OFFER Free Microsoft 70-640 PDF and VCE Exam Dumps 61-70

OFFER Free Microsoft 70-640 PDF and VCE Exam Dumps 61-70

Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Version: 14.91

QUESTION 61
Your company has two Active Directory forests as shown in the following table.

Forest name    Forest functional level    Domain(s)
contoso.com    Windows Server 2008    contoso.com
fabrikam.com    Windows Server 2008    fabrikam.com    eng.fabrikam.com

The forests are connected by using a two-way forest trust. Each trust direction is configured with forest-wide authentication. The new security policy of the company prohibits users from the eng.fabrikam.com domain to access resources in the contoso.com domain. You need to configure the forest trust to meet the new security policy requirement.
What should you do?

A.    Delete the outgoing forest trust in the contoso.com domain.
B.    Delete the incoming forest trust in the contoso.com domain.
C.    Change the properties of the existing incoming forest trust in the contoso.com domain from Forest-wide
authentication to Selective authentication.
D.    Change the properties of the existing outgoing forest trust in the contoso.com domain to exclude *.eng.
fabrikam.com from the Name Suffix Routing trust properties.

Answer: D

QUESTION 62
Your company has an Active Directory Rights Management Services (AD RMS) server. Users have Windows Vista computers. An Active Directory domain is configured at the Windows Server 2003 functional level.
You need to configure AD RMS so that users are able to protect their documents.
What should you do?

A.    Install the AD RMS client 2.0 on each client computer.
B.    Add the RMS service account to the local administrators group on the AD RMS server.
C.    Establish an e-mail account in Active Directory Domain Services (AD DS) for each RMS user.
D.    Upgrade the Active Directory domain to the functional level of Windows Server 2008.

Answer: C

QUESTION 63
Your company has an Active Directory domain. All consultants belong to a global group named TempWorkers.
The TempWorkers group is not nested in any other groups. You move the computer objects of three file servers to a new organizational unit named SecureServers. These file servers contain only confidential data in shared folders. You need to prevent members of the TempWorkers group from accessing the confidential data on the file servers. You must achieve this goal without affecting access to other domain resources.
What should you do?

A.    Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to
this computer from the network user right to the TempWorkers global group.
B.    Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network
user right to the TempWorkers global group.
C.    Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the TempWorkers
global group.
D.    Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locally
user right to the TempWorkers global group.

Answer: A

QUESTION 64
Your network consists of a single Active Directory domain. User accounts for engineering department are located in an OU named Engineering.
You need to create a password policy for the engineering department that is different from your domain password policy.
What should you do?

A.    Create a new GPO. Link the GPO to the Engineering OU.
B.    Create a new GPO. Link the GPO to the domain. Block policy inheritance on all OUs except for the
Engineering OU.
C.    Create a global security group and add all the user accounts for the engineering department to the group.
Create a new Password Policy Object (PSO) and apply it to the group.
D.    Create a domain local security group and add all the user accounts for the engineering department to the
group. From the Active Directory Users and Computer console, select the group and run the Delegation
of Control Wizard.

Answer: C

QUESTION 65
Your network contains an Active Directory domain. The domain contains two domain controllers named DC1 and DC2.
DC1 hosts a standard primary DNS zone for the domain. Dynamic updates are enabled on the zone. DC2 hosts a standard secondary DNS zone for the domain. You need to configure DNS to allow only secure dynamic updates.
What should you do first?

A.    On DC1 and DC2, configure a trust anchor.
B.    On DC1 and DC2, configure a connection security rule.
C.    On DC1, configure the zone transfer settings.
D.    On DC1, configure the zone to be stored in Active Directory.

Answer: D

QUESTION 66
Your network contains a domain controller that has two network connections named Internal and Private.
Internal has an IP address of 192.168.0.20. Private has an IP address of 10.10.10.5. You need to prevent the domain controller from registering Host (A) records for the 10.10.10.5 IP address.
What should you do?

A.    Modify the netlogon.dns file on the domain controller.
B.    Modify the Name Server settings of the DNS zone for the domain.
C.    Modify the properties of the Private network connection on the domain controller.
D.    Disable netmask ordering on the DNS server that hosts the DNS zone for the domain.

Answer: C

QUESTION 67
Your network contains an Active Directory forest named contoso.com. You plan to add a new domain named nwtraders.com to the forest. All DNS servers are domain controllers.
You need to ensure that the computers in nwtraders.com can update their Host (A) records on any of the DNS servers in the forest.
What should you do?

A.    Add the computer accounts of all the domain controllers to the DnsAdmins group.
B.    Add the computer accounts of all the domain controllers to the DnsUpdateProxy group.
C.    Create a standard primary zone on a domain controller in the forest root domain.
D.    Create an Active Directory-integrated zone on a domain controller in the forest root domain.

Answer: D

QUESTION 68
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 hosts a standard primary zone for contoso.com.
You discover that non-domain member computers register records in the contoso.com zone.
You need to prevent the non-domain member computers from registering records in the contoso.com zone.
All domain member computers must be allowed to register records in the contoso.com zone.
What should you do first?

A.    Configure a trust anchor.
B.    Run the Security Configuration Wizard (SCW).
C.    Change the contoso.com zone to an Active Directory-integrated zone.
D.    Modify the security settings of the %SystemRoot%\System32\Dns folder.

Answer: C

QUESTION 69
Your network contains an Active Directory domain named contoso.com. You create a GlobalNames zone. You add an alias (CNAME) resource record named Server1 to the zone. The target host of the record is server2. contoso.com. When you ping Server1, you discover that the name fails to resolve.
You successfully resolve server2.contoso.com.
You need to ensure that you can resolve names by using the GlobalNames zone.
What should you do?

A.    From the command prompt, use the netsh tool.
B.    From the command prompt, use the dnscmd tool.
C.    From DNS Manager, modify the properties of the GlobalNames zone.
D.    From DNS Manager, modify the advanced settings of the DNS server.

Answer: B

QUESTION 70
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The DNS zone for contoso.com is configured as an Active Directory-integrated zone and is replicated to all domain controllers in the domain.
The main office contains a writable domain controller named DC1. The branch office contains a read- only domain controller (RODC) named RODC1. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
You uninstall the DNS server role from RODC1.
You need to prevent DNS records from replicating to RODC1.
What should you do?

A.    Modify the replication scope for the contoso.com zone.
B.    Flush the DNS cache and enable cache locking on RODC1.
C.    Configure conditional forwarding for the contoso.com zone.
D.    Modify the zone transfer settings for the contoso.com zone.

Answer: A

If you want to pass Microsoft 70-640 exam successfully, donot missing to read latest lead2pass Microsoft 70-640 dumps.
If you can master all lead2pass questions you will able to pass 100% guaranteed.

http://www.lead2pass.com/70-640.html

         

Author: admin