Latest Real 70-640 Tests Dumps and VCE Exam Questions 501-511

Ensurepass

QUESTION 501

Your network contains an Active Directory forest. The forest contains two domains. The forest contains four domain controllers. The domain controllers are configured as shown in the following table.

 

clip_image001

 

All user accounts are located in the child.contoso.com domain. Users in the child.contoso.com domain are members of several security groups in the contoso.com domain. Your company decides to change the naming standard of user accounts. You rename all of the user accounts to comply with the new standard. You discover that the old user names are listed in the members’ list of the security groups in the contoso.com domain. You need to ensure that the members’ list of the security groups in the contoso.com domain displays the new user names. What should you do?

 

A.      Transfer the PDC emulator role from DC2 to DC3.

B.      Configure DC5 as a global catalog server.

C.      Configure DC1 as a global catalog server.

D.      Transfer the infrastructure master role from DC3 to DC2.

 

Correct Answer: D

 

 

QUESTION 502

Your network contains an Active Directory forest named contoso.com. The forest contains an enterprise certification authority (CA). The enterprise CA is inaccessible from the internet. You have a server named Server1 that runs Windows Server 2008 R2. Server1 is accessible from the Internet. Server1 can communicate with the enterprise CA. You need to ensure that laptops that are joined to the domain can renew their certificates automatically from the Internet. Which two role services should you install on Server1?

 

To answer, select the two appropriate role services in the answer area.

 

Hot Area:

clip_image003

 

Correct Answer:

clip_image005

 

 

QUESTION 503

Your network contains an Active Directory domain. The domain contains a certification authority (CA). The network contains several Layer 3 switches. You need to ensure that the switches can request certificates from the CA. Which role service should you deploy?

 

A.      Network Device Enrollment Service

B.      Windows Token-based Agent

C.      Network Policy Server

D.      Client Certificate Mapping Authentication

 

Correct Answer: A

 

 

QUESTION 504

Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. You configure Server1 as a standalone root certification authority (CA). You identify the following requirements for the public key infrastructure (PKI):

 

Ÿ   The root CA must be offline once the PKI is deployed.

Ÿ   Users must be able to enroll for certificates automatically.

 

You need to configure Server2 to meet the PKI requirements. What should you configure on Server2?

 

A.      A standalone subordinate CA

B.      A standalone root CA

C.      An enterprise subordinate CA

D.      An enterprise root CA

 

Correct Answer: C

 

 

QUESTION 505

Your network contains an Active Directory domain named contoso.com. The aging and scavenging settings of the contoso.com zone are configured as shown in the exhibit.

 

clip_image006

 

To answer, complete each statement according to the information presented in the exhibit.

 

Hot Area:

clip_image007

 

Correct Answer:

clip_image008

 

 

QUESTION 506

Your network contains an Active Directory domain named contoso.com. The domain contains three domain controllers named DC1, DC2 and DC3. You need to create a zone named adatum.com that replicates between DC1 and DC2 only. The zone data for adatum.com must be writable on both DC1 and DC2. Which three actions should you perform in sequence?

 

To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.

 

Select and Place:

clip_image010

 

Correct Answer:

clip_image012

 

 

QUESTION 507

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. The domain contains a domain controller named DC1. DC1 hosts an Active Directory-integrated zone for contoso.com. You enable record scavenging for contoso.com by using the default settings. You configure scavenging to run every seven days. After 30 days, you discover that some DNS records of computers that were removed from the network are still present in the contoso.com zone. You need to ensure that the scavenging process can remove the stale records. What command should you run?

 

To answer, select the appropriate options in the answer area.

 

Hot Area:

clip_image013

clip_image014

 

Correct Answer:

clip_image015

 

 

QUESTION 508

Your network contains an Active Directory domain named contoso.com. All servers are located in the same Active Directory site. The domain contains two domain controllers named DC1 and DC2. Both domain controllers host an Active Directory-integrated zone for contoso.com.

The Start of Authority (SOA) record of the contoso.com zone is shown in the exhibit.

 

clip_image016

 

You have a member server named Server1. Server1 hosts a secondary zone of contoso.com.

On DC1, you add a new record to the contoso.com zone.

In the table below, identify the maximum amount of time required to replicate the record to each server. Make only one selection in each column.

 

Hot Area:

clip_image018

 

Correct Answer:

clip_image020

 

 

QUESTION 509

Your network contains 50 domain controllers that runs Windows Server 2008 R2. You need to create a script that resets the Directory Services Restore Mode (DSRM) password on all of the domain controllers. The solution must NOT maintain passwords in the script. Which two tools should you use? (Each correct answer presents part of the solution. Choose two.)

 

A.      Active Directory Users and Computers

B.      Ntdsutil

C.      Dsamain

D.      Local Users and Groups

 

Correct Answer: BD

 

 

QUESTION 510

Your network contains an Active Directory domain named contoso.com. The domain has a branch site that contains a read-only domain controller (RODC) named R0DC1. A user named User1 is a member of the Allowed RODC Password Replication Group. User1 frequently logs on to a computer in the branch site. You remove User1 from the Allowed RODC Password Replication Group. You need to ensure that the password of User1 is no longer cached on RODC1. What should you do?

 

A.      Add User1 to the Denied RODC Password Replication Group, and then force Active Directory replication.

B.      Run repadmin /rodcpwdrepl rodc2.contoso.com dc.contoso.com cn = User1, cn-users,dc = contoso,dc-com.

C.      Run repadmin /prp delete rodcl.contoso.com allow cn = User1, cn = users, dc = contoso,dc = com.

D.      Reset the password of User1, and then force Active Directory replication.

 

Correct Answer: D

 

 

QUESTION 511

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. You install Active Directory Lightweight Directory Services (AD LDS) on a member server named Server2. On Server2, you create a directory partition named fabrikam.com. You need to configure the MS-AdamSyncConfig.xml file to synchronize data from contoso.com to fabrikam.com. What should you do?

 

To answer, select the appropriate options in the answer area.

 

Hot Area:

clip_image021

clip_image022

 

Correct Answer:

 

 

QUESTION 512

Your network contains an Active Directory forest. The forest contains a single domain named contoso.com. The domain contains domain controllers that run either Windows Server 2003 or Windows Server 2008 R2. The functional level of the domain and the forest is Windows Server 2003. You need to add a read-only domain controller (RODC) to the forest. What should you do first?

 

A.      Upgrade the domain controllers that run Windows Server 2003.

B.      Raise the domain functional level.

C.      Run the adprep command.

D.      Raise the forest functional level.

 

Correct Answer: C

 

 

QUESTION 513

Your company has two offices. The offices are located in Miami and London. The network contains an Active Directory forest named contoso.com. The forest contains two child domains named miami.contoso.com and london.contoso.com. Each domain contains 50 domain controllers that run Windows Server 2008 R2. Each office is configured as an Active Directory site. The office in London recently hired several thousand new employees. You need to move 10 domain controllers from miami.contoso.com to london.contoso.com. What should you do?

 

A.      Run the dsadd.exe command

B.      Run the nltest.exe command.

C.      Run the Set-AdDomain cmdlet.

D.      Run the dsmove.exe command.

E.       Run the dcpromo.exe command.

F.       Run the Move-AdDirectoryServer cmdlet.

G.      Use the Active Directory Schema snap-in.

H.      Use the Active Directory Users and Computers console.

 

Correct Answer: E

 

 

QUESTION 514

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains 50 domain controllers that run Windows Server 2008 R2. The domain contains a group named Computer_Location. You plan to create 1,000 computer accounts in the domain in several organizational units (OUs). You need to ensure that the members of the Computer_Location group can modify the description of each computer account as soon as the account is created. The solution must use permissions that are applied explicitly to the new computer accounts. What should you do?

 

A.      Run the dsadd.exe command

B.      Run the nltest.exe command.

C.      Run the Set-AdDomain cmdlet.

D.      Run the dsmove.exe command.

E.       Run the dcpromo.exe command.

F.       Run the Move-AdDirectoryServer cmdlet.

G.      Use the Active Directory Schema snap-in.

H.      Use the Active Directory Users and Computers console.

 

Correct Answer: G

 

 

QUESTION 515

Your company has two offices. The offices are located in Miami and London. The network contains an Active Directory forest named contoso.com. The forest contains two child domains named miami.contoso.com and london.contoso.com. The domain contains 50 domain controllers that run Windows Server 2008 R2. Each office is configured as an Active Directory site. The forest contains a custom attribute named SecurityAccessCode. You recently configured a domain controller named DC22 as a global catalog server. You need to verify that SecurityAccessCode is configured to replicate to DC22. What should you do?

 

A.      Run the dsadd.exe command

B.      Run the nltest.exe command.

C.      Run the Set-AdDomain cmdlet.

D.      Run the dsmove.exe command.

E.       Run the dcpromo.exe command.

F.       Run the Move-AdDirectoryServer cmdlet.

G.      Use the Active Directory Schema snap-in.

H.      Use the Active Directory Users and Computers console.

 

Correct Answer: G

 

 

QUESTION 516

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 hosts an Active Directory-integrated zone for contoso.com. The research department maintains its own DNS servers and hosts a zone named research.contoso.com on a UNIXbased server named Server1. The perimeter network contains a DNS server named Server2. Server2 is a standalone server that runs Windows Server 2008 R2. You need to configure the DNS settings of Server2 to meet the following requirements:

 

Ÿ   Server2 must maintain a copy of all the records in research.contoso.com.

Ÿ   DC1 must query Server2 to resolve the names of Internet hosts.

 

Which two actions should you perform? (Each correct answer presents part of the solution.

Choose two.)

 

A.      Create a secondary zone.

B.      Create a conditional forwarder.

C.      Create a stub zone.

D.      Create a primary zone.

E.       Create a Forwarder.

 

Correct Answer: AE

 

 

QUESTION 517

Your network contains an Active Directory domain named contoso.com.

 

The Zone Transfers settings of contoso.com are configured as shown in the Zone Transfers exhibit.

 

 

The Name Servers settings of contoso.com are configured as shown in the Name Servers exhibit.

 

 

To answer, complete each statement according to the information presented in the exhibits.

 

Hot Area:

 

Correct Answer:

 

 

QUESTION 518

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2008 R2. You need to increase the amount of Active Directory diagnostic information logged to the Event Viewer on DC1. What should you do?

 

A.      Modify the properties of the objects in the Active Directory Diagnostics Data Collector Set (DCS).

B.      Modify the properties of the System Log and the Application Log.

C.      Modify the flags attribute of DC1.

D.      Modify the settings in the

HKey_Local_MachineSYSTEMCurrentControlSetservicesNTDSDiagnostics registry key.

 

Correct Answer: D

 

 

QUESTION 519

Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA). You plan to delegate certificate enrollment for Smartcard Logon certificates to a user named User1. User1 is the member of a group named CONTOSODelegatedAdmins. You need to recommend a solution to provide User1 with the ability to enroll for Smartcard Logon certificates on behalf of other domain users. What should you include in the recommendation?

 

A.      Duplicate the Smartcard Logon certificate template. Modify the Extensions settings and the Request Handling settings of the new template.

B.      Modify the Issuance Requirements settings and the Security settings of the Smartcard Logon certificate template.

C.      Modify the Extensions settings and the Request Handling settings of the Smartcard Logon certificate template.

D.      Duplicate the Smartcard Logon certificate template. Modify the Issuance Requirements settings and the Security settings of the new template.

Correct Answer: D

 

 

QUESTION 520

Your network contains an Active Directory domain named contoso.com. You need to ensure that when computers are joined manually to the domain by using the System Properties, the computer account of the computers is created automatically in an organizational unit (OU) named NewComputers. Which command should you run?

 

A.      dsmgmt.exe

B.      redircmp.exe

C.      csvde.exe

D.      computerdefaults.exe

 

Correct Answer: B

 

 

Download Latest Microsoft 70-640 Real Free Tests ,help you to pass exam 100%.