Real Latest 70-640 Exam Questions Updated By Official Microsoft Exam Center! Braindump2go Offers 70-640 Dumps sample questions for free download now! You also can visit our website, download our premium Microsoft 70-640 Exam Real Answers, 100% Exam Pass Guaranteed!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,Microsoft 70-640 Exam Dumps,70-640 Questions and Answers,TS: Windows Server 2008 Active Directory, Configuring
QUESTION 391
Your company has an Active Directory domain.
A user attempts to log on to a computer that was turned off for twelve weeks.
The administrator receives an error message that authentication has failed.
You need to ensure that the user is able to log on to the computer.
What should you do?
A. Run the netsh command with the set and machine options.
B. Reset the computer account.
Disjoin the computer from the domain, and then rejoin the computer to the domain.
C. Run the netdom TRUST /reset command.
D. Run the Active Directory Users and Computers console to disable, and then enable the
computer account.
Answer: B
Explanation:
Reset the computer account. Disjoin the computer from the domain, and then rejoin the computer to the domain.
http://social.technet.microsoft.com/wiki/contents/articles/9157.trust-relationship-between-workstation-andprimary-domain-failed.aspx
QUESTION 392
Your company has an Active Directory forest that contains a single domain.
The domain member server has an Active Directory Federation Services (AD FS) role installed. You need to configure AD FS to ensure that AD FS tokens contain information from the Active Directory domain.
What should you do?
A. Add and configure a new account partner.
B. Add and configure a new resource partner.
C. Add and configure a new account store.
D. Add and configure a Claims-aware application.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc732095.aspx
Understanding Account Stores
Active Directory Federation Services (AD FS) uses account stores to log on users and extract security claims for those users. You can configure multiple account stores for a single Federation Service. You can also define their priority. The Federation Service uses Lightweight Directory Access Protocol (LDAP) to communicate with account stores. AD FS supports the following two account stores:
Active Directory Domain Services (AD DS)
Active Directory Lightweight Directory Services (AD LDS)
QUESTION 393
You network consists of a single Active Directory domain.
All domain controllers run Windows Server 2008 R2.
You need to reset the Directory Services Restore Mode (DSRM) password on a domain controller.
What tool should you use?
A. Active Directory Users and Computers snap-in
B. ntdsutil
C. Local Users and Groups snap-in
D. dsmod
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc753343%28v=ws.10%29.aspx
Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). You can use the ntdsutil commands to perform database maintenance of AD DS, manage and control single master operations, and remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled.
This tool is intended for use by experienced administrators.
Commands set DSRM password – Resets the Directory Services Restore Mode (DSRM) administrator password.
Further information:
http://technet.microsoft.com/en-us/library/cc754363%28v=ws.10%29.aspx
Set DSRM password
Resets the Directory Services Restore Mode (DSRM) password on a domain controller. At the Reset DSRM Administrator Password: prompt, type any of the parameters listed under
“Syntax.”
This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2. Ntdsutil is available if you have the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) server role installed.
Dsmgmt is available if you have the AD LDS server role installed. These tools are also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT).
QUESTION 394
Your company has a main office and a branch office.
You deploy a read-only domain controller (RODC) that runs Microsoft Windows Server 2008 to the branch office.
You need to ensure that users at the branch office are able to log on to the domain by using the RODC.
What should you do?
A. Add another RODC to the branch office.
B. Configure a new bridgehead server in the main office.
C. Decrease the replication interval for all connection objects by using the Active Directory Sites
and Services console.
D. Configure the Password Replication Policy on the RODC.
Answer: D
Explanation:
Configure the Password Replication Policy on the RODC.
http://technet.microsoft.com/en-us/library/cc754956%28v=ws.10%29.aspx
RODC Frequently Asked Questions
What new attributes support the RODC Password Replication Policy?
Password Replication Policy is the mechanism for determining whether a user or computer’s credentials are allowed to replicate from a writable domain controller to an RODC. The Password Replication Policy is always set on a writable domain controller running Windows Server 2008.
What operations fail if the WAN is offline, but the RODC is online in the branch office?
If the RODC cannot connect to a writable domain controller running Windows Server 2008 in the hub, the following branch office operations fail:
Password changes
Attempts to join a computer to a domain
Computer rename
Authentication attempts for accounts whose credentials are not cached on the RODC Group Policy updates that an administrator might attempt by running the gpupdate /force command
What operations succeed if the WAN is offline, but the RODC is online in the branch office? If the RODC cannot connect to a writable domain controller running Windows Server 2008 in the hub, the following branch office operations succeed:
Authentication and logon attempts, if the credentials for the resource and the requester are already cached, Local RODC server administration performed by a delegated RODC server administrator.
QUESTION 395
Your network contains a single Active Directory domain.
The functional level of the forest is Windows Server 2008.
The functional level of the domain is Windows Server 2008 R2.
All DNS servers run Windows Server 2008.
All domain controllers run Windows Server 2008 R2.
You need to ensure that you can enable the Active Directory Recycle Bin.
What should you do?
A. Change the functional level of the forest.
B. Change the functional level of the domain.
C. Modify the Active Directory schema.
D. Modify the Universal Group Membership Caching settings.
Answer: A
Explanation:
Set dynamic updates to Secure Only.
http://technet.microsoft.com/en-us/library/cc753751.aspx
Allow Only Secure Dynamic Updates
Domain Name System (DNS) client computers can use dynamic update to register and dynamically update their resource records with a DNS server whenever changes occur. This reduces the need for manual administration of zone records, especially for clients that frequently move or change locations and use Dynamic Host Configuration Protocol (DHCP) to obtain an IP address.
Dynamic updates can be secure or nonsecure. DNS update security is available only for zones that are integrated into Active Directory Domain Services (AD DS). After you directory-integrate a zone, access control list (ACL) editing features are available in DNS Manager so that you can add or remove users or groups from the ACL for a specified zone or resource record.
QUESTION 396
Your network contains an Active Directory domain.
The domain contains several domain controllers.
All domain controllers run Windows Server 2008 R2.
You need to restore the Default Domain Controllers Policy Group Policy object (GPO) to the Windows Server 2008 R2 default settings.
What should you do?
A. Run dcgpofix.exe /target:dc.
B. Run dcgpofix.exe /target:domain.
C. Delete the link for the Default Domain Controllers Policy, and then run gpupdate.exe /sync.
D. Delete the link for the Default Domain Controllers Policy, and then run gpupdate.exe /force.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/hh875588.aspx
QUESTION 397
Your network contains an Active Directory domain.
The domain contains two Active Directory sites named Site1 and Site2.
Site1 contains two domain controllers named DC1 and DC2.
Site2 contains two domain controller named DC3 and DC4.
The functional level of the domain is Windows Server 2008 R2.
The functional level of the forest is Windows Server 2003.
Active Directory replication between Site1 and Site2 occurs from 20:00 to 01:00 every day.
At 07:00, an administrator deletes a user account while he is logged on to DC1.
You need to restore the deleted user account.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. On DC1, run the Restore-ADObject cmdlet.
B. On DC3, run the Restore-ADObject cmdlet.
C. On DC1, stop Active Directory Domain Services, restore the System State, and then start
Active Directory Domain Services.
D. On DC3, stop Active Directory Domain Services, perform an authoritative restore, and then
start Active Directory Domain Services.
Answer: D
QUESTION 398
Your network contains an Active Directory domain.
The domain contains two domain controllers named DC1 and DC2.
You perform a full backup of the domain controllers every night by using Windows Server Backup.
You update a script in the SYSVOL folder.
You discover that the new script fails to run properly.
You need to restore the previous version of the script in the SYSVOL folder.
The solution must minimize the amount of time required to restore the script.
What should you do first?
A. Run the Restore-ADObject cmdlet.
B. Restore the system state to its original location.
C. Restore the system state to an alternate location.
D. Attach the VHD file created by Windows Server Backup.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/magazine/2008.05.adbackup.aspx
Active Directory Backup and Restore in Windows Server 2008
NTBACKUP vs. Windows Server Backup
As an added bonus, Windows Server Backup stores its backup images in Microsoft® Virtual Hard Disk (VHD) format. You can actually take a backup image and mount it as a volume in a virtual machine running under Microsoft Virtual Server 2005. You can simply mount the VHDs in a virtual machine and browse for a particular file rather than having to perform test restores of tapes to see which one has the file is on it. (A note of caution: you can’t take a backup image and boot a virtual machine from it. Since the backed-up hardware configuration doesn’t correspond to the virtual machine’s configuration, you can’t use Windows Server Backup as a physical-to-virtual migration tool.)
QUESTION 399
Your network contains an Active Directory domain.
You need to restore a deleted computer account from the Active Directory Recycle Bin.
What should you do?
A. From the command prompt, run recover.exe.
B. From the command prompt, run ntdsutil.exe.
C. From the Active Directory Module for Windows PowerShell, run the Restore-Computer cmdlet.
D. From the Active Directory Module for Windows PowerShell, run the Restore-ADObject cmdlet.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd379509%28v=ws.10%29.aspx
QUESTION 400
You need to back up all of the group policies in a domain.
The solution must minimize the size of the backup.
What should you use?
A. the Add-WBSystemState cmdlet
B. the Group Policy Management console
C. the Wbadmin tool
D. the Windows Server Backup feature
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc770536.aspx
Braindump2go New Released Premium 70-640 Exam Dumps Guarantee You a 100% Exam Success Or We Promise Full Money Back! Download Microsoft 70-640 Exam Dumps Full Version From Braindump2go Instantly!