2013 Latest 70-640 Braindumps Free Tests 151-160

Ensurepass

 

QUESTION 151

Your company has two Active Directory forests as shown in the following table.

 

clip_image001

 

The forests are connected by using a two-way forest trust. Each trust direction is configured with forest- wide authentication. The new security policy of the company prohibits users from the eng.fabrikam.com domain to access resources in the contoso.com domain. You need to configure the forest trust to meet the new security policy requirement. What should you do?

 

A.       Delete the outgoing forest trust in the contoso.com domain.

B.       Delete the incoming forest trust in the contoso.com domain.

C.       Change the properties of the existing incoming forest trust in the contoso.com domain from Forest-wide authentication to Selective authentication.

D.      Change the properties of the existing outgoing forest trust in the contoso.com domain to exclude *.eng. fabrikam.com from the Name Suffix Routing trust properties.

 

Correct Answer: D

 

 

QUESTION 152

Your company has an Active Directory Rights Management Services (AD RMS) server. Users have Windows Vista computers. An Active Directory domain is configured at the Windows Server 2003 functional level. You need to configure AD RMS so that users are able to protect their documents. What should you do?

 

A.       Install the AD RMS client 2.0 on each client computer.

B.       Add the RMS service account to the local administrators group on the AD RMS server.

C.       Establish an e-mail account in Active Directory Domain Services (AD DS) for each RMS user.

D.      Upgrade the Active Directory domain to the functional level of Windows Server 2008.

 

Correct Answer: C

 

 

QUESTION 153

Your company has an Active Directory domain. All consultants belong to a global group named

TempWorkers. The TempWorkers group is not nested in any other groups. You move the computer objects of three file servers to a new organizational unit named SecureServers. These file servers contain only confidential data in shared folders. You need to prevent members of the TempWorkers group from accessing the confidential data on the file servers. You must achieve this goal without affecting access to other domain resources. What should you do?

 

A.       Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

B.       Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

C.       Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group.

D.       Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locally user right to the TempWorkers global group.

 

Correct Answer: A

 

 

QUESTION 154

Your network consists of a single Active Directory domain. User accounts for engineering department are located in an OU named Engineering. You need to create a password policy for the engineering department that is different from your domain password policy. What should you do?

 

A.       Create a new GPO. Link the GPO to the Engineering OU.

B.       Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the Engineering OU.

C.       Create a global security group and add all the user accounts for the engineering department to the group. Create a new Password Policy Object (PSO) and apply it to the group.

D.      Create a domain local security group and add all the user accounts for the engineering department to the group. From the Active Directory Users and Computer console, select the group and run the Delegation of Control Wizard.

 

Correct Answer: C

 

 

 

QUESTION 155

Your network contains an Active Directory domain. The domain contains two domain controllers named DC1 and DC2. DC1 hosts a standard primary DNS zone for the domain. Dynamic updates are enabled on the zone. DC2 hosts a standard secondary DNS zone for the domain. You need to configure DNS to allow only secure dynamic updates. What should you do first?

 

A.       On DC1 and DC2, configure a trust anchor.

B.       On DC1 and DC2, configure a connection security rule.

C.       On DC1, configure the zone transfer settings.

D.      On DC1, configure the zone to be stored in Active Directory.

 

Correct Answer: D

 

 

QUESTION 156

Your network contains a domain controller that has two network connections named Internal and Private. Internal has an IP address of 192.168.0.20. Private has an IP address of 10.10.10.5. You need to prevent the domain controller from registering Host (A) records for the 10.10.10.5 IP address. What should you do?

 

A.       Modify the netlogon.dns file on the domain controller.

B.       Modify the Name Server settings of the DNS zone for the domain.

C.       Modify the properties of the Private network connection on the domain controller.

D.      Disable netmask ordering on the DNS server that hosts the DNS zone for the domain.

 

Correct Answer: C

 

 

QUESTION 157

Your network contains an Active Directory forest named contoso.com. You plan to add a new domain named nwtraders.com to the forest. All DNS servers are domain controllers. You need to ensure that the computers in nwtraders.com can update their Host (A) records on any of the DNS servers in the forest. What should you do?

 

A.       Add the computer accounts of all the domain controllers to the DnsAdmins group.

B.       Add the computer accounts of all the domain controllers to the DnsUpdateProxy group.

C.       Create a standard primary zone on a domain controller in the forest root domain.

D.      Create an Active Directory-integrated zone on a domain controller in the forest root domain.

 

Correct Answer: D

 

 

QUESTION 158

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 hosts a standard primary zone for contoso.com. You discover that non-domain member computers register records in the contoso.com zone. You need to prevent the non-domain member computers from registering records in the contoso.com zone. All domain member computers must be allowed to register records in the contoso.com zone. What should you do first?

 

A.       Configure a trust anchor.

B.       Run the Security Configuration Wizard (SCW).

C.       Change the contoso.com zone to an Active Directory-integrated zone.

D.      Modify the security settings of the %SystemRoot%System32Dns folder.

 

Correct Answer: C

 

 

QUESTION 159

Your network contains an Active Directory domain named contoso.com. You create a GlobalNames zone. You add an alias (CNAME) resource record named Server1 to the zone. The target host of the record is server2. contoso.com. When you ping Server1, you discover that the name fails to resolve. You successfully resolve server2.contoso.com. You need to ensure that you can resolve names by using the GlobalNames zone. What should you do?

 

A.       From the command prompt, use the netsh tool.

B.       From the command prompt, use the dnscmd tool.

C.       From DNS Manager, modify the properties of the GlobalNames zone.

D.      From DNS Manager, modify the advanced settings of the DNS server.

 

Correct Answer: B

 

 

QUESTION 160

Your company has a main office and a branch office. The network contains an Active Directory domain named contoso.com. The DNS zone for contoso.com is configured as an Active Directory-integrated zone and is replicated to all domain controllers in the domain. The main office contains a writable domain controller named DC1. The branch office contains a read- only domain controller (RODC) named RODC1. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You uninstall the DNS server role from RODC1. You need to prevent DNS records from replicating to RODC1. What should you do?

 

A.       Modify the replication scope for the contoso.com zone.

B.       Flush the DNS cache and enable cache locking on RODC1.

C.       Configure conditional forwarding for the contoso.com zone.

D.      Modify the zone transfer settings for the contoso.com zone.

 

Correct Answer: A

Download Ensurepass Latest 2013 70-640 Braindumps Free Tests , help you to pass exam 100%.