2013 Latest 70-640 Braindumps Free Tests 11-20

Ensurepass
 

QUESTION 11

Your company has an Active Directory forest that contains a single domain. The domain member server has an Active Directory Federation Services (AD FS) role installed. You need to configure AD FS to ensure that AD FS tokens contain information from the Active Directory domain. What should you do?

 

A.       Add and configure a new account partner.

B.       Add and configure a new resource partner.

C.       Add and configure a new account store.

D.      Add and configure a Claims-aware application.

 

Correct Answer: C

 

 

QUESTION 12

You network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. You need to reset the Directory Services Restore Mode (DSRM) password on a domain controller. What tool should you use?

 

A.       Active Directory Users and Computers snap-in

B.       ntdsutil

C.       Local Users and Groups snap-in

D.      dsmod

 

Correct Answer: B

 

 

QUESTION 13

Your company has a main office and a branch office. You deploy a read-only domain controller (RODC) that runs Microsoft Windows Server 2008 to the branch office. You need to ensure that users at the branch office are able to log on to the domain by using the RODC. What should you do?

 

A.       Add another RODC to the branch office.

B.       Configure a new bridgehead server in the main office.

C.       Decrease the replication interval for all connection objects by using the Active Directory Sites and Services console.

D.      Configure the Password Replication Policy on the RODC.

 

Correct Answer: D

 

 

QUESTION 14

Your company has a single Active Directory domain named intranet.adatum.com. The domain controllers run Windows Server 2008 and the DNS server role. All computers, including non-domain members, dynamically register their DNS records. You need to configure the intranet.adatum.com zone to allow only domain members to dynamically register DNS records. What should you do?

 

A.       Set dynamic updates to Secure Only.

B.       Remove the Authenticated Users group.

C.       Enable zone transfers to Name Servers.

D.      Deny the Everyone group the Create All Child Objects permission.

 

Correct Answer: A

 

 

QUESTION 15

Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. A domain controller named DC1 has a standard primary zone for contoso.com. A domain controller named DC2 has a standard secondary zone for contoso.com. You need to ensure that the replication of the contoso.com zone is encrypted. You must not lose any zone data. What should you do?

 

A.        Convert the primary zone into an Active Directory-integrated stub zone. Delete the secondary zone.

B.        Convert the primary zone into an Active Directory-integrated zone. Delete the secondary zone.

C.        Configure the zone transfer settings of the standard primary zone. Modify the Master Servers lists on the secondary zone.

D.        On both servers, modify the interface that the DNS server listens on.

 

Correct Answer: B

 

 

QUESTION 16

You are decommissioning domain controllers that hold all forest-wide operations master roles. You need to transfer all forest-wide operations master roles to another domain controller. Which two roles should you transfer? (Each correct answer presents part of the solution. Choose two.)

 

A.       Domain naming master

B.       Infrastructure master

C.       RID master

D.      PDC emulator

E.       Schema master

 

Correct Answer: AE

 

 

QUESTION 17

Contoso, Ltd. has an Active Directory domain named ad.contoso.com. Fabrikam, Inc. has an Active Directory domain named intranet.fabrikam.com. Fabrikam’s security policy prohibits the transfer of internal DNS zone data outside the Fabrikam network. You need to ensure that the Contoso users are able to resolve names from the intranet.fabrikam.com domain. What should you do?

 

A.       Create a new stub zone for the intranet.fabrikam.com domain.

B.       Configure conditional forwarding for the intranet.fabrikam.com domain.

C.       Create a standard secondary zone for the intranet.fabrikam.com domain.

D.      Create an Active DirectoryCintegrated zone for the intranet.fabrikam.com domain.

 

Correct Answer: B

 

 

QUESTION 18

An Active Directory database is installed on the C volume of a domain controller. You need to move the Active Directory database to a new volume. What should you do?

 

A.       Copy the ntds.dit file to the new volume by using the ROBOCOPY command.

B.       Move the ntds.dit file to the new volume by using Windows Explorer.

C.       Move the ntds.dit file to the new volume by running the Move-item command in Microsoft Windows PowerShell.

D.      Move the ntds.dit file to the new volume by using the Files option in the Ntdsutil utility.

 

Correct Answer: D

 

 

QUESTION 19

Your company has file servers located in an organizational unit named Payroll. The file servers contain payroll files located in a folder named Payroll. You create a GPO. You need to track which employees access the Payroll files on the file servers. What should you do?

 

A.        Enable the Audit process tracking option. Link the GPO to the Domain Controllers organizational unit. On the file servers, configure Auditing for the Authenticated Users group in the Payroll folder.

B.        Enable the Audit object access option. Link the GPO to the Payroll organizational unit. On the file servers, configure Auditing for the Everyone group in the Payroll folder.

C.        Enable the Audit process tracking option. Link the GPO to the Payroll organizational unit. On the file servers, configure Auditing for the Everyone group in the Payroll folder.

D.        Enable the Audit object access option. Link the GPO to the domain. On the domain controllers, configure Auditing for the Authenticated Users group in the Payroll folder.

 

Correct Answer: B

 

 

QUESTION 20

Your company uses a Windows 2008 Enterprise certificate authority (CA) to issue certificates. You need to implement key archival. What should you do?

 

A.       Configure the certificate for automatic enrollment for the computers that store encrypted files.

B.       Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files.

C.       Apply the Hisecdc security template to the domain controllers.

D.       Archive the private key on the server.

 

Correct Answer: D

Download Ensurepass Latest 2013 70-640 Braindumps Free Tests , help you to pass exam 100%.