Try 2015 Latet Updated 70-640 Practice Exam Questions and Answers, Pass 70-640 Actual Test 100% in 2015 New Year! Braindump2go Latest released Free Sample 70-640 Exam Questions are shared for instant download! Braindump2go holds the confidence of 70-640 exam candiates with Microsoft Official Guaranteed 70-640 Exa Dumps Products! 651 New Updated Questions and Answers! 2015 Microsoft 70-640 100% Success!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,70-640 VCE,70-640 Braindump,70-640 TS: Windows Server 2008 Active Directory, Configuring
QUESTION 621
Your network contains a server named Server1 that runs Windows Server 2008 R2.
Server1 is configured as an Active Directory Federation Services (AD FS) 2.0 standalone server.
You plan to add a new token-signing certificate to Server1.
You import the certificate to the server as shown in the exhibit. (Click the Exhibit button.)
When you run the Add Token-Signing Certificate wizard, you discover that the new certificate is unavailable.
You need to ensure that you can use the new certificate for AD FS.
What should you do?
A. From the properties of the certificate, modify the Certificate Policy OIDs setting.
B. Import the certificate to the AD FS 2.0 Windows Service personal certificate store.
C. From the properties of the certificate, modify the Certificate purposes setting.
D. Import the certificate to the local computer personal certificate store.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/hh341466.aspx
When you deploy the first federation server in a new AD FS 2.0 installation, you must obtain a token-signing certificate and install it in the local computer personal certificate store on that federation server.
QUESTION 622
You need to purge the list of user accounts that were authenticated on a read-only domain controller (RODC).
What should you do?
A. Run the repadmin.exe command and specify the /prp parameter.
B. From Active Directory Sites and Services, modify the properties of the RODC computer
object.
C. From Active Directory Users and Computers, modify the properties of the RODC computer
object.
D. Run the dsrm.exe command and specify the -u parameter.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password-replication-policy.aspx
Clearing the authenticated accounts list
In addition to reviewing the list of authenticated users, you may decide to periodically clean up the list of accounts that are authenticated to the RODC. Cleaning up this list may help you more easily determine the new accounts that have authenticated through the RODC.
Membership in the Domain Admins group of the domain in which the RODC is a member, or equivalent, is the minimum required to complete this procedure.
To clear all entries from the list, run the command repadmin /prp delete <hostname> auth2 /all.
Substitute the actual host name of the RODC that you want to clear. For example, if you want to clear the list of authenticated accounts for RODC2, type repadmin /prp delete rodc2 auth2 /all, and then press ENTER.
QUESTION 623
Your company has a main office and four branch offices.
An Active Directory site exists for each office.
Each site contains one domain controller.
Each branch office site has a site link to the main office site.
You discover that the domain controllers in the branch offices sometimes replicate directly to each other.
You need to ensure that the domain controllers in the branch offices only replicate to the domain controller in the main office.
What should you do?
A. Modify the firewall settings for the main office site.
B. Disable the Knowledge Consistency Checker (KCC) for each branch office site.
C. Disable site link bridging.
D. Modify the security settings for the main office site.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc757117.aspx
QUESTION 624
A user reports that she is receiving a logon message that states,
“Your account is configured to prevent you from using the computer.
Please try another computer.”
What should you do to enable her to log on to the computer?
A. Click the Log On To button on the Account tab of her user account.
B. Click the Allowed To Join Domain button in the New Computer dialog box.
C. Use the DSMove command.
D. Give her the right to log on locally, using the local security policy of the computer.
Answer: A
QUESTION 625
A new project requires that users in your domain and in the domain of a partner organization have access to a shared folder on your file server.
Which type of group should you create to manage the access to the shared folder?
A. Universal security group
B. Domain local security group
C. Global security group
D. Domain local distribution group
Answer: B
QUESTION 626
Your domain includes a global distribution group named Company Update.
It has been used to send company news by email to its members.
You have decided to allow all members to contribute to the newsletter by creating a shared folder on a file server.
What must you do to allow group members access to the shared folder?
A. Change the group scope to domain local
B. Change the group scope to universal
C. Add the group to the Domain Users group
D. Use DSMod with the -secgrp yes parameter
Answer: D
QUESTION 627
You have created a global security group in the contoso.com domain named Corporate Managers.
Which members can be added to the group? (Choose all that apply.)
A. Sales Managers, a global group in the fabrikam.com domain, a trusted domain of a partner company
B. Sales Managers, a global group in the tailspintoys.com domain, a domain in the contoso.com forest
C. Linda Mitchell, a user in the tailspintoys.com domain, a domain in the contoso.com forest
D. Jeff Ford, a user in the fabrikam.com domain, a trusted domain of a partner company
E. Mike Danseglio, a user in the contoso.com domain
F. Sales Executives, a global group in the contoso.com domain
G. Sales Directors, a domain local group in the contoso.com domain
H. European Sales Managers, a universal group in the contoso.com forest
Answer: CDEF
QUESTION 628
Which of the following can be used to remove members from a group? (Choose all that apply.)
A. Remove-Item
B. DSRm
C. DSMod
D. LDIFDE
E. CSVDE
Answer: CD
QUESTION 629
You are using DSMod to add a domain local group named GroupA to a global group named GroupB.
You are receiving errors.
Which command will solve the problem so that you can add GroupA to GroupB? (Choose all that apply.)
A. Dsrm.exe
B. Dsmod.exe
C. Dsquery.exe
D. Dsget.exe
Answer: B
QUESTION 630
Your management has asked you to produce a list of all users who belong to the Special Project group, including those users belonging to groups nested into Special Project.
Which of the following can you use? (Choose all that apply.)
A. Get-ADGroupMember
B. Dsquery.exe
C. LDIFDE
D. Dsget.exe
Answer: AD
Braindump2go New Published Exam Dumps: Microsoft 70-640 Practice Tests Questions, 651 Latest Questions and Answers from Official Exam Centre Guarantee You a 100% Pass! Free Download Instantly!