100% Pass 70-640 Real Test is not a dream! Braindump2go Latest Released 70-640 Exam Practice Exam Dumps will help you pass 70-640 Exam one time easiluy! Free Sample Exam QAuestions and Answers are offered for free download now! Quickly having a try today! Never loose this valuable chance!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,Microsoft 70-640 Exam Dumps,70-640 Questions and Answers,TS: Windows Server 2008 Active Directory, Configuring
QUESTION 231
You have an enterprise subordinate certification authority (CA).
The CA is configured to use a hardware security module.
You need to back up Active Directory Certificate Services on the CA.
Which command should you run?
A. certutil.exe backup
B. certutil.exe backupdb
C. certutil.exe backupkey
D. certutil.exe store
Answer: A
QUESTION 232
You have Active Directory Certificate Services (AD CS) deployed.
You create a custom certificate template.
You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. In a Group Policy object (GPO), configure the autoenrollment settings.
B. In a Group Policy object (GPO), configure the Automatic Certificate Request Settings.
C. On the certificate template, assign the Read and Autoenroll permission to the Authenticated
Users group.
D. On the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain
Users group.
Answer: AD
Explanation:
http://technet.microsoft.com/en-us/library/dd379539.aspx
QUESTION 233
You have an enterprise subordinate certification authority (CA).
You have a custom Version 3 certificate template.
Users can enroll for certificates based on the custom certificate template by using the Certificates console.
The certificate template is unavailable for Web enrollment.
You need to ensure that the certificate template is available on the Web enrollment pages.
What should you do?
A. Run certutil.exe pulse.
B. Run certutil.exe installcert.
C. Change the certificate template to a Version 2 certificate template.
D. On the certificate template, assign the Autoenroll permission to the users.
Answer: C
Explanation
http://technet.microsoft.com/en-us/library/cc732517.aspx
Certificate Web enrollment cannot be used with version 3 certificate templates.
http://blogs.technet.com/b/ad/archive/2008/06/30/2008-web-enrollment-and-version-3-templates.aspx
The reason for this blog post is that one of our customers called after noticing some unexpected behavior when they were trying to use the Server 2008 certificate web enrollment page to request a Version 3 Template based certificate. The problem was that no matter what they did the Version 3 Templates would not appear as certificates which could be requested via the web page. On the other hand, version 1 and 2 templates did appear in the page and requests could be done successfully using those templates.
QUESTION 234
You have an enterprise subordinate certification authority (CA).
You have a custom certificate template that has a key length of 1,024 bits.
The template is enabled for autoenrollment.
You increase the template key length to 2,048 bits.
You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template.
Which console should you use?
A. Active Directory Administrative Center
B. Certification Authority
C. Certificate Templates
D. Group Policy Management
Answer: C
Explanation
http://technet.microsoft.com/en-us/library/cc771246.aspx
QUESTION 235
Your network contains an Active Directory forest.
All domain controllers run Windows Server 2008 Standard.
The functional level of the domain is Windows Server 2003.
You have a certification authority (CA).
The relevant servers in the domain are configured as shown below:
You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network.
What should you do?
A. Upgrade Server1 to Windows Server 2008 R2.
B. Upgrade Server2 to Windows Server 2008 R2.
C. Raise the functional level of the domain to Windows Server 2008.
D. Install the Windows Server 2008 R2 Active Directory Schema updates.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd759243.aspx
QUESTION 236
You have a domain controller that runs the DHCP service.
You need to perform an offline defragmentation of the Active Directory database on the domain controller.
You must achieve this goal without affecting the availability of the DHCP service.
What should you do?
A. Restart the domain controller in Directory Services Restore Mode.
Run the Disk Defragmenter utility.
B. Restart the domain controller in Directory Services Restore Mode.
Run the Ntdsutil utility.
C. Stop the Active Directory Domain Services service.
Run the Ntdsutil utility.
D. Stop the Active Directory Domain Services service.
Run the Disk Defragmenter utility.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc794920.aspx
QUESTION 237
Your network contains two Active Directory forests named contoso.com and nwtraders.com.
A two-way forest trust exists between contoso.com and nwtraders.com.
The forest trust is configured to use selective authentication.
Contoso.com contains a server named Server1.
Server1 contains a shared folder named Marketing.
Nwtraders.com contains a global group named G_Marketing.
The Change share permission and the Modify NTFS permission for the Marketing folder are assigned to the G_Marketing group.
Members of G_Marketing report that they cannot access the Marketing folder.
You need to ensure that the G_Marketing members can access the folder from the network.
What should you do?
A. From Windows Explorer, modify the NTFS permissions of the folder.
B. From Windows Explorer, modify the share permissions of the folder.
C. From Active Directory Users and Computers, modify the computer object for Server1.
D. From Active Directory Users and Computers, modify the group object for G_Marketing.
Answer: C
QUESTION 238
Your network contains an Active Directory forest.
You need to add a new user principal name (UPN) suffix to the forest.
Which tool should you use?
A. Active Directory Administrative Center
B. Active Directory Domains and Trusts
C. Active Directory Sites and Services
D. Active Directory Users and Computers
Answer: B
Explanation:
http://www.kassapoglou.com/windows-server-2008-lesson-23-video-creating-a-user/
QUESTION 239
Your network contains an Active Directory domain.
The domain contains two sites named Site1 and Site2.
Site 1 contains five domain controllers.
Site2 contains one read-only domain controller (RODC).
Site1 and Site2 connect to each other by using a slow WAN link.
You discover that the cached password for a user named User1 is compromised on the RODC.
On a domain controller in Site1, you change the password for User1.
You need to replicate the new password for User1 to the RODC immediately.
The solution must not replicate other objects to the RODC.
Which tool should you use?
A. Active Directory Sites and Services
B. Active Directory Users and Computers
C. Repadmin
D. Replmon
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc742095.aspx
QUESTION 240
Your network contains an Active Directory domain named contoso.com.
The properties of the contoso.com DNS zone are configured as shown in the exhibit. (Click the Exhibit button.)
You need to update all service location (SRV) records for a domain controller in the domain.
What should you do?
A. Restart the Netlogon service.
B. Restart the DNS Client service.
C. Run sc.exe and specify the triggerinfo parameter.
D. Run ipconfig.exe and specify the /registerdns parameter.
Answer: A
Explanation:
The SRV resource records for a domain controller are important in enabling clients to locate the domain controller. The Netlogon service on domain controllers registers this resource record whenever a domain controller is restarted.
You can also re-register a domain controller’s SRV resource records by restarting this service from the Services branch of Server Manager or by typing net start netlogon. An exam question might ask you how to troubleshoot the nonregistration of SRV resource records.
Braindump2go Promises All our customers: 100% All Exams Pass Or Full Money Back! Our experts have complied the fail proof 70-640 Exam content to help all candidates pass your 70-640 certification exam easily in the first attempt and score the top possible grades too.Do you want to sucess? Come to Braindump2go and our experts team will tell you what you need to do! 70-640 Exam Dumps Full Version Download: