In the information era, IT industry is catching more and more attention. In the society which has a galaxy of talents, there is still lack of IT talents. Many companies need IT talents, and generally, they investigate IT talents's ability in according to what IT related authentication certificate they have. So having some IT related authentication certificate is welcomed by many companies. But these authentication certificate are not very easy to get. Microsoft 070-640 is a quite difficult certification exams. Although a lot of people participate in Microsoft 070-640 exam, the pass rate is not very high.
ITCertMaster is a website to meet the needs of many customers. Some people who used our simulation test software to pass the IT certification exam to become a ITCertMaster repeat customers. ITCertMaster can provide the leading Microsoft training techniques to help you pass Microsoft certification 070-640 exam.
If you have a faith, then go to defend it. Gorky once said that faith is a great emotion, a creative force. My dream is to become a top IT expert. I think that for me is nowhere in sight. But to succeed you can have a shortcut, as long as you make the right choice. I took advantage of ITCertMaster's Microsoft 070-640 exam training materials, and passed the Microsoft 070-640 exam. ITCertMaster Microsoft 070-640 exam training materials is the best training materials. If you're also have an IT dream. Then go to buy ITCertMaster's Microsoft 070-640 exam training materials, it will help you achieve your dreams.
ITCertMaster can not only achieve your dreams, but also provide you one year of free updates and after-sales service. The answers of ITCertMaster's exercises is 100% correct and they can help you pass Microsoft certification 070-640 exam successfully. You can free download part of practice questions and answers of Microsoft certification 070-640 exam online as a try.
Exam Code: 070-640
Exam Name: Microsoft (Windows Server 2008 Active Directory. Configuring)
Guaranteed success with practice guides, No help, Full refund!
575 Questions and Answers
Updated: 2013-10-15
Add ITCertMaster's products to cart now! You will have 100% confidence to participate in the exam and disposably pass Microsoft certification 070-640 exam. At last, you will not regret your choice.
070-640 Free Demo Download: http://www.itcertmaster.com/070-640.html
NO.1 An Active Directory database is installed on the C volume of a domain controller. You need to move the
Active Directory database to a new volume. What should you do?
A. Copy the ntds.dit file to the new volume by using the ROBOCOPY command.
B. Move the ntds.dit file to the new volume by using Windows Explorer.
C. Move the ntds.dit file to the new volume by running the Move-item command in Microsoft Windows
PowerShell.
D. Move the ntds.dit file to the new volume by using the Files option in the Ntdsutil utility.
Answer: D
Microsoft 070-640 070-640 exam simulations 070-640 070-640 questions
NO.2 You have a single Active Directory domain. All domain controllers run Windows Server 2008 and are
configured as DNS servers. The domain contains one Active Directory-integrated DNS zone. You need to
ensure that outdated DNS records are automatically removed from the DNS zone.
What should you do?
A. From the properties of the zone, modify the TTL of the SOA record.
B. From the properties of the zone, enable scavenging.
C. From the command prompt, run ipconfig /flushdns.
D. From the properties of the zone, disable dynamic updates.
Answer: B
Microsoft exam simulations 070-640 070-640 070-640
NO.3 Your company, Contoso Ltd has a main office and a branch office. The offices are connected by a WAN
link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com.
The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office.
DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a
standard primary zone.
You install a new domain controller named DC2 in the branch office. You install DNS on DC2.
You need to ensure that the DNS service can update records and resolve DNS queries in the event that a
WAN link fails.
What should you do?
A. Create a new stub zone named ad.contoso.com on DC2.
B. Create a new standard secondary zone named ad.contoso.com on DC2.
C. Configure the DNS server on DC2 to forward requests to DC1.
D. Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.
Answer: D
Microsoft 070-640 070-640 070-640 070-640
NO.4 You are decommissioning domain controllers that hold all forest-wide operations master roles. You
need to transfer all forest-wide operations master roles to another domain controller. Which two roles
should you transfer? (Each correct answer presents part of the solution. Choose two.)
A. Domain naming master
B. Infrastructure master
C. RID master
D. PDC emulator
E. Schema master
Answer: AE
Microsoft exam 070-640 070-640
NO.5 Your company has an Active Directory forest that contains a single domain. The domain member
server has an Active Directory Federation Services (AD FS) role installed. You need to configure AD FS to
ensure that AD FS tokens contain information from the Active Directory domain. What should you do?
A. Add and configure a new account partner.
B. Add and configure a new resource partner.
C. Add and configure a new account store.
D. Add and configure a Claims-aware application.
Answer: C
Microsoft questions 070-640 original questions 070-640 070-640
NO.6 Your company has an Active Directory domain. The company has two domain controllers named DC1
and DC2. DC1 holds the Schema Master role.
DC1 fails. You log on to Active Directory by using the administrator account. You are not able to transfer
the Schema Master operations role.
You need to ensure that DC2 holds the Schema Master role.
What should you do?
A. Configure DC2 as a bridgehead server.
B. On DC2, seize the Schema Master role.
C. Log off and log on again to Active Directory by using an account that is a member of the Schema
Administrators group. Start the Active Directory Schema snap-in.
D. Register the Schmmgmt.dll. Start the Active Directory Schema snap-in.
Answer: B
Microsoft 070-640 certification 070-640 certification 070-640
NO.7 Your company has a main office and a branch office. You deploy a read-only domain controller (RODC)
that runs Microsoft Windows Server 2008 to the branch office. You need to ensure that users at the
branch office are able to log on to the domain by using the RODC. What should you do?
A. Add another RODC to the branch office.
B. Configure a new bridgehead server in the main office.
C. Decrease the replication interval for all connection objects by using the Active Directory Sites and
Services console.
D. Configure the Password Replication Policy on the RODC. Answer: D
Microsoft 070-640 braindump 070-640 test answers 070-640 exam 070-640
NO.8 Your network consists of an Active Directory forest that contains one domain named contoso.com. All
domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You have two
Active Directory-integrated zones: contoso.com and nwtraders.com. You need to ensure a user is able to
modify records in the contoso.com zone. You must prevent the user from modifying the SOA record in the
nwtraders.com zone. What should you do?
A. From the Active Directory Users and Computers console, run the Delegation of Control Wizard.
B. From the Active Directory Users and Computers console, modify the permissions of the Domain
Controllers organizational unit (OU).
C. From the DNS Manager console, modify the permissions of the contoso.com zone.
D. From the DNS Manager console, modify the permissions of the nwtraders.com zone.
Answer: C
Microsoft exam dumps 070-640 practice test 070-640 070-640 070-640 certification
NO.9 Your company uses a Windows 2008 Enterprise certificate authority (CA) to issue certificates. You
need to implement key archival. What should you do?
A. Configure the certificate for automatic enrollment for the computers that store encrypted files.
B. Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files.
C. Apply the Hisecdc security template to the domain controllers.
D. Archive the private key on the server.
Answer: D
Microsoft practice test 070-640 original questions 070-640 original questions 070-640 demo
NO.10 You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1
is configured as an enterprise root certification authority (CA). You install the Online Responder role
service on Server2. You need to configure Server1 to support the Online Responder. What should you
do?
A. Import the enterprise root CA certificate.
B. Configure the Certificate Revocation List Distribution Point extension.
C. Configure the Authority Information Access (AIA) extension.
D. Add the Server2 computer account to the CertPublishers group.
Answer: C
Microsoft 070-640 070-640 070-640
NO.11 You network consists of a single Active Directory domain. All domain controllers run Windows Server
2008 R2. You need to reset the Directory Services Restore Mode (DSRM) password on a domain
controller.
What tool should you use?
A. Active Directory Users and Computers snap-in
B. ntdsutil
C. Local Users and Groups snap-in
D. dsmod
Answer: B
Microsoft 070-640 certification 070-640 070-640 original questions 070-640
NO.12 Your company has a single Active Directory domain named intranet.adatum.com. The domain
controllers run Windows Server 2008 and the DNS server role. All computers, including non-domain
members, dynamically register their DNS records. You need to configure the intranet.adatum.com zone to
allow only domain members to dynamically register DNS records.
What should you do?
A. Set dynamic updates to Secure Only.
B. Remove the Authenticated Users group.
C. Enable zone transfers to Name Servers.
D. Deny the Everyone group the Create All Child Objects permission.
Answer: A
Microsoft demo 070-640 pdf 070-640 dumps
NO.13 Your network consists of a single Active Directory domain. All domain controllers run Windows Server
2008 R2. The Audit account management policy setting and Audit directory services access setting are
enabled for the entire domain. You need to ensure that changes made to Active Directory objects can be
logged. The logged changes must include the old and new values of any attributes.
What should you do.?
A. Run auditpol.exe and then configure the Security settings of the Domain Controllers OU.
B. From the Default Domain Controllers policy, enable the Audit directory service access setting and
enable directory service changes.
C. Enable the Audit account management policy in the Default Domain Controller Policy.
D. Run auditpol.exe and then enable the Audit directory service access setting in the Default Domain
policy.
Answer: B
Microsoft 070-640 test answers 070-640
NO.14 Your company has an Active Directory forest that runs at the functional level of Windows Server 2008.
You implement Active Directory Rights Management Services (AD RMS).
You install Microsoft SQL Server 2005. When you attempt to open the AD RMS administration Web site,
you receive the following error message: "SQL Server does not exist or access denied."
You need to open the AD RMS administration Web site.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. Restart IIS.
B. Manually delete the Service Connection Point in AD DS and restart AD RMS.
C. Install Message Queuing.
D. Start the MSSQLSVC service.
Answer: AD
Microsoft 070-640 demo 070-640 questions 070-640 demo 070-640 questions
NO.15 Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company
uses an Enterprise Root certificate authority (CA). You need to ensure that revoked certificate information
is highly available. What should you do?
A. Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and
Acceleration Server array.
B. Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).
C. Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
D. Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to
the domain.
Answer: C
Microsoft answers real questions 070-640 070-640
NO.16 Your company has file servers located in an organizational unit named Payroll. The file servers contain
payroll files located in a folder named Payroll. You create a GPO. You need to track which employees
access the Payroll files on the file servers. What should you do?
A. Enable the Audit process tracking option. Link the GPO to the Domain Controllers organizational unit.
On the file servers, configure Auditing for the Authenticated Users group in the Payroll folder.
B. Enable the Audit object access option. Link the GPO to the Payroll organizational unit. On the file
servers, configure Auditing for the Everyone group in the Payroll folder.
C. Enable the Audit process tracking option. Link the GPO to the Payroll organizational unit. On the file
servers, configure Auditing for the Everyone group in the Payroll folder.
D. Enable the Audit object access option. Link the GPO to the domain. On the domain controllers,
configure Auditing for the Authenticated Users group in the Payroll folder.
Answer: B
Microsoft 070-640 questions 070-640 070-640 answers real questions 070-640 certification
NO.17 Your company has an Active Directory domain. A user attempts to log on to a computer that was turned
off for twelve weeks. The administrator receives an error message that authentication has failed. You
need to ensure that the user is able to log on to the computer. What should you do?
A. Run the netsh command with the set and machine options.
B. Reset the computer account. Disjoin the computer from the domain, and then rejoin the computer to
the domain.
C. Run the netdom TRUST /reset command.
D. Run the Active Directory Users and Computers console to disable, and then enable the computer
account.
Answer: B
Microsoft exam simulations 070-640 questions 070-640 certification 070-640 practice test
NO.18 Your company has a server that runs an instance of Active Directory Lightweight Directory Service (AD
LDS). You need to create new organizational units in the AD LDS application directory partition. What
should you do?
A. Use the dsmod OU <OrganizationalUnitDN> command to create the organizational units.
B. Use the Active Directory Users and Computers snap-in to create the organizational units on the AD
LDS application directory partition.
C. Use the dsadd OU <OrganizationalUnitDN> command to create the organizational units.
D. Use the ADSI Edit snap-in to create the organizational units on the AD LDS application directory
partition.
Answer: D
Microsoft 070-640 test answers 070-640 questions
NO.19 Your network consists of a single Active Directory domain. All domain controllers run Windows Server
2008 R2 and are configured as DNS servers. A domain controller named DC1 has a standard primary
zone for contoso.com. A domain controller named DC2 has a standard secondary zone for contoso.com.
You need to ensure that the replication of the contoso.com zone is encrypted. You must not lose any zone
data. What should you do?
A. Convert the primary zone into an Active Directory-integrated stub zone. Delete the secondary zone.
B. Convert the primary zone into an Active Directory-integrated zone. Delete the secondary zone.
C. Configure the zone transfer settings of the standard primary zone. Modify the Master Servers lists on
the secondary zone.
D. On both servers, modify the interface that the DNS server listens on.
Answer: B
Microsoft 070-640 070-640 070-640 exam
NO.20 Contoso, Ltd. has an Active Directory domain named ad.contoso.com. Fabrikam, Inc. has an Active
Directory domain named intranet.fabrikam.com. Fabrikam's security policy prohibits the transfer of
internal DNS zone data outside the Fabrikam network. You need to ensure that the Contoso users are
able to resolve names from the intranet.fabrikam.com domain.
What should you do?
A. Create a new stub zone for the intranet.fabrikam.com domain.
B. Configure conditional forwarding for the intranet.fabrikam.com domain.
C. Create a standard secondary zone for the intranet.fabrikam.com domain.
D. Create an Active DirectoryCintegrated zone for the intranet.fabrikam.com domain.
Answer: B
Microsoft 070-640 demo 070-640 original questions 070-640 070-640 070-640
ITCertMaster offer the latest 3103 Practice Test and high-quality HH0-240 PDF Exam Questions training material. Our 000-652 VCE testing engine and 100-500 dumps can help you pass the real exam. High-quality 000-456 Exam Questions & Answers can 100% guarantee you pass the exam faster and easier. Pass the exam to obtain certification is so simple.
Article Link: http://www.itcertmaster.com/070-640.html
Post a Comment