an RODC that is compromised cannot be exploited in this manner because domain controllers that are running WindowsServer2003 are not allowed in the forest. Reference : AD DS: Read-Only Domain Controllers / RODC filtered attribute set http://technet2.microsoft.com/windowsserver2008/en/library/ce82863f-9303-444f-9bb3ecaf649bd3dd1033.mspx?mfr=true
QUESTION NO: 125 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com has its headquarters in Chicago and a branch office in Dallas. You are in the process of deploying a read-only domain controller named CERTKILLER-DC05 in the Dallas office. You receive an instruction from the CIO to allow all users located at the Dallas office access to CERTKILLER-DC05. You are also informed to notify those users to make use of CERTKILLER-DC05 to log onto the domain. What should you do?
A. This can be accomplished by having a new RODC added at the Chicago office. B. This can be accomplished by making use of the Password Replication Policy on CERTKILLERDC05. C. This can be accomplished by having a new bridehead server installed and configured in the Dallas office. D. This can be accomplished by installing and configuring a Password Replication Policy on the new RODC in the Chicago office. Answer: B Explanation: You should use the Password Replication Policy on the RODC. This will allow the users at the Dallas office to log on to the domain with RODC. RODCs don't cache any user or machine passwords.
Ac
tua
lTe
sts
.co
87
Microsoft 70-640: Practice Exam QUESTION NO: 126 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com has its headquarters in Chicago and branch offices around the globe. Each of the branch offices contains a dedicated read-only domain controller (RODC) and is configured as a separate active directory site. However, due to unforeseen circumstances, a RODC server was reported stolen. You need to recover the user accounts that resides on the RODC server. What should you do? A. The best option is to use Active Directory Users and Computers. B. The best option is to use Dsmod.exe. C. The best option is to use Active Directory Sites and Computers. D. The best option is to use the Ntdstuil.exe with -ato parameter. Answer: A
QUESTION NO: 127
CertKiller.com has its headquarters in Chicago and a branch office around the globe. Each of the branch offices contains a dedicated read-only domain controller (RODC) and is configured as a separate active directory site. You have received numerous complaints from the users that they cannot log onto their account. You need to make sure that the user accounts are kept in their local branch office RODC server. What should you do? A. The best option is to set Allow on the Receive as permission only for the users cannot log on to their accounts, by opening the RODC computer account security tab.
Ac
tua
lTe
Explanation: You can use the Active Directory Users and Computers to recover the user accounts cached on the stolen RODC server. The user accounts and OUs will reside on the Active Directory Users and Computers.
sts
.co
88
Microsoft 70-640: Practice Exam B. The best option is to add a password replication policy to the main Domain RODC. Thereafter you should add the user accounts in the security group. C. The best option is to set up and add a separate password replication policy on each RODC computer account. D. The best option is to set up a unique security group for each branch office and add user accounts to the particular security group. You should also add the security groups to the password replication allowed group on the main RODC server Answer: C Explanation: To ensure that the cached credential for user accounts are only stored in their local RODC server, you have to configure and add a separate password replication policy on each RODC computer account. By adding a separate PRP, the user accounts in each branch office will be able to authenticate their accounts.
QUESTION NO: 128
What should you do? (Choose all that apply.) A. Your best option would be to have the adprep/ rodcprep command executed. B. Your best option would be to have a Windows Server 2008 domain controller installed at the Phoenix office. C. Your best option would be to have the domain functional level raised to Windows Server 2008. D. Your best option would be to have the forest functional level raised to Windows Server 2008. Answer: A,B
QUESTION NO: 129 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. "Pass Any Exam. Any Time." - www.actualtests.com 89
Ac
tua
You are responsible for managing three domain controllers at the Phoenix office that is configured to run Windows Server 2003. The budget for a domain controller has been approved for the Miami office. You receive an instruction from the CIO to install a read-only domain controller named CERTKILLER-DC04 in the Miami office.
lTe
sts
You are a newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest. The functional level of CertKiller.com is set at Windows Server 2003. CertKiller.com has its headquarters in Phoenix and a branch office in Miami.
.co
Microsoft 70-640: Practice Exam CertKiller.com contains a headquarters and a remote location. However, the remote location does not have any technical staff. You need to deploy a domain controller is such a way that a users in the remote location can manage it. What should you do? A. The best option is to install a Read-only domain controller (RODC). B. The best option is to install a Primary domain controller (PDC). C. The best option is to install a Backup domain controller (BDC). D. The best option is to install a Normal domain controller (DC). Answer: A Explanation: Only in a Read-only domain controller (RODC), a user can receive the administrator role for a RODC only.
QUESTION NO: 130
What should you do?
A. The best option is to install a Domain controller. B. The best option is to install a Global Catalog. C. The best option is to install a Read-only domain controller. D. The best option is to install a Universal Group Membership Caching Server. Answer: C Explanation: A read-only domain controller (RODC) provides an organization with the capability to have a domain controller installed in an area or setting (on or offsite) where security is a factor.
QUESTION NO: 131 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network "Pass Any Exam. Any Time." - www.actualtests.com 90
Ac
tua
lTe
You are employed as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a headquarters and numerous remote locations. However, the users in the remote location logs on to their own site, however, security can be a problem. You need to sort out this problem.
sts
.co
Microsoft 70-640: Practice Exam run Windows Server 2008. CertKiller.com has its headquarters in Chicago and quite a few branch offices in the region. The offices at CertKiller.com lack suitable physical security. You need to provide the users with the directory services that are suitable in a security that is not known. What should you do? A. The best option is to use Active Directory Federation Services. B. The best option is to use Read-only domain controllers. C. The best option is to use Lightweight Directory Services. D. The best option is to use Active Directory Rights Management Services. Answer: B,C Explanation: You need to use the Active Directory Federation Services and Active Directory Rights Management Services. The reason or this is the authentication between domains and document security. You also should use the Read-only domain controllers. This will allow the accounts of the users' authentications to be cached on the server. The Lightweight Directory Services will not all full Active Directory features are needed. Reference : Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
QUESTION NO: 132
CertKiller.com has its headquarters in Miami and quite a few branch offices in the region. The branch offices at CertKiller.com each contain a RODC. Due to lack of man power in one of the branch offices, you have relocated a few users to that branch office. The users need to logon in to the branch office and need to authenticate over the WAN link to the information center. What should you do? (Choose all that apply) A. The best option is to add the users to the Log On Locally security policy of the Default Domain Controllers Policy GPO. B. The best option is to add the users to the Allowed RODC Password Replication Group. C. The best option is to use the Prepopulate Passwords. "Pass Any Exam. Any Time." - www.actualtests.com 91
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam D. The best option is to add the users to the Password Replication Policy tab of the branch office RODC. Answer: C,D Explanation: You should use the Password Replication Policy tab. This will identify the credentials that can be cached by RODC. Prepopulating the credentials will ensure that the RODC is able to authenticate the users. Doing this will result in the fact that the users wont need to forward the authentication to the data center on the WAN link. Incorrect Answers: A: The users do not need the permission to log on locally to the branch office domain controller. B: The Allowed RODC Password Replication Group will identify the users whose credentials are cached on any RODC. These users have to log on to only one of the branch offices.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
QUESTION NO: 133
What should you do?
A. The best option is to look in the Resultant Policy tab. B. The best option is to recover the information from the membership of the Denied RODC Password Replication Group. C. The best option is to recover the information from the membership of the Allowed RODC Password Replication Group. D. The best option is to look in the Policy Usage tab. Answer: D Explanation: The Policy Usage tab will report the accounts that are stored on the RODC. Incorrect Answers: A: You should not use the Resultant Policy tab. It will not specify whether the users' credentials are cached. "Pass Any Exam. Any Time." - www.actualtests.com 92
Ac
tua
CertKiller.com has its headquarters in Chicago and a branch office in Miami. However, due to unforeseen circumstances, a RODC server was reported stolen. You need to find out which user credentials were stored on the RODC.
lTe
sts
.co
Microsoft 70-640: Practice Exam B: You should not use the Denied RODC Password Replication Group. It will only specify whose credentials are not cached on any RODC in the domain. C: You should not use the Allowed RODC Password Replication Group. It will identify the users whose credentials are cached on any RODC in the domain.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
QUESTION NO: 134 You are employed as the exchange administrator at CertKiller.com. The CertKiller.com network contains an Exchange 2007 Organization. CertKiller.com has its headquarters in Dallas and a branch office in Miami. You are in the process of deploying a read-only domain controller (RODC) in the Miami office. The RODC at the Miami office is named CERTKILLER-DC06. CERTKILLER-DC06 is configured to run Windows Server 2008. You receive an instruction from the CIO to make sure that the users use CERTKILLER-DC06 to logon to the domain. What should you do?
Answer: A
QUESTION NO: 135
You are an enterprise administrator for CertKiller.com. The company currently has a Windows Server 2003 R2 domain running on the network. You want to install a read-only domain controller into the structure of your Directory Services. You want to accomplish this without upgrading your domain to Windows Server 2008 Directory Services. You thus have to determine a way to add RODC on your network. What should you do? A. You need to change the forest functional level to Windows Server 2008 mixed mode. B. You need to run adprep on a Windows Server 2003 R2 domain controller. C. You need to upgrade the domain to a Windows Server 2008 Directory Services domain. D. You need to change the domain functional level to Windows Server 2008 mixed mode. "Pass Any Exam. Any Time." - www.actualtests.com 93
Ac
tua
A. Your best option would be to configure the Password Replication Policy on CERTKILLERDC06. B. Your best option would be to decrease the replication interval for the connection objects using the Active Directory Sites and Services console. C. Your best option would be to ensure that another RODC is added to the Miami office. D. Your best option would be to configure a new bridgehead server in the Dallas office.
lTe
sts
.co
Microsoft 70-640: Practice Exam Answer: B Explanation: The scenario can be accomplished by running adprep on a Windows Server 2003 R2 domain controller by using Windows Server 2008 media. Reference : Syngress.The.Real.MCTS.MCITP.Exam.70-648.Prep.Kit.Mar.2008 Section 4, Configure Active Directory Federation Services (AD FS) (13 Questions)
QUESTION NO: 136 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. A new CertKiller.com security policy requires that revoked certificate information should be examined. You receive an instruction from the CIO to make sure that the revoked certificate information is available continuously. What should you do?
Answer: A
Explanation: You should use the network load balancing and publish an OCSP responder. This will ensure that the revoked certificate information will be available at all times. You do not need to download the entire CRL to check for revocation of a certificate; the OCSP is an online responder that can receive a request to check for revocation of a certificate. This will also speed up certificate revocation checking as well as reducing network bandwidth tremendously.
QUESTION NO: 137 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com consists of a software evaluation lab. CertKiller.com contains a server named "Pass Any Exam. Any Time." - www.actualtests.com 94
Ac
tua
lTe
A. The best option is to use network load balancing and publish an OCSP responder. B. The best option is to enable users to accept peer certificates and link a GPO to the domain that you have configured. C. The best option is to use a GPO in order to publish a list of trusted certificate authorities. D. The best option is to configure and publish an OCSP (Online certificate status protocol) responder through ISAS (Internet Security and Acceleration Server) array.
sts
.co
Microsoft 70-640: Practice Exam CERTKILLER-SR11 that runs Windows Server 2008 and Microsoft Virtual Server 2005 R2. Furthermore, CERTKILLER-SR11 has 150 virtual servers running on an isolated virtual segment to evaluate software. CERTKILLER-SR11 uses a physical network interface card to access the Internet. . A new CertKiller.com security policy requires that the IP address space used by the software evaluation lab must not be used by other networks and that the IP address space used by other networks should not be used by the evaluation lab network. However, you noticed that the applications tested in the software evaluation lab need to access the normal network to connect to the vendors update servers on the internet. You need to configure all virtual servers on CERTKILLER-SR11 to access the internet and still to comply with the new CertKiller.com security policy. What should you do? (Choose TWO. Each answer forms part of the solution) A. The best option is to trigger the Virtual DHCP server for the external virtual network and use the ipconfig/renew command on each virtual server. B. The best option is to activate the Internet Connection Sharing (ICS) on CERTKILLER-SR11's physical network interface. C. The best option is to use CertKiller.com intranet IP addresses on all virtual servers. D. The best option is to add and install a Microsoft Loopback Adapter network interface on CERTKILLER-SR11. You should also use a new network interface and create a new virtual network. Answer: A,D
Explanation: You need to trigger the virtual DHCP server for the external virtual network and run ipconfig /renew command on each virtual server. If you doing this, it will let the virtual servers comply with the new CertKiller.com security policy. You should also add and install Microsoft Loopback adapter network interface on CERTKILLER-SR11. Create a virtual network using the new interface, you need to configure the Virtual DHCP server for the external virtual network, and a set of IP addresses are assigned to the virtual servers on CERTKILLER-SR11. Furthermore, when you run the ipconfig /renew command, a IP addresses will be renewed. The Microsoft Loopback adapter network interface will ensure that the IP address space used by other networks are not been used by the virtual servers on CERTKILLER-SR11. You create a new virtual network on the new network interface which will enable you to access internet.
QUESTION NO: 138 You are a newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of an Active Directory forest with a single domain. CertKiller.com hosts their applications "Pass Any Exam. Any Time." - www.actualtests.com 95
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam on the perimeter network of CertKiller.com. CertKiller.com contains a domain member server that has the Active Directory Federation Services (AD FS) role installed. The CertKiller.com management wants single sign-on to all applications hosted on the perimeter network. You receive an instruction from management to configure the AD FS trust policy in order to populate AD FS tokens with the user data from the Active directory domain. What should you do? A. The best option is to add and configure a new organization claim. B. The best option is to add and configure a new account store. C. The best option is to add and configure a new account partner. D. The best option is to add and configure a new application. Answer: B
QUESTION NO: 139 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a server named CERTKILLER-SR11 that has the Active Directory Federation Services (AD FS) role installed. You have received instructions from the CIO to test the connectivity of clients in the network to make sure that they can reach the new Federation server and that the Federation server is operational.
Ac
Reference : Active Directory Federation Services http://msdn2.microsoft.com/en-us/library/bb897402.aspx
tua
Explanation: You need to add and configure a new account store. With this you can configure the AD FS trust policy to populate AD FS tokens with employee's information from Active directory domain. AD FS allows the secure sharing of identity information between trusted business partners across an extranet. When a user needs to access a Web application from one of its federation partners, the user's own organization is responsible for authenticating the user and providing identity information in the form of "claims" to the partner that hosts the Web application. The hosting partner uses its trust policy to map the incoming claims to claims that are understood by its Web application, which uses the claims to make authorization decisions. Because claims originate from an account store, you need to configure account store to configure the AD FS trust policy.
lTe
sts
.co
96
Microsoft 70-640: Practice Exam What should you do? (Choose all that apply) A. The best option is to check if Active Directory Federation Services is running, in the Services tab. B. The best option is to look for event ID 674 in the event viewer, Applications, Event ID column. C. The best option is to type the Federation Service URL for the new federation server, in a browser window. D. None of the above Answer: B,C Explanation: To test the connectivity of clients in the network to ensure that they can successfully reach the new Federation server and Federation server is operational, you can look for event ID 674. This event verifies that the federation server was able to successfully communicate with the Federation Service. You can also open a browser window, and then type the Federation Service URL for the new federation server. The Federation Server Service page should appear along with a list of links that identify the Web methods that the Federation Service uses. The Federation Service URL should include the Domain Name System (DNS) host name of the federation server. Reference : Event ID 674 - Trust Policy and Configuration http://technet2.microsoft.com/windowsserver2008/en/library/71705c30-e97f-4e36-92abd33175bf588d1033.mspx?mfr=true Reference : Verify That a Federation Server Is Operational http://technet2.microsoft.com/windowsserver2008/en/library/ecf28b0c-014d-4b8c-a579fb12cca347b41033.mspx?mfr=true
QUESTION NO: 140
You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a two-node Network Load Balancing cluster named web.CertKiller.com. The two-node Network Load Balancing cluster provides load balancing and high availability of the intranet website. During a routine monitoring, you notice that the users can view the Network Load Balancing cluster in their Network Neighborhood. You also notice that they to connect to various services by using web.CertKiller.com. On further investigation you notice the Network Load Balancing cluster has only one port rule configured. You have received instructions from the CIO "Pass Any Exam. Any Time." - www.actualtests.com 97
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam to configure the web.CertKiller.com NLB cluster to accept HTTP traffic only. What should you do? (Choose TWO. Each answer forms part of the complete solution) A. The best option is to make use of the Network Load Balancing Cluster console and create a new rule for TCP port 80. B. The best option is to make use of the wlbs disable command on the cluster nodes C. The best option is to make use of the NLB Cluster console and assign a unique port rule for NLB cluster. D. The best option is to make use of the Network Load Balancing Cluster console and delete the default port rules. Answer: A,D Explanation: You need to create a new rule for TCP port 80. It will then accept HTTP traffic only. You should also delete the default port rules through NLB Cluster console.
QUESTION NO: 141
A. You should tell the newly appointed inexperienced enterprise administrator that the Active Directory Rights Management Service (AD RMS) offers Internet-based clients a secure identity access solution which operates on both Windows and non-Windows operating systems. B. You should tell the newly appointed inexperienced enterprise administrator that the Active Directory Lightweight Directory Service (AD LDS) offers Internet-based clients a secure identity access solution which operates on both Windows and non-Windows operating systems. C. You should tell the newly appointed inexperienced enterprise administrator that the Active Directory Domain Services (AD DS) offers Internet-based clients a secure identity access solution which operates on both Windows and non-Windows operating systems. D. You should tell the newly appointed inexperienced enterprise administrator that the Active Directory Federation Services (AD FS) offers Internet-based clients a secure identity access solution which operates on both Windows and non-Windows operating systems. "Pass Any Exam. Any Time." - www.actualtests.com 98
Ac
What should you reply?
tua
A newly appointed inexperienced enterprise administrator wants to know which of the following Active Directory Service will provide Internet-based clients a secure identity access solution that will be able to operates on both Windows and non-Windows operating systems.
lTe
sts
.co
Microsoft 70-640: Practice Exam Answer: D Explanation: Active Directory Federation Services (AD FS) supplies Internet-based clients with a secure identity access solution which operates on both Windows and non-Windows operating systems. AD FS also offers users the power to do a single sign-on (SSO) as well as access applications on other networks devoid of requiring a secondary password.
QUESTION NO: 142 You work as an enterprise administrator at CertKiller.com. You receive an instruction from management to implement an Active Directory domain as well as the Active Directory Domain Services (AD DS) on the network. A newly appointed network technician wants to know what is needed to install Active Directory. What should you reply? A. The Active Directory requires DNS. B. The Active Directory requires DHCP. C. The Active Directory requires WINS. D. The Active Directory requires RIS. Answer: A
QUESTION NO: 143
You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. During the course of the day you receive an instruction from management to install Active Directory Domain Services (AD DS). What should you reply? A. The Server Manager is needed to install the Active Directory Domain Services (AD DS). B. The System Manager is needed to install the Active Directory Domain Services (AD DS). C. The Dcpromo.exe is needed to install the Active Directory Domain Services (AD DS).
Ac
tua
Explanation: DNS is a requirement of Active Directory. DNS can be installed before or in the course of the installation of Active Directory. DHCP, WINS, as well as RIS are all non-compulsory and are not essential services that can run on a network.
lTe
sts
.co
99
Microsoft 70-640: Practice Exam D. The Add/Remove Programs is needed to install the Active Directory Domain Services (AD DS). Answer: A Explanation: Server Manager permits an administrator to have server roles and features installed as well as configure them to view information regarding server configuration. Incorrect Answers: B: The System Monitor is used to create charts and graphs of the server performance trends. C: The Dcpromo.exe is used to promote a server to a domain controller. D: The Add/Remove Programs to add or remove a program.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
QUESTION NO: 144 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. You have received instruction from the CIO to set up a single sign-on (SSO) to access several applications. What should you do?
Answer: B
Explanation: Active Directory Federation Services offers users the capability to perform a SSO as well as gain access to applications on other networks devoid of a secondary password.
QUESTION NO: 145 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. A new CertKiller.com policy requires that a server virtualization should be used to add fault tolerance to your servers and to save money. You need to determine the rolebased utilities that are included with Windows Server 2008. What should you do? "Pass Any Exam. Any Time." - www.actualtests.com 100
Ac
tua
A. The best option is to use the Active Directory Domain Services. B. The best option is to use the Active Directory Federation Services. C. The best option is to use the Active Directory Lightweight Directory Services. D. The best option is to use the Active Directory Rights Management Services.
lTe
sts
.co
Microsoft 70-640: Practice Exam A. The best option is to use the Virtualization-H. B. The best option is to use the Hyper-V. C. The best option is to use the Hyper-Virtualization. D. The best option is to use the Virtualization Manager. Answer: B Explanation: Hyper-V which is a hyper visor based virtualization feature. It support machine virtualization. Making use of machine virtualization permits a company with the ability to reduce costs, to improve server utilization and to have a more-dynamic IT infrastructure created.
QUESTION NO: 146 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. There are approximate 2,000 employed at CertKiller.com. Due to a new partnership with another organization CertKiller.com need to expand. You need to make sure that authentication between both companies does not need extra sign-on accounts. However, the new partner company has various Directory Services installed throughout their company. You need to identify the service the Active Directory Federation Services (AD FS) cannot connect to. What should you do?
Answer: C Explanation: Active Directory Federation Services was not introduced until the R2 release of Windows Server 2003. Active Directory Federation Services is able to connect to LDS and Windows Server 2003 DS. Active Directory Federation Services is able to connect to LDS and Windows Server 2003 R2.
Reference : Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
Ac
A. It will not connect to the Windows Server 2003 R2 Directory Services. B. It will not connect to the Lightweight Directory Services. C. It will not connect to the Windows Server 2003 Directory Services. D. It will not connect to any of the above.
tua
lTe
sts
.co
101
Microsoft 70-640: Practice Exam QUESTION NO: 147 You are the newly appointed network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional and the rest run Windows Vista. You are responsible for managing the Windows Server 2008 environment of CertKiller.com. At present the Enterprise Root certificate authority (CA) is used throughout the network. To ensure productivity management wants you to make sure that the revoked certificates is accessible for all CertKiller.com users that have the necessary permissions. What should you do? A. You should consider making use of Network Load Balancing in order to create an Online Certificate Status Protocol (OCSP). B. You should consider having a new GPO created for CertKiller.com users in order to trust peer certificates. Thereafter the GPO should be linked to the domain. C. You should consider making use of GPO in order to circulate the trusted certificate authorities list. D. You should consider making use of an Internet Security and Acceleration Server array in order to create an Online Certificate Status Protocol (OCSP). Answer: A
QUESTION NO: 148
You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com has a federation relationship with a company named Courseware Publishers that was implemented with the use of Federation Services with Windows Server 2003 R2. You have also made use of the federation service with named accounts to better the security. However, due to an upgrade to AD FS, you notice that the named account used to run the service is removed and replaced with the Network Service account. You need to find out what has happened. What happened? A. It could be that Network Service is the default service account used in an AD FS installation or upgrade. "Pass Any Exam. Any Time." - www.actualtests.com 102
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam B. It could be that Courseware Publishers contains a policy that states that the federation services should be run with the Network Service account. C. It could be that you are not able to use named service accounts to run the AD FS service. D. It could be that Microsoft favors using Network Service account to run federation services. Answer: A Explanation: During an installation the named service account is automatically replaced by the Network service account. You need to reset the service account for all Active Directory Federation Services. Incorrect Answers: B: The policies will affect the servers on Courseware Publishers' network not CertKiller.com. C: All services make use of a named service account to run. D: Network Service accounts have limited access rights to the local computer. It is not a best practice and Microsoft does not enforce it.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
QUESTION NO: 149
What should you do?
A. You should consider having the Active Directory Lightweight Directory Services (AD LDS) role added to CERTKILLER-DC01. B. You should consider having the Ntdsutil.exe command executed at the command prompt and connect to the Schema Master Operations master. C. You should consider having Schmmgmt.dll registered. D. You should consider having a member account of the Schema Administrators group used to log on. Answer: C
Ac
During the course of the day you perform your routine maintenance on CERTKILLER-DC01 by opening the Microsoft Management Console (MMC). You have later discovered that the Active Directory Schema snap-in us not available. CertKiller.com requested that you ensure access to the Active Directory Schema snap-in.
tua
lTe
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-DC01 configured as a domain controller.
sts
.co
103
Microsoft 70-640: Practice Exam Explanation: Section 2, Maintain Active Directory accounts (8 Questions)
QUESTION NO: 150 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from CertKiller.com to log on to a client computer that has been offline for a year. You later started the computer and attempted to log on as the administrator and receive an error message stating that authentication failed. CertKiller.com wants you to ensure that you are able to log on and use the computer.
Answer: C
Explanation: In the scenario you should have the computer disjoined from the domain and rejoined to the domain whilst having the computer account reset as well. You should additionally note that the long inactivity caused the computer to stop responding to the authentication query using the Active Directory records. You should note by disjoining and rejoining with the account being reset would refresh the computer account passwords.
QUESTION NO: 151 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of two computers named CERTKILLER-DC01 and CERTKILLER-DC02 configured as domain "Pass Any Exam. Any Time." - www.actualtests.com 104
Ac
tua
A. You should consider having the netsh command run at the command prompt on the computer. You should then have the machine options set. B. You should consider having the netsh trust/reset command run at the command prompt. You should then join the computer to the domain again. C. You should consider having the computer disjoined from the domain. You should then rejoin the computer to the domain and reset the computer account. D. You should consider having the computer account deleted from the organizational unit. You should then have the account added to the organizational unit.
lTe
sts
.co
What should you do?
Microsoft 70-640: Practice Exam controllers. During the course of the day you receive instruction from CertKiller.com to have the Audit account management policy and Audit directory services access settings enabled. CertKiller.com has additionally requested that you make sure Active Directory objects modifications are logged by ensuring that the modifications displays the new and old values of the elements. What should you do? A. Your best option would be to have Audipol.exe executed. Thereafter the default domain policy disabled. B. Your best option would be to have the Audit Directory services access setting as well as the directory service modifications enabled. C. Your best option would be to have the Audit account management policy disabled. Thereafter the Audit account management policy should be re-enabled. D. Your best option would be to have Auditpol.exe executed. Thereafter the security settings of the domain controllers organizational unit should be configured. Answer: D
QUESTION NO: 152
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day a CertKiller.com network user named Rory Allen attempted to log on to the domain by using his client computer and user account. However, he receives an error message stating: "This account has expired. Contact your administrator to reactivate the account" CertKiller.com has requested that you ensure that Rory Allen is able to log on to the domain using the Rory Allen user account. What should you do?
Ac
tua
lTe
Explanation: In order to make sure the changes made to active directory objects are logged and the logs show the old and new values of any attribute. Audipol.exe should be run and the security settings configured for the domain controllers Organizational Unit.
sts
.co
105
Microsoft 70-640: Practice Exam A. You should consider having the properties of the Rory Allen user account opened. You should then have the default domain policy modified to decrease the duration of account lockout. B. You should consider having the password option changed to never expire in the Rory Allen user account properties. C. You should consider having the properties of the Rory Allen user account opened. You should then have the option to "Never Expire" changed. D. You should consider having the properties of the Rory Allen user account opened. You should then have the Logon Hours setting extended. Answer: C
QUESTION NO: 153 DRAG DROP You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest containing a single domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you discover that CertKiller.com accidentally deleted an organizational unit and its child objects. CertKiller.com has requested that you perform the required actions in sequence to solve the problem. What should you do? (Move appropriate actions to the answer area at the right whilst arranging them in the correct order
Ac
tua
lTe
sts
.co
106
Microsoft 70-640: Practice Exam Answer:
You have later determined that the users accounts exist and are enabled and the passwords are correct. CertKiller.com recently requested that you identify the cause of the problem whilst ensuring that the network users are able to lo on using their accounts. What should you do? A. You should consider having the Active Directory Domains and Trusts utility used. B. You should consider having the Rstools utility used. C. You should consider having the Repadmin utility used. D. You should consider having the Rsdiag utility used.
Ac
During the course of the day you receive instruction from CertKiller.com to create one hundred user accounts created for users located across three different sites. The CertKiller.com network users have later reported that they receive the error message below when trying to log on: "The username or password is incorrect"
tua
lTe
sts
QUESTION NO: 154
.co
107
Microsoft 70-640: Practice Exam Answer: C
QUESTION NO: 155 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. You are responsible for a domain controller named CERTKILLER-DC01. During the course of the day you discovered that some Active Directory Lightweight Directory Access Protocol (LDAP) clients are making use of too much CPU resources on CERTKILLER-DC01. CertKiller.com wants you to identify the LDAP resources consuming the CPU resources. What should you do?
Answer: C
QUESTION NO: 156
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com has recently requested that you take on the responsibilities managing help desk calls and basic user account management. During the course of the day you receive instruction to add a new user named Rory Allen to have permission to reset passwords for all users in a specific OU. CertKiller.com has recently requested that you have Rory Allen not capable of making permission changes for the object within other OU's in the domain. What should you do? A. You should consider having the Rory Allen's login account moved to an OU containing the OU. You should then have the parent OU of the one requiring administering referred. "Pass Any Exam. Any Time." - www.actualtests.com 108
Ac
tua
lTe
A. You should consider having the LAN Diagnostics Data Collector Set run. You should then have the LAN Diagnostics report reviewed. B. You should consider having the Hardware Events log reviewed in the Event Viewer. C. You should consider having the Active Directory Diagnostics Data Collector set. You should then have a review of the Active Directory report run. D. You should consider having the Resource Monitor opened and review the performance data.
sts
.co
Microsoft 70-640: Practice Exam B. You should consider having the Delegation of Control Wizard used to assign the necessary permissions on the OU that requires being administered. C. You should consider having a special administration account created within the OU. You should then have full permissions granted to the OU for all objects within Active Directory. D. You should consider having the Rory Allen login account moved into the OU which requires being administered. Answer: B Explanation: The Delegation of Control Wizard is designed to permit administrators the ability to have permissions on specific Active Directory objects organized.
QUESTION NO: 157 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from CertKiller.com to make use of the Active Directory Users and Computers tool in order to view the objects within an OU. CertKiller.com is aware that you created several groups and computers within this OU but the users are currently only showing. The CertKiller.com management wants to know what the explanation for this could be. What would your reply be?
A. You should inform CertKiller.com that the filtering option which specifies that only User objects should be shown set. B. You should inform CertKiller.com that the Group and Computer accounts are never used and therefore are not shown C. You should inform CertKiller.com that the Active Directory Users and Computers tool normally does not show groups and computers. D. You should inform CertKiller.com that an alternative systems administrator locked the groups, stopping others from entering them. Answer: A Explanation: The filtering option causes other objects to be undetected yet they still exist. Another explanation which does not one form part of the choices would be if a higher-level systems administrator modified the administrator's permissions making use of the Delegation of Control Wizard. "Pass Any Exam. Any Time." - www.actualtests.com 109
Ac
tua
lTe
sts
.co
Section 3, Create and apply Group Policy objects (GPOs) (8 Questions)
QUESTION NO: 158 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from CertKiller.com to create an organizational unit named Products hosting two global groups named KingSales and KingSecurity. CertKiller.com has recently additionally asked you to apply desktop restrictions to the KingSecurity group whilst ensuring that the KingSales group does not have the desktop restrictions applied. You started by creating a GPO named KingLockdown and linked it to the Products OU.
Answer: C
QUESTION NO: 159 CertKiller.com has an Active Directory forest which runs Windows Server 2008. It has branch offices all around the world. The forest includes finance organizational units for offices in the following locations:New YorkLondonAmsterdamRome Each location has a child organizational unit named finance. The finance organizational unit hosts all the users and computers in the finance department. The offices in London, Amsterdam and New York are connected by T1 connections. However, the "Pass Any Exam. Any Time." - www.actualtests.com 110
Ac
A. You should consider having the Allow Apply Group Policy permission set for the Local domain users on KingLockdown GPO. B. You should consider having the Allow Apply Group Policy permission set for the Authenticated Users on KingLockdown GPO. C. You should consider having the Deny Apply Group Policy permission set for the KingSales on the KingLockdown GPO. D. You should consider having the Deny Apply Group Policy permission set for the KingSecurity Executives on the KingLockdown GPO.
tua
lTe
sts
What should you do?
.co
Microsoft 70-640: Practice Exam office in Rome is connected by a 128-Kbps ISDN connection. CertKiller.com has instructed you to install an application on all computers in the finance department. Which two actions should you perform to achieve this task? (Choose two answers. Each answer is a part of the complete solution) A. This can be accomplished by assigning the application to the computers after a Group Policy object was created. Thereafter the GPO should be linked to the finance OU. B. This can be accomplished by having the slow link detection setting in the GPO disabled. C. This can be accomplished by assigning the application to the users in the OU after a Group Policy object was created. Thereafter the GPO should be linked to the finance OU. D. This can be accomplished by having the slow link detection setting modified to 2,544 Kbps (T1) in the GPO. Answer: A,D
QUESTION NO: 160
What should you do?
A. You should consider having the Group Policy Results utility run for the computer. B. You should consider having the Group Policy Results utility run for Rory Allen. C. You should consider having the GPRESULT /SCOPE COMPUTER command run at the command prompt. D. You should consider having the GPRESULT /S <system name> /Z command run at the command prompt. Answer: B
Ac
During the course of the day you receive instruction from CertKiller.com to create two linked GPO's for the network which will be used to publish the new KingSales application. A network user named Rory Allen has recently reported that the KingSales application is not available for installation when logging on. CertKiller.com wants you to verify whether the GPO has been applied to Rory Allen.
tua
lTe
sts
.co
111
Microsoft 70-640: Practice Exam QUESTION NO: 161 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. The newly appointed Paris office trainee named Rory Allen has recently asked you what the process is known as when lowerlevel Active Directory objects becomes the heir to Group Policy settings from higher-level Active Directory objects. What would your reply be? A. You should inform Rory Allen that the process is known as Cascading permissions. B. You should inform Rory Allen that the process is known as Overriding. C. You should inform Rory Allen that the process is known as Delegation. D. You should inform Rory Allen that the process is known as Inheritance.
QUESTION NO: 162
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. The newly appointed Paris office trainee named Rory Allen has recently asked you at which level(s) would you assign GPO settings that requires being overriden at the domain level. What would your reply be? A. You should inform Rory Allen that you would assign the settings at the Domain level. B. You should inform Rory Allen that you would assign the settings at the OU ans Site levels. C. You should inform Rory Allen that you would assign the settings at the OU level. D. You should inform Rory Allen that you would assign the settings at the Site level. Answer: C Explanation: "Pass Any Exam. Any Time." - www.actualtests.com 112
Ac
tua
lTe
sts
Explanation: Inheritance is the process whereby lower-level Active Directory objects become heir to GPO settings from higher-level ones. You should always be aware of how inheritance will apply to your Active Directory hierarchy when you are configuring GPOs.
.co
Answer: D
Microsoft 70-640: Practice Exam GPO's at the OU level attain priority over GPO's at the domain level. GPO's at the domain level, in turn, attain priority over GPO's at the site level.
QUESTION NO: 163 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. The newly appointed Paris office trainee named Rory Allen has recently asked you which of the processes listed below are able to assign permissions to set Group Policy for the objects within the KingUsers OU. What would your reply be? A. You should inform Rory Allen that the Delegation process is able to assign permission to set Group Policy for objects within the KingUsers OU. B. You should inform Rory Allen that the Filtering process is able to assign permission to set Group Policy for objects within the KingUsers OU. C. You should inform Rory Allen that the Promotion process is able to assign permission to set Group Policy for objects within the KingUsers OU. D. You should inform Rory Allen that the Inheritance process is able to assign permission to set Group Policy for objects within the KingUsers OU. Answer: A
Explanation: The Delegation of Control Wizard can be utilized to permit other systems administrators permission to have GPO links added to an Active Directory object.
QUESTION NO: 164
You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All domain controllers at CertKiller.com run Windows Server 2003. CertKiller.com has its headquarters in Paris where you are located. Due to company growth the company opens another office in London. You receive notification from management to move the existing user as well as computer objects to another organizational unit in the London office. You need to recommend to management a plan of action that will accomplish this. What should you do? (Choose all that apply.) "Pass Any Exam. Any Time." - www.actualtests.com 113
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam A. You should recommend that the DSmod utility be run. B. You should recommend that the Active Directory Migration Tool (ADMT) be run. C. You should recommend that the Active Directory Users and Computers utility be run. D. You should recommend that the move-item command be run. Answer: A,C
QUESTION NO: 165 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. The CertKiller.com network contains 100 client computers. CertKiller.com acquires an application that needs to be deployed on 75 client computers. In order to install this application you need to change the registry data on the 75 client computers. The .adm extension file holds the necessary registry modifications. You receive an instruction to prepare these 75 computers for the deployment of the newly acquired application. What should you do?
A. Your best option would be to ensure that the Microsoft Windows PowerShell script is created in order to copy the .adm file to the startup folder of the 75 client computers. B. Your best option would be to ensure that the Microsoft Windows PowerShell script is created in order to copy the .adm file to the 75 client computers. Thereafter the REDIRUsr CONTAINER-DN command should be run on the 75 client computers. C. Your best option would be to ensure that the Microsoft Windows PowerShell script is creates in order to copy the .adm file to the 75 client computers. Thereafter the REDIRCmp CONTAINER-DN command should be run on the 75 client computers. D. Your best option would be to ensure that the .adm file is imported into a new GPO. Thereafter the GPO should be edited and linked to the OU that include the 75 client computers. Answer: D Explanation: Section 4, Configure GPO templates (1 Questions)
QUESTION NO: 166 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest containing a single domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All domain controllers on the "Pass Any Exam. Any Time." - www.actualtests.com 114
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. CertKiller.com deploys three Windows Server 2008 servers that are configured as DNS servers. The ADMX files of CertKiller.com are stored in the ADMX central store. A CertKiller.com user named Rory Allen has been assigned the duty to deal with all domain based group policy objects. During the course of the day you receive an instruction from CertKiller.com to ensure that Rory Allen's client computer is able to edit domain-based GPO's. What should you do? A. You should consider having the client computer of Rory Allen upgraded to Windows Vista. B. You should consider having .NET Framework 3.0 installed on the client computer of Rory Allen. C. You should consider having the user account of Rory Allen added to the Domain Admins group. D. You should consider having a folder created on the Primary Domain Controller (PDC) emulator in the PolicyDefinitions path. Answer: A
QUESTION NO: 167
CertKiller.com has recently created an organizational unit and child organizational unit named KingAccounts in each office. CertKiller.com has additionally informed you that the KingAccounts organizational unit contains the user and computer accounts for each respective office. During the course of the week you receive instruction from CertKiller.com to install an application named KingApp to client computers in the KingAccounts organizational unit by creating a GPO named KingSales. What should you do? A. Your best option would be to have KingSales configured. Then KingApp needs to be published to the user account. Thereafter KingSales should be linked to KingAccounts in every office. B. Your best option would be to have KingSales configured. Then KingApp needs to be assigned to the computer account. "Pass Any Exam. Any Time." - www.actualtests.com 115
Ac
tua
lTe
sts
Explanation: Section 5, Configure software deployment GPOs (8 Questions)
.co
Microsoft 70-640: Practice Exam Thereafter KingSales should be linked to KingAccounts in every office. C. Your best option would be to have KingSales configured. Then KingApp needs to be assigned to the user account. Thereafter KingSales should be linked to KingAccounts in every office. D. Your best option would be to have KingSales configured. Then KingApp needs to be assigned to the computer account to the computer account. There KingSales should be linked to the CertKiller.com domain. Answer: B
QUESTION NO: 168 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest containing a single domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista and Windows XP Professional. During the course of the day you receive instruction from CertKiller.com to ensure that the network users in the London and Paris office are able to install approved applications and updates on their client computers in their respective offices. What should you do? (Choose two)
A. You should consider having automatic updates configured in the control panel of the offices client computers. B. You should consider having a GPO created and linked to the server. You should then have the GPO configured to automatically search for updates on Microsoft update site. C. You should consider having a GPO created and linked to the domain. You should then have the GPO configured to direct client computers to the Microsoft WSUS server for approved updates. D. You should consider having the Microsoft WSUS application installed on a server in the environment. You should then have the WSUS server configured to search for new updates on the internet whilst approving all required updates. Answer: C,D
QUESTION NO: 169 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run "Pass Any Exam. Any Time." - www.actualtests.com 116
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam Windows Server 2008 and all client computers run Windows Vista. CertKiller.com has recently created an organizational unit named KingProducts which has a child organizational object named KingSales. CertKiller.com has additionally created a GPO named Sales Application and linked it to the KingProducts OU. During the course of the day you receive instruction from CertKiller.com to create a shadow group for the KingSales organizational unit whilst ensuring that the SalesApplication is not deployed to network users in the KingSales OU. What should you do? (Choose two) A. You should consider having the Block Inheritance setting configured on the KingSales organizational unit. B. You should consider having security filtering configured on the SalesApplication GPO to Deny. You should then have the group policy applied for the KingSales OU. C. You should consider having the Enforce setting configured on the SalesApplication GPO. D. You should consider having the Block Inheritance setting configured on the KingProducts organizational unit. Answer: A,B
QUESTION NO: 170
What would your reply be? A. You should inform Rory Allen that the effect would be determined by the systems administrator. B. You should inform Rory Allen that the effect would be determined by the current user. C. You should inform Rory Allen that the application would be uninstalled for every user within the OU. D. You should inform Rory Allen that the current application installations would not be affected by the changes made. Answer: A
Ac
A newly appointed trainee named Rory Allen in the Paris office asked you which of the statements below are correct regarding the action occurring when software packages are removed from an OU which has been linked to a GPO named KingSales.
tua
lTe
sts
.co
117
Microsoft 70-640: Practice Exam Explanation: The systems administrator has the ability to state whether the application will be uninstalled or if future installations will be disallowed.
QUESTION NO: 171 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from CertKiller.com to verify that only the POS's set at the OU level are affecting the Group Policy settings for the object in the KingSales OU. A newly appointed trainee named Rory Allen in the London office asked you which of the options presented below can be used to ensure that the GPO settings are unchanged for the objects in the OU. What would your reply be?
Answer: D
QUESTION NO: 172 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. The newly appointed trainee named Mia Hamm in the Paris office has recently asked you which permission should be applied to ensure the GPO settings are disabled for the KingSecurity group in the London office. What would your reply be? "Pass Any Exam. Any Time." - www.actualtests.com 118
Ac
Explanation: The Block Policy Inheritance option avoids group policies of higher-level Active Directory objects from pertaining to lower-level objects providing the Enforced option is not set.
tua
lTe
A. You should inform Rory Allen that the best option would be to use the Disable option setting. B. You should inform Rory Allen that the best option would be to use the Deny permission. C. You should inform Rory Allen that the best option would be to use the Enforced option setting. D. You should inform Rory Allen that the best option would be to use the Block Policy Inheritance option.
sts
.co
Microsoft 70-640: Practice Exam A. You should inform Mia Hamm that the Apply Group Policy permission enabled. B. You should inform Mia Hamm that the Apply Group Policy permission disabled. C. You should inform Mia Hamm that the Write permission denied. D. You should inform Mia Hamm that the Write permission allowed. Answer: B Explanation: In order to disable the application of Group Policy on a security group the Apply Group Policy option should be disabled. This is particularly effective when you don't want GPO settings to be applied to a specific group, although that group might be in an OU that comprises of the GPO settings.
QUESTION NO: 173 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. The CertKiller.com network currently consists of one hundred nodes. During the course of the day you receive instruction from CertKiller.com to create software packages to roll out the KingSales application to the network users whilst ensuring when network users log on that the required updates are automatically installed. CertKiller.com additionally requested that you toll out the exact set of updates to five of the network nodes. What should you do?
A. You should consider having an organizational unit created for the five computers to separate them from the rest of the client computers. B. You should consider having a Sites and Services subnet grouping created for the five computers to separate them from the rest of the client computers. C. You should consider having a policy created which deploys to the five computers. D. You should consider having a group assignment created through Adminisrtative Tools for the five computers to separate them from the rest of the client computers. Answer: A Explanation: An OU is a container object which can be used for administering an Active Directory database. OUs have Active Directory objects. OUs can be used to help build organizations into your directory thus being able to roll out software updates to groupings of users' computers. OUs facilitate the assigning of administration to very definite subtrees of the directory. OUs are capable of being "Pass Any Exam. Any Time." - www.actualtests.com 119
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam departments or groups and can be used to structure and manage your network in such a way that has a company's business organization reflected.
QUESTION NO: 174 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client workstations run Windows XP Professional and the rest run Windows Vista. A new CertKiller.com policy dictates that only approved application updates is installed on the client computers. You receive an instruction from CertKiller to make sure that clients are able to install the application updates that was approved by management. What should you do? (Choose all that apply.)
Answer: B,C
Explanation: Section 6, Configure account policies (4 Questions)
QUESTION NO: 175 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest containing a single domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com has recently created an organizational unit for both respective offices. During the course of the day you receive instruction from CertKiller.com to ensure that administrators located at the branch office is able to create and apply GPO. You need to make sure that they are only "Pass Any Exam. Any Time." - www.actualtests.com 120
Ac
tua
A. Your best option would be to configure Automatic Updates on the client computers. B. Your best option would be to ensure that a GPO is created and linked to the domain. Thereafter the GPO should be configured in order direct the client workstations to the Microsoft WSUS server for approved updates. C. Your best option would be to ensure that the Microsoft WSUS application is installed on the server in the forest. Then the server needs to be configured to search for the latest updates on the Internet. Thereafter the necessary updates should be approved. D. Your best option would be to that a GPO is created and linked to the domain controller OU. Thereafter the GPO should be configured to automatically search for updates on the Internet.
lTe
sts
.co
Microsoft 70-640: Practice Exam able to accomplish this within their organizational unit. What should you do? (Choose two) A. You should consider having the Delegation of Control Wizard executed and delegate the right to link GPO's for the Paris office organizational units to the Paris office administrators. B. You should consider having the Delegation of Control Wizard executed and delegate the right to links GPO's for the domain to the Paris office administrators. C. You should consider having the branch administrators added for each organizational unit in the Managed by Tab settings. D. You should consider having the Paris office administrator's user accounts added in the Group Policy Creator Owners Group. Answer: A,D
The newly appointed trainee named Rory Allen in the Paris office recently asked you which folders the network users outside the forest use when using the Active Directory Users And Computers tool when the users have been granted access to resources in the domain. What would your reply be?
A. You should inform Rory Allen that the Domain Controllers folder in Active Directory Users And Computers tool would be used. B. You should inform Rory Allen that the Foreign Security Principals folder in Active Directory Users And Computers tool would be used. C. You should inform Rory Allen that the Users folder in Active Directory Users And Computers tool would be used. D. You should inform Rory Allen that the Computers folder in Active Directory Users And Computers tool would be used. Answer: B Explanation: When resources are made available to users who reside in domains outside the forest, Foreign Security Principal objects are automatically created. These new objects are stored within the ForeignSecurityPrincipals folder. "Pass Any Exam. Any Time." - www.actualtests.com 121
Ac
tua
lTe
sts
.co
QUESTION NO: 176
QUESTION NO: 177 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and Windows Server 2003 and all client computers run Windows Vista. During the course of the day you received instruction from CertKiller.com to have Windows Server 2008 deployed to the Paris office server which currently runs Windows Server 2003. A newly appointed trainee named Mia Hamm in the Paris office asked you which Active Directory objects would permit functionality when considering having a management structure created. What should you do?
Answer: B
QUESTION NO: 178 You are the lead systems administrator for CertKiller.com. You have been request to delegate permissions to a user in the SALES OU. Which of the following tools should be used to achieve this functionality? A. In Active Directory Sites And Services. The OU should be right-clicked wherever you wish to delegate permissions and select Delegate Control. B. In Active Directory Trusts And Domains. The OU should be right-clicked wherever you wish to delegate permissions and select Delegate Control. C. In Active Directory Users And Computers. The OU should be right-clicked wherever you wish to delegate permissions and select Delegate Control. "Pass Any Exam. Any Time." - www.actualtests.com 122
Ac
Explanation: OUs are particularly essential to Active Directory's logical design. OUs permit you the ability to delegate permissions, apply security, and much more.
tua
lTe
A. You should inform Mia Hamm that the Domains Active Directory Object would permit functionality. B. You should inform Mia Hamm that the Organizational units (OU's) Active Directory Object would permit functionality. C. You should inform Mia Hamm that the Containers Active Directory Object would permit functionality. D. You should inform Mia Hamm that the Forests Active Directory Object would permit functionality.
sts
.co
Microsoft 70-640: Practice Exam D. In Active Directory Domains And Forests. The OU should be right-clicked wherever you wish to delegate permissions and select Delegate Control. Answer: C Explanation: In the occurrence of you needing to delegate controls, you could use Active Directory Users and Computers, right click the OU where you want to delegate permissions, and select Delegate Control. Section 7, Configure audit policy by using GPOs (11 Questions)
QUESTION NO: 179 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. The CertKiller.com network currently uses three domain controllers named CERTKILLER-DC01, CERTKILLER-DC02 and CERTKILLER-DC03 configured as file servers. During the course of the day you receive instruction from CertKiller.com to install the KingSales application on the file servers. You later installed the KingSales application and one of the file servers shuts down itself. CertKiller.com recently requested that you trace and verify what the problem could be. To comply with CertKiller.com you created a GPO named Report which requires changing the domain security settings to trace the shutdown to identify the cause. What should you do?
A. You should consider having the Report GPO linked to the domain. You should then have the Audit Object Access option enabled. B. You should consider having the Report GPO linked to the Domain Controllers. You should then have the Audit Object Access option enabled. C. You should consider having the Report GPO linked to the domain. You should then have the System Events option enabled. D. You should consider having the Report GPO linked to the Domain Controllers. You should then have the Audit Process tracking option enabled. Answer: C Explanation: In order to change the domain security settings to trace the shutdowns and identify the cause of it, you should link the Group Policy Object to the domain and enable System Events option. The system events will track the problem and tell you what is causing the shutdowns. "Pass Any Exam. Any Time." - www.actualtests.com 123
Ac
tua
lTe
sts
.co
QUESTION NO: 180 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com has recently created an organizational unit in the domain named KingServers which contains three computers named CERTKILLER-SR01, CERTKILLER-SR02 and CERTKILLERSR03. During the course of the day you travel to the Paris office to assist the administrator by generating a Group Policy Object (GPO). CertKiller.com has recently requested that you have the created GPO linkes to the KingServers organizational unit. What should you do?
Answer: A
Explanation: In order to monitor the network connections to the servers in security organizational unit, you should start the Audit Logon Events option. The Audit logon event is a security setting that decides whether to audit each instance of a user logging on or off from a computer. Basically, the account logon events are generated on domain controllers to monitor the domain account activity and local account activity on local computers. If you enable both account logon and logon audit policy categories, the domain account logons will generate a logon or log off event on a server or a workstation and they will generate a logon or log off event on the domain controller. So if you start the Audit logon events option, you will be able to monitor the network connections to the servers in security organizational unit.
Ac
tua
A. You should consider having the Audit Logon Events option started to monitor the network connections to the servers. B. You should consider having Audit process tracking option started to monitor the network connections to the servers C. You should consider having Audit Object Access option started to monitor the network connections to the servers D. You should consider having Audit System Events option started to monitor the network connections to the servers
lTe
sts
.co
124
Microsoft 70-640: Practice Exam QUESTION NO: 181 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com has recently acquired twenty portable computers with wireless network cards installed. During the course of the day you receive instruction from CertKiller.com to create an organization unit named Portable with a GPO and configure the user profiles by utilizing the names of approved wireless networks. You later decided to have the GPO linked to the Portable OU. The network users using the portable computers recently reported that they are unable to access wireless networks. What should you do?
Answer: B
QUESTION NO: 182
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com currently makes use of a computer named CERTKILLER-SR01 to store payroll related sensitive documents. During the course of the day you receive instruction from CertKiller.com to configure CERTKILLER-SR01 to have the payroll documents audited to guarantee that no unauthorized users are accessing the sensitive documents.
Ac
tua
A. You should consider having the gpupdate/boot command executed at the command prompt of the portable computers to enforce the group Policy wireless settings B. You should consider having each portable computer connected to the wire network. You should then log off the portable computer and log back on to enforce the group Policy wireless settings. C. You should consider having the gpupdate/target:computer command executed at the command prompt of the portable computers to enforce the group Policy wireless settings. D. You should consider having the Add a neteork command executed. You should then leave the Service Set Identifier (SSID) blank to enforce the group Policy wireless settings.
lTe
sts
.co
125
Microsoft 70-640: Practice Exam What should you do? A. You should consider having Privilege use utilized. B. You should consider having Object tracking utilized. C. You should consider having Process access utilized. D. You should consider having Policy change utilized. Answer: B Explanation: To audit documents (objects) the auditing on object access needs to be enabled thereafter you can audit successes or failures.
QUESTION NO: 183 You are employed as the enterprise administrator at CertKiller.com. The company runs Windows Server 2008 on all the servers on the network. The CertKiller domain contains 8 file servers that have computer accounts in the KingServers OU. There is a GPO named CKserverConfig is linked to KingServers. Four of the servers contain a folder named KingData1. Due to company growth CertKiller hired part time users to assist with the workload. You need to ensure that the users are unable to access KingData1. You thus configure the permissions on KingData1 to prohibit the users from accessing it. You want to audit any attempts by the users to open or manipulate the folder. What should you do? A. Add the audit entries to KingData1 to a failed Full Control access. B. Add the audit entries to KingData1 in order to audit successful Full Control access. C. Evaluate the entries in the Security logs on the domain controllers. D. Define the Audit Object Access policy in CKserverConfig. E. Define the Audit Object Access policy in the Default Domain Controllers GPO. F. Evaluate the entries in the Security logs on every file server. G. Define the Audit Directory Service Access policy in CKserverConfig. Answer: A,D,F Explanation: You need to configure the auditing entries on the Confidential Data folder. When you audit failures to Full Control access it will create audit events for any failed type of access. Object Access auditing should be enabled on file servers. The Server Configuration GPO will then be scoped in order to apply to all file servers. In the security logs of every file server the file system access events will appear.
Ac
tua
lTe
sts
.co
126
Microsoft 70-640: Practice Exam The scenario states that permissions were configured to not allow users access. There will thus be no successful attempts to audit. File system access events will be logged on the file servers and not the domain controllers. You have to apply the audit policy setting to the file servers and not the domain controllers. The Directory Service Access audit policy relates to modifications to objects in AD not a folder on a disk subsystem. Reference : Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
What should you do? (Choose all that apply.) A. You should ensure that the file servers are added to the auditing tab on all the shared folders of the four file servers. Thereafter the Failed Full control setting should be configured in the Auditing Entry dialog box. B. You should ensure that PartTimeUsers is added to the Auditing tab on all the shared folders of the four file servers. Thereafter the Failed Full control setting should be configured in the Auditing Entry dialog box. C. You should ensure that a GPO is created and linked to CKSecure. Thereafter the Audit object access Failure audit policy setting should be configured. D. You should ensure that a GPO is created and linked to CKSecure. Thereafter the Audit privilege use Failure audit policy setting should be configured.
Ac
tua
To prevent unauthorized users of accessing these file servers you decide to place them in an organizational unit (OU). This OU is named CKSecure. A new CertKiller.com security policy requires that any attempts by contractual workers to access the confidential information needs to be recorded. You need to identify a way to accomplish this.
lTe
Due to company growth CertKiller employs contractual workers to ease the work load. The contractual employees are members of a global group named PartTimeUsers. There are four file servers on the network that is configured to run Windows server 2008. These servers hold the confidential information of the company in shared folders.
sts
.co
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com.
QUESTION NO: 184
127
Microsoft 70-640: Practice Exam Answer: B,C
QUESTION NO: 185 You are employed as a network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. The CertKiller.com network contains an organizational unit (OU) named Sales. A number of file servers is locates in Sales. Sales contain a folder named Financials. The financial data on the file servers is located on Financials. You decide to create a GPO to determine which users access the financial data on the servers in Sales. What should you do?
Answer: C
QUESTION NO: 186 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from CertKiller.com to configure a GPO named Anti-Virus which ensure that Anti-Virus software are installed on all client computers in "Pass Any Exam. Any Time." - www.actualtests.com 128
Ac
A. Your first step should be to ensure that the Audit object access option is enabled. Then the newly created GPO should be linked to the domain. Thereafter Auditing for the Authenticated Users group in Financials should be configured on the domain controllers. B. Your first step should be to ensure that the Audit process tracking option is enabled. Then the newly created GPO should be linked to the Domain Controllers OU. Thereafter Auditing for the Authenticated Users group in Financials should be configured on the file servers. C. Your first step should be to ensure that the Audit object access option is enabled. Then the newly created GPO should be linked to Sales. Thereafter Auditing for the Everyone group in Financials should be configured on the file servers. D. Your first step should be to ensure that the Audit process tracking option is enabled. Then the newly created GPO should be linked to Sales. Thereafter Auditing for the Everyone group in Financials should be configured on the file servers.
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam both offices. A newly appointed trainee named Mia Hamm in the Paris office asked you if this was possible if you are granted full access to the computers and Active Directory. What should you do? A. You should inform Mia Hamm that a GPO should be created with required settings and linked to all organizational units which have computer accounts. You should then have the options to assign the applications set to the workstations. B. You should inform Mia Hamm that the C. You should inform Mia Hamm that this process would not be possible. D. You should inform Mia Hamm that a GPO should be configured at the domain level. You should then have the application published to the workstations. Answer: C Explanation: The scenario states that management wants the application to be installed on all the workstations. You are not able to use a group policy to install software on domain controllers. You are not able to use a group policy to install software on domain controllers and neither can it be used to publish applications to workstations. Management has excluded domain controllers from the request in this scenario. Reference : Syngress.The.Real.MCTS.MCITP.Exam.70-648.Prep.Kit.Mar.2008
QUESTION NO: 187
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com has recently acquired a new UNIX administrator in the Paris office. During the course of the day the UNIX administrator in the Paris office requested that have the password history setting increased in the London office. What would your reply be? A. You should inform the UNIX administrator in the Paris office that there is no maximum setting and that he should supply you with a specific number. B. You should inform the UNIX administrator in the Paris office that the Enforce password history setting will be increased to 24. "Pass Any Exam. Any Time." - www.actualtests.com 129
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam C. You should inform the UNIX administrator in the Paris office that the default setting is the maximum. D. You should inform the UNIX administrator in the Paris office that the Enforce password history setting will be increased to 48. Answer: C Explanation: As soon as you install Active Directory the default value for the Enforce password history setting is set to the maximum. The maximum number is 24. Reference : Syngress.The.Real.MCTS.MCITP.Exam.70-648.Prep.Kit.Mar.2008
QUESTION NO: 188 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista, CertKiller.com has recently deployed the KingSales application to client computer on the Paris office by assigning the application to workstations in the Paris office organizational unit. During the course of the day whilst performing routine maintenance you discover that the KingSales application failed to install on some client computers in the Paris office. You later verified that that the KingSales application installed on some client computers. CertKiller.com wants you to ensure that the KingSales application is installed on all client computers in the Paris office. What should you do?
A. You should consider having a forced removal of the KingSales application performed. B. You should consider having the MSI file deleted and re-create the KingSales deployment object in Group Policy. C. You should consider having the MSI file modified and redeploy the KingSales application. D. You should consider having each client computer manually troubleshoot to identify the error. Answer: C Explanation: As soon as a deployment fails and the installation is left in an inconsistent state you need to fix the redeployed software. Incorrect Answers: A: The forced removal of the software that was partially installed will not be effective. B: When you delete the deployment package in the Active Directory it will leave you with no ability "Pass Any Exam. Any Time." - www.actualtests.com 130
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam to manage the failed installation. D: Ultimately it would be necessary for you to troubleshoot every computer but the first thing you should attempt is redeployment.Reference: Syngress.The.Real.MCTS.MCITP.Exam.70648.Prep.Kit.Mar.2008
QUESTION NO: 189 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. CertKiller.com has its headquarters located in London and branch office located in Paris. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. CertKiller.com has recently approached you about their concerns about the possible weaknesses of password security on the CertKiller.com network. During the course of the day you receive instruction from CertKiller.com to ensure that the network users change their passwords every 26 days whilst having twelve passwords per annum by modifying the Default Domain Policy. What should you do? (Choose two)
Answer: C,D
Explanation: When you set the Maximum password age option to 28 users will have to change their password every 28 days. When you set the Minimum password age option to 14 will prohibit the users from changing their passwords until 14 days after the last password change. Incorrect Answers: A: When you set Enforce password history option to 10 in conjunction with the Maximum password age option and the Minimum password age option will ensure that users are able to use five unique passwords per year. B: Disabling the Password must meet complexity requirements option will have no effect on the amount of times the users need to change their passwords or the numerous passwords the system has to remember.Reference: Syngress.The.Real.MCTS.MCITP.Exam.70648.Prep.Kit.Mar.2008
QUESTION NO: 190
Ac
tua
lTe
A. You should consider having the Enforce password history option set to 10. B. You should consider having the Password must meet complexity requirements option disabled. C. You should consider having the Minimum password age option set to 14. D. You should consider having the Maximum password age option set to 26
sts
.co
131
Microsoft 70-640: Practice Exam You are a newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. The client computers at CertKiller.com run Windows Vista Ultimate. CertKiller.com is making use of Windows Cardspace. However, you want to use Windows Cardspace on your system at home that is running Windows Vista Ultimate, to make your work easy. You need to create a backup copy of Windows Cardspace cards. What should you do? A. The best option is to use your administrator account and copy \Windows\ServiceProfiles folder to your USB drive. B. The best option is to backup the data on your USB drive by using the Windows Cardspace application. C. The best option is to use a backup status from Backup \Windows\Globalization folder and save the folder on your USB drive. D. The best option is to use the backup status tool on your USB drive and back up the system state data. E. The best option is to reformat the C: Drive Answer: B
You can also use Windows CardSpace to backup cards data to a storage medium. You should not backup the system state data by using backup status tool on your USB drive. It is not related to the scenario mentioned above. You should not backup \Windows\Globalization folder by using backup status and save the folder on your USB drive because backup status will not be able to backup the data on to any storage device .
QUESTION NO: 191 You are working as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. "Pass Any Exam. Any Time." - www.actualtests.com 132
Ac
tua
Explanation: You need to use the Windows Cardspace application to backup the data on your USB drive. Windows Cardspace creates relationships with website and online services. Windows CardSpace provides a unique way for sites to request information from you to review the identity of a site to manage your information by using information cards to review card information before you send it.
lTe
sts
.co
Microsoft 70-640: Practice Exam An Organizational unit (OU), on a domain controller, was by mistake deleted by a junior enterprise administrator. The best option for you is to use a non-authoritative restore before an authoritative restore of the OU. You need to perform a non-authoritative restore of Active Directory Domain Services (AD DS) without disrupting the other data stored on domain controller. What should you do? A. The best option is to backup of all the volumes. B. The best option is to use a Critical volume backup. C. The best option is to backup of the volume that hosts Operating system. D. The best option is to backup of AD DS folders. Answer: B Explanation: If you do not want to disrupt the data stored on domain controller, you need to use a critical volume backup to perform non-authoritative restore of AD DS. You must first complete a non-authoritative restore before performing an authoritative restore of AD DS. You must ensure that the replication does not occur after non-authoritative restore. You must do a critical-volume backup before you perform a non-authoritative restore. To prevent the replication from occurring after the non-authoritative and to perform the authoritative restore portion of the operation, you must restart the domain controller in Directory Services Restore Mode and perform the authoritative restore at the domain controller that you are restoring. You should start the domain controller normally after performing the authoritative restore of AD DS. You should also synchronize replication with all replication partners.
QUESTION NO: 192 DRAG DROP
CertKiller.com has an Active Directory forest containing a single domain. The domain operates Windows Server 2008. A new administrator accidentally deletes an entire organizational unit in the Active Directory database that hosts 6000 objects. You have backed up the system state data using third-party backup software. To restore backup, you start the domain controller in the Directory Services Restore Mode (DSRM). You need to perform an authoritative restore of the organizational unit and restore the domain controller to its original state. Which three actions should you perform? The answer should be in a sequence. Drag and drop the appropriate action into the sequential order.
Ac
tua
lTe
sts
.co
133
Answer:
Ac
Explanation:
tua
lTe
sts
.co
134
Microsoft 70-640: Practice Exam When an authoritative restore needs to be performed for Active Directory objects, you need to perform a non-authoritative restore first. Then without restarting the domain controller, you should use the ntdsutil authoritative restore command to mark the objects to be restored as authoritative. You can then restart the domain controller normally and perform additional tasks as needed. Therefore the sequence of steps should be: Perform a restore of system state data to time before the organizational unit was deleted Run Ntdslutil utility Start Domain Controller Service in Services (local) Microsoft Management Console (MMC)
Reference : How to Restore Windows Server 2003 Active Directory http://www.petri.co.il/restore-windows-server-2003-active-directory.htm Reference : Performing an Authoritative Restore of Deleted AD DS Objects http://technet2.microsoft.com/windowsserver2008/en/library/f4e9ee21-ee35-4650-acca798555c0c32c1033.mspx?mfr=true CertKiller.com contains a domain controller named CERTKILLER-DC01 that is regularly backed up via the network by using a dedicated backup server that runs the Windows Server 2003 operating system. You have received instructions from the CIO to prepare CERTKILLER-DC01 for disaster recovery. However, if you want to back up the system state data for the data controller, the backup utility does not want to run. You need to back up the system state from CERTKILLER-DC01. What should you do? The best option is to add your user account to the local Backup Operators group The best option is to use the Server Manager feature and install the Windows Server backup feature. The best option is to use the Server Manager feature and install the Removable Storage Manager feature. The best option is to deactivating the backup job that is configured to backup CERTKILLER-DC01 on the Windows 2003 server.
You need to use the Server Manager feature and install the Windows Server backup feature. With this you can backup system state data from CERTKILLER-DC01. the Windows Server Backup is not there by default, you need to install it. You must install it by using the Add Features option in Server Manager. Reference : What's New in AD DS Backup and Recovery? http://technet2.microsoft.com/windowsserver2008/en/library/67f18955-c504-4d63-9f849b8c25d428e81033.mspx?mfr=true
QUESTION NO: 193
Ac
tua
lTe
sts
.co
135
Microsoft 70-640: Practice Exam You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest that contains a single domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a file server named CERTKILLER-SR10 that has four hard disks, configured as basic disks. You have received instructions from management to configure Redundant Array of Independent Disks (RAID) 0 +1 on CERTKILLER-SR10. What should you do? A. The best option is to use Diskpart.exe to convert basic disks to dynamic disks. B. The best option is to use Chkdsk.exe to convert basic disks to dynamic disks. C. The best option is to use Fsutil.exe to convert basic disks to dynamic disks. D. The best option is to use Fdisk.exe to convert basic disks to dynamic disks. Answer: A
Reference : Managing and Troubleshooting Desktop Storage / Basic Disks http://www.informit.com/articles/article.aspx?p=332154
QUESTION NO: 194
CertKiller.com contains a domain controller named CERTKILLER-DC01. One of your job functions at CertKiller.com encompasses managing CERTKILLER-DC01. During the course of the business day you receive an instruction from management to have the Directory Services Recovery Mode (DSRM) password on CERTKILLER-DC01 reset. You thus need to identify the appropriate tool that will accomplish this. What should you do? A. The best option is to use the Active Directory Security for Computers snap-in. B. The best option is to use the ntdsutil utility. C. The best option is to use the Netsh utility. D. The best option is to use the Domain Controller security snap-in. "Pass Any Exam. Any Time." - www.actualtests.com 136
Ac
You are working as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest that contains a single domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008.
tua
lTe
sts
.co
Explanation: To convert basic disks to dynamic disks on CERTKILLER-SR10, you need to use Diskpart.exe utility.
Microsoft 70-640: Practice Exam Answer: B Explanation: You should use the ntdsutil utility to reset the DSRM password. You can use Ntdsutil.exe to reset this password for the server on which you are working, or for another domain controller in the domain. Type ntdsutil and at the ntdsutil command prompt, type set dsrm password. Reference: http://support.microsoft.com/kb/322672
QUESTION NO: 195 You are working as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest that contains a single domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a domain controller named CERTKILLER-DC02 that is also a backup server. It has a 500 GB hard disk that contains three partitions. A new CertKiller.com policy required that the domain controller should be backed up every day. However, due to hard disk failure, you replaced the hard disk with the same partitions and capacity. After installing the media, you choose the repair your computer option. You need to restore the operating system and all the other files.
QUESTION NO: 196 You are working as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest that contains a single domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. You have received instructions from the CIO to perform an authoritative restore the entire Active Directory database. What should you do? A. The best option is to restore active directory. B. The best option is to restore database.
Ac
Answer: D
tua
A. The best option is to do the startup repair. B. The best option is to run the System Restore. C. The best option is to do the Disk defragment. D. The best option is to run the webadmin utility.
lTe
What should you do?
sts
.co
137
Microsoft 70-640: Practice Exam C. The best option is to restore subtree. D. The best option is to restore all. Answer: B Explanation: The restore database command directs the ntdsutil application to execute an authoritative restore of the whole Active Directory database.
QUESTION NO: 197 You are working as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest that contains a single domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. You have accidentally altered a user's group settings. You need to restore the default settings. What should you do?
Answer: A
QUESTION NO: 198
You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest that contains a single domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a domain controller named CERTKILLER-DC01. You have just completed the backup of the system state on CERTKILLER-DC01. However, a few days after the backup, you have received instructions from the CIO to restore the system state. What should you do?
Ac
tua
Explanation: The Microsoft Windows Server 2008 auditing feature allows you to view the new and the old values of the object and its characteristics. Once you have viewed the old values it is possible restore them.
lTe
sts
A. The best option is to perform auditing. B. The best option is to restore tapes. C. The best option is to use a recovery disk. D. The best option is to enter safe mode and then restore from tape.
.co
138
Microsoft 70-640: Practice Exam A. The best option is to log on to CERTKILLER-DC01 and run wbadmin.exe to restore the system state. B. The best option is to first stop the Active Directory Domain Services and run the wbadmin.exe to restore system state. C. The best option is to restart CERTKILLER-DC01 and go into DSRM and run wbadmin exe to execute the system state restore. D. The best option is to use the Windows Server Backup Wizard and restore system state. Answer: C Explanation: You must be in DSRM to recover the system state of CERTKILLER-DC01. To use the wbadmin.exe command, you must be in DSRM. Incorrect Answers: A: You cannot restore CERTKILLER-DC01 in normal mode. B: If you stop the AD DS, it will not allow you to restore the system state. D: The Windows Server Backup Wizard does not specifically restore the system state.Reference: MCTS Self-Paced Training Kit (Exam 70 640): Configuring Windows Server 2008 eBook
QUESTION NO: 199
What should you do?
A. The best option is to use the Windows Server Backup Wizard and choose the System State Backup and set your target to DVD. B. The best option is to use the wbadmin.exe with the start systemstatebackup command and then target it to the DVD drive. C. The best option is to use the Windows Server Backup Wizard and choose a local drive as the target and copy the system state backup to the DVD drive. D. The best option is to use the wbadmin.exe with the start systemstatebackup command. You should also set the target to the local fixed drive and copy the system state backup to a DVD. Answer: D Explanation: If you run the wbadmin.exe, it will allow you to run the system state backups. However, you need to target the local drives. To make a DVD backup, you need to manually copy the system state "Pass Any Exam. Any Time." - www.actualtests.com 139
Ac
tua
You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest that contains a single domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a domain controller named CERTKILLER-DC02. You have received instruction from the CIO to backup CERTKILLER-DC02 to a DVD.
lTe
sts
.co
Microsoft 70-640: Practice Exam backup to the DVD drive. Incorrect Answers: A: You need to user the wbadmin.exe command, not the Windows Server Backup. B: You need to target a local drive. C: You need to user the wbadmin.exe command, not the Windows Server Backup.Reference: MCTS Self-Paced Training Kit (Exam 70 640): Configuring Windows Server 2008 eBook
QUESTION NO: 200 You are working as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest that contains a single domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a domain controller named CERTKILLER-DC03. During a routine monitoring you notice that Active Directory database file on CERTKILLER-DC03 is corrupt. Yu then plan to use the non-authoritative restore on CERTKILLER-DC03 and reboot a server into DSRM to log onto as the domain administrator. However, it does not allow you to log on. You need to backup CERTKILLER-DC03 as quick as possible. What should you do?
Answer: C
Explanation: You need to use the DSRM administrators account and password to log on. You should then use the DCPROMO wizard and convert the server into a domain controller. Incorrect Answers: A: The local administrator account does not exist on a domain controller. B: You should use the DSRM account. You cannot use the Domain admin accounts to log on to the server in the DSRM mode. D: You should use the DSRM account. You cannot use the Domain admin accounts to log on to the server in the DSRM mode.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit Independent and Complete Self-Paced Solutions
Ac
tua
A. The best option is use the local administrators account to log on to the server. B. The best option is use another user's domain administrator's account to log on to the server. C. The best option is use the DSRM administrators account and password to log on. D. The best option is change the domain administrator's password from another domain controller and log on using the account with the new password.
lTe
sts
.co
140
Microsoft 70-640: Practice Exam QUESTION NO: 201 You are working as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest that contains a single domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Due to unforeseen circumstances a technician accidentally deleted a user account. Furthermore the error has replicated to the other domain controllers. You have received instructions from the CIO to retrieve the user account. What should you do? A. The best option is to restart the domain controller into DSRM and restore the system state. You should then do an authoritative restore of the user account from the most recent backup by running the wbadmin.exe command. B. The best option is to stop the Active Directory Domain Services on the domain controller in normal mode and load the Windows Server Backup and restore system state. Thereafter, run a non-authoritative restore of the user account. C. The best option is to restart the domain controller into DSRM and restore the system state. You should then do a non-authoritative restore of the user account from the most recent backup by running the wbadmin.exe command. D. The best option is to stop the Active Directory Domain Services on the domain controller in normal mode and load the Windows Server Backup and restore system state. Thereafter, run an authoritative restore of the user account. Answer: A
Explanation: You should run an authoritative restore of the user account from the most recent backup by running the wbadmin.exe command. This will also prevent it from being overwritten by directory replication. Incorrect Answers: B: You cannot use the Windows Server Backup to execute an authoritative restore via the GUI. C: The non-authoritative restore will bring back the user account. But if directory replication took place, it will be deleted. D: You cannot use the Windows Server Backup to execute an authoritative restore via the GUI.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
QUESTION NO: 202 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. "Pass Any Exam. Any Time." - www.actualtests.com 141
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam The Finance department of CertKiller.com contains an organizational unit named King Finance. In turn, King Finance contains a separate OU for CKWorkstations, CKGroups and CKClients. At present KingFinance is backed up every evening. During routine monitoring you discover that a newly appointed administrator deleted CKGroups. You receive an instruction from the CIO to ensure that the organizational unit is restored without affecting CKClients and CKWorkstations. What should you do? A. Your best option would be to execute a non-authoritative restore of CKGroups. B. Your best option would be to execute a non-authoritative restore of KingFinance. C. Your best option would be to execute an authoritative restore of KingFinance. D. Your best option would be to execute an authoritative restore of CKGroups. Answer: D
What should you reply?
A. You should tell management that the Wbadminenable backup -addtarget:R: /quiet command will allow you to create a full backup of all system state data to the DVD. B. You should tell management that the Wbadminenable backup addtarget:C: /quiet command will allow you to create a full backup of all system state data to the DVD. C. You should tell management that the Wbadminstart backup allCritical backuptarget:C: /quiet command will allow you to create a full backup of all system state data to the DVD. D. You should tell management that the Wbadminstart backup allCritical backuptarget:E: /quiet command will allow you to create a full backup of all system state data to the DVD. Answer: D Explanation:
Ac
tua
CertKiller.com contains a server that has the Windows Backup and Restore utility installed. However, the CertKiller.com management wants to know which of the following command can be used to create a full backup of all system state data to the DVD drive (E: drive).
lTe
sts
QUESTION NO: 203
.co
142
Microsoft 70-640: Practice Exam You need to run the Wbadmin start backup allCritical backuptarget :E : /quiet command to create a full backup of all system state data to the DVD drive. Furthermore the Wbadmin will allow you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt. Incorrect Answers: A: Wbadmin start backup runs a one-time backup. If you are not using any parameters, it will use the settings from the daily backup schedule. B: The allCritical includes all critical volumes that contain operating system's state. You can use it when -backupTarget is specified. Here the backupTarget is DVD drive (E: drive) on the server, so you need to specify backuptarget:E: C: /quiet runs the subcommand without any prompts to the userReference: Wbadmin start backuphttp://technet2.microsoft.com/windowsserver2008/en/library/4b0b3f32-d21f-4861-84bbb2eadbf1e7b81033.mspx?mfr=true
QUESTION NO: 204
What should you do?
A. The best option is to open the Computer Management and click on Sessions under the Shared Folders node. B. The best option is to open the Computer Management and click on Open Files under the Shared Folders node in. C. The best option is to run vssadmin.exe query reverts on the command prompt. D. The best option is to run shadow.exe /v on the command prompt. Answer: C Explanation: You need to run the vssadmin.exe query reverts from the command prompt. This will show the progress of the restoration. Reference : Rapid Recovery with the Volume Shadow Copy Service / Command-Line Management "Pass Any Exam. Any Time." - www.actualtests.com 143
Ac
tua
lTe
CertKiller.com contains a file server named CERTKILLER-SR12 that contains critical files, which can be accessed by using the Previous Versions tab. However, while you were restoring the critical files, management wants to know the progress of the restoration. You need to view the progress of the restoration.
sts
.co
Microsoft 70-640: Practice Exam http://technet.microsoft.com/en-us/magazine/cc196308.aspx
QUESTION NO: 205 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a member server named CERTKILLER-SR10 that contains the Fin_Records folder on the D: drive. The latest backup that was run was on 02/28/2009-10:00. However, due to unforeseen circumstances the folder, Fin_Records was corrupted. You need to restore Fin_Records without affecting other folders on CERTKILLER-SR10. What should you do?
Answer: A
Reference : Wbadmin start recovery http://technet2.microsoft.com/windowsserver2008/en/library/52381316-a0fa-459f-b6a601e31fb216121033.mspx?mfr=true
QUESTION NO: 206 You work as an enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a server which has the Windows Server Virtualization role service installed. You need to merge a parent disk and a differencing disk to maximize the storage capacity. "Pass Any Exam. Any Time." - www.actualtests.com 144
Ac
Explanation: You need to run the Wbadmin start recovery -version: 02/28/2009-10:00 - itemType :File - items:d :\ Fin_Records -overwrite -recursive -quiet command. This will restore Fin_Records without affecting the other folders. The 2/28/2009-10:00 specifies the version identifier of the backup to recover. The - itemtype :File specifies type of items to recover.
tua
lTe
A. The best option is to run the Wbadmin start recovery -version: 02/28/2009-10:00 -itemType:File -items:d:\Fin_Records -overwrite -recursive -quiet command. B. The best option is to run the Wbadmin start recovery -backuptarget:D: -version: 02/28/200910:00-overwrite -quiet command. C. The best option is to run the Recover d:\ Fin_Records command. D. The best option is to run the Wbadmin restore catalog -backuptarget:D: -version: 02/28/200910:00-quiet command.
sts
.co
Microsoft 70-640: Practice Exam What should you do? A. The best option is to edit the differencing disk. B. The best option is to edit parent disk. C. The best option is to configure the Merge settings on differencing disk. D. The best option is to configure the Merge settings on Parent disk. Answer: A Explanation: You need to merge a parent disk and a differencing disk by editing the differencing disk. Doing this will allow you to maximize the storage capacity. A differencing disk is a child and it can be merged with the parent disk.
Section 2, Perform offline maintenance (5 Questions)
CertKiller.com contains a domain controller named CERTKILLER-DC01 that runs mission critical services in the network. You are busy with the Restructuring of organizational unit domain hierarchy and the deleting of unnecessary objects. However, you have received instructions from the CIO to do an Offline de-fragmentation of the active directory database without disrupting the mission critical services. What should you do? A. The best option is to start CERTKILLER-DC01 in the Directory Services restore mode and run the defrag utility. B. The best option is to start CERTKILLER-DC01 in the Directory Services restore mode and run the Ntdsutil utility C. The best option is to stop the Domain controller service in the Services MMC and run the Ntdsutil utility D. The best option is to stop the Domain controller service in the Services MMC and run the Defrag utility. "Pass Any Exam. Any Time." - www.actualtests.com 145
Ac
tua
You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008.
lTe
QUESTION NO: 207
sts
.co
Reference: http://technet2.microsoft.com/windowsserver/en/library/d9ef5bd9-6ca2-488b-a960f3f8ecd6ecc51033.mspx?mfr=true
Microsoft 70-640: Practice Exam Answer: C Explanation: You need to stop the Domain Controller service in the Microsoft Management Console (MMC) and then run the Ntdsutil tool. With this you can do offline defragmentation of the Active Directory database on CERTKILLER-DC01. Furthermore, the other mission critical services can continue running. You can use the restart feature of AD DS to stop AD DS so that you can perform the defragmentation of Active Directory objects. Reference : Superior Identity Management Features in Windows Server 2008 Enterprise and Windows Server 2008 Datacenter / Directory Services: Active Directory Domain Services http://download.microsoft.com/download/8/2/f/82fa3808-7168-46f1-a07bf1a7c9cb4e85/WS08%20Identity%20Management%20Features%20White%20Paper_FINAL.doc
QUESTION NO: 208
A. The best option is to start the Active Directory Domain Services on CERTKILLER-DC02. B. The best option is to disconnect CERTKILLER-DC02 from the network and start the Windows update feature. C. The best option is to stop the Active Directory domain services and install the updates. Thereafter you should start the Active Directory domain services after installing the updates. D. The best option is to stop the Active Directory domain services and install updates. Thereafter you should disconnect from the network and then reconnect again. Answer: C Explanation: If you want to do offline critical updates without restarting the domain controller, you need to stop the Active Directory domain services and install the updates. Start the Active Directory domain services after installing the updates. If you stop the Active Directory domain services, you do not need to restart the domain controller.
Ac
tua
What should you do?
lTe
CertKiller.com contains a domain controller named CERTKILLER-DC02 that runs the Active Directory services. You have received instructions from management to perform critical updates without restarting the domain controller.
sts
.co
146
Microsoft 70-640: Practice Exam QUESTION NO: 209 You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a two-node Microsoft failover cluster named CK_Hgh that has the DHCP service installed on it. The nodes as named as follows: CK_ND1 and CK_ND2. The specs on CK_Hgh are as follows:A physical shared disk of 400 GB capacity.A 200GB single volume is configured on the shared disk. You are planning to host the Windows Internet Naming Service (WINS) on CK_ND1 and the DHCP and WINS services on CK_ND2. You then create the WINS service group on cluster existing on CK_ND1, by using the High Availability Wizard. However, the High Availability Wizard showed an error that there are no disks available. You need to configure storage volumes on CK_ND1 to add the WINS Service group to CK_ND1. What should you do?
Answer: B
Explanation: You need to add a new physical shared disk to the CK_ND1 cluster and configure a new volume on it. Doing this you can configure storage volumes on CKMFON1. you should also use the volume to fix the error in the wizard. Reference : No disks found http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2964971&SiteID=17
QUESTION NO: 210
Ac
A. The best option is to backup the data on the single volume on CK_ND1 and set up the disk with GUID partition table and create two volumes. Thereafter you should restore the backed up data on one of the volumes and use the other for WINS service group. B. The best option is to add a new physical shared disk to the CK_ND1 cluster and configure a new volume on it. You should then use the volume to fix the error in the wizard. C. The best option is to add new physical shared disks to CK_ND1 and CK_ND2. You should then set up the volumes on these disks and direct CK_ND1 to use CK_ND2 volume for the WINS service group. D. The best option is to add and configure a new volume on the existing shared disk which has 400GB of space. You should then use this volume to fix the error in the wizard.
tua
lTe
sts
.co
147
Microsoft 70-640: Practice Exam You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains two servers named CERTKILLER-SR11 and CERTKILLER-SR12. CERTKILLER-SR11 is used to collect all the events. You have also configured the required event subscriptions to collect events from CERTKILLER-SR12 which will be then transferred to CERTKILLER-SR11. However, none of the subscriptions works. You need to configure the event collection and event forwarding. What should you do? (Choose THREE. Each answer forms part of the solution.) A. The best option is to execute the winrm quickconfig command on CERTKILLER-SR12. B. The best option is to execute the wecutil qc command on CERTKILLER-SR12. C. The best option is to add the CERTKILLER-SR11 account to the Administrators group on CERTKILLER-SR12. D. The best option is to execute the winrm quickconfig command on CERTKILLER-SR11. E. The best option is to add the CERTKILLER-SR12 account to the Administrators group on CERTKILLER-SR11. F. The best option is to execute the wecutil qc command on CERTKILLER-SR11. Answer: A,C,F
Explanation: The Normal subscriptions work only in Workgroup environment. So this subscription will not work. You need to add CERTKILLER-SR11 account to the Administrators group on CERTKILLERSR12. This will allow you to configure the event collection and event forwarding on CERTKILLERSR11 and CERTKILLER-SR12. You need use the winrm quickconfig command, because the server is part of the Active Directory (AD). To set up the source system to accept WSManagement requests from other systems you need to type y followed with Enter to make the modifications. You need to repeat the WinRM command to control bandwidth usage or latency of the event forwarding process. You should also use the wecutil qc command and use the y followed with Enter to make the changes. This will configure the Windows Event Collector service to delayed autostart and start the service. Reference : Collect Vista Events http://www.prismmicrosys.com/newsletters_june2007.php
QUESTION NO: 211 You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the "Pass Any Exam. Any Time." - www.actualtests.com 148
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam CertKiller.com network run Windows Server 2008. CertKiller.com has its headquarters in Chicago and a branch office in Dallas. The Dallas branch office contains three server named CERTKILLER-SR11, CERTKILLER-SR12 and CERTKILLERSR13 that is running a Server Core installation of Windows Server 2008. You have received instructions from the CIO to configure the Event Logs subscription on CERTKILLER-SR11 to monitor CERTKILLER-SR12 and CERTKILLER-SR13. What should you do? (Choose TWO. Each answers forms part of the solution) A. The best option is to run the wecutil cs subscription.xml command on CERTKILLER-SR11. B. The best option is to create an event collector subscription configuration file called subscription.xml on CERTKILLER-SR11. C. The best option is to create a custom view and export the custom view to subscription.xml file, by using the Event Viewer on CERTKILLER-SR11. D. The best option is to run the wevtutil im subscription.xml command on CERTKILLER-SR11. Answer: A,B
Section 3, Configure custom application directory partitions (12 Questions)
QUESTION NO: 212 You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory forest that contains a single domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com is in need of a distributed application that employs a custom application. You need to use a tool so that the application replicate data. "Pass Any Exam. Any Time." - www.actualtests.com 149
Ac
Reference : Wecutil http://technet2.microsoft.com/windowsserver2008/en/library/0c82a6cb-d652-429c-9c3d0f568c78d54b1033.mspx?mfr=true
tua
Explanation: You need to create an event collector subscription configuration file and name the file subscription.xml. this will allow you to configure a subscription on CERTKILLER-SR11. You need to then run the wecutil cs subscription.xml command on CERTKILLER-SR11. The wecutil cs subscription.xml command will allow you to create and manage subscriptions to events that are forwarded from remote computers, which support WS-Management protocol. Furthermore the wecutil cs subscription.xml command will create a subscription to forward events from a Windows Vista Application event log of a remote computer at CertKiller.com to the ForwardedEvents log
lTe
sts
.co
Microsoft 70-640: Practice Exam What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to use the Dnscmd tool. B. The best option is to use the Ipconfig tool. C. The best option is to use the Ntdsutil tool. D. The best option is to use the Dnsutil tool. Answer: A,C Explanation: You need to use the Dnscmd and Ntdsutil tools to implement the application for data replication. The dnscmd command displays and changes the properties of DNS servers, zones and resource records. Ntdsutil tool is a command-line utility that offers management facilities for Active Directory.
QUESTION NO: 213
A. The best option is to use Dnscmd.exe. B. The best option is to use Repadmin.exe. C. The best option is to use Ntdsutil.exe. D. The best option is to use Dcpromo.exe. Answer: C Explanation: You need to use the Ntdsutil.exe tool to add replica for the CK_Market application directory partition to the domain controller at Miami . The Ntdsutil tool is a command-line utility that offers management facilities for Active Directory.
Ac
What should you do?
tua
CertKiller.com has its headquarters in Chicago and a branch office in Miami. CertKiller.com consists of a Marketing department. The CertKiller.com users need space to store data for an application named CK_Market. To accommodate it, you create an application directory partition. You have received instructions from management to add a replica of CK_Market application directory partition to the domain controller in Miami.
lTe
sts
.co
150
Microsoft 70-640: Practice Exam QUESTION NO: 214 You are the newly appointed network administrator at CertKiller.com. The CertKiller.com network consists of an Active Directory forest with five named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. CertKiller.com has 4 sites. You notice that the company requires a new distributed application that uses a custom application directory partition named ResData for data replication. The application is installed on one member server in the four sites. You need to configure the four member servers to receive the ResData application directory partition for data replication. What should you do? A. Run the Dcpromo utility on the five member servers B. Run the Regsvr32 command on the five member servers C. Run the Webadmin command on the five member servers D. Run the RacAgent utility on the five member servers Answer: A
QUESTION NO: 215 You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com is in need of a new distributed application that uses a custom application directory partition named CK_Data. You have received instructions from the CIO to employ the CK_Data for data replication. What should you do? "Pass Any Exam. Any Time." - www.actualtests.com 151
Ac
Reference : " Dcpromo " http://technet2.microsoft.com/windowsserver2008/en/library/d660e761-9ee7-4382-822a06fc2365a1d21033.mspx?mfr=true
tua
Explanation: To configure the four member servers to receive the ResData application directory partition for data replication, you need to run the Dcpromo utility on the five member servers. ApplicationPartitionsToReplicate :"" parameter with partition names can be used with Dcpromo to specify the application directory partitions that dcpromo will replicate.
lTe
sts
.co
Microsoft 70-640: Practice Exam A. The best option is to run the Ntdsutil utility. B. The best option is to run the Wbadmin utility. C. The best option is to run the RacAgent utility. D. The best option is to run the Regsvr32 utility. Answer: A,B
QUESTION NO: 216 You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a server named CERTKILLER-SR13 that has the file services role installed. You have installed disks as seen in the following exhibit:
You need to new drive volume to support data stripping with parity. What should you do? A. The best option is to build a new spanned volume by combining Disk0 and Disk1 B. The best option is to create a new Raid-5 volume by adding another disk C. The best option is to create a new virtual volume by combining Disk 1 and Disk 2 D. The best option is to build a new striped volume by combining Disk0 and Disk 2 Answer: B Explanation: To support data stripping with parity, you should create a new Raid-5 volume by adding another disk. By adding another volume, the total number of disk will be four. This way you can easily create data strip and the parity strips. "Pass Any Exam. Any Time." - www.actualtests.com 152
Ac
tua
lTe
sts
.co
QUESTION NO: 217 You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a domain controller, where the Active Directory database is installed on drive D. you have received instructions from the CIO to move the Active Directory database to a new volume. What should you do? A. The best option is to use the Files option in the Ntdsutil utility and move the ntds.dit file to the new volume. B. The best option is to move the ntds.dit file to the new volume, by using Copy Paste function in the Windows Power Shell. C. The best option is to move ntds.dit file to the new volume, by using the XCOPY command. D. The best option is to move ntds.dit file to the new volume, by using the Windows Explorer. Answer: A
Reference: http://technet2.microsoft.com/windowsserver/en/library/af6646aa-2360-46e4-81cad51707bf01eb1033.mspx?mfr=true
QUESTION NO: 218
You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. You have received instructions from the CIO to convert the file system from FAT32 to NTFS. What should you do? (Choose TWO. Each answer forms part of the solution) A. The best option is to run the CONVERT /FS:NTFS from the command prompt. B. The best option is to rerun the Windows Server 2008 Setup and choose to convert the partition to NTFS in the course of the reinstallation. C. The best option is to reboot Windows Server 2008 Setup from the installation CD-ROM and select Rebuild File System.
Ac
tua
lTe
Explanation: The way you move the Active Directory database to a new volume, is to move the ntds.dit file to the new volume by opening the Files option in the ntdsutil utility. Use Ntdsutil.exe to move the database file, the log files, or both to a larger existing partition.
sts
.co
153
Microsoft 70-640: Practice Exam D. The best option is to reboot the system. Answer: A,D Explanation: You need to run the CONVERT command-line utility and then restart the server to convert the system partition to NTFS. The filesystem will be converted in the course of the next boot.
QUESTION NO: 219 You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a server named CERTKILLER-SR15 that has the file server role installed. CERTKILLER-SR15 is used by the network users to store data. You have configured quotas on CERTKILLER-SR15 to manage the space on the server. However, you need to view each user's quota usage on a per folder basis. What should you do?
Answer: D
Explanation: You need to create a Storage Management report from File Server Resource Manager, to view each users quota usage on a per folder basis. The File Server Resource Manager has the following characteristics: Create quotas to limit the space allowed for a volume or folder Generate notifications when the quota limits are approached or exceeded. Allows to generate storage reports instantly, on demand Reference : Using the File Server Resource Manager Component / Managing Storage Resources on a Remote Computer http://technet2.microsoft.com/windowsserver/en/library/3510fd7c-cbfc-4f67-b4fcd7de7c13373b1033.mspx?mfr=true Reference : Introduction to File Server Resource Manager http://technet2.microsoft.com/windowsserver/en/library/3510fd7c-cbfc-4f67-b4fc"Pass Any Exam. Any Time." - www.actualtests.com 154
Ac
tua
A. The best option is to execute the dirquota.exe quota list on the command prompt. B. The best option is to use the File Server Resource Manager and create a File Screen using. C. The best option is to use the properties of each volume to review the Quota Entries list. D. The best option is to use the File Server Resource Manager and create a Storage Management report.
lTe
sts
.co
Microsoft 70-640: Practice Exam d7de7c13373b1033.mspx?mfr=true
QUESTION NO: 220 You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a server named CERTKILLER-SR10 that has the file server role installed. CERTKILLER-SR15 is used by the 150 network users to store data. You have configured quotas on CERTKILLER-SR15 to manage the space on the server. You have also used a new quota template to apply quotas to 150 folders. You need to change the quota settings for all 150 folders by using the least amount of administrative effort. What should you do?
Answer: A
Reference: " About Quota Templates" http://technet2.microsoft.com/windowsserver2008/en/library/31790148-eaf1-4115-8a504ce7a4503d211033.mspx?mfr=true
QUESTION NO: 221 You are the newly appointed enterprise administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. CertKiller.com contains a server named CERTKILLER-SR11 that has the file server role installed. CERTKILLER-SR11 is used by the network users to store data on the shared folder. You do not "Pass Any Exam. Any Time." - www.actualtests.com 155
Ac
Explanation: To comply with the scenario, you need to change the quota template with the new settings that you want for all the 150 folders. If you base your quotas on a template, you can automatically update all quotas that are based on a specific template by editing that template
tua
lTe
A. The best option is to change the quota template. B. The best option is to create a file screen template and apply it to the root of the volume that contains the folders. C. The best option is to remove and create the quota template again. D. The best option is to create a new quota template, apply it to all the folders, and then change the quota for each folder.
sts
.co
Microsoft 70-640: Practice Exam want to deny the users to store their data, even if they exceeds they limit of data storage of 450 MB. However, you want notification when a user exceeds the data limit of 450 MB. What should you do? A. The best option is to create a Passive Screening File Screen. B. The best option is to create an Active Screening File Screen. C. The best option is to create a hard quota. D. The best option is to create a soft quota. Answer: D Explanation: You should use a soft quota. A soft quota does not enforce the quota limit but generates all configured notifications. On the other hand, a hard quota cannot be used because it prevents users from saving files after the space limit is reached.
Ac
CertKiller.com contains a server named CERTKILLER-SR13 that has the file services role installed. You have received instructions from the management to provide redundancy for the data disk drives, which are configured as seen the following exhibit:
tua
lTe
QUESTION NO: 222
sts
.co
Reference : Working with Quotas http://technet2.microsoft.com/windowsserver2008/en/library/fa248320-c5a5-4c40-82371bc22eb8253d1033.mspx?mfr=true
156
Microsoft 70-640: Practice Exam You need to configure the hard disk drives to support RAID 1. What should you do? (Choose TWO. Each answer is a complete solution) A. The best option is to create a group volume by using Disk1 and Disk 0. B. The best option is to create Disk1 and Disk 2 as dynamic drives. C. The best option is to create and configure a striped volume across Disk1 and Disk2. D. The best option is to create a new mirrored volume, by using Disk 1 and Disk 2. Answer: B,D Explanation: You need to create Disk1 and Disk 2 as dynamic drives, or you need to create a new mirrored volume, by using Disk 1 and Disk 2. By this set up you will support Raid1 In data storage, disk mirroring or RAID1 is the replication of logical disk volumes onto separate physical hard disks in real time to ensure continuous availability. A mirrored volume is a complete logical representation of separate volume copies. Reference: technet2.microsoft.com/windowsserver/en/library/28af1c0d-8490-4ab0-8be049e5923c4bae1033.mspx
CertKiller.com consists of a headquarters and numerous branch offices around the region. Each office contains a domain controller. During routine monitoring you discover that the domain controller at your branch is experiencing problems replicating. You need to determine the last time domain controller attempted to execute an inbound replication on the Active Directory partitions. What should you do? A. The best option is to run the repadmin /showrepl command on the domain controller. B. The best option is to run the repadmin /rodcpwdrepl command on the domain controller. C. The best option is to run the repadmin / command on the domain controller. D. The best option is to run the ntdutil command on the domain controller. Answer: A Explanation:
Ac
tua
lTe
QUESTION NO: 223
sts
.co
157
Microsoft 70-640: Practice Exam You should run the repadmin / showrepl command on the domain controller. This command will show you the replication status when a particular domain controller last tried to execute inbound replication on the Active Directory partitions. Incorrect Answers: B: The /rodcpwdrepl switch will trigger the replication of passwords for particular users from a source domain controller to one or more RODC. C: The /replicate switch will trigger immediate replication. It will not provide you with the information when a particular domain controller last tried to execute inbound replication on the Active Directory partitions. D: The ntdsutil utility will not provide you with information about directory replication.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
A. Your subsequent step should be to configure the Online Responder Role Service on a member server. B. Your subsequent step should be to configure the Online Responder Role Service on a domain controller. C. Your subsequent step should be to ensure that the Certification Authority Web Enrollment Role Service is configured on a domain controller after the installation of the AD CS role. D. Your subsequent step should be to ensure that the Certification Authority Web Enrollment Role Service is configured on a member server after the installation of the AD CS role. Answer: D
Ac
What should you do?
tua
CertKiller.com contains a Windows Server 2008 Enterprise Root CA. A new CertKiller.com security policy prohibits port 443 and port 80 from being opened on the domain controllers as well as the giving any certificate authorizations. During the course of the week you receive an instruction from the CIO to ensure that all CertKiller.com users are able to have their certificates requested from the official Web interface. To accomplish this task you thus decide to install the AD CS role.
lTe
sts
CertKiller.com has employed you as a network administrator. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista.
.co
QUESTION NO: 224
158
Microsoft 70-640: Practice Exam QUESTION NO: 225 CertKiller.com has hired you as a systems administrator for their network. The CertKiller.com network consists of a single Active Directory forest named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. You are responsible for managing a stand-alone server named CERTKILLER-SA05. You are in the process of installing the Enterprise certification authority (CA) on CERTKILLER-SA05. You encounter that the Enterprise CA option is not available when you attempt to add the Active Directory Certificate Services (AD CS) role. To ensure productivity within the company you need to ensure that the AD CS role is installed as an Enterprise CA. What should you do? A. Your best option would be to add the DNS Server role. B. Your best option would be to join CERTKILLER-SA05 to the domain. C. Your best option would be to add the Web server (IIS) role as well as AD LDS role. D. Your best option would be to add the Active Directory Certificate Services (AD CS) role. Answer: B
QUESTION NO: 226
You are assigned a Windows Server 2008 server named CERTKILLER-SR05. You are in the process of planning the installation of the Active Directory Certificate Service (AD CS) role on CERTKILLER-SR05. The CertKiller.com network contains a group named Data Operators. You receive an instruction from The CIO to ensure that users in Data Operators are given the appropriate permissions to issue smartcard credentials. These users should not be given the permission to revoke certificates. What should you do? (Choose all that apply.) A. Your best choice would be to have the enrollment agents for the Smartcard logon certificate limited to Data Operators. B. Your best choice would be to have an Enrollment Agent certificate created. C. Your best choice would be to have the certificate managers for the Smartcard logon certificate limited to Data Operators. "Pass Any Exam. Any Time." - www.actualtests.com 159
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam D. Your best choice would be to have the AD CS role installed. Thereafter the AD CS role can be configured as an Enterprise Root CA. E. Your best choice would be to have the AD CS role installed. Thereafter the AD CS role can be configured as a Standalone CA. F. Your best choice would be to have a Smartcard logon certificate created. Answer: A,D,F Explanation: Section 2, Configure CA server settings (9 Question)
QUESTION NO: 227 You are employed as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. You are responsible for managing two servers named CERTKILLER-SR01 and CERTKILLERSR02. CERTKILLER-SR01 has the enterprise root certification authority (CA) installed and CERTKILLER-SR02 the Online Responder role service. You receive an instruction from the CIO to ensure that the Online Responder is supported by CERTKILLER-SR01. What should you do?
A. This can be accomplished by configuring Dual Certificate List extension on CERTKILLER-SR01 and CERTKILLER-SR02. B. This can be accomplished by configuring the CertPublishers group on CERTKILLER-SR01 and CERTKILLER-SR02. C. This can be accomplished by creating a conventional Group Policy Object (GPO) and importing the enterprise root CA certificate. Thereafter the GPO should be linked to CERTKILLER-SR01. D. This can be accomplished by configuring the Authority Information Access (AIA) extension on CERTKILLER-SR01. Answer: D Explanation: In order to configure the online responder role service on CERTKILLER-SR01 you need to configure the AIA extension. The authority information access extension will indicate how to access CA information and services for the issuer of the certificate in which the extension appears. Information and services may include on-line validation services and CA policy data. This extension may be included in subject or CA certificates, and it MUST be non-critical "Pass Any Exam. Any Time." - www.actualtests.com 160
Ac
tua
lTe
sts
.co
QUESTION NO: 228 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You are responsible for managing a server named CERTKILLER-SR01. CERTKILLER-SR01 contains a certificate service that is configured as a stand-alone Certification Authority (CA). A new CertKiller.com policy requires audit modifications has to be configured on the CA configuration setting as well as the CA security settings. What should you do? (Choose all that apply.)
Answer: B,C
QUESTION NO: 229
CertKiller.com has hired you as a systems administrator for their network. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. You need to identify the role that will provide you with the ability to have users registered into the certificate services program as well as permitting the issuing and management of certificate requests. What should you identify? A. You should identify the Certificate Admins role. B. You should identify the Enrollment Admins role. C. You should identify the Enrollment agents' role. D. You should identify the Certificate agents role.
Ac
tua
lTe
A. You should consider opening the Certification services snap-in in order to configure auditing. B. You should consider having auditing configured to write in the %SYSTEM32%\CertSrv directory. C. You should consider having the Audit object Access setting configured and enabled for CERTKILLER-SR01. D. You should consider configuring CERTKILLER-SR01 to log successful as well as failed attempts to permissions on files in %SYSTEM32%\CertSrv directory.
sts
.co
161
Microsoft 70-640: Practice Exam Answer: C Explanation: Enrollment agents are administrators who have the capability to register users into the certificate services program. The enrollment agents have the authority to issue as well as manage certificate requests.
QUESTION NO: 230 CertKiller.com has employed you as a network administrator. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You receive an instruction from the CIO to have certificates implemented for all internal users. To accomplish this you need to determine the appropriate root certificate authority that will accomplish this. What should you do?
Answer: D
QUESTION NO: 231 You are the newly appointed network administrator at CertKiller.com. You receive an instruction from the CIO to have certificate authority servers implemented on the network. At present the company has routers located on the network. You need to determine the components that will allow the system to acquire certificates even if there is no Account Directory account. What should you do? A. The Router Enrollment Service will allow you to acquire a certificate.
Ac
Explanation: The Enterprise Root CAs along with the Stand Alone Root CAs is the two CA types. Enterprise Root CAs (automatically integrated with Active Directory) is the uppermost trusted CAs of the hierarchy. They possess the certificates which are issued to the users within your organization. The Stand Alone Root CAs possesses the CAs which you issue to Internet users.
tua
lTe
A. You should consider implementing a Web CA. B. You should consider implementing a Subordinate CA. C. You should consider implementing a Stand Alone CA. D. You should consider implementing an Enterprise CA.
sts
.co
162
Microsoft 70-640: Practice Exam B. The Network Hardware Enrollment Service will allow you to acquire a certificate. C. The Network Device Enrollment Service will allow you to acquire a certificate. D. The Hardware Device Enrollment Service will allow you to acquire a certificate. Answer: C Explanation: The Network Device Enrollment Service permits network devices (such as routers) to receive certificates even though they lack an account in the Active Directory domain.
QUESTION NO: 232 You are employed as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. A CertKiller.com employee named Kara Lang is employed as a junior administrator in your department. To ensure that she is able to accomplish her daily tasks you need to ensure that she is able to recover keys from the certificate authority server. What should you do?
Explanation: The key recovery agent is a role or a set of rights which can be offered to an individual so that they possess the permission to have a lost or damaged key recovered.
QUESTION NO: 233 You are employed as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. A CertKiller.com employee named Rory Allen works in the Research and Development "Pass Any Exam. Any Time." - www.actualtests.com 163
Ac
Answer: A
tua
A. You should assign Kara Lang the Key recovery agent role. B. You should assign Kara Lang the Certificate key admin role. C. You should assign Kara Lang the Certificate admin agent role. D. You should assign Kara Lang the Certificate recovery agent role.
lTe
sts
.co
Microsoft 70-640: Practice Exam department. You receive an instruction from the CIO to grant him the necessary authority to alter user account information for employees in the Research OU. You need to determine the utility that will allow Rory Allen to accomplish this without any difficulty. What should you do? A. You should identify Computer Management. B. You should identify the Delegation of Control Wizard. C. You should identify a Domain Security Policy. D. You should identify a Domain Controller Security Policy. Answer: B Explanation: The Delegation of Control Wizard is intended to aid systems administrators in appointing specific permissions to other users.
QUESTION NO: 234
A. You should consider starting the Audit Logon Events option. B. You should consider using a Microsoft Windows Server 2008 multi-password policy. C. You should consider using a Fine-grained password policy. D. You should consider using a Certificate server policy. Answer: B Explanation: Fine-grained password policies allow an organization to contain different password and account lockout policies for diverse sets of users in the very same domain.
Ac
tua
At present the CertKiller.com network has established a domain-based password policy. Management is not satisfied with the clause to maintain a single policy for every user. Management is contemplating an upgrade to Windows Server 2008 in the near future. You need to determine the feature that will solve the problem of only one policy for all domain users.
lTe
sts
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2003.
.co
164
Microsoft 70-640: Practice Exam QUESTION NO: 235 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008. You are responsible for managing the Windows Server 2008 environment. You are in the process of deploying a certificate authority server into the network. After deployment you create a global security group named KingUsers. To ensure productivity throughout the organization you receive an instruction from the CIO to allow all users belonging to KingUsers the necessary permissions to issue, revoke as well as approve certificates to accomplish their daily tasks. What should you do? A. This can be accomplished by running the certsrv -add KingUsers command prompt. B. This can be accomplished by running the add -member-membertype memberset KingUsers. C. This can be accomplished by having the Certificate Manager role assigned to KingUsers. D. This can be accomplished by moving KingUsers to the Certificate Publisher group. Answer: C
Explanation: Section 3, Manage certificate templates (GPOs) (1 Questions)
QUESTION NO: 236
At present the CertKiller.com network makes use of an Enterprise Root certification authority (CA). A CertKiller.com user named Kara Lang is assigned to your department to assist with the workload. You receive an instruction from the CIO to grant Kara Lang the necessary permission that will only allow her to sign code. What should you do? (Choose all that apply.) A. Your best option would be to have the local computer policy of the Enterprise Root CA modified to only permit Kara Lang to manage Trusted Publishers. B. Your best option would be to have the security settings on the template modified to only permit Kara Lang the necessary permissions to request code signing certificates.
Ac
You are employed as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional.
tua
lTe
sts
.co
165
Microsoft 70-640: Practice Exam C. Your best option would be to have a code signing template configured in the network. D. Your best option would be to have the code signing template distributed to Kara Lang in order to add it to the trust peer certificates. Answer: B,C Explanation: Section 4, Manage enrollments (2 Questions)
QUESTION NO: 237 CertKiller.com has employed you as a network administrator. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. You receive an instruction from the CIO to ensure that a method is in place that will assist you in the event of an error with your connection to the deployed network. The Tesckin.com network contains three Windows Server 2008 servers that are configured as domain controllers. You need to determine the tools that are included with the servers that will assist you in locating errors on the network. What should you do?
Answer: B
Explanation: You make use of Network Monitor to locate network problems at the packet level. You need to make sure that you are accustomed to the tools for both the exam as well as in production environments where it can be used.
QUESTION NO: 238 CertKiller.com has hired you as a systems administrator for their network. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows XP Professional. You receive an instruction from the CIO to perform security related alterations to several "Pass Any Exam. Any Time." - www.actualtests.com 166
Ac
tua
A. The Event Monitor will assist you in locating errors on the network. B. The Network Monitor will assist you in locating errors on the network. C. The Performance Monitor will assist you in locating errors on the network. D. The Task Monitor will assist you in locating errors on the network.
lTe
sts
.co
Microsoft 70-640: Practice Exam organizational units within the CertKiller.com domain. To accomplish this you decide to make use of the basic functionality that is provided in the Delegation of Control Wizard. You need to determine the functions that are represented as a common task in the Delegation of Control Wizard. What should you identify? (Choose all that apply.) A. You should identify the reset passwords on the user accounts. B. You should identify the modification of membership of a group. C. You should identify the management of Group Policy links. D. You should identify the creation, deletion and management of groups. Answer: A,B,C,D Explanation: Every option listed is common tasks presented in the Delegation of Control Wizard.
Section 5, Manage certificate revocations (2 Question)
What should you do? A. Your best option in this scenario would be to revoke the Enterprise subordinate CA. Thereafter a user certificate should be issued to users of the encrypted files. B. Your best option in this scenario would be to have automatic enrollment configured for computers that is configured to host all encrypted files. C. Your best option in this scenario would be to have the private key archived on the server. D. Your best option in this scenario would be to have the Hisecdc security template configured. Answer: C
Ac
At present the CertKiller.com network makes use of a Windows Server 2008 Enterprise certificate authority (CA) to issue certificates. During the course of the day you receive an instruction from the CIO to implement key archival.
tua
You are the newly appointed network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista.
lTe
QUESTION NO: 239
sts
.co
167
Microsoft 70-640: Practice Exam QUESTION NO: 240 You are an enterprise administrator for CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista. The CertKiller.com network contains two Windows Server 2008 workstations named CERTKILLER-SR01 and CERTKILLER-SR02. You are in the process of configuring CERTKILLER-SR01 as an Enterprise Root certification authority. You decide to have the Online Responder role service installed on CERTKILLER-SR02. During the course of the day you receive an instruction from the CIO to ensure that CERTKILLER-SR02 is able to issue a certificate revocation list for the enterprise root CA. What should you do? (Choose all that apply.) A. This can be accomplished by having the OCSP Response Signing certificate imported. B. This can be accomplished by having the Startup Type of the Certificate Propagation service set to Automatic. C. This can be accomplished by having the computer account of CERTKILLER-SR01 added to the CKCertificates group. D. This can be accomplished by having the enterprise root CA certificate imported. Answer: A,D
QUESTION NO: 241
CertKiller.com plans to add multiple domains in the future. You want to ensure that all new domains are configured as Windows Server 2008 domain functional level by default when the domain is created. To this end, you decide to raise the forest functional level of the CertKiller.com forest to Windows Server 2008. What should you do? Step #1. Click Start > Administrative Tools > Active Directory Domains and Trusts.
Ac
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition.
tua
lTe
sts
.co
168
Step #3. Select Windows Server 2008 from the drop-down box and click Raise.
Ac
tua
lTe
sts
.co
Step #2. Right click on the forest icon and select Raise forests functional level...
169
Step #6. Close Active Directory Sites and Services.
Ac
Step #5. Click OK.
tua
lTe
sts
.co
Step #4. Click OK on the warning message dialog box.
170
QUESTION NO: 242
The network currently contains just one site. There are plans to create additional sites and additional site links between the sites. As part of the preparation for the network expansion, you have been asked to configure the cost of the DEFAULTIPSITELINK to be 150. What should you do?
Step #1. Click Start > Administrative Tools > Active Directory Sites and Services.
Ac
tua
lTe
sts
.co
171
Step #3. Click on the IP container in the left pane.
Ac
tua
lTe
sts
.co
Step #2. Expand Sites then expand Inter-Site Transports.
172
Ac
tua
lTe
sts
.co
Step #4. Right click on DEFAULTIPSITELINK and select Properties.
173
Microsoft 70-640: Practice Exam Step #5. Change the cost to 150 and click OK.
Ac
tua
lTe
sts
.co
174
You want to configure the Active Directory replication over all the IP and SMTP site links so that replication will occur regardless of the replication schedule configured on the site links. What should you do?
Ac
tua
lTe
The CertKiller.com network consists of several sites.
sts
.co
QUESTION NO: 243
175
Step #3. Click on Inter-Site Transports.
Ac
tua
lTe
sts
.co
Step #2. Expand Sites.
176
Ac
tua
lTe
sts
.co
Step #4. Right click on the IP container in the right hand pane and select Properties.
177
Microsoft 70-640: Practice Exam Step #5. Tick the Ignore Schedules checkbox and click Apply and OK.
Step #6. In Active Directory Sites and Services, right click on the SMTP container in the right hand pane and select Properties.
Ac
tua
lTe
sts
.co
178
Step #7. Tick the Ignore Schedules checkbox and click Apply and OK.
Ac
tua
lTe
sts
.co
179
Ac
tua
lTe
sts
.co
180
QUESTION NO: 244 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. The network contains a domain controller named DC1. DC1 is configured as a global catalog server. You install a second domain controller named DC2. You want to configure DC2 to also be a global catalog server. What should you do?
Step #2. Expand Sites.
Ac
tua
lTe
sts
.co
181
Step #4. Expand Servers.
Ac
tua
lTe
sts
.co
Step #3. Expand Default-First-Site-Name.
182
Step #6. Right click on NTDS settings and select Properties.
Ac
tua
lTe
sts
.co
Step #5. Expand DC2.
183
Step #7. Tick the Global Catalog checkbox and click Apply and OK.
Ac
tua
lTe
sts
.co
184
Ac
tua
lTe
sts
.co
185
QUESTION NO: 245 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. The network currently consists of a single site at the main office. CertKiller.com plans to open a branch office. You want to deploy Read Only Domain Controllers (RODCs) at the branch office. To this end, you need to raise the domain functional level to Windows Server 2008. What should you do? Step #1. Click Start > Administrative Tools > Active Directory Domains and Trusts.
Step #2. Right click on the CertKiller.com domain icon and select Raise Domain Functional Level.
Ac
tua
lTe
sts
.co
186
Step #4. Click OK at the warning message.
Ac
tua
lTe
sts
.co
Step #3. Select Windows Server 2008 from the drop-down list and click Raise.
187
Microsoft 70-640: Practice Exam Step #5. Click OK.
Step #6. Close Active Directory Domains and Trusts.
QUESTION NO: 246 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. The forest functional level is Windows Server 2008. You plan to deploy a Read Only Domain Controller (RODC). You want to create a computer account for the RODC. The new computer will be named RODC1. RODC1 will also function as a DNS server and Global Catalog server for the domain.
Ac
tua
lTe
sts
.co
188
Microsoft 70-640: Practice Exam You are currently logged into a domain controller named DC1. What should you do? Step #1. Click Start > Administrative Tools > Active Directory Users and Computers.
Ac
tua
Step #2. Right click on the Domain Controllers container and select Pre-create Read Only Domain Controller account.
lTe
sts
.co
189
Microsoft 70-640: Practice Exam Step #3. Click Next.
Ac
tua
Step #4. Click Next.
lTe
sts
.co
190
Ac
tua
lTe
sts
.co
191
Ac
tua
lTe
Step #6. Enter the name RODC1 and click Next.
sts
.co
192
Ac
tua
lTe
sts
.co
193
Ac
tua
lTe
sts
.co
194
Ac
tua
lTe
Step #9. Leave the accounts field blank and click Next.
sts
.co
195
Ac
tua
lTe
sts
.co
196
Ac
tua
lTe
Step #11. Click Finish.
sts
.co
197
Ac
tua
lTe
Step #12. Close Active Directory Users and Computers.
sts
.co
198
Microsoft 70-640: Practice Exam QUESTION NO: 247 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. Due to company expansion, CertKiller.com has hired a support technician named Andy Reid to work in the Sales department. Part of Andy's job will be to manage user accounts for the Sales users. You have created an Organization Unit (OU) named Sales in the Active Directory. You want to enter a description for the Sales OU. The description should say, "Sales user accounts". What should you do? Step #1. Click Start > Administrative Tools > Active Directory Users and Computers.
Step #2. Expand the CertKiller.com domain.
Ac
tua
lTe
sts
.co
199
Ac
tua
lTe
sts
.co
Step #3. Right click on the Sales OU and select Properties.
200
Microsoft 70-640: Practice Exam Step #4. Enter the description and click Apply and OK.
Ac
tua
lTe
sts
.co
201
QUESTION NO: 248
When you view the Active Directory, you notice that there is no description for the CertKiller.com domain. You want to add a description for the CertKiller.com domain. The description should say, "The CertKiller.com Active Directory". What should you do?
Step #1. Click Start > Administrative Tools > Active Directory Users and Computers.
Ac
tua
lTe
sts
.co
202
Ac
tua
lTe
sts
.co
Step #2. Right click on the CertKiller.com domain and select Properties.
203
Microsoft 70-640: Practice Exam Step #3. Enter the description then click Apply and OK.
Ac
tua
lTe
sts
.co
204
QUESTION NO: 249
A support technician named Andy Reid has created a Global Security group named Transport. The Transport group is in the Users container in Active Directory. You want to change the scope of the Transport group to be Domain Local Distribution group.
Ac
What should you do?
tua
lTe
sts
.co
205
Step #3. Right click on the Transport group and select Properties.
Ac
tua
lTe
sts
.co
Step #2. Click on the Users container in the left-hand pane.
206
Step #4. Change the group type to Universal then click Apply.
Ac
tua
lTe
sts
.co
207
Step #5. Change the group to Domain Local and Distribution then click Apply and OK.
Ac
tua
lTe
sts
.co
208
Step #6. Click Yes at the warning prompt.
Ac
tua
lTe
sts
.co
209
QUESTION NO: 250
The email should come from the email address alerts@CertKiller.com The email should be sent to administrator@CertKiller.com The email title should say, "Event ID 7036 on DC1". The email body should be blank. The email should use the SMTP server address smtp.CertKiller.com. What should you do? Step #1. Click Start > Administrative Tools > Event Viewer.
Ac
You want to configure DC1 so that it sends you an email every time an event with the event ID of 7036 is recorded.
tua
As part of your regular maintenance schedule, you view the event logs on a domain controller named DC1. You discover that there are a number of events with an event ID of 7036 in the System Log.
lTe
sts
.co
210
Step #3. Right click on an event with the ID 7036 and select Attach Task to this Event.
Ac
tua
lTe
sts
.co
Step #2. Expand Windows Logs and click on the System Log.
211
Ac
tua
lTe
sts
.co
212
Step #7. Fill in the relevant information and click Next.
Ac
tua
lTe
sts
.co
Step #6. Select Send an e-mail and click Next.
213
Step #9. Click OK.
Ac
tua
lTe
sts
.co
214
Step #10. Close Event Viewer.
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. The network contains a Read Only Domain Controller (RODC) named RODC1. You have reason to believe the security of RODC1 has been breached. Due to the security breach, you want to take the following actions. Delete the RODC1 computer account from Active Directory. Reset the passwords for user accounts that were cached on RODC1. Reset the passwords for computer accounts that were cached on RODC1. "Pass Any Exam. Any Time." - www.actualtests.com 215
Ac
QUESTION NO: 251
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam Export a list of accounts that were cached on RODC1 to a file named C:\accounts.txt. You are logged in to a domain controller named DC1. What should you do?
Step #2. Click on the Domain Controllers container.
Ac
tua
lTe
sts
.co
216
Step #4. Click Yes.
Ac
tua
lTe
sts
.co
Step #3. Right click on RODC1 and select Delete.
217
Step #5. Tick all checkboxes and enter C:\accounts.txt then click Delete.
Ac
Step #6. Click OK.
tua
lTe
sts
.co
218
Ac
tua
lTe
sts
Step #7. Click Yes at the warning prompt.
.co
219
QUESTION NO: 252
You're user account is a member of the Schema Admins group. You are currently logged in to a domain controller named DC1. The Schema Management Console has been installed. What should you do? Step #1. Click Start > Administrative Tools > Active Directory Schema.
Ac
To improve the performance of the custom application, you want to configure Active Directory to replicate the PostalCode attribute as part of the Global Catalog.
tua
CertKiller.com users use a custom application that makes use of the PostalCode attribute of user accounts stored in Active Directory.
lTe
sts
.co
220
Step #3. Click on Attributes and scroll down to find the PostalCode attribute.
Ac
tua
lTe
sts
.co
Step #2. Expand Active Directory Schema.
221
Ac
tua
lTe
sts
.co
Step #4. Right click on the PostalCode attribute and select Properties.
222
Step #5. Tick the checkbox to "Replicate this attribute to the Global Catalog" then click Apply and OK.
Ac
tua
lTe
sts
.co
223
Step #6. Close Active Directory Schema.
Ac
tua
lTe
sts
.co
224
QUESTION NO: 253
A domain controller named DC1 is also configured as a DNS server. You have been experiencing problems whereby some computers are failing to register their hostnames and IP addresses using Dynamic DNS (DDNS). To troubleshoot the problem, you want to enable DNS logging. You are currently logged into DC1. What should you do?
Step #1. Click Start > Administrative Tools > DNS.
Ac
tua
lTe
sts
.co
225
Step #3. Right click on DC1 and select Properties. Select the Debug Logging tab.
Ac
tua
lTe
sts
.co
226
Step #4. Tick the checkbox to "Log packets for debugging" then click Apply and OK.
Ac
tua
lTe
sts
.co
227
Step #5. Close the DNS console.
Ac
tua
lTe
sts
.co
228
QUESTION NO: 254
A domain controller named DC1 also runs the DNS service.
To improve DNS name resolution performance, you want to create a conditional forwarder so that DNS requests for CertKillerapps.com are forwarded directly to a DNS server in the CertKillerapps.com domain. The conditional forwarder should replicate to all DNS servers in the domain. The CertKillerapps.com DNS server has an IP address of 192.168.1.200. You are currently logged on to DC1. What should you do? Step #1. Click Start > Administrative Tools > DNS.
Ac
Users in the CertKiller.com domain frequently access resources in the CertKillerapps.com domain.
tua
You have configured a new domain in the CertKiller.com forest named CertKillerapps.com. IP routing between CertKiller.com and CertKillerapps.com has been configured.
lTe
sts
You work as the network administrator at CertKiller.com. The CertKiller.com network consists of an Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition.
.co
229
Step #3. Right click on Conditional Forwarders and select New Conditional Forwarder.
Ac
tua
lTe
sts
.co
230
Ac
tua
lTe
sts
.co
Step #4. Enter CertKillerapps.com for the DNS Domain. Enter the IP address and tick the checkbox to "Store the conditional forwarder in Active Directory..."
231
QUESTION NO: 255
A domain controller named DC1 is also configured as a DNS server. DC1 hosts the CertKiller.com Active Directory Integrated zone. DC1 also hosts a number of other DNS zones. You want to configure DNS to automatically scavenge stale DNS records in all DNS zones.
What should you do?
Step #1. Click Start > Administrative Tools > DNS.
Ac
You are currently logged in to DC1.
tua
lTe
sts
.co
232
Step #3. Right click on DC1 and select Set Aging/Scavenging for All Zones...
Ac
tua
lTe
sts
.co
233
Step #5. Tick the checkbox and click OK.
Ac
tua
lTe
sts
.co
Step #4. Tick the checkbox and click OK.
234
QUESTION NO: 256 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. The network consists of a main office and a branch office. A domain controller named DC1 is also configured as a DNS server and hosts the CertKiller.com Active Directory Integrated zone.
Ac
tua
lTe
sts
.co
235
Microsoft 70-640: Practice Exam You have deployed a DNS server named BranchDNS in the branch office. BranchDNS is configured with a secondary DNS zone for the CertKiller.com domain. You want to configure DC1 to allow DNS zone transfers to BranchDNS only. You are currently logged on to DC1. What should you do? Step #1. Click Start > Administrative Tools > DNS.
Ac
Step #2. Expand DC1 then expand Forward Lookup Zones.
tua
lTe
sts
.co
236
Ac
tua
lTe
sts
.co
Step #3. Right click on the CertKiller.com zone and select Properties.
237
Ac
Step #4. Click on the Zone Transfers tab.
tua
lTe
sts
.co
238
Ac
Step #5. Tick the checkbox and select "Only to the following servers" then click Edit.
tua
lTe
sts
.co
239
Ac
Step #6. Enter branchdns.CertKiller.com and hit Enter.
tua
lTe
sts
.co
240
Ac
tua
lTe
sts
Step #7. Click Apply and Ok.
.co
241
Ac
tua
lTe
sts
.co
242
QUESTION NO: 257
CertKiller.com has a large development department. The development department develops custom application for CertKiller. You are configuring a test network in the development department. The test network is a copy of the CertKiller.com domain but is isolated from the live CertKiller.com network. You are configuring a domain controller named DC1. DC1 also runs the DNS server service in the test network. To help keep the test network isolated from the production domain, you want to configure the DNS server on DC1 to disable Round Robin and to disable recursion. You are currently logged in to DC1 in the test network. What should you do? Step #1. Click Start > Administrative Tools > DNS.
Ac
tua
lTe
sts
.co
243
Step #3. Click on the Advanced tab.
Ac
tua
lTe
sts
.co
Step #2. Expand DC1 then right click on DC1 and select Properties.
244
Ac
Step #4. Tick the checkbox to disable recursion and clear the checkbox to disable round robin. Then click Apply and OK.
tua
lTe
sts
.co
245
Ac
tua
lTe
sts
.co
246
QUESTION NO: 258
A domain controller named DC1 is also configured as a DNS server. DC1 hosts the Active Directory Integrated DNS zone for CertKiller.com. CertKiller.com has a large Research department. A new company policy states that the Research department should have it's own domain. The new domain will be named research.CertKiller.com. A DNS server named ResearchDNS will host the research.CertKiller.com DNS zone. To this end, you need to create a delegation to delegate authority for the research.CertKiller.com to ResearchDNS. You are currently logged in to DC1. What should you do? Step #1. Click Start > Administrative Tools > DNS.
Ac
tua
lTe
sts
.co
247
Step #3. Right click on the CertKiller.com zone and select New Delegation.
Ac
tua
lTe
sts
.co
Step #2. Expand DC1 then expand Forward Lookup Zones.
248
Step #5. Type in research and click Next.
Ac
tua
lTe
sts
.co
249
Ac
tua
lTe
sts
Step #6. Enter the name of the DNS server and click the Resolve button to resolve the IP address of the DNS server.
.co
250
Ac
tua
lTe
sts
.co
251
QUESTION NO: 259
A domain controller in the CertKiller.com domain is named DC1.
You are currently logged in to DC1. What should you do? Step #1. Click Start and select Command Prompt from the Start menu.
Ac
You want to change the Directory Services Restore Mode (DSRM) password on DC1. The new password should be RMP@5sword!
tua
The CertKiller.com security policy states that the Directory Services Restore Mode (DSRM) password should be changed every month.
lTe
sts
.co
252
Step #2. Type "ntdsutil" and hit enter.
Step #3. Type "reset password on server dc1" and hit enter.
Step #4. Type in the password "RMP@5sword!" and hit enter. "Pass Any Exam. Any Time." - www.actualtests.com 253
Ac
tua
lTe
sts
.co
Step #5. Type in the password again and hit enter.
Step #6. Type "quit" and hit enter.
Step #7. Type "quit" again and hit enter. "Pass Any Exam. Any Time." - www.actualtests.com 254
Ac
tua
lTe
sts
.co
Step #8. Close the command prompt.
QUESTION NO: 260
You are currently logged in to a domain controller named DC1. You have Server Manager open on your desktop.
You want to make a change to the Default Domain group policy. You want to open the Group Policy Editor to edit the Default Domain group policy from within Server Manager. What should you do? Step #1. Expand Features.
Ac
tua
lTe
sts
.co
255
Step #2. Expand Group Policy Management.
Step #3. Expand the Forest: CertKiller.com.
Ac
tua
lTe
sts
.co
256
Step #4. Expand Domains.
Step #5. Expand CertKiller.com.
Ac
tua
lTe
sts
.co
257
Step #7. Right click on the Default Domain Policy and click Edit.
Ac
tua
lTe
sts
.co
Step #6. Expand Group Policy Objects.
258
Step #8. The Group Policy Editor will now open.
QUESTION NO: 261 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network "Pass Any Exam. Any Time." - www.actualtests.com 259
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam run Windows Server 2008 and all client computers run Windows Vista Business Edition. A new CertKiller.com security policy states that users must change their domain login password every 30 days. The users must not be able to use any of their last five passwords when they change their password. You need to configure the Default Domain group policy to enforce the security requirements. You are currently logged in to a domain controller named DC1. What should you do? Step #1. Click Start > Administrative Tools > Group Policy Management.
Step #2. Expand the tree to show the Group Policy Objects.
Ac
tua
lTe
sts
.co
260
Step #4. Expand Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies and click on Password Policy.
Ac
tua
lTe
sts
.co
Step #3. Right click on the Default Domain Policy and click Edit to open the Group Policy Editor.
261
Step #6. Change the value to 5 then click Apply and OK.
Ac
tua
lTe
sts
.co
Step #5. Double click on Enforce Password History.
262
Ac
Step #7. Double click on Maximum Password Age.
tua
lTe
sts
.co
263
Ac
tua
lTe
sts
.co
Step #8. Change the value to 30 then click Apply and OK.
264
Ac
Step #9. Close the Group Policy Editor.
tua
lTe
sts
.co
265
QUESTION NO: 262 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. A new CertKiller.com security policy states that domain computers should not display the name of the last logged in user at the login prompt. "Pass Any Exam. Any Time." - www.actualtests.com 266
Ac
tua
lTe
sts
.co
Step #10. Close Group Policy Management.
Microsoft 70-640: Practice Exam You need to configure the Default Domain group policy to enforce the security requirements. You are currently logged in to a domain controller named DC1. What should you do? Step #1. Click Start > Administrative Tools > Group Policy Management.
Ac
tua
Step #2. Expand the tree to show the Group Policy Objects.
lTe
sts
.co
267
Microsoft 70-640: Practice Exam Step #3. Right click on the Default Domain Policy and click Edit to open the Group Policy Editor.
Ac
tua
Step #4. Expand Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies and click on Security Options.
lTe
sts
.co
268
Microsoft 70-640: Practice Exam Step #5. Double click on Interactive logon: Do not display last user name.
Ac
tua
lTe
sts
Step #6. Tick the checkbox and select Enabled then click Apply and OK.
.co
269
Ac
Step #7. Close the Group Policy Editor.
tua
lTe
sts
.co
270
QUESTION NO: 263 You work as the network administrator at CertKiller.com. The CertKiller.com network consists of a single Active Directory domain named CertKiller.com. All servers on the CertKiller.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. The network contains a Sales department. "Pass Any Exam. Any Time." - www.actualtests.com 271
Ac
tua
lTe
sts
.co
Microsoft 70-640: Practice Exam You have configured a Group Policy Object (GPO) named Sales Policy. You want the Sales Policy GPO to apply only to users of the Sales global group. You are currently logged in to a domain controller named DC1. What should you do? Step #1. Click Start > Administrative Tools > Group Policy Management.
Ac
Step #2. Expand the tree and click on the Sales Policy GPO.
tua
lTe
sts
.co
272
Step #3. Under Security Filtering, click the Add button.
Step #4. Type in Sales then click Check Names.
Ac
tua
lTe
sts
.co
273
Step #5. Click OK.
Ac
Step #6. Select Authenticated Users and click Remove.
tua
lTe
sts
.co
274
Ac
tua
lTe
sts
Step #7. Click Yes.
.co
275
QUESTION NO: 264
You have configured a Group Policy Object (GPO) named Sales Policy. You want Andy Reid to be able to edit the settings in the Sales Policy GPO. Andy must not be able to delete the Sales Policy GPO. You are currently logged in to a domain controller named DC1. What should you do? Step #1. Click Start > Administrative Tools > Group Policy Management.
Ac
The network contains a Sales department. A user named Andy Reid works as the IT Support Manager for the Sales department.
tua
lTe
sts
.co
276
Step #2. Expand the tree and click on the Sales Policy GPO.
Step #3. Click on the Delegation tab then click the Add button.
Ac
tua
lTe
sts
.co
277
Step #5. Click OK.
Ac
tua
lTe
sts
Step #4. Type in the name Andy Reid then clickCheck Names.
.co
278
Step #6. Select Edit Settings from the drop-down box and click OK.
Ac
tua
lTe
sts
.co
279
QUESTION NO: 265
The network contains a Sales department.
You have configured a Group Policy Object (GPO) named Sales Policy. You want to link the Sales Policy GPO to the Sales organizational unit (OU). You are currently logged in to a domain controller named DC1. What should you do? Step #1. Click Start > Administrative Tools > Group Policy Management.
Ac
tua
lTe
sts
.co
280
Step #2. Expand the tree to show the Sales OU.
Step #3. Right click on the Sales OU and select Link an Existing GPO.
Ac
tua
lTe
sts
.co
281
Ac
tua
lTe
sts
Step #4. Select Sales Policy and click OK.
.co
282
Microsoft 70-640: Practice Exam Step #5. Close Group Policy Management.
Ac
tua
lTe
sts
.co
283

70-640 Practice Exam: Microsoft Windows Server 2008 Active Directory, Configuring

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

70-640 Practice Exam: Microsoft Windows Server 2008 Active Directory, Configuring

Uploaded by

Copyright:

Available Formats

Microsoft 70-640

70-640 TS: Windows Server 2008 Active Directory, Configuring

"Pass Any Exam. Any Time." - www.actualtests.com

What should you do?

QUESTION NO: 8 "Pass Any Exam. Any Time." - www.actualtests.com 6

What would your reply be?

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

What should you do?

Reference : Understanding GlobalNames Zone in Windows Server 2008 http://www.petri.co.il/windows-DNS-globalnames-zone.htm

What should you do?

Microsoft 70-640: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com

What would your reply be?

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

What should you do?

"Pass Any Exam. Any Time." - www.actualtests.com

What should you do?

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

What should you do?

"Pass Any Exam. Any Time." - www.actualtests.com

Microsoft 70-640: Practice Exam

What should you do?

"Pass Any Exam. Any Time." - www.actualtests.com

What should you identify?

What should you do?

What should you do?

Microsoft 70-640: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

Microsoft 70-640: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com

Explanation: Section 2, Configure trusts (2 Questions)

What should you tell her?

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

Section 4, Configure Active Directory replication (10 Questions)

What should you do?

"Pass Any Exam. Any Time." - www.actualtests.com

"Pass Any Exam. Any Time." - www.actualtests.com

What should you inform the technician?

QUESTION NO: 101

What should you identify?

"Pass Any Exam. Any Time." - www.actualtests.com

QUESTION NO: 103

"Pass Any Exam. Any Time." - www.actualtests.com

QUESTION NO: 106 DRAG DROP Exhibit:

Microsoft 70-640: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com

Microsoft 70-640: Practice Exam

QUESTION NO: 107

What should you do?

Reference : Step 1: Back Up AD LDS Instance Data http://technet2.microsoft.com/windowsserver2008/en/library/8e82c111-32da-430e-a954c0dbe9f4607f1033.mspx?mfr=true

QUESTION NO: 110