[Pass Ensure VCE Dumps] PassLeader VCE and PDF Dumps Free Download For 70-640 Exam (161-180)
Passed 70-640 exam with the best PassLeader 70-640 exam dumps now! PassLeader are supplying the latest 651q 70-640 vce and pdf exam dumps covering all the new questions and answers, it is 100 percent pass ensure for 70-640 exam. PassLeader offer PDF and VCE format 70-640 exam dumps, and free version VCE player is also available. Visit passleader.com now and download the 100 percent passing guarantee 651q 70-640 braindumps to achieve your new 70-640 certification easily!
keywords: 70-640 exam,651q 70-640 exam dumps,651q 70-640 exam questions,70-640 pdf dumps,70-640 practice test,70-640 vce dumps,70-640 study guide,70-640 braindumps,TS: Windows Server 2008 Active Directory, Configuring Exam
QUESTION 161
The default domain GPO in your company is configured by using the following account policy settings:
– Minimum password length: 8 characters
– Maximum password age: 30 days
– Enforce password history: 12 passwords remembered
– Account lockout threshold: 3 invalid logon attempts
– Account lockout duration: 30 minutes
You install Microsoft SQL Server on a computer named Server1 that runs Windows Server 2008 R2. The SQL Server application uses a service account named SQLSrv. The SQLSrv account has domain user rights. The SQL Server computer fails after running successfully for several weeks. The SQLSrv user account is not locked out. You need to resolve the server failure and prevent recurrence of the failure. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Reset the password of the SQLSrv user account.
B. Configure the local security policy on Serverl to grant the Logon as a service right on the SQLSrv user account.
C. Configure the properties of the SQLSrv account to Password never expires.
D. Configure the properties of the SQLSrv account to User cannot change password.
E. Configure the local security policy on Serverl to explicitly grant the SQLSrv user account the Allow logon locally user right.
QUESTION 162
Your company has two Active Directory forests named Forest1 and Forest2, The forest functional level and the domain functional level of Forest1 are set to Windows Server 2008. The forest functional level of Forest2 is set to Windows 2000, and the domain functional levels in Forest2 are set to Windows Server 2003. You need to set up a transitive forest trust between Forestl and Forest2. What should you do first?
A. Raise the forest functional level of Forest2 to Windows Server 2003 Interim mode.
B. Raise the forest functional level of Forest2 to Windows Server 2003.
C. Upgrade the domain controllers in Forest2 to Windows Server 2008.
D. Upgrade the domain controllers in Forest2 to Windows Server 2003.
Answer: B
QUESTION 163
Your company has an Active Directory forest that contains two domains, The forest has universal groups that contain members from each domain. A branch office has a domain controller named DC1, Users at the branch office report that the logon process takes too long. You need to decrease the amount of time it takes for the branch office users to logon. What should you do?
A. Configure DC1 as a Global Catalog server.
B. Configure DC1 as a bridgehead server for the branch office site.
C. Decrease the replication interval on the site link that connects the branch office to the corporate network.
D. Increase the replication interval on the site link that connects the branch office to the corporate network.
Answer: A
QUESTION 164
Your company has an Active Directory domain. The main office has a DNS server named DNS1 that is configured with Active Directory-integrated DNS. The branch office has a DNS server named DNS2 that contains a secondary copy of the zone from DNS1. The two offices are connected with an unreliable WAN link. You add a new server to the main office. Five minutes after adding the server, a user from the branch office reports that he is unable to connect to the new server. You need to ensure that the user is able to connect to the new server. What should you do?
A. Clear the cache on DNS2.
B. Reload the zone on DNS1.
C. Refresh the zone on DNS2.
D. Export the zone from DNS1 and import the zone to DNS2.
Answer: C
QUESTION 165
You need to validate whether Active Directory successfully replicated between two domain controllers. What should you do?
A. Run the DSget command.
B. Run the Dsquery command.
C. Run the RepAdmin command.
D. Run the Windows System Resource Manager.
Answer: C
QUESTION 166
You have a domain controller that runs Windows Server 2008 R2. The Windows Server Backup feature is installed on the domain controller. You need to perform a non-authoritative restore of the domain controller by using an existing backup file. What should you do?
A. Restart the domain controller in Directory Services Restore Mode. Use the WBADMIN command to perform a critical volume restore.
B. Restart the domain controller in Directory Services Restore Mode. Use the Windows Server Backup snap-in to perform a critical volume restore.
C. Restart the domain controller in safe mode. Use the Windows Server Backup snap-in to perform a critical volume restore.
D. Restart the domain controller in safe mode. Use the WBADMIN command to perform a critical volume restore.
Answer: A
QUESTION 167
Your company has an Active Directory forest. Not all domain controllers in the forest are configured as Global Catalog Servers. Your domain structure contains one root domain and one child domain. You modify the folder permissions on a file server that is in the child domain. You discover that some Access Control entries start with S-1-5-21 and that no account name is listed. You need to list the account names. What should you do?
A. Move the RID master role in the child domain to a domain controller that holds the Global Catalog.
B. Modify the schema to enable replication of the friendlynames attribute to the Global Catalog.
C. Move the RID master role in the child domain to a domain controller that does not hold the Global Catalog.
D. Move the infrastructure master role in the child domain to a domain controller that does not hold the Global Catalog.
Answer: D
QUESTION 168
Your company security policy requires complex passwords. You have a comma delimited file named import.csv that contains user account information. You need to create user account in the domain by using the import.csv file. You also need to ensure that the new user accounts are set to use default passwords and are disabled. What shoulld you do?
A. Modify the userAccountControl attribute to disabled. Run the csvde Âi Âk Âf import.csv command.
Run the DSMOD utility to set default passwords for the user accounts.
B. Modify the userAccountControl attribute to accounts disabled. Run the csvde -f import.csv command.
Run the DSMOD utility to set default passwords for the user accounts.
C. Modify the userAccountControl attribute to disabled. Run the wscript import.csv command.
Run the DSADD utility to set default passwords for the imported user accounts.
D. Modify the userAccountControl attribute to disabled. Run ldifde -i -f import.csv command.
Run the DSADD utility to set passwords for the imported user accounts.
Answer: A
QUESTION 169
You are installing an application on a computer that runs Windows Server 2008 R2. During installation, the application will need to install new attributes and classes to the Active Directory database. You need to ensure that you can install the application. What should you do?
A. Change the functional level of the forest to Windows Server 2008 R2.
B. Log on by using an account that has Server Operator rights.
C. Log on by using an account that has Schema Administrator rights and the appropriate rights to install the application.
D. Log on by using an account that has the Enterprise Administrator rights and the appropriate rights to install the application.
Answer: C
QUESTION 170
Your company has an Active Directory forest. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7. The domain uses a set of GPO administrative templates that have been approved to support regulatory compliance requirements. Your partner company has an Active Directory forest that contains a single domain. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7. You need to configure your partner company’s domain to use the approved set of administrative templates. What should you do?
A. Use the Group Policy Management Console (GPMC) utility to back up the GPO to a file. In each site, import the GPO to the default domain policy.
B. Copy the ADMX files from your company’s PDC emulator to the PolicyDefinitions folder on the partner company’s PDC emulator.
C. Copy the ADML files from your company’s PDC emulator to the PolicyDefinitions folder on the partner company’s PDC emulator.
D. Download the conf.adm, system.adm, wuau.adm, and inetres.adm files from the Microsoft Updates Web site. Copy the ADM files to the PolicyDefinitions folder on thr partner company’s emulator.
Answer: B
http://www.passleader.com/70-640.html
QUESTION 171
You need to ensure that users who enter three successive invalid passwords within 5 minutes are locked out for 5 minutes. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. Set the Minimum password age setting to one day.
B. Set the Maximum password age setting to one day.
C. Set the Account lockout duration setting to 5 minutes.
D. Set the Reset account lockout counter after setting to 5 minutes.
E. Set the Account lockout threshold setting to 3 invalid logon attempts.
F. Set the Enforce password history setting to 3 passswords remembered.
Answer: CDE
QUESTION 172
Your network contains an Active Directory domain named contoso.com. The Administrator deletes an OU named OU1 accidentally. You need to restore OU1. Which cmdlet should you use?
A. Set-ADObject cmdlet.
B. Set-ADOrganizationalUnit cmdlet.
C. Set-ADUser cmdlet.
D. Set-ADGroup cmdlet.
Answer: A
QUESTION 173
Your network contains an Active Directory domain. The domain is configured as shown in the exhibit. You have a Group Policy Object (GPO) linked to the domain. You need to ensure that the settings in the GPO are not processed by user accounts or computer accounts in the Finance organizational unit (OU). You must achieve this goal by using the minimum amount of administrative effort. What should you do?
A. Modify the Group Policy Permission.
B. Configure WMI filtering.
C. Enable block inheritance.
D. Enable loopback processing in replace mode.
E. Configure the link order.
F. Configure Group Policy Preferences.
G. Link the GPO to the Human Resources OU.
H. Configure Restricted Groups.
I. Enable loopback processing in merge mode.
J. Link the GPO to the Finance OU.
Answer: C
QUESTION 174
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named Sales and an OU named Engineering. You have two Group Policy objects (GPOs) named GP01 and GPO2. GP01 and GP02 are linked to the Sales OU and contain multiple settings. You discover that GPO2 has a setting that conflicts with a setting in GP01. When the policies are applied, the setting in GPO2 takes effect. You need to ensure that the settings in GP01 supersede the settings in GP02. The solution must ensure that all non-conflicting settings in both GPOs are applied.
A. Configure Restricted Groups.
B. Configure the link order.
C. Link the GPO to the Sales OU.
D. Link the GPO to the Engineering OU.
E. Enable loopback processing in merge mode.
F. Modify the Group Policy permissions.
G. Configure WMI Filtering.
H. Configure Group Policy Preferences.
I. Enable loopback processing in replace mode.
J. Enable block inheritance.
Answer: B
QUESTION 175
Your network contains an Active Directory forest. All users have a value set for the Department attribute. From Active Directory Users and Computers, you search a domain for all users who have a Department attribute value of Marketing. The search returns 50 users. From Active Directory Users and Computers, you search the entire directory for all users who have a Department attribute value of Marketing. The search does not return any users. You need to ensure that a search of the entire directory for users in the marketing department returns all of the users who have the Marketing Department attribute. What should you do?
A. Install the Windows Search Service role service on a global catalog server.
B. From the Active Directory Schema snap-in modify the properties of the Department attribute.
C. Install the Indexing Service role service on a global catalog server.
D. From the Active Directory Schema snap-in modify the properties of the user class.
Answer: B
QUESTION 176
Your network contains an Active Directory forest. The forest contains one domain named contoso.com. You discover the following event in the Event log of domain controllers:
"The request for a new account-identifier pool failed. The operation will be retried until the request succeeds. The error is " %1 ""
You need to ensure that the domain controllers can acquire new account-identifier pools successfully. What should you do?
A. Move the PDC emulator role.
B. Move the schema master role.
C. Move the global catalog server.
D. Move the domain naming master role.
E. Move the infrastructure master role.
F. Move the RID master role.
G. Restart the Active Directory Domain Services (AD DS) service.
H. Deploy an additional global catalog server.
I. Move the bridgehead server.
J. Install a read-only domain controller (RODC).
Answer: F
QUESTION 177
Your network contains an Active Directory domain named contoso.com. You need to create one password policy for administrators and another password policy for all other users. Which tool should you use?
A. Ntdsutil
B. Active Directory Users and Computers
C. ADSI Edit
D. Group Policy Management Console (GPMC)
Answer: C
QUESTION 178
Your network contains an Active Directory forest named contoso.com. You need to identify whether a fine-grained password policy is applied to a specific group. Which tool should you use?
A. Active Directory Sites and Services
B. Authorization Manager
C. Local Security Policy
D. ADSI Edit
Answer: D
QUESTION 179
A corporate network includes an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers. You add multiple DNS records to the zone. You need to ensure that the new records are available on all DNS servers as soon as possible. Which tool should you use?
A. Repadmin
B. Active Directory Domains and Trusts console
C. Ldp
D. Ntdsutil
Answer: A
QUESTION 180
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and child.contoso.com. The forest contains two sites named Seattle and Denver. Both sites contain users, client computers, and domain controllers from both domains. The Seattle site contains the first domain controller deployed to the forest. The Seattle site also contains the primary domain controller (PDC) emulator for both domains. All of the domain controllers are configured as DNS servers. All DNS zones are replicated to all of the domain controllers in the forest. The users in the Denver site report that is takes a long time to log on to their client computer when they use their user principal name (UPN). The users in the Seattle site do not experience the same issue. You need to reduce the amount of time it takes for the Denver users to log on to their client computer by using their UPN. What should you do?
A. Reduce the cost of the site link between the Denver site and the Seattle site.
B. Enable the global catalog on a domain controller in the Denver site.
C. Enable universal group membership caching in the Denver site.
D. Move a PDC emulator to the Denver site.
E. Reduce the replication interval of the site link between the Denver site and the Seattle site.
F. Add an additional domain controller to the Denver site.
Answer: B