2013 Latest 70-640 Braindumps Free Tests 281-290

Ensurepass

 

QUESTION 281

Your network contains an Active Directory domain. All domain controller run Windows Server 2003. You replace all domain controllers with domain controllers that run Windows Server 2008 R2. You raise the functional level of the domain to Windows Server 2008 R2. You need to minimize the amount of SYSVOL replication traffic on the network. What should you do?

 

A.       Raise the functional level of the forest to Windows Server 2008 R2.

B.       Modify the path of the SYSVOL folder on all of the domain controllers.

C.       On a global catalog server, run repadmin.exe and specify the KCC parameter.

D.      On the domain controller that holds the primary domain controller (PDC) emulator FSMO role, run dfsrmig.exe.

 

Correct Answer: D

 

 

QUESTION 282

Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table.

 

clip_image001

 

All client computers run Windows 7. You need to ensure that all client computers in the domain keep the same time as an external time server. What should you do?

 

A.       From DC1, run the time command.

B.       From DC2, run the time command.

C.       From DC1, run the w32tm.exe command.

D.      From DC2, run the w32tm.exe command.

 

Correct Answer: D

 

 

QUESTION 283

Your network contains an Active Directory domain named contoso.com. Contoso.com contains two domain controllers. The domain controllers are configured as shown in the following table.

 

clip_image002

 

All client computers have IP addresses in the 10.1.2.1 to 10.1.2.240 range. You need to minimize the number of client authentication requests sent to DC2. What should you do?

 

A.       Create a new site named Site1. Create a new subnet object that has the 10.1.1.0/24 prefix and assign the subnet to Site1. Move DC1 to Site1.

B.       Create a new site named Site1. Create a new subnet object that has the 10.1.1.1/32 prefix and assign the subnet to Site1. Move DC1 to Site1.

C.       Create a new site named Site1. Create a new subnet object that has the 10.1.1.2/32 prefix and assign the subnet to Site1. Move DC2 to Site1.

D.       Create a new site named Site1. Create a new subnet object that has the 10.1.2.0/24 prefix and assign the subnet to Site1. Move DC2 to Site1.

 

Correct Answer: C

 

 

QUESTION 284

Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.       Register a service principal name (SPN) for AD RMS.

B.       Register a service connection point (SCP) for AD RMS.

C.       Configure the identity setting of the _DRMSAppPool1 application pool.

D.      Configure the useAppPoolCredentials attribute in the Internet Information Services (IIS).

 

Correct Answer: AD

 

 

QUESTION 285

Your network contains an Active Directory forest. The forest contains an Active Directory site for a remote office. The remote site contains a read-only domain controller (RODC). You need to configure the RODC to store only the passwords of users in the remote site. What should you do?

 

A.       Create a Password Settings object (PSO).

B.       Modify the Partial-Attribute-Set attribute of the forest.

C.       Add the user accounts of the remote site users to the Allowed RODC Password Replication Group.

D.      Add the user accounts of users who are not in the remote site to the Denied RODC Password Replication Group.

 

Correct Answer: C

 

 

 

QUESTION 286

Your company has four offices. The network contains a single Active Directory domain. Each office has a domain controller. Each office has an organizational unit (OU) that contains the user accounts for the users in that office. In each office, support technicians perform basic troubleshooting for the users in their respective office. You need to ensure that the support technicians can reset the passwords for the user accounts in their respective office only. The solution must prevent the technicians from creating user accounts. What should you do?

 

A.       For each OU, run the Delegation of Control Wizard.

B.       For the domain, run the Delegation of Control Wizard.

C.       For each office, create an Active Directory group, and then modify the security settings for each group.

D.      For each office, create an Active Directory group, and then modify the controlAccessRights attribute for each group.

 

Correct Answer: A

 

 

QUESTION 287

Your network contains a single Active Directory domain. Client computers run either Windows XP Service Pack 3 (SP3) or Windows 7. All of the computer accounts for the client computers are located in an organizational unit (OU) named OU1. You link a new Group Policy object (GPO) named GPO10 to OU1. You need to ensure that GPO10 is applied only to client computers that run Windows 7. What should you do?

 

A.       Create a new OU in OU1. Move the Windows XP computer accounts to the new OU.

B.       Enable block inheritance on OU1.

C.       Create a WMI filter and assign the filter to GPO10.

D.      Modify the permissions of OU1.

 

Correct Answer: C

 

 

QUESTION 288

Your network contains an Active Directory domain named contoso.com. You need to audit changes to a service account. The solution must ensure that the audit logs contain the before and after values of all the changes. Which security policy setting should you configure?

 

A.       Audit Sensitive Privilege Use

B.       Audit User Account Management

C.       Audit Directory Service Changes

D.      Audit Other Account Management Events

 

Correct Answer: C

 

 

QUESTION 289

Your network contains two Active Directory forests named contoso.com and nwtraders.com. Active Directory Rights Management Services (AD RMS) is deployed in each forest. You need to ensure that users from the nwtraders.com forest can access AD RMS protected content in the contoso.com forest. What should you do?

 

A.       Add a trusted user domain to the AD RMS cluster in the nwtraders.com domain.

B.       Create an external trust from nwtraders.com to contoso.com.

C.       Add a trusted user domain to the AD RMS cluster in the contoso.com domain.

D.      Create an external trust from contoso.com to nwtraders.com.

 

Correct Answer: C

 

 

QUESTION 290

Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 is configured as an Active Directory Federation Services (AD FS) 2.0 standalone server. You plan to add a new token-signing certificate to Server1. You import the certificate to the server as shown in the exhibit.

 

clip_image004

 

When you run the Add Token-Signing Certificate wizard, you discover that the new certificate is unavailable. You need to ensure that you can use the new certificate for AD FS. What should you do?

 

A.       From the properties of the certificate, modify the Certificate Policy OIDs setting.

B.       Import the certificate to the AD FS 2.0 Windows Service personal certificate store.

C.       From the properties of the certificate, modify the Certificate purposes setting.

D.      Import the certificate to the local computer personal certificate store.

 

Correct Answer: D

Download Ensurepass Latest 2013 70-640 Braindumps Free Tests , help you to pass exam 100%.