2013 Latest 70-640 Braindumps Free Tests 201-210

Ensurepass

 

QUESTION 201

Your company has a main office and a branch office. The branch office has an Active Directory site that contains a read-only domain controller (RODC). A user from the branch office reports that his account is locked out. From a writable domain controller in the main office, you discover that the user’s account is not locked out. You need to ensure that the user can log on to the domain. What should you do?

 

A.       Modify the Password Replication Policy.

B.       Reset the password of the user account.

C.       Run the Knowledge Consistency Checker (KCC) on the RODC.

D.      Restore network communication between the branch office and the main office.

 

Correct Answer: D

 

QUESTION 202

Your network contains a single Active Directory domain. The domain contains five read-only domain controllers (RODCs) and five writable domain controllers. All servers run Windows Server 2008. You plan to install a new RODC that runs Windows Server 2008 R2. You need to ensure that you can add the new RODC to the domain. You want to achieve this goal by using the minimum amount of administrative effort. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.       At the command prompt, run adprep.exe /rodcprep.

B.       At the command prompt, run adprep.exe /forestprep.

C.       At the command prompt, run adprep.exe /domainprep.

D.      From Active Directory Domains and Trusts, raise the functional level of the domain.

E.       From Active Directory Users and Computers, pre-stage the RODC computer account.

 

Correct Answer: BC

 

 

QUESTION 203

You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server named Server1. You need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS. Which inbound TCP port should you allow on Server1?

 

A.     88

B.     135

C.     443

D.     445

 

Correct Answer: C

 

 

QUESTION 204

You deploy a new Active Directory Federation Services (AD FS) federation server. You request new certificates for the AD FS federation server. You need to ensure that the AD FS federation server can use the new certificates. To which certificate store should you import the certificates?

 

A.       Computer

B.       IIS Admin Service service account

C.       Local Administrator

D.      World Wide Web Publishing Service service account

 

Correct Answer: A

 

 

 

QUESTION 205

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the Active Directory Federation Services (AD FS) role installed. You have an application named App1 that is configured to use Server1 for AD FS authentication. You deploy a new server named Server2. Server2 is configured as an AD FS 2.0 server. You need to ensure that App1 can use Server2 for authentication. What should you do on Server2?

 

A.       Add an attribute store.

B.       Create a relying party trust.

C.       Create a claims provider trust.

D.      Create a relaying provider trust.

 

Correct Answer: B

 

 

QUESTION 206

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. The Active Directory Federation Services (AD FS) role is installed on Server1. Contoso.com is defined as an account store. A partner company has a Web-based application that uses AD FS authentication. The partner company plans to provide users from contoso.com access to the Web application. You need to configure AD FS on contoso.com to allow contoso.com users to be authenticated by the partner company. What should you create on Server1?

 

A.       a new application

B.       a resource partner

C.       an account partner

D.      an organization claim

 

Correct Answer: D

 

 

QUESTION 207

Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has the Active Directory Federation Services (AD FS) Federation Service role service installed. You plan to deploy AD FS 2.0 on Server2. You need to export the token-signing certificate from Server1, and then import the certificate to Server2. Which format should you use to export the certificate?

 

A.       Base-64 encoded X.509 (.cer)

B.       Cryptographic Message Syntax Standard PKCS #7 (.p7b)

C.       DER encoded binary X.509 (.cer)

D.      Personal Information Exchange PKCS #12 (.pfx)

 

Correct Answer: D

 

 

QUESTION 208

Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has Active Directory Federation Services (AD FS) 2.0 installed. Server1 is a member of an AD FS farm. The AD FS farm is configured to use a configuration database that is stored on a separate Microsoft SQL Server. You install AD FS 2.0 on Server2. You need to add Server2 to the existing AD FS farm. What should you do?

 

A.       On Server1, run fsconfig.exe.

B.       On Server1, run fsconfigwizard.exe.

C.       On Server2, run fsconfig.exe.

D.      On Server2, run fsconfigwizard.exe.

 

Correct Answer: C

 

 

QUESTION 209

Your network contains an Active Directory forest. You set the Windows PowerShell execution policy to allow unsigned scripts on a domain controller in the network. You create a Windows PowerShell script named new-users.ps1 that contains the following lines:

 

new-aduser user1

new-aduser user2

new-aduser user3

new-aduser user4

new-aduser user5

 

On the domain controller, you double-click the script and the script runs. You discover that the script fails to create the user accounts. You need to ensure that the script creates the user accounts. Which cmdlet should you add to the script?

 

A.       Import-Module

B.       Register-ObjectEvent

C.       Set-ADDomain

D.      Set-ADUser

 

Correct Answer: A

 

 

QUESTION 210

Your network contains an Active Directory forest. The forest schema contains a custom attribute for user objects. You need to modify the custom attribute value of 500 user accounts. Which tool should you use?

 

A.       Csvde

B.       Dsmod

C.       Dsrm

D.      Ldifde

 

Correct Answer: D

 

Download Ensurepass Latest 2013 70-640 Braindumps Free Tests , help you to pass exam 100%.