2013 Latest 70-640 Braindumps Free Tests 81-90

Ensurepass

 

QUESTION 81

You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement a certification authority (CA) server that meets the following requirements:

 

Ÿ   Allows the certification authority to automatically issue certificates

Ÿ   Integrates with Active Directory Domain Services

 

What should you do?

 

A.       Install and configure the Active Directory Certificate Services server role as a Standalone Root CA.

B.       Install and configure the Active Directory Certificate Services server role as an Enterprise Root CA.

C.       Purchase a certificate from a third-party certification authority, Install and configure the Active Directory Certificate Services server role as a Standalone Subordinate CA.

D.       Purchase a certificate from a third-party certification authority, Import the certificate into the computer store of the schema master.

 

Correct Answer: B

 

 

QUESTION 82

You have a Windows Server 2008 R2 Enterprise Root certification authority (CA). You need to grant members of the Account Operators group the ability to only manage Basic EFS certificates. You grant the Account Operators group the Issue and Manage Certificates permission on the CA. Which three tasks should you perform next? (Each correct answer presents part of the solution.

Choose three.)

 

A.       Enable the Restrict Enrollment Agents option on the CA.

B.       Enable the Restrict Certificate Managers option on the CA.

C.       Add the Basic EFS certificate template for the Account Operators group.

D.      Grant the Account Operators group the Manage CA permission on the CA.

E.       Remove all unnecessary certificate templates that are assigned to the Account Operators group.

 

Correct Answer: BCE

 

 

QUESTION 83

Your company has an Active Directory domain. You have a two-tier PKI infrastructure that contains an offline root CA and an online issuing CA. The Enterprise certification authority is running Windows Server 2008 R2. You need to ensure users are able to enroll new certificates. What should you do?

 

A.       Renew the Certificate Revocation List (CRL) on the root CA. Copy the CRL to the CertEnroll folder on the issuing CA.

B.       Renew the Certificate Revocation List (CRL) on the issuing CA, Copy the CRL to the SysternCertificates folder in the users’ profile.

C.       Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.

D.       Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.

 

Correct Answer: A

 

QUESTION 84

Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA. The Enterprise Intermediate CA certificate expires. You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do?

 

A.       Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.

B.       Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.

C.       Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy object.

D.       Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.

 

Correct Answer: B

 

 

QUESTION 85

Your company has recently acquired a new subsidiary company in Quebec. The Active Directory administrators of the subsidiary company must use the French-language version of the administrative templates. You create a folder on the PDC emulator for the subsidiary domain in the path %systemroot%SYSVOLdomainPoliciesPolicyDefinitionsFR . You need to ensure that the French-language version of the templates is available. What should you do?

 

A.       Download the Conf.adm, System.adm, Wuau.adm, and Inetres.adm files from the Microsoft Web site. Copy the ADM files to the FR folder.

B.       Copy the ADML files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.

C.       Copy the Install.WIM file from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.

D.       Copy the ADMX files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.

 

Correct Answer: B

 

 

QUESTION 86

A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails. You need to enable the user to join a single computer to the domain. You must ensure that the user is denied any additional rights beyond those required to complete the task. What should you do?

 

A.       Prestage the computer account in the Active Directory domain.

B.       Add the user to the Domain Administrators group for one day.

C.       Add the user to the Server Operators group in the Active Directory domain.

D.      Grant the user the right to log on locally by using a Group Policy Object (GPO).

 

Correct Answer: A

 

 

QUESTION 87

The default domain GPO in your company is configured by using the following account policy settings:

 

Ÿ   Minimum password length: 8 characters

Ÿ   Maximum password age: 30 days

Ÿ   Enforce password history: 12 passwords remembered

Ÿ   Account lockout threshold: 3 invalid logon attempts

Ÿ   Account lockout duration: 30 minutes

 

You install Microsoft SQL Server on a computer named Server1 that runs Windows Server 2008 R2. The SQL Server application uses a service account named SQLSrv. The SQLSrv account has domain user rights. The SQL Server computer fails after running successfully for several weeks. The SQLSrv user account is not locked out. You need to resolve the server failure and prevent recurrence of the failure. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.       Reset the password of the SQLSrv user account.

B.       Configure the local security policy on Serverl to grant the Logon as a service right on the SQLSrv user account.

C.       Configure the properties of the SQLSrv account to Password never expires.

D.      Configure the properties of the SQLSrv account to User cannot change password.

E.       Configure the local security policy on Serverl to explicitly grant the SQLSrv user account the Allow logon locally user right.

 

Correct Answer: AC

 

 

QUESTION 88

Your company has two Active Directory forests named Forest1 and Forest2, The forest functional level and the domain functional level of Forest1 are set to Windows Server 2008. The forest functional level of Forest2 is set to Windows 2000, and the domain functional levels in Forest2 are set to Windows Server 2003. You need to set up a transitive forest trust between Forest1 and Forest2, What should you do first?

 

A.       Raise the forest functional level of Forest2 to Windows Server 2003 Interim mode.

B.       Raise the forest functional level of Forest2 to Windows Server 2003.

C.       Upgrade the domain controllers in Forest2 to Windows Server 2008.

D.      Upgrade the domain controllers in Forest2 to Windows Server 2003.

 

Correct Answer: B

 

 

QUESTION 89

Your company has an Active Directory forest that contains two domains, The forest has universal groups that contain members from each domain. A branch office has a domain controller named DC1, Users at the branch office report that the logon process takes too long. You need to decrease the amount of time it takes for the branch office users to logon. What should you do?

 

A.       Configure DC1 as a Global Catalog server.

B.       Configure DC1 as a bridgehead server for the branch office site.

C.       Decrease the replication interval on the site link that connects the branch office to the corporate network.

D.      Increase the replication interval on the site link that connects the branch office to the corporate network.

 

Correct Answer: A

 

 

QUESTION 90

Your company has an Active Directory domain. The main office has a DNS server named DNS1 that is configured with Active Directory-integrated DNS. The branch office has a DNS server named DNS2 that contains a secondary copy of the zone from DNS1. The two offices are connected with an unreliable WAN link. You add a new server to the main office. Five minutes after adding the server, a user from the branch office reports that he is unable to connect to the new server. You need to ensure that the user is able to connect to the new server. What should you do?

 

A.       Clear the cache on DNS2.

B.       Reload the zone on DNS1.

C.       Refresh the zone on DNS2.

D.      Export the zone from DNS1 and import the zone to DNS2.

 

Correct Answer: C

Download Ensurepass Latest 2013 70-640 Braindumps Free Tests , help you to pass exam 100%.